Djangify News Aggregator
A daily dose of tech, dev, and AI news from across the web, all in one place.
Backend News
Annual meeting of DSF Members at DjangoCon Europe
<p>We’re organizing an annual meeting for members of the Django Software Foundation! It will be held at <a href="https://2025.djangocon.eu/">DjangoCon Europe 2025</a> in two weeks in Dublin, bright and early <a href="https://pretalx.evolutio.pt/djangocon-europe-2025/talk/GJDTBU/">on the second day of the conference</a>. The meeting will be held in person at the venue, and participants can also join remotely.</p> <p><a class="cta" href="https://docs.google.com/forms/d/e/1FAIpQLSfnq_xvdNvhwX3CXtjAcGkRJ-hEETY1NauAcsjt3KqrD0fTog/viewform?usp=dialog">Register to join the annual meeting</a></p> <h4 id="s-what-to-expect">What to expect</h4> <p>This is an opportunity for current and aspiring members of the Foundation to directly contribute to discussions about our direction. We will cover our current and future projects, and look for feedback and possible contributions within our community.</p> <hr /> <p>If this sounds interesting to you but you’re not currently an Individual Member, do <a href="https://www.djangoproject.com/foundation/individual-members/">review our membership criteria and apply</a>!</p> <p> </p>
Read more
Django 5.2 released
<p>The Django team is happy to announce the release of Django 5.2.</p> <p><a class="reference external" href="https://docs.djangoproject.com/en/5.2/releases/5.2/">The release notes</a> showcase a composite of new features. A few highlights are:</p> <ul class="simple"> <li>All models are automatically imported in the <a class="reference external" href="https://docs.djangoproject.com/en/5.2/ref/django-admin/#django-admin-shell">shell</a> by default.</li> <li>Django now supports composite primary keys! The new <a class="reference external" href="https://docs.djangoproject.com/en/5.2/ref/models/fields/#django.db.models.CompositePrimaryKey">django.db.models.CompositePrimaryKey</a> allows tables to be created with a primary key consisting of multiple fields.</li> <li>Overriding a <a class="reference external" href="https://docs.djangoproject.com/en/5.2/ref/forms/api/#django.forms.BoundField">BoundField</a> got a lot easier: this can now be set on a form, field or project level.</li> </ul> <p>You can get Django 5.2 from <a class="reference external" href="https://www.djangoproject.com/download/">our downloads page</a> or from <a class="reference external" href="https://pypi.python.org/pypi/Django/5.2">the Python Package Index</a>. The PGP key ID used for this release is: <a class="reference external" href="https://github.com/sarahboyce.gpg">3955B19851EA96EF</a></p> <p>With the release of Django 5.2, Django 5.1 has reached the end of mainstream support. The final minor bug fix release, <a class="reference external" href="https://docs.djangoproject.com/en/stable/releases/5.1.8/">5.1.8</a>, which was also a security release, was issued today. Django 5.1 will receive security and data loss fixes until December 2025. All users are encouraged to upgrade before then to continue receiving fixes for security issues.</p> <p>Django 5.0 has reached the end of extended support. The final security release, <a class="reference external" href="https://docs.djangoproject.com/en/stable/releases/5.0.14/">5.0.14</a>, was issued today. All Django 5.0 users are encouraged to <a class="reference external" href="https://docs.djangoproject.com/en/dev/howto/upgrade-version/">upgrade</a> to Django 5.1 or later.</p> <p>See the <a class="reference external" href="https://www.djangoproject.com/download/#supported-versions">downloads page</a> for a table of supported versions and the future release schedule.</p>
Read more
Django security releases issued: 5.1.8 and 5.0.14
<p>In accordance with <a class="reference external" href="https://docs.djangoproject.com/en/dev/internals/security/">our security release policy</a>, the Django team is issuing releases for <a class="reference external" href="https://docs.djangoproject.com/en/dev/releases/5.1.8/">Django 5.1.8</a> and <a class="reference external" href="https://docs.djangoproject.com/en/dev/releases/5.0.14/">Django 5.0.14</a>. These releases address the security issues detailed below. We encourage all users of Django to upgrade as soon as possible.</p> <div class="section" id="s-cve-2025-27556-potential-denial-of-service-vulnerability-in-loginview-logoutview-and-set-language-on-windows"> <h3>CVE-2025-27556: Potential denial-of-service vulnerability in <tt class="docutils literal">LoginView</tt>, <tt class="docutils literal">LogoutView</tt>, and <tt class="docutils literal">set_language()</tt> on Windows</h3> <p>Python's NFKC normalization is slow on Windows. As a consequence, <tt class="docutils literal">django.contrib.auth.views.LoginView</tt>, <tt class="docutils literal">django.contrib.auth.views.LogoutView</tt>, and <tt class="docutils literal">django.views.i18n.set_language</tt> were subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.</p> <p>Thanks to sw0rd1ight for the report.</p> <p>This issue has severity "moderate" according to the Django security policy.</p> </div> <div class="section" id="s-affected-supported-versions"> <h3>Affected supported versions</h3> <ul class="simple"> <li>Django main</li> <li>Django 5.2 (currently at release candidate status)</li> <li>Django 5.1</li> <li>Django 5.0</li> </ul> </div> <div class="section" id="s-resolution"> <h3>Resolution</h3> <p>Patches to resolve the issue have been applied to Django's main, 5.2 (currently at release candidate status), 5.1, and 5.0 branches. The patches may be obtained from the following changesets.