| Blog Info | The Django weblog |
|---|---|
| Blog website | Link |
Dec. 3, 2025 » The Django weblog » [Archived Version]
The Django team is happy to announce the release of Django 6.0. The release notes assembles a mosaic of modern tools and thoughtful design. A few highlights are: Template Partials: modularize templates using small, named fragments for cleaner, more maintainable code. (GSoC project by Farhan Ali Raza, mentored by Carlton Gibson) Background Tasks: run code outside the HTTP request-response cycle with a built-in, flexible task framework. (Jake Howard) Content Security Policy (CSP): easily configu…
Read MoreDec. 2, 2025 » The Django weblog » [Archived Version]
In accordance with our security release policy, the Django team is issuing releases for Django 5.2.9, Django 5.1.15, and Django 4.2.27. These releases address the security issues detailed below. We encourage all users of Django to upgrade as soon as possible. CVE-2025-13372: Potential SQL injection in FilteredRelation column aliases on PostgreSQL FilteredRelation was subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs pass…
Read MoreOct. 22, 2025 » The Django weblog » [Archived Version]
Django 6.0 beta 1 is now available. It represents the second stage in the 6.0 release cycle and is an opportunity to try out the changes coming in Django 6.0. Django 6.0 assembles a mosaic of modern tools and thoughtful design, which you can read about in the in-development 6.0 release notes. Only bugs in new features and regressions from earlier Django versions will be fixed between now and the 6.0 final release. Translations will be updated following the "string freeze", which occurs when the…
Read MoreSept. 17, 2025 » The Django weblog » [Archived Version]
Django 6.0 alpha 1 is now available. It represents the first stage in the 6.0 release cycle and is an opportunity to try out the changes coming in Django 6.0. Django 6.0 assembles a mosaic of modern tools and thoughtful design, which you can read about in the in-development 6.0 release notes. This alpha milestone marks the feature freeze. The current release schedule calls for a beta release in about a month and a release candidate roughly a month after that. We'll only be able to keep this sch…
Read MoreJuly 2, 2025 » The Django weblog » [Archived Version]
Today we've issued the 5.2.4 bugfix release. The release package and checksums are available from our downloads page, as well as from the Python Package Index. The PGP key ID used for this release is Natalia Bidart: 2EE82A8D9470983E
Read MoreJune 4, 2025 » The Django weblog » [Archived Version]
In accordance with our security release policy, the Django team is issuing releases for Django 5.2.2, Django 5.1.10, and Django 4.2.22. These releases address the security issues detailed below. We encourage all users of Django to upgrade as soon as possible. CVE-2025-48432: Potential log injection via unescaped request path Internal HTTP response logging used request.path directly, allowing control characters (e.g. newlines or ANSI escape sequences) to be written unescaped into logs. This cou…
Read MoreMay 7, 2025 » The Django weblog » [Archived Version]
In accordance with our security release policy, the Django team is issuing releases for Django 5.2.1, Django 5.1.9 and Django 4.2.21. These releases address the security issues detailed below. We encourage all users of Django to upgrade as soon as possible. CVE-2025-32873: Denial-of-service possibility in strip_tags() django.utils.html.strip_tags() would be slow to evaluate certain inputs containing large sequences of incomplete HTML tags. This function is used to implement the striptags templ…
Read MoreFeb. 5, 2025 » The Django weblog » [Archived Version]
Today we've issued 5.1.6, 5.0.12, and 4.2.19 bugfix releases. The release package and checksums are available from our downloads page, as well as from the Python Package Index. The PGP key ID used for this release is Natalia Bidart: 2EE82A8D9470983E.
Read MoreJan. 14, 2025 » The Django weblog » [Archived Version]
In accordance with our security release policy, the Django team is issuing releases for Django 5.1.5, Django 5.0.11, and Django 4.2.18. These releases address the security issues detailed below. We encourage all users of Django to upgrade as soon as possible. CVE-2024-56374: Potential denial-of-service vulnerability in IPv6 validation Lack of upper bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial-of-service attack. The undocumented and …
Read MoreOct. 8, 2024 » The Django weblog » [Archived Version]
Today we've issued the 5.1.2 bugfix release. The release package and checksums are available from our downloads page, as well as from the Python Package Index. The PGP key ID used for this release is Natalia Bidart: 2EE82A8D9470983E.
Read More