| Blog Info | The Django weblog |
|---|---|
| Blog website | Link |
Oct. 8, 2024 » The Django weblog » [Archived Version]
Today we've issued the 5.1.2 bugfix release. The release package and checksums are available from our downloads page, as well as from the Python Package Index. The PGP key ID used for this release is Natalia Bidart: 2EE82A8D9470983E.
Read MoreSept. 3, 2024 » The Django weblog » [Archived Version]
In accordance with our security release policy, the Django team is issuing releases for Django 5.1.1, Django 5.0.9, and Django 4.2.16. These releases address the security issues detailed below. We encourage all users of Django to upgrade as soon as possible. CVE-2024-45230: Potential denial-of-service vulnerability in django.utils.html.urlize() urlize and urlizetrunc were subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters. Thanks to MPr…
Read MoreAug. 7, 2024 » The Django weblog » [Archived Version]
The Django team is happy to announce the release of Django 5.1. The release notes showcase a kaleidoscope of improvements. A few highlights are: Easier guardrails for authentication: the new and shiny LoginRequiredMiddleware, when added to MIDDLEWARE, enforces authentication for all views by default. A more inclusive framework: Django 5.1 includes several accessibility enhancements, such as improved screen reader support in the admin interface, more semantic HTML elements, and better associati…
Read MoreJuly 24, 2024 » The Django weblog » [Archived Version]
Django 5.1 release candidate 1 is the final opportunity for you to try out a kaleidoscope of improvements before Django 5.1 is released. The release candidate stage marks the string freeze and the call for translators to submit translations. Provided no major bugs are discovered that can't be solved in the next two weeks, Django 5.1 will be released on or around August 7. Any delays will be communicated on the on the Django forum. Please use this opportunity to help find and fix bugs (which sh…
Read MoreApril 3, 2024 » The Django weblog » [Archived Version]
Today we've issued the 5.0.4 bugfix release. The release package and checksums are available from our downloads page, as well as from the Python Package Index. The PGP key ID used for this release is Natalia Bidart: 2EE82A8D9470983E. Django 3.2 has reached the end of extended support Note that with this release, Django 3.2 has reached the end of extended support. All Django 3.2 users are encouraged to upgrade to Django 4.2 or later to continue receiving fixes for security issues. See the downl…
Read MoreFeb. 6, 2024 » The Django weblog » [Archived Version]
In accordance with our security release policy, the Django team is issuing Django 5.0.2, Django 4.2.10, and Django 3.2.24. These releases address the security issue detailed below. We encourage all users of Django to upgrade as soon as possible. CVE-2024-24680: Potential denial-of-service in intcomma template filter The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings. Thanks Seokchan Yoon for the report. This issue has severity &quo…
Read MoreOct. 23, 2023 » The Django weblog » [Archived Version]
Django 5.0 beta 1 is now available. It represents the second stage in the 5.0 release cycle and is an opportunity for you to try out the changes coming in Django 5.0. Django 5.0 brings a deluge of exciting new features which you can read about in the in-development 5.0 release notes. Only bugs in new features and regressions from earlier versions of Django will be fixed between now and the 5.0 final release. Translations will be updated following the "string freeze", which occurs when…
Read MoreOct. 4, 2023 » The Django weblog » [Archived Version]
In accordance with our security release policy, the Django team is issuing Django 4.2.6, Django 4.1.12, and Django 3.2.22. These releases address the security issue detailed below. We encourage all users of Django to upgrade as soon as possible. CVE-2023-43665: Denial-of-service possibility in django.utils.text.Truncator Following the fix for CVE-2019-14232, the regular expressions used in the implementation of django.utils.text.Truncator’s chars() and words() methods (with html=True) were rev…
Read MoreSept. 18, 2023 » The Django weblog » [Archived Version]
Django 5.0 alpha 1 is now available. It represents the first stage in the 5.0 release cycle and is an opportunity for you to try out the changes coming in Django 5.0. Django 5.0 brings a deluge of exciting new features which you can read about in the in-development 5.0 release notes. This alpha milestone marks the feature freeze. The current release schedule calls for a beta release in about a month and a release candidate about a month from then. We'll only be able to keep this schedule if we …
Read MoreAug. 1, 2023 » The Django weblog » [Archived Version]
Today we've issued the 4.2.4 bugfix release. The release package and checksums are available from our downloads page, as well as from the Python Package Index. The PGP key ID used for this release is Natalia Bidart: 2EE82A8D9470983E.
Read More