</p> <div class="section" id="s-cve-2025-27556-potential-denial-of-service-vulnerability-in-loginview-logoutview-and-set-language-on-windows-1"> <h4>CVE-2025-27556: Potential denial-of-service vulnerability in <tt class="docutils literal">LoginView</tt>, <tt class="docutils literal">LogoutView</tt>, and <tt class="docutils literal">set_language()</tt> on Windows</h4> <ul class="simple"> <li>On the <a class="reference external" href="https://github.com/django/django/commit/39e2297210d9d2938c75fc911d45f0e863dc4821">main branch</a></li> <li>On the <a class="reference external" href="https://github.com/django/django/commit/2cb311f7b069723027fb5def4044d1816d7d2afd">5.2 branch</a></li> <li>On the <a class="reference external" href="https://github.com/django/django/commit/edc2716d01a6fdd84b173c02031695231bcee1f8">5.1 branch</a></li> <li>On the <a class="reference external" href="https://github.com/django/django/commit/8c6871b097b6c49d2a782c0d80d908bcbe2116f1">5.0 branch</a></li> </ul> </div> </div> <div class="section" id="s-the-following-releases-have-been-issued"> <h3>The following releases have been issued</h3> <ul class="simple"> <li>Django 5.1.8 (<a class="reference external" href="https://www.djangoproject.com/m/releases/5.1/Django-5.1.8.tar.gz">download Django 5.1.8</a> | <a class="reference external" href="https://www.djangoproject.com/m/pgp/Django-5.1.8.checksum.txt">5.1.8 checksums</a>)</li> <li>Django 5.0.14 (<a class="reference external" href="https://www.djangoproject.com/m/releases/5.0/Django-5.0.14.tar.gz">download Django 5.0.14</a> | <a class="reference external" href="https://www.djangoproject.com/m/pgp/Django-5.0.14.checksum.txt">5.0.14 checksums</a>)</li> </ul> <p>The PGP key ID used for this release is : <a class="reference external" href="https://github.com/sarahboyce.gpg">3955B19851EA96EF</a></p> </div> <div class="section" id="s-general-notes-regarding-security-reporting"> <h3>General notes regarding security reporting</h3> <p>As always, we ask that potential security issues be reported via private email to <tt class="docutils literal">security@djangoproject.com</tt>, and not via Django's Trac instance, nor via the Django Forum. Please see <a class="reference external" href="https://www.djangoproject.com/security/">our security policies</a> for further information.</p> </div>
Read more
Django 5.2 release candidate 1 released
<p>Django 5.2 release candidate 1 is the final opportunity for you to try out <a class="reference external" href="https://docs.djangoproject.com/en/dev/releases/5.2/">a composite of new features</a> before Django 5.2 is released.</p> <p>The release candidate stage marks the string freeze and the call for translators <a class="reference external" href="https://docs.djangoproject.com/en/dev/internals/contributing/localizing/#translations">to submit translations</a>. Provided no major bugs are discovered that can't be solved in the next two weeks, Django 5.2 will be released on or around April 2. Any delays will be communicated on the <a class="reference external" href="https://forum.djangoproject.com/t/django-5-2-release-status-and-next-steps/37131">on the Django forum</a>.</p> <p>Please use this opportunity to help find and fix bugs (which should be reported to <a class="reference external" href="https://code.djangoproject.com/newticket">the issue tracker</a>), you can grab a copy of the release candidate package from <a class="reference external" href="https://www.djangoproject.com/download/">our downloads page</a> or on PyPI.</p> <p>The PGP key ID used for this release is Sarah Boyce: <a class="reference external" href="https://github.com/sarahboyce.gpg">3955B19851EA96EF</a></p>
Read more
DSF member of the month - Cory Zue
<p>For March 2025, we welcome Cory Zue (<a href="https://bsky.app/profile/coryzue.com">@coryzue.com</a>) as our DSF member of the month! ⭐</p> <p>Cory Zue is a Django developer for many years. He is currently a member of the <a href="https://github.com/django/dsf-working-groups/blob/main/active/social-media.md">DSF Social Media Working Group</a> and he has been a DSF member since octobre 2022. <br /> You can learn more about Cory by checking out <a href="https://www.coryzue.com/">his website</a> or visiting <a href="https://github.com/czue">Cory's GitHub Profile</a>.</p> <p>Let’s spend some time getting to know Cory better!</p> <h4 id="s-can-you-tell-us-a-little-about-yourself-hobbies-education-etc">Can you tell us a little about yourself (hobbies, education, etc)</h4> <p>I'm a programmer-turned-manager-turned-entrepreneur and currently run a portfolio of businesses on my own (using Django of course!).</p> <p>I grew up in Massachusetts and studied Computer Science at MIT where I met the founders of Dimagi, where I ended up as CTO for 10 years before starting my own businesses. In 2016, I moved to Cape Town, South Africa for a "temporary" relocation, and have been here ever since. These days my main hobbies include surfing, trail running, and exploring nature with my wife and two boys.</p> <h4 id="s-how-did-you-start-using-django">How did you start using Django?</h4> <p>My first major Django project was working on an SMS-based system that helped <a href="https://www.rapidsms.org/about/case-studies/nigeria-monitoring-supplies-in-a-campaign-setting/">with the distribution of millions of bednets</a> in Nigeria. It was built on top of a Django-based platform called RapidSMS that was initially developed by UNICEF. After that I worked on several other RapidSMS systems before eventually leading Dimagi's <a href="https://dimagi.com/commcare/">CommCare</a> server team. CommCare eventually became -- to my knowledge -- the <a href="https://github.com/dimagi/commcare-hq/">largest open source Django codebase</a> in terms of contributions/commits.</p> <h4 id="s-what-other-framework-do-you-know-and-if-there-is-anything-you-would-like-to-have-in-django-if-you-had-magical-powers">What other framework do you know and if there is anything you would like to have in Django if you had magical powers?