June 13, 2025 » Django News » [Archived Version]
News DSF calls for applicants for a Django Fellow DSF invites experienced Django developers to apply for a new Django Fellow position focused on framework maintenance, mentoring, and security oversight. djangoproject.com Django bugfix releases issued: 5.2.3, 5.1.11, and 4.2.23 Django issues bugfix releases for 5.2.3, 5.1.11, and 4.2.23 to finalize mitigation for potential log injection using safer logging practices. djangoproject…
Read MoreJune 11, 2025 » Better Simple » [Archived Version]
In this post, I explore how open-source communities can motivate their membership by utilizing recognition as a currency.
Read MoreJune 10, 2025 » The Django weblog » [Archived Version]
Following the June 4, 2025 security release, the Django team is issuing releases for Django 5.2.3, Django 5.1.11, and Django 4.2.23 to complete mitigation for CVE-2025-48432: Potential log injection via unescaped request path (full description). These follow-up releases migrate remaining response logging paths to a safer logging implementation, ensuring that all untrusted input is properly escaped before being written to logs. This update does not introduce a new CVE but strengthens the origina…
Read MoreJune 10, 2025 » Anže’s Blog » [Archived Version]
This blog has been a static site powered by Jekyll for over 13 years, and I’ve been happy with the setup. After all this time, I still enjoy using my code editor to write new posts and git commit and git push to publish them.
Read MoreJune 9, 2025 » REVSYS Blog » [Archived Version]
Writing Django management commands can involve a ton of boilerplate code. But Revsys uses two libraries that cut our management command code in half while making it more readable and powerful: django-click and django-typer.
Read MoreJune 9, 2025 » The Django weblog » [Archived Version]
The Django Software Foundation is announcing a call for Django Fellow applications. A Django Fellow is a contractor, paid by the Django Software Foundation, who dedicates time to maintain the Django framework. The Fellowship program was started in 2014 as a way to dedicate high-quality and consistent resources to the maintenance of Django. The Django Software Foundation currently supports two Fellows –Natalia Bidart and Sarah Boyce– and has approved funding for a new full-time Fellow. This posi…
Read MoreJune 6, 2025 » Django News » [Archived Version]
News Django security releases issued: 5.2.2, 5.1.10, and 4.2.22 Django issues security patches in 5.2.2, 5.1.10, and 4.2.22, resolving a moderate severity log injection vulnerability in internal logging via unescaped request.path. djangoproject.com Python 3.13.4, 3.12.11, 3.11.13, 3.10.18 and 3.9.23 are now available! The Python 3.13.4 release includes over 300 bug fixes, and every version of Python has received three security updates. …
Read MoreJune 4, 2025 » Matthias Kestenholz » [Archived Version]
Preserving referential integrity with JSON fields and Django Motivation The great thing about using feincms3 and django-content-editor is that CMS plugins are Django models – if using them you immediately have access to the power of Django’s ORM and Django’s administration interface. However, using one model per content type can be limiting on larger sites. Because of this we like using JSON plugins with schemas for more fringe use cases or for places where we have richer data…
Read MoreJune 4, 2025 » The Django weblog » [Archived Version]
In accordance with our security release policy, the Django team is issuing releases for Django 5.2.2, Django 5.1.10, and Django 4.2.22. These releases address the security issues detailed below. We encourage all users of Django to upgrade as soon as possible. CVE-2025-48432: Potential log injection via unescaped request path Internal HTTP response logging used request.path directly, allowing control characters (e.g. newlines or ANSI escape sequences) to be written unescaped into logs. This cou…
Read MoreMay 30, 2025 » Django News » [Archived Version]
News Python Release Python 3.14.0b2 Python 3.14.0b2 beta introduces deferred type annotations, t-string templating, improved error messages, and remote debugging support that may influence Django project testing. python.org Updates to Django Fixed #35629 -- Added support for async database connections and cursors. Enhances Django's ORM with asynchronous database connections and low-level cursor support for executing raw SQL queries, …
Read More