June 17, 2025 » The Django weblog » [Archived Version]
For June 2025, we welcome Elena Williams as our DSF member of the month! ⭐ Elena is a dedicated member of the Django community. She is part of the Code of Conduct Working Group and she is a Django Girls organizer in Australia. She has been a DSF member since July 2014. You can learn more about Elena by visiting Elena's website and her GitHub Profile. Let’s spend some time getting to know Elena better! Can you tell us a little about yourself (hobbies, education, etc) My background is that I wa…
Read MoreJune 10, 2025 » The Django weblog » [Archived Version]
Following the June 4, 2025 security release, the Django team is issuing releases for Django 5.2.3, Django 5.1.11, and Django 4.2.23 to complete mitigation for CVE-2025-48432: Potential log injection via unescaped request path (full description). These follow-up releases migrate remaining response logging paths to a safer logging implementation, ensuring that all untrusted input is properly escaped before being written to logs. This update does not introduce a new CVE but strengthens the origina…
Read MoreJune 9, 2025 » The Django weblog » [Archived Version]
The Django Software Foundation is announcing a call for Django Fellow applications. A Django Fellow is a contractor, paid by the Django Software Foundation, who dedicates time to maintain the Django framework. The Fellowship program was started in 2014 as a way to dedicate high-quality and consistent resources to the maintenance of Django. The Django Software Foundation currently supports two Fellows –Natalia Bidart and Sarah Boyce– and has approved funding for a new full-time Fellow. This posi…
Read MoreJune 4, 2025 » The Django weblog » [Archived Version]
In accordance with our security release policy, the Django team is issuing releases for Django 5.2.2, Django 5.1.10, and Django 4.2.22. These releases address the security issues detailed below. We encourage all users of Django to upgrade as soon as possible. CVE-2025-48432: Potential log injection via unescaped request path Internal HTTP response logging used request.path directly, allowing control characters (e.g. newlines or ANSI escape sequences) to be written unescaped into logs. This cou…
Read MoreMay 22, 2025 » The Django weblog » [Archived Version]
The question was asked to the president of the DSF this year at FOSDEM, after his talk. And it is clearly a legitimate one! But… is it True? Do we actually need a 3rd party app to write an API with Django? In a lot of cases, when you require a complex and full-featured API, I would recommend you do use one. Django REST Framework and Django Ninja being very sound choices with a bunch of nifty things you might need in a bigger project. But… what if what you need is a simple REST API that does CR…
Read MoreMay 16, 2025 » The Django weblog » [Archived Version]
We’re excited to introduce our Google Summer of Code 2025 contributors! These amazing folks will be working on impactful projects that will shape Django’s future. Meet the contributors 👇 A. Rafey Khan Project: Django Admin – Add Keyboard Shortcuts & Command Palette. Mentors: Tom Carrick, Apoorv Garg Rafey will work on making Django Admin faster and more accessible through keyboard-driven workflows. Excited to see this land! Farhan Ali Raza Project: Bring django-template-partials into core.…
Read MoreMay 15, 2025 » The Django weblog » [Archived Version]
Happy Global Accessibility Awareness Day! We thought this would be a fitting occasion to announce our brand new Django accessibility statement 🎉 Did you know that according to the WebAIM Million survey, 94.6% of sites have easily-detectable accessibility issues? We all need to work together to build a more inclusive web (also check out our diversity statement if you haven’t already!). There are accessibility gaps in Django itself too. This statement improves transparency, and clearly states our…
Read MoreMay 15, 2025 » The Django weblog » [Archived Version]
Credit: DjangoCon Europe 2025 organizers We had a blast at DjangoCon Europe 2025, and hope you did too! Events like this are essential for our community, delighting both first-timers and seasoned Djangonauts with insights, good vibes, and all-around inspiration. This year’s conference brought together brilliant minds from all corners of the globe. And featured early celebrations of Django’s 20th birthday! ⭐️🎂🎉 After launching in 2005, Django turns 20 in 2025, and the conference was a great oc…
Read MoreMay 14, 2025 » The Django weblog » [Archived Version]
For May 2025, we welcome Simon Charette as our DSF member of the month! ⭐ Simon Charette is a longtime Django contributor and community member. He served on the Django 5.x Steering Council and is part of the Security team and the Triage and Review team. He has been a DSF member since November 2014. You can learn more about Simon by visiting Simon's GitHub Profile. Let’s spend some time getting to know Simon better! Can you tell us a little about yourself (hobbies, education, etc) My name is S…
Read MoreMay 7, 2025 » The Django weblog » [Archived Version]
In accordance with our security release policy, the Django team is issuing releases for Django 5.2.1, Django 5.1.9 and Django 4.2.21. These releases address the security issues detailed below. We encourage all users of Django to upgrade as soon as possible. CVE-2025-32873: Denial-of-service possibility in strip_tags() django.utils.html.strip_tags() would be slow to evaluate certain inputs containing large sequences of incomplete HTML tags. This function is used to implement the striptags templ…
Read More