</h4> <p>I still love Django and use it for most projects that need a backend. That said, I find Django's "hands off" approach to modern front end development to be a big barrier for people who aren't already familiar with the framework.</p> <p>If I had magical powers I would convince the Django community that it is worth providing some out-of-the-box support for modern front end tooling like TailwindCSS or a JavaScript bundler. I'd also try to get official "starter projects" built into the framework that show how you can use Django with some of the more popular front end options like React and HTMX.</p> <h4 id="s-what-projects-are-you-working-on-now">What projects are you working on now?</h4> <p>My main project right now is <a href="https://www.saaspegasus.com/">SaaS Pegasus</a>, which is a Django codebase creator that helps you spin up new projects more efficiently by bundling in <em>even more</em> batteries than Django itself. This includes things like configuring auth, front end, and deployment, but also has some more powerful features like multi-tenancy and billing baked in.</p> <p>One of the great things about running Pegasus is that I can justify building new Django apps as dogfooding the product. So I always have other Django projects I'm working on. Right now the biggest one is a RAG chat-with-your-data LLM project called <a href="https://scriv.ai/">Scriv.ai</a>.</p> <p>Within the Django community my main contributions are in the form of writing <a href="https://www.saaspegasus.com/guides/">in-depth guides to using Django</a>, as well as pitching in on the Social Media working group to help grow Django's audience.</p> <h4 id="s-which-django-libraries-are-your-favorite-core-or-3rd-party">Which Django libraries are your favorite (core or 3rd party)?</h4> <p>It's hard to go with anything other than the ORM (and migrations framework), which I still feel is Django's greatest and most important feature. It just fits my brain much better than SQLAlchemy or other options I've used.</p> <p>One lesser-known library I'll shout out that I have been enjoying lately is <a href="https://django-cotton.com/">django-cotton</a>, which provides a nice little layer of syntactic sugar and tooling that makes working with components in Django templates much nicer.</p> <h4 id="s-what-are-the-top-three-things-in-django-that-you-like">What are the top three things in Django that you like?</h4> <ol> <li> <p>The ORM + migrations.</p> </li> <li> <p>The community.</p> </li> <li> <p>That nearly every backend use case I have already has a feature that's been built to accommodate it (e.g. middleware, messages, i18n, etc.). I feel like the modern JavaScript frameworks I've used are way behind on this front.</p> </li> </ol> <h4 id="s-what-would-you-recommend-to-someone-who-wants-to-start-out-as-an-entrepreneur-like-you">What would you recommend to someone who wants to start out as an entrepreneur like you?</h4> <p>I have an <a href="https://www.coryzue.com/writing/solopreneur/">entire talk/article about this</a>!</p> <p>But if I were to emphasize the most important part that worked for me, it was creating enough space in my life for deep, uninterrupted work and structuring it in a way that I never ran out of money or energy while I was trying (by working part time while I was getting started). In general, the path to success usually takes a long time, so giving yourself plenty of time is really important. The tactics you can figure out as you go, but the space and time to do it is the most important thing to have in place. Your main goal is not to quit.</p> <h4 id="s-is-there-anything-else-youd-like-to-say">Is there anything else you'd like to say?</h4> <p>Thank you for including me in this series!</p> <hr /> <p><strong>Thank you for doing the interview, Cory!</strong></p>
Read more
Accessibility and inclusivity at FOSDEM 2025
<p> </p> <p>For this year’s FOSDEM conference, our Django accessibility team organized the "Inclusive Web" track. Here’s a recap of how it went!</p> <p>The idea for the <a href="https://fosdem.org/2025/schedule/track/inclusive-web/">Inclusive Web devroom</a> started at FOSDEM 2024, where we discussed the importance of showcasing accessibility and inclusivity work in open source, in web development and beyond. The <a href="https://www.djangoproject.com/foundation/teams/#accessibility-team">Django accessibility team</a> got to work on a FOSDEM 2025 proposal. Lo and behold, it got accepted, and here we are with a room full of people interested in those topics, and a great lineup of speakers!</p> <p><img alt="Panorama of the room during a talk, taken from the back. It’s a classroom with multiple rows of tables and seats. Some people are standing on the side. The speaker is in front of their slides at the front of the room." height="768" src="https://thib.me/images/blog/accessibility-and-inclusivity-at-fosdem-2025/inclusive-web-devroom-panorama.jpg" style="height: auto;" width="1536" /></p> <p>The room was full for most of the day with about 70 attendees, with the conference also providing a livestream for remote participants. We had a great mix of talks, covering a lot of the aspects of the Inclusive Web that we wanted to showcase.</p> <h3 id="s-the-talks">The talks</h3> <h4 id="s-top-accessibility-errors-found-in-open-source-through-automated-testing"><a href="https://fosdem.org/2025/schedule/event/fosdem-2025-6075-top-accessibility-errors-found-in-open-source-through-automated-testing/">Top Accessibility Errors Found in Open Source Through Automated Testing</a></h4> <div> <div> <p>In the first talk of the day, Raashi Saxena shares insights on the most common accessibility errors in open-source projects, based on manual and automated testing. She highlights real-world case studies to help developers improve accessibility in their projects – and warn against the legal risks of poor accessibility!