Django

We’re organizing an annual meeting for members of the Django Software Foundation! It will be held at DjangoCon Europe 2025 in two weeks in Dublin, bright and early on the second day of the conference. The meeting will be held in person at the venue ... [More] , and participants can also join remotely. Register to join the annual meeting What to expect This is an opportunity for current and aspiring members of the Foundation to directly contribute to discussions about our direction. We will cover our current and future projects, and look for feedback and possible contributions within our community. If this sounds interesting to you but you’re not currently an Individual Member, do review our membership criteria and apply! [Less]

The Django team is happy to announce the release of Django 5.2. The release notes showcase a composite of new features. A few highlights are: All models are automatically imported in the shell by default. Django now supports composite primary keys! ... [More] The new django.db.models.CompositePrimaryKey allows tables to be created with a primary key consisting of multiple fields. Overriding a BoundField got a lot easier: this can now be set on a form, field or project level. You can get Django 5.2 from our downloads page or from the Python Package Index. The PGP key ID used for this release is: 3955B19851EA96EF With the release of Django 5.2, Django 5.1 has reached the end of mainstream support. The final minor bug fix release, 5.1.8, which was also a security release, was issued today. Django 5.1 will receive security and data loss fixes until December 2025. All users are encouraged to upgrade before then to continue receiving fixes for security issues. Django 5.0 has reached the end of extended support. The final security release, 5.0.14, was issued today. All Django 5.0 users are encouraged to upgrade to Django 5.1 or later. See the downloads page for a table of supported versions and the future release schedule. [Less]

In accordance with our security release policy, the Django team is issuing releases for Django 5.1.8 and Django 5.0.14. These releases address the security issues detailed below. We encourage all users of Django to upgrade as soon as possible. ... [More] CVE-2025-27556: Potential denial-of-service vulnerability in LoginView, LogoutView, and set_language() on Windows Python's NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language were subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. Thanks to sw0rd1ight for the report. This issue has severity "moderate" according to the Django security policy. Affected supported versions Django main Django 5.2 (currently at release candidate status) Django 5.1 Django 5.0 Resolution Patches to resolve the issue have been applied to Django's main, 5.2 (currently at release candidate status), 5.1, and 5.0 branches. The patches may be obtained from the following changesets. CVE-2025-27556: Potential denial-of-service vulnerability in LoginView, LogoutView, and set_language() on Windows On the main branch On the 5.2 branch On the 5.1 branch On the 5.0 branch The following releases have been issued Django 5.1.8 (download Django 5.1.8 | 5.1.8 checksums) Django 5.0.14 (download Django 5.0.14 | 5.0.14 checksums) The PGP key ID used for this release is : 3955B19851EA96EF General notes regarding security reporting As always, we ask that potential security issues be reported via private email to [email protected], and not via Django's Trac instance, nor via the Django Forum. Please see our security policies for further information. [Less]

Django 5.2 release candidate 1 is the final opportunity for you to try out a composite of new features before Django 5.2 is released. The release candidate stage marks the string freeze and the call for translators to submit translations. Provided no ... [More] major bugs are discovered that can't be solved in the next two weeks, Django 5.2 will be released on or around April 2. Any delays will be communicated on the on the Django forum. Please use this opportunity to help find and fix bugs (which should be reported to the issue tracker), you can grab a copy of the release candidate package from our downloads page or on PyPI. The PGP key ID used for this release is Sarah Boyce: 3955B19851EA96EF [Less]

For March 2025, we welcome Cory Zue (@coryzue.com) as our DSF member of the month! ⭐ Cory Zue has been Django developer for many years. He is currently a member of the DSF Social Media Working Group and he has been a DSF member since October 2022. ... [More] You can learn more about Cory by checking out his website or visiting Cory's GitHub Profile. Let’s spend some time getting to know Cory better! Can you tell us a little about yourself (hobbies, education, etc) I'm a programmer-turned-manager-turned-entrepreneur and currently run a portfolio of businesses on my own (using Django of course!). I grew up in Massachusetts and studied Computer Science at MIT where I met the founders of Dimagi, where I ended up as CTO for 10 years before starting my own businesses. In 2016, I moved to Cape Town, South Africa for a "temporary" relocation, and have been here ever since. These days my main hobbies include surfing, trail running, and exploring nature with my wife and two boys. How did you start using Django? My first major Django project was working on an SMS-based system that helped with the distribution of millions of bednets in Nigeria. It was built on top of a Django-based platform called RapidSMS that was initially developed by UNICEF. After that I worked on several other RapidSMS systems before eventually leading Dimagi's CommCare server team. CommCare eventually became -- to my knowledge -- the largest open source Django codebase in terms of contributions/commits. What other framework do you know and if there is anything you would like to have in Django if you had magical powers? I still love Django and use it for most projects that need a backend. That said, I find Django's "hands off" approach to modern front end development to be a big barrier for people who aren't already familiar with the framework. If I had magical powers I would convince the Django community that it is worth providing some out-of-the-box support for modern front end tooling like TailwindCSS or a JavaScript bundler. I'd also try to get official "starter projects" built into the framework that show how you can use Django with some of the more popular front end options like React and HTMX. What projects are you working on now? My main project right now is SaaS Pegasus, which is a Django codebase creator that helps you spin up new projects more efficiently by bundling in even more batteries than Django itself. This includes things like configuring auth, front end, and deployment, but also has some more powerful features like multi-tenancy and billing baked in. One of the great things about running Pegasus is that I can justify building new Django apps as dogfooding the product. So I always have other Django projects I'm working on. Right now the biggest one is a RAG chat-with-your-data LLM project called Scriv.ai. Within the Django community my main contributions are in the form of writing in-depth guides to using Django, as well as pitching in on the Social Media working group to help grow Django's audience. Which Django libraries are your favorite (core or 3rd party)? It's hard to go with anything other than the ORM (and migrations framework), which I still feel is Django's greatest and most important feature. It just fits my brain much better than SQLAlchemy or other options I've used. One lesser-known library I'll shout out that I have been enjoying lately is django-cotton, which provides a nice little layer of syntactic sugar and tooling that makes working with components in Django templates much nicer. What are the top three things in Django that you like? The ORM + migrations. The community. That nearly every backend use case I have already has a feature that's been built to accommodate it (e.g. middleware, messages, i18n, etc.). I feel like the modern JavaScript frameworks I've used are way behind on this front. What would you recommend to someone who wants to start out as an entrepreneur like you? I have an entire talk/article about this! But if I were to emphasize the most important part that worked for me, it was creating enough space in my life for deep, uninterrupted work and structuring it in a way that I never ran out of money or energy while I was trying (by working part time while I was getting started). In general, the path to success usually takes a long time, so giving yourself plenty of time is really important. The tactics you can figure out as you go, but the space and time to do it is the most important thing to have in place. Your main goal is not to quit. Is there anything else you'd like to say? Thank you for including me in this series! Thank you for doing the interview, Cory! [Less]

