Django

Today we've issued the 2.0.9 and 1.11.16 bugfix releases. The release package and checksums are available from our downloads page, as well as from the Python Package Index. The PGP key ID used for this release is Carlton Gibson: E17DF5C82B4F9D00.

Today we've issued the 2.1.1 bugfix release. The release package and checksums are available from our downloads page, as well as from the Python Package Index. The PGP key ID used for this release is Carlton Gibson: E17DF5C82B4F9D00.

We are almost two months away from DjangoCon US in San Diego, CA, and we are pleased to announce that our schedule is live! We received many phenomenal proposals, and the reviewers and program team had a difficult job choosing the final talks and ... [More] tutorials. We think you will love them as much as we do. Thank you to everyone who submitted a proposal or helped to review. Tickets for the conference are still on sale. There are a small handful of early-bird tickets left, so pick one up before they sell out! Check out our website for more information on which ticket type to select. We have also announced our tutorials. They are $195 each, and may be purchased at the same place as the conference tickets. DjangoCon US will be held October 14-19 at the lovely San Diego Marriott Mission Valley. Our hotel block rate expires September 13, but rooms are going fast, so reserve your room today! [Less]

The Django team is happy to announce the release of Django 2.1. The release notes cover the smorgasbord of new features in detail, the model “view” permission is a highlight that many will appreciate. You can get Django 2.1 from our downloads page or ... [More] from the Python Package Index. The PGP key ID used for this release is Tim Graham: 1E8ABDC773EDE252. With the release of Django 2.1, Django 2.0 has reached the end of mainstream support. The final minor bug fix release (which is also a security release), 2.0.8, was issued today. Django 2.1 will receive security and data loss fixes until April 2019. All users are encouraged to upgrade before then to continue receiving fixes for security issues. See the downloads page for a table of supported versions and the future release schedule. [Less]

The Django team is happy to announce the release of Django 2.1. The release notes cover the smorgasbord of new features in detail, the model “view” permission is a highlight that many will appreciate. You can get Django 2.1 from our downloads page or ... [More] from the Python Package Index. The PGP key ID used for this release is Tim Graham: 1E8ABDC773EDE252. With the release of Django 2.1, Django 2.0 has reached the end of mainstream support. The final minor bug fix release (which is also a security release), 2.0.8, was issued today. Django 2.0 will receive security and data loss fixes until April 2019. All users are encouraged to upgrade before then to continue receiving fixes for security issues. See the downloads page for a table of supported versions and the future release schedule. [Less]

In accordance with our security release policy, the Django team is issuing Django 1.11.15 and Django 2.0.8. These release addresses the security issue detailed below. We encourage all users of Django to upgrade as soon as possible. CVE-2018-14574: ... [More] Open redirect possibility in CommonMiddleware If the django.middleware.common.CommonMiddleware and the APPEND_SLASH setting are both enabled, and if the project has a URL pattern that accepts any path ending in a slash (many content management systems have such a pattern), then a request to a maliciously crafted URL of that site could lead to a redirect to another site, enabling phishing and other attacks. Thanks Andreas Hug for reporting this issue. Affected supported versions Django master branch Django 2.1 (which will be released in a separate blog post later today) Django 2.0 Django 1.11 Per our supported versions policy, Django 1.10 and older are no longer supported. Resolution Patches to resolve the issue have been applied to Django's master branch and the 2.1, 2.0, and 1.11 release branches. The patches may be obtained from the following changesets: On the master branch On the 2.1 release branch On the 2.0 release branch On the 1.11 release branch The following releases have been issued: Django 1.11.15 (download Django 1.11.15 | 1.11.15 checksums) Django 2.0.8 (download Django 2.0.8 | 2.0.8 checksums) The PGP key ID used for these releases is Tim Graham: 1E8ABDC773EDE252. General notes regarding security reporting As always, we ask that potential security issues be reported via private email to [email protected], and not via Django's Trac instance or the django-developers list. Please see our security policies for further information. [Less]

Django 2.1 release candidate 1 is the final opportunity for you to try out the smorgasbord of new features before Django 2.1 is released. The release candidate stage marks the string freeze and the call for translators to submit translations. ... [More] Provided no major bugs are discovered that can't be solved in the next two weeks, Django 2.1 will be released on or around August 1. Any delays will be communicated on the django-developers mailing list thread. Please use this opportunity to help find and fix bugs (which should be reported to the issue tracker). You can grab a copy of the package from our downloads page or on PyPI. The PGP key ID used for this release is Tim Graham: 1E8ABDC773EDE252. [Less]

DjangoCon Australia, the cute little sibling conference to DjangoCons EU and US, is on again next month in sunny Sydney. A one-day event packed full of content, DjangoCon AU is run as a Specialist Track – a dedicated one-day, one track “mini ... [More] conference” – inside PyCon AU. Tickets for DjangoCon AU and PyCon AU are now on sale. If you can only join us for one day, you can get a ticket for just DjangoCon AU for only AU$150. But, if you’d like to make a long weekend of it, tickets for the full event – DjangoCon AU on the Friday, and PyCon AU on the Saturday and Sunday – are available starting from AUD$440. As part of our ongoing commitment to ensuring as many people can get to PyCon AU as possible, there are generous discounts for students, and Contributor ✨ Tickets that directly help fill the financial assistance pool of funds. The talks lists for DjangoCon AU and all of PyCon AU are already live, so take a look at what we have in store. Buy your tickets by August 7 2018 to ensure you get the a coveted PyCon AU t-shirt. Shirts for DjangoCon AU will be revealed and details announced on the day. We hope to see you in Sydney next month! Katie McLaughlin, PyCon AU Conference Director, DSF Board [Less]

Today we've issued the 2.0.7 and 1.11.14 bugfix releases. The release package and checksums are available from our downloads page, as well as from the Python Package Index. The PGP key ID used for this release is Carlton Gibson: E17DF5C82B4F9D00.

Django 2.1 beta 1 is now available. It represents the second stage in the 2.1 release cycle and is an opportunity for you to try out the changes coming in Django 2.1. Django 2.1 has a smorgasbord of new features which you can read about in the ... [More] in-development 2.1 release notes. Only bugs in new features and regressions from earlier versions of Django will be fixed between now and 2.1 final (also, translations will be updated following the "string freeze" when the release candidate is issued). The current release schedule calls for a release candidate in a month from now with the final release to follow about two weeks after that around August 1. Early and often testing from the community will help minimize the number of bugs in the release. Updates on the release schedule schedule are available on the django-developers mailing list. As with all beta and beta packages, this is not for production use. But if you'd like to take some of the new features for a spin, or to help find and fix bugs (which should be reported to the issue tracker), you can grab a copy of the beta package from our downloads page or on PyPI. The PGP key ID used for this release is Tim Graham: 1E8ABDC773EDE252. [Less]