</p> </div> <figure> <img alt="" height="256" src="https://thib.me/images/blog/accessibility-and-inclusivity-at-fosdem-2025/speakers/raashi-on-stage-fosdem-2025-60.webp" width="256" /> <figcaption><strong>Raashi getting the devroom started</strong></figcaption> </figure> </div> <h4 id="s-solving-the-worlds-localization-problems"><a href="https://fosdem.org/2025/schedule/event/fosdem-2025-5561-solving-the-world-s-localization-problems/">Solving the world’s (localization) problems</a></h4> <div> <div> <p>Eemeli Aro and Ujjwal Sharma introduce <a href="https://messageformat.dev/">MessageFormat 2</a>, a new standard to address long-standing localization challenges. They discuss its potential applications and the tools being built around it. This standard is very promising for Django developers working on multilingual applications to provide better translations for users, and better capabilities for translators.</p> </div> <figure> <img alt="" height="256" src="https://thib.me/images/blog/accessibility-and-inclusivity-at-fosdem-2025/speakers/ujjwal-and-eemeli-on-stage-fosdem-2025-60.webp" width="256" /> <figcaption><strong>Eemeli and Ujjwal introduce themselves</strong></figcaption> </figure> </div> <h4 id="s-alternative-text-for-images-how-bad-are-our-alt-text-anyway"><a href="https://fosdem.org/2025/schedule/event/fosdem-2025-4709-alternative-text-for-images-how-bad-are-our-alt-text-anyway-/">Alternative Text for Images: How Bad Are Our Alt-Text Anyway?</a></h4> <div> <div> <p>Mike Gifford explores the importance of alt text in web accessibility and how often it misses the mark. He demonstrates his <a href="https://github.com/CivicActions/site-evaluation-tools/blob/main/alt-text-scan.py.md">alt text scan Python script</a> for auditing alt-text across websites. Alt text is a common issue on Django projects, and the AI generation showcased by Mike has the potential to move the needle.</p> </div> <figure> <img alt="" height="256" src="https://thib.me/images/blog/accessibility-and-inclusivity-at-fosdem-2025/speakers/mike-on-stage-fosdem-2025-60.webp" width="256" /> <figcaption><strong>Mike shares his experiments</strong></figcaption> </figure> </div> <h4 id="s-secure-and-inclusive-webauthn-for-multi-factor-authentication"><a href="https://fosdem.org/2025/schedule/event/fosdem-2025-5777-secure-and-inclusive-webauthn-for-multi-factor-authentication/">Secure and Inclusive: WebAuthn for (Multi-Factor) Authentication</a></h4> <div> <div> <p>Storm Heg explains how WebAuthn (Passkeys) offers a secure and user-friendly alternative to traditional authentication methods. This talk covers how it works, its accessibility benefits, and how Django developers can integrate it into their projects. Storm showcases his <a href="https://github.com/Stormbase/django-otp-webauthn">django-otp-webauthn</a> package and other alternatives.</p> </div> <figure> <img alt="" height="256" src="https://thib.me/images/blog/accessibility-and-inclusivity-at-fosdem-2025/speakers/storm-on-stage-fosdem-2025-60.webp" width="256" /> <figcaption><strong>Storm’s whoami output</strong></figcaption> </figure> </div> <h4 id="s-how-do-we-work-out-the-environmental-savings-from-accessibility"><a href="https://fosdem.org/2025/schedule/event/fosdem-2025-5292-how-do-we-work-out-the-environmental-savings-from-accessibility-/">How do we work out the environmental savings from accessibility?</a></h4> <div> <div> <p>Chris Adams discusses how supporting older devices through accessible digital services can reduce e-waste. He explores research on hardware obsolescence, data-driven methods for measuring environmental impact, and policy changes in digital sustainability. This builds upon previous work by Chris <a href="https://archive.fosdem.org/2021/schedule/event/webperf_building_a_greener_web/">showcasing the parallels between web accessibility and sustainability</a>.</p> </div> <figure> <img alt="" height="256" src="https://thib.me/images/blog/accessibility-and-inclusivity-at-fosdem-2025/speakers/chris-on-stage-fosdem-2025-60.webp" width="256" /> <figcaption><strong>Chris with his cover slide</strong></figcaption> </figure> </div> <h4 id="s-growing-inclusive-communities-djangonaut-space-program"><a href="https://fosdem.org/2025/schedule/event/fosdem-2025-5237-growing-inclusive-communities-djangonaut-space-program/">Growing inclusive communities: Djangonaut Space program</a></h4> <div> <div> <p>Raffaella Suardini shares the success of the <a href="https://djangonaut.space/">Djangonaut Space</a> mentorship program in fostering sustainable contributions and welcoming new contributors. She provides strategies for building inclusive tech communities, which are crucial to the success of open-source projects like Django 💜.</p> </div> <figure> <img alt="" height="256" src="https://thib.me/images/blog/accessibility-and-inclusivity-at-fosdem-2025/speakers/raffaella-on-stage-fosdem-2025-60.webp" width="256" /> <figcaption><strong>Raffaella taking questions</strong></figcaption> </figure> </div> <h4 id="s-multilingual-speech-technologies-that-understand-you"><a href="https://fosdem.org/2025/schedule/event/fosdem-2025-5948-multilingual-speech-technologies-that-understand-you/">Multilingual Speech Technologies That Understand You</a></h4> <div> <div> <p>Jessica Rose discusses how <a href="https://commonvoice.mozilla.org/en">Common Voice</a>’s <a href="https://github.com/common-voice/common-voice">crowdsourced speech dataset</a> helps developers build speech technologies for underrepresented languages. She highlights the challenges of linguistic diversity in tech – which are very relevant for a project with such an international and multiligual user base as Django.