Oct. 4, 2023 » The Django weblog » [Archived Version]
In accordance with our security release policy, the Django team is issuing Django 4.2.6, Django 4.1.12, and Django 3.2.22. These releases address the security issue detailed below. We encourage all users of Django to upgrade as soon as possible. CVE-2023-43665: Denial-of-service possibility in django.utils.text.Truncator Following the fix for CVE-2019-14232, the regular expressions used in the implementation of django.utils.text.Truncator’s chars() and words() methods (with html=True) were rev…
Read MoreSept. 18, 2023 » The Django weblog » [Archived Version]
Django 5.0 alpha 1 is now available. It represents the first stage in the 5.0 release cycle and is an opportunity for you to try out the changes coming in Django 5.0. Django 5.0 brings a deluge of exciting new features which you can read about in the in-development 5.0 release notes. This alpha milestone marks the feature freeze. The current release schedule calls for a beta release in about a month and a release candidate about a month from then. We'll only be able to keep this schedule if we …
Read MoreSept. 6, 2023 » The Django weblog » [Archived Version]
DjangoCon US 2023 is just about here! While the conference isn’t until Oct 16-20, we’re sharing this now because discounted hotel rooms are filling up fast and will go away entirely on September 15th. If you can’t make it in person this year, we also have online tickets: https://ti.to/defna/djangocon-us-2023. All talks will be available online via the LoudSwarm platform, so you won’t miss any action. We have eleven exclusive talks for our online attendees, so you get more content. Online ticke…
Read MoreSept. 5, 2023 » The Django weblog » [Archived Version]
The DSF is once again partnering with JetBrains to run the 2023 Django Developers Survey. Please take a moment to fill it out. The survey is an important metric of Django usage and helps guide future technical and community decisions. The survey will be open until October 1st, 2023 Anywhere on Earth (AoE). After the survey is over, the aggregated results will be published. JetBrains will randomly choose 10 winners (from those who complete the survey in its entirety), who will each receive a $10…
Read MoreSept. 4, 2023 » The Django weblog » [Archived Version]
In accordance with our security release policy, the Django team is issuing Django 4.2.5, Django 4.1.11, and Django 3.2.21. These releases addresses the security issue detailed below. We encourage all users of Django to upgrade as soon as possible. CVE-2023-41164: Potential denial of service vulnerability in django.utils.encoding.uri_to_iri() django.utils.encoding.uri_to_iri() was subject to potential denial of service attack via certain inputs with a very large number of Unicode characters. Th…
Read MoreAug. 1, 2023 » The Django weblog » [Archived Version]
Today we've issued the 4.2.4 bugfix release. The release package and checksums are available from our downloads page, as well as from the Python Package Index. The PGP key ID used for this release is Natalia Bidart: 2EE82A8D9470983E.
Read MoreJuly 4, 2023 » The Django weblog » [Archived Version]
The Django Software Foundation’s biggest fundraising event of the year is here! https://www.jetbrains.com/pycharm/promo/support-django/ Each year, our friends at JetBrains, the creators of PyCharm, run an incredible deal. You get a 30% discounted year of PyCharm, AND the DSF gets 100% of the proceeds. Plus, get one free month of access to JetBrains Academy, which has courses like Intro to Django, SQL, Git, and more! The fundraiser runs from July 3rd-July 23rd! Buy PyCharm and support Django! Do…
Read MoreJuly 3, 2023 » The Django weblog » [Archived Version]
In accordance with our security release policy, the Django team is issuing Django 4.2.3, Django 4.1.10, and Django 3.2.20. These releases addresses the security issue detailed below. We encourage all users of Django to upgrade as soon as possible. CVE-2023-36053: Potential regular expression denial of service vulnerability in EmailValidator/URLValidator EmailValidator and URLValidator were subject to potential regular expression denial of service attack via a very large number of domain name l…
Read MoreJune 5, 2023 » The Django weblog » [Archived Version]
Today we've issued the 4.2.2 bugfix release. The release package and checksums are available from our downloads page, as well as from the Python Package Index. The PGP key ID used for this release is Natalia Bidart: 2EE82A8D9470983E.
Read MoreMay 16, 2023 » The Django weblog » [Archived Version]
The Steering Council for the Django 5.x release cycle will be: Simon Charette Andrew Godwin Adam Johnson James Bennett Congratulations to the new council, and a special thank you for the departing members Thomas Forbes and Florian Apolloner. Thank you to everyone who participated in the nominations and voting. Voting breakdown: 268 eligible voters 74 votes received There were not enough candidates to fill the positions available, so all candidates were successful. Full voting breakdown avai…
Read More