</p> </div> <figure> <img alt="" height="256" src="https://thib.me/images/blog/accessibility-and-inclusivity-at-fosdem-2025/speakers/jessica-on-stage-fosdem-2025-60.webp" width="256" /> <figcaption><strong>Jessica showcases project challenges</strong></figcaption> </figure> </div> <h4 id="s-atag-accessibility-audits-worth-your-while"><a href="https://fosdem.org/2025/schedule/event/fosdem-2025-5806-atag-accessibility-audits-worth-your-while/">ATAG accessibility audits: worth your while</a></h4> <div> <div> <p>Thibaud Colas introduces the Authoring Tool Accessibility Guidelines (ATAG) and explains why they are essential for content creation tools, like the Django admin. He shares highlights of where projects can learn a lot from ATAG, making this talk valuable for Django developers working with content publishing.</p> </div> <figure> <img alt="" height="256" src="https://thib.me/images/blog/accessibility-and-inclusivity-at-fosdem-2025/speakers/thibaud-on-stage-fosdem-2025-60.webp" width="256" /> <figcaption><strong>Thibaud lists accessibility standards</strong></figcaption> </figure> </div> <h3 id="s-all-recordings">All recordings</h3> <p>You can watch them all on the FOSDEM website:</p> <div> <a href="https://fosdem.org/2025/schedule/event/fosdem-2025-6075-top-accessibility-errors-found-in-open-source-through-automated-testing/"> <figure> <img alt="Raashi to the side of her slides, titled 'Accessibility', with examples of what accessibility means" height="180" src="https://thib.me/images/blog/accessibility-and-inclusivity-at-fosdem-2025/thumbnails/top-accessibility-errors-found-in-open-source-through-automated-testing.webp" width="256" /> <figcaption>Raashi Saxena - Top Accessibility Errors Found in Open Source Through Automated Testing | FOSDEM 2025</figcaption> </figure> </a> <a href="https://fosdem.org/2025/schedule/event/fosdem-2025-5561-solving-the-world-s-localization-problems/"> <figure> <img alt="Eemeli and Ujjwal in front of Ujjwal’s introduction slide, with audience members in the foreground" height="180" src="https://thib.me/images/blog/accessibility-and-inclusivity-at-fosdem-2025/thumbnails/solving-the-world-s-localization-problems.webp" width="256" /> <figcaption>Eemeli Aro and Ujjwal Sharm - Solving the world’s (localization) problems | FOSDEM 2025</figcaption> </figure> </a> <a href="https://fosdem.org/2025/schedule/event/fosdem-2025-4709-alternative-text-for-images-how-bad-are-our-alt-text-anyway-/"> <figure> <img alt="Mike to the right of his slides, titled 'Initial experiment with proprietary tools', with attendees in the foreground" height="180" src="https://thib.me/images/blog/accessibility-and-inclusivity-at-fosdem-2025/thumbnails/alternative-text-for-images-how-bad-are-our-alt-text-anyway.webp" width="256" /> <figcaption>Mike Gifford - Alternative Text for Images: How Bad Are Our Alt-Text Anyway? | FOSDEM 2025</figcaption> </figure> </a> <a href="https://fosdem.org/2025/schedule/event/fosdem-2025-5777-secure-and-inclusive-webauthn-for-multi-factor-authentication/"> <figure> <img alt="Storm in front of his slides, with audience members in the foreground" height="180" src="https://thib.me/images/blog/accessibility-and-inclusivity-at-fosdem-2025/thumbnails/secure-and-inclusive-webauthn-for-multi-factor-authentication.webp" width="256" /> <figcaption>Storm Heg - Secure and Inclusive: WebAuthn for (Multi-Factor) Authentication | FOSDEM 2025</figcaption> </figure> </a> <a href="https://fosdem.org/2025/schedule/event/fosdem-2025-5292-how-do-we-work-out-the-environmental-savings-from-accessibility-/"> <figure> <img alt="Chris is to the right of his slide, titled 'How do we work out the environmental savings from accessibility?'" height="180" src="https://thib.me/images/blog/accessibility-and-inclusivity-at-fosdem-2025/thumbnails/how-do-we-work-out-the-environmental-savings-from-accessibility.webp" width="256" /> <figcaption>Chris Adams - How do we work out the environmental savings from accessibility? | FOSDEM 2025</figcaption> </figure> </a> <a href="https://fosdem.org/2025/schedule/event/fosdem-2025-5237-growing-inclusive-communities-djangonaut-space-program/"> <figure> <img alt="Raffaella in front of a slide titled 'Thank you'" height="180" src="https://thib.me/images/blog/accessibility-and-inclusivity-at-fosdem-2025/thumbnails/growing-inclusive-communities-djangonaut-space-program.webp" width="256" /> <figcaption>Raffaella Suardini - Growing inclusive communities: Djangonaut Space program | FOSDEM 2025</figcaption> </figure> </a> <a href="https://fosdem.org/2025/schedule/event/fosdem-2025-5948-multilingual-speech-technologies-that-understand-you/"> <figure> <img alt="Jessica in front of a slide titled 'Why are these problems?'" height="180" src="https://thib.me/images/blog/accessibility-and-inclusivity-at-fosdem-2025/thumbnails/multilingual-speech-technologies-that-understand-you.webp" width="256" /> <figcaption>Jessica Rose - Multilingual Speech Technologies That Understand You | FOSDEM 2025</figcaption> </figure> </a> <a href="https://fosdem.org/2025/schedule/event/fosdem-2025-5806-atag-accessibility-audits-worth-your-while/"> <figure> <img alt="Thibaud in a pineapple hoodie in front of his slides" height="180" src="https://thib.me/images/blog/accessibility-and-inclusivity-at-fosdem-2025/thumbnails/atag-accessibility-audits-worth-your-while.webp" width="256" /> <figcaption>Thibaud Colas - ATAG accessibility audits: worth your while | FOSDEM 2025</figcaption> </figure> </a> </div> <h3 id="s-see-you-in-2026">See you in 2026</h3> <p>We had a blast running this devroom, and we’re looking forward to doing it again in 2026 if we get the chance! Thank you to our speakers, devroom organizers (Saptak, Tom, Sarah, Thibaud, Eli), and helpers (Alex and Storm) for making this event a success! 🎉</p> <figure> <img alt="Collage of Inclusive Web devroom organizers, helpers, and speakers. With three separate pictures of people smiling, in different areas of the conference venue. Top: Raffaella, Sarah, Thibaud, Alex. Then Saptak, Storm, Sarah, Thibaud. Then at the bottom Storm, Thibaud, Sarah, Alex." height="512" src="https://thib.me/images/blog/accessibility-and-inclusivity-at-fosdem-2025/fosdem-2025-inclusive-web-organizers-helpers-speakers-collage.jpg" style="height: auto;" width="512" /> <figcaption>Our 2025 devroom speakers, organizers, and helpers. Top left to right: Raffaella, Sarah, Thibaud, Alex, Saptak, Storm</figcaption> </figure>
Read more
Happy International Women's Day! 🎉 💜
<p>This International Women's Day, we're celebrating a historic milestone in Django’s journey! 🚀</p> <p>For the first time ever, Django has women in every leadership position within the project:</p> <ul> <li>2 Django Steering Council members 💜</li> <li>2 DSF Board members 💜</li> <li>2 Django Fellows 💜</li> </ul> <p>This moment is not just about numbers — it’s about the impact of years of effort to create a more inclusive and welcoming Django community.</p> <p>A huge shoutout to <a href="https://djangogirls.org/en/">Django Girls</a> for introducing countless women to tech and Django, and to <a href="https://djangonaut.space/">Djangonaut Space</a> for mentoring a diverse set of contributors—many of whom have stepped into leadership roles. In fact, 4 out of 6 women who put their name forward in the <a href="https://www.djangoproject.com/weblog/2024/oct/28/2025-dsf-board-candidates/">latest Board elections</a> were Djangonaut Space alumni.</p> <p>Django thrives when our community grows more diverse, more representative, and more empowered. Today, we celebrate the progress, the leaders, and everyone working to make Django a space where everyone belongs.</p> <p>Happy International Women's Day! 🎉 💜</p>
Read more
Django security releases issued: 5.1.7, 5.0.13 and 4.2.20
<p>In accordance with <a class="reference external" href="https://docs.djangoproject.com/en/dev/internals/security/">our security release policy</a>, the Django team is issuing releases for <a class="reference external" href="https://docs.djangoproject.com/en/dev/releases/5.1.7/">Django 5.1.7</a>, <a class="reference external" href="https://docs.djangoproject.com/en/dev/releases/5.0.13/">Django 5.0.13</a> and <a class="reference external" href="https://docs.djangoproject.com/en/dev/releases/4.2.20/">Django 4.2.20</a>. These releases address the security issues detailed below. We encourage all users of Django to upgrade as soon as possible.</p> <div class="section" id="s-cve-2025-26699-potential-denial-of-service-in-django-utils-text-wrap"> <h3>CVE-2025-26699: Potential denial-of-service in <tt class="docutils literal">django.utils.text.wrap()</tt></h3> <p>The <tt class="docutils literal">django.utils.text.wrap()</tt> and <tt class="docutils literal">wordwrap</tt> template filter were subject to a potential denial-of-service attack when used with very long strings.</p> <p>Thanks to sw0rd1ight for the report.</p> <p>This issue has severity "moderate" according to the Django security policy.</p> </div> <div class="section" id="s-affected-supported-versions"> <h3>Affected supported versions</h3> <ul class="simple"> <li>Django main</li> <li>Django 5.2 (currently at pre-release beta status)</li> <li>Django 5.1</li> <li>Django 5.0</li> <li>Django 4.2</li> </ul> </div> <div class="section" id="s-resolution"> <h3>Resolution</h3> <p>Patches to resolve the issue have been applied to Django's main, 5.2, 5.1, 5.0, and 4.2 branches. The patches may be obtained from the following changesets.</p> <div class="section" id="s-cve-2025-26699-potential-denial-of-service-in-django-utils-text-wrap-1"> <h4>CVE-2025-26699: Potential denial-of-service in <tt class="docutils literal">django.utils.text.wrap()</tt></h4> <ul class="simple"> <li>On the <a class="reference external" href="https://github.com/django/django/commit/55d89e25f4115c5674cdd9b9bcba2bb2bb6d820b">main branch</a></li> <li>On the <a class="reference external" href="https://github.com/django/django/commit/3cfa472644d4ce764d84fed739177b5765ea4b8a">5.2 branch</a></li> <li>On the <a class="reference external" href="https://github.com/django/django/commit/8dbb44d34271637099258391dfc79df33951b841">5.1 branch</a></li> <li>On the <a class="reference external" href="https://github.com/django/django/commit/4f2765232336b8ad0afd8017d9d912ae93470017">5.0 branch</a></li> <li>On the <a class="reference external" href="https://github.com/django/django/commit/e88f7376fe68dbf4ebaf11fad1513ce700b45860">4.2 branch</a></li> </ul> </div> </div> <div class="section" id="s-the-following-releases-have-been-issued"> <h3>The following releases have been issued</h3> <ul class="simple"> <li>Django 5.1.7 (<a class="reference external" href="https://www.djangoproject.com/m/releases/5.1/Django-5.1.7.tar.gz">download Django 5.1.7</a> | <a class="reference external" href="https://www.djangoproject.com/m/pgp/Django-5.1.7.checksum.txt">5.1.7 checksums</a>)</li> <li>Django 5.0.13 (<a class="reference external" href="https://www.djangoproject.com/m/releases/5.0/Django-5.0.13.tar.gz">download Django 5.0.13</a> | <a class="reference external" href="https://www.djangoproject.com/m/pgp/Django-5.0.13.checksum.txt">5.0.13 checksums</a>)</li> <li>Django 4.2.20 (<a class="reference external" href="https://www.djangoproject.com/m/releases/4.2/Django-4.2.20.tar.gz">download Django 4.2.20</a> | <a class="reference external" href="https://www.djangoproject.com/m/pgp/Django-4.2.20.checksum.txt">4.2.20 checksums</a>)</li> </ul> <p>The PGP key ID used for this release is Sarah Boyce: <a class="reference external" href="https://github.com/sarahboyce.gpg">3955B19851EA96EF</a></p> </div> <div class="section" id="s-general-notes-regarding-security-reporting"> <h3>General notes regarding security reporting</h3> <p>As always, we ask that potential security issues be reported via private email to <tt class="docutils literal">security@djangoproject.com</tt>, and not via Django's Trac instance, nor via the Django Forum. Please see <a class="reference external" href="https://www.djangoproject.com/security/">our security policies</a> for further information.</p> </div>
Read more
Call for Proposals for DjangoCon Africa 2025 is now open!
<p>The call for proposals for DjangoCon Africa 2025 is officially open! 💃🏻 Come be a part of this headline event by submitting a talk.</p> <p><a class="cta" href="https://pretalx.com/djangocon-africa-2025/cfp">Submit a proposal for DjangoCon Africa 2025</a></p> <h4 id="s-why-speak-at-djangocon-africa">Why speak at DjangoCon Africa</h4> <p>Simply put, it’s an excellent opportunity to put your ideas out there, share knowledge with fellow Djangonauts, and give back to our community. You get to reach both a passitonate local audience, and the global Django community once your talk is published online.</p> <p>If you’re interested in <a href="https://2025.djangocon.africa/opportunity_grants">our Opportunity Grants</a>, being an approved speaker or tutorial presenter also puts you first in line to receive that.</p> <h4 id="s-what-to-cover">What to cover</h4> <p>We’re looking for proposals from first-time speakers as well as veterans. We want talks (20 - 45 min), workshops and tutorials, (60 - 90 min), and also lightning talks (5 min). As far as topics, here are suggested ones:</p> <ul> <li>Django internals and challenges in modern web development.</li> <li>Wild ideas, clever hacks, surprising or cool use cases.</li> <li>Improving Django and Python developers’ lives.</li> <li>Pushing Django to its limits.</li> <li>The Django and Python community, culture, history, past, present & future, the why, the who and the what of it all.</li> <li>Security</li> <li>Emerging technologies and industries – AI, Blockchain, Open Source etc.</li> <li>Diversity, Equity and Inclusion</li> <li>Whatever you deem appropriate - it’s your conference after all</li> </ul> <h5 id="s-ubuntu">Ubuntu</h5> <p>In addition to Django, this year's edition will feature a new Pan-African open source event running alongside DjangoCon Africa - UbuCon at DjangoCon Africa!</p> <p>We invite proposals on any of these topics, and more: Desktop, Cloud and Infrastructure, Linux Containers and Container Orchestration, DevOps, Virtualisation, Automation, Networking Windows Subsystem for Linux(WSL), IoT, Embedded, Robotics, Appliances, Packaging, Documentation, QA and Bug triage, Security, Compliance and Kernel, Data and AI, Video, Audio and Image editing, Open source tools, Community, Diversity, Local Outreach and Social Context.</p> <h4 id="s-im-in-what-do-i-do">I’m in! What do I do?</h4> <p>Great! 🤘 Go <a href="https://pretalx.com/djangocon-africa-2025/cfp">submit your proposal</a>. You have until the end of March to do that but no need to wait – <strong>submit now</strong> and you can always edit the proposal later.</p> <p>And if you’d like to increase your changes, make sure to review our <a href="https://2025.djangocon.africa/speaking">Speaking at DjangoCon Africa 2025</a> documentation, and the <a href="https://2025.djangocon.africa/speaker_resources">Speakers resources</a>.</p> <p><a class="cta" href="https://pretalx.com/djangocon-africa-2025/cfp">Submit a proposal for DjangoCon Africa 2025</a></p> <hr /> <p>Not convinved yet? Check out our <a href="https://www.youtube.com/watch?v=ohTNwfVmx0A">Connections that count: Reflecting on DjangoCon Africa 2023 in Zanzibar</a> to hear from our 2023 participants on what the conference meant for them.</p>
Read more
Django 5.2 beta 1 released
<p>Django 5.2 beta 1 is now available. It represents the second stage in the 5.2 release cycle and is an opportunity for you to try out the changes coming in Django 5.2.</p> <p>Django 5.2 brings a composite of new features which you can read about in <a class="reference external" href="https://docs.djangoproject.com/en/dev/releases/5.2/">the in-development 5.2 release notes</a>.</p> <p>Only bugs in new features and regressions from earlier versions of Django will be fixed between now and the 5.2 final release. Translations will be updated following the "string freeze", which occurs when the release candidate is issued. The <a class="reference external" href="https://code.djangoproject.com/wiki/Version5.2Roadmap#schedule">current release schedule</a> calls for a release candidate in a month from now, and a final release to follow about two weeks after that, scheduled for April 2nd.</p> <p>Early and frequent testing from the community will help minimize the number of bugs in the release. Updates on the release schedule are available <a class="reference external" href="https://forum.djangoproject.com/t/django-5-2-release-status-and-next-steps/37131">on the Django forum</a>.</p> <p>As with all alpha and beta packages, this is <strong>not</strong> for production use. But if you'd like to take some of the new features for a spin, or to help find and fix bugs (which should be reported to <a class="reference external" href="https://code.djangoproject.com/newticket">the issue tracker</a>), you can grab a copy of the beta package from <a class="reference external" href="https://www.djangoproject.com/download/">our downloads page</a> or on PyPI.</p> <p>The PGP key ID used for this release is Sarah Boyce: <a class="reference external" href="https://github.com/sarahboyce.gpg">3955B19851EA96EF</a></p>
Read more
DjangoCongress JP 2025 Announcement and Live Streaming!
<p><a href="https://djangocongress.jp/">DjangoCongress JP 2025</a>, to be held on Saturday, February 22, 2025 at 10 am (<a href="https://www.timeanddate.com/time/zones/jst">Japan Standard Time</a>), will be broadcast live!</p> <p>It will be streamed on the following YouTube Live channels:</p> <ul> <li><a href="https://youtube.com/live/P2UWAuKHI3Y">DjangoCongress JP 2025 ROOM1</a></li> <li><a href="https://youtube.com/live/aL4tCmAP7kE">DjangoCongress JP 2025 ROOM2</a></li> </ul> <p>This year there will be talks not only about Django, but also about FastAPI and other asynchronous web topics. There will also be talks on Django core development, Django Software Foundation (DSF) governance, and other topics from around the world. Simultaneous translation will be provided in both English and Japanese.</p> <h4 id="s-schedule">Schedule</h4> <h5 id="s-room1">ROOM1</h5> <ul> <li><span lang="ja">DRFを少しずつオニオンアーキテクチャに寄せていく</span></li> <li>The Async Django ORM: Where Is it?</li> <li><span lang="ja">FastAPIの現場から</span></li> <li>Speed at Scale for Django Web Applications</li> <li><span lang="ja">Django NinjaによるAPI開発の効率化とリプレースの実践</span></li> <li>Implementing Agentic AI Solutions in Django from scratch</li> <li>Diving into DSF governance: past, present and future</li> </ul> <h5 id="s-room2">ROOM2</h5> <ul> <li><span lang="ja">生成AIでDjangoアプリが作れるのかどうか(FastAPIでもやってみよう)</span></li> <li><span lang="ja">DXにおけるDjangoの部分的利用</span></li> <li><span lang="ja">できる!Djangoテスト(2025)</span></li> <li><span lang="ja">Djangoにおける複数ユーザー種別認証の設計アプローチ</span></li> <li>Getting Knowledge from Django Hits: Using Grafana and Prometheus</li> <li>Culture Eats Strategy for Breakfast: Why Psychological Safety Matters in Open Source</li> <li>µDjango. The next step in the evolution of asynchronous microservices technology.</li> </ul> <p>A public viewing of the event will also be held in Tokyo. A reception will also be held, so please check the following connpass page if you plan to attend.</p> <p>Registration (connpass page): <span lang="ja"><a href="https://django.connpass.com/event/345417/">DjangoCongress JP 2025パブリックビューイング</a></span></p>
Read more
DSF member of the month - Lily Foote
<p>For February 2025, we welcome Lily Foote (<a href="https://fosstodon.org/@lilyf">@lilyf</a>) as our DSF member of the month! ⭐</p> <p>Lily Foote is a contributor to Django core for many years, especially on the ORM. She is currently a member of the Django 6.x <a href="https://docs.djangoproject.com/en/dev/internals/organization/#steering-council">Steering Council</a> and she has been a DSF member since March 2021. <br /> You can learn more about Lily by visiting <a href="https://github.com/LilyFoote">her GitHub profile</a>.</p> <p>Let’s spend some time getting to know Lily better!</p> <h4 id="s-can-you-tell-us-a-little-about-yourself-hobbies-education-etc">Can you tell us a little about yourself (hobbies, education, etc)</h4> <p>My name is Lily Foote and I’ve been contributing to Django for most of my career. I’ve also recently got into Rust and I’m excited about using Rust in Python projects. When I’m not programming, I love hiking, climbing and dancing (Ceilidh)! I also really enjoying playing board games and role playing games (e.g. Dungeons and Dragons).</p> <h4 id="s-how-did-you-start-using-django">How did you start using Django?</h4> <p>I’d taught myself Python in my final year at university by doing <a href="https://projecteuler.net/">Project Euler</a> problems and then decided I wanted to learn how to make a website. Django was the first Python web framework I looked at and it worked really well for me.</p> <h4 id="s-what-other-framework-do-you-know-and-if-there-is-anything-you-would-like-to-have-in-django-if-you-had-magical-powers">What other framework do you know and if there is anything you would like to have in Django if you had magical powers?</h4> <p>I’ve done a small amount with Flask and FastAPI. More than any new features, I think the thing that I’d most like to see is more long-term contributors to spread the work of keeping Django awesome.</p> <h4 id="s-what-projects-are-you-working-on-now">What projects are you working on now?</h4> <p>The side project I’m most excited about is <a href="https://github.com/LilyFoote/django-rusty-templates">Django Rusty Templates</a>, which is a re-implementation of Django’s templating language in Rust.</p> <h4 id="s-which-django-libraries-are-your-favorite-core-or-3rd-party">Which Django libraries are your favorite (core or 3rd party)?</h4> <p>The ORM of course!</p> <h4 id="s-what-are-the-top-three-things-in-django-that-you-like">What are the top three things in Django that you like?</h4> <p>Django Conferences, the mentorship program Djangonaut Space and the whole community!</p> <h4 id="s-you-have-been-a-mentor-multiple-times-with-gsoc-and-djangonaut-space-program-what-is-required-according-to-you-to-be-a-good-mentor">You have been a mentor multiple times with GSoC and Djangonaut Space program, what is required according to you to be a good mentor?</h4> <p>I think being willing to invest time is really important. Checking in with your mentees frequently and being an early reviewer of their work. I think this helps keep their motivation up and allows for small corrections early on.</p> <h4 id="s-any-advice-for-future-contributors">Any advice for future contributors?</h4> <p>Start small and as you get more familiar with Django and the process of contributing you can take on bigger issues. Also be patient with reviewers – Django has high standards, but is mostly maintained by volunteers with limited time.</p> <h4 id="s-you-are-now-part-of-the-steering-council-congratulations-again-do-you-have-any-words-to-share-related-to-that">You are now part of the Steering Council, congratulations again! Do you have any words to share related to that?</h4> <p>Yes! It’s a huge honour! Since January, we’ve been meeting weekly and it feels like we’ve hardly scratched the surface of what we want to achieve. The biggest thing we’re trying to tackle is how to improve the contribution experience – especially evaluating new feature ideas – without draining everyone’s time and energy.</p> <h4 id="s-you-have-a-lot-of-knowledge-in-the-django-orm-how-did-you-start-to-contribute-to-this-part">You have a lot of knowledge in the Django ORM, how did you start to contribute to this part?</h4> <p>I added the Greatest and Least expressions in Django 1.9, with the support of one of the core team at the time. After that, I kept showing up (especially at conference sprints) and finding a new thing to tackle.</p> <h4 id="s-is-there-anything-else-youd-like-to-say">Is there anything else you’d like to say?</h4> <p>Thanks for having me on!</p> <hr /> <p><strong>Thank you for doing the interview, Lily!</strong></p>
Read more