For March 2025, we welcome Cory Zue (@coryzue.com) as our DSF member of the month! ⭐ Cory Zue is a Django developer for many years. He is currently a member of the DSF Social Media Working Group and he has been a DSF member since octobre 2022. You ... [More] can learn more about Cory by checking out his website or visiting Cory's GitHub Profile. Let’s spend some time getting to know Cory better! Can you tell us a little about yourself (hobbies, education, etc) I'm a programmer-turned-manager-turned-entrepreneur and currently run a portfolio of businesses on my own (using Django of course!). I grew up in Massachusetts and studied Computer Science at MIT where I met the founders of Dimagi, where I ended up as CTO for 10 years before starting my own businesses. In 2016, I moved to Cape Town, South Africa for a "temporary" relocation, and have been here ever since. These days my main hobbies include surfing, trail running, and exploring nature with my wife and two boys. How did you start using Django? My first major Django project was working on an SMS-based system that helped with the distribution of millions of bednets in Nigeria. It was built on top of a Django-based platform called RapidSMS that was initially developed by UNICEF. After that I worked on several other RapidSMS systems before eventually leading Dimagi's CommCare server team. CommCare eventually became -- to my knowledge -- the largest open source Django codebase in terms of contributions/commits. What other framework do you know and if there is anything you would like to have in Django if you had magical powers? I still love Django and use it for most projects that need a backend. That said, I find Django's "hands off" approach to modern front end development to be a big barrier for people who aren't already familiar with the framework. If I had magical powers I would convince the Django community that it is worth providing some out-of-the-box support for modern front end tooling like TailwindCSS or a JavaScript bundler. I'd also try to get official "starter projects" built into the framework that show how you can use Django with some of the more popular front end options like React and HTMX. What projects are you working on now? My main project right now is SaaS Pegasus, which is a Django codebase creator that helps you spin up new projects more efficiently by bundling in even more batteries than Django itself. This includes things like configuring auth, front end, and deployment, but also has some more powerful features like multi-tenancy and billing baked in. One of the great things about running Pegasus is that I can justify building new Django apps as dogfooding the product. So I always have other Django projects I'm working on. Right now the biggest one is a RAG chat-with-your-data LLM project called Scriv.ai. Within the Django community my main contributions are in the form of writing in-depth guides to using Django, as well as pitching in on the Social Media working group to help grow Django's audience. Which Django libraries are your favorite (core or 3rd party)? It's hard to go with anything other than the ORM (and migrations framework), which I still feel is Django's greatest and most important feature. It just fits my brain much better than SQLAlchemy or other options I've used. One lesser-known library I'll shout out that I have been enjoying lately is django-cotton, which provides a nice little layer of syntactic sugar and tooling that makes working with components in Django templates much nicer. What are the top three things in Django that you like? The ORM + migrations. The community. That nearly every backend use case I have already has a feature that's been built to accommodate it (e.g. middleware, messages, i18n, etc.). I feel like the modern JavaScript frameworks I've used are way behind on this front. What would you recommend to someone who wants to start out as an entrepreneur like you? I have an entire talk/article about this! But if I were to emphasize the most important part that worked for me, it was creating enough space in my life for deep, uninterrupted work and structuring it in a way that I never ran out of money or energy while I was trying (by working part time while I was getting started). In general, the path to success usually takes a long time, so giving yourself plenty of time is really important. The tactics you can figure out as you go, but the space and time to do it is the most important thing to have in place. Your main goal is not to quit. Is there anything else you'd like to say? Thank you for including me in this series! Thank you for doing the interview, Cory! [Less]

For this year’s FOSDEM conference, our Django accessibility team organized the "Inclusive Web" track. Here’s a recap of how it went! The idea for the Inclusive Web devroom started at FOSDEM 2024, where we discussed the importance of showcasing ... [More] accessibility and inclusivity work in open source, in web development and beyond. The Django accessibility team got to work on a FOSDEM 2025 proposal. Lo and behold, it got accepted, and here we are with a room full of people interested in those topics, and a great lineup of speakers! The room was full for most of the day with about 70 attendees, with the conference also providing a livestream for remote participants. We had a great mix of talks, covering a lot of the aspects of the Inclusive Web that we wanted to showcase. The talks Top Accessibility Errors Found in Open Source Through Automated Testing In the first talk of the day, Raashi Saxena shares insights on the most common accessibility errors in open-source projects, based on manual and automated testing. She highlights real-world case studies to help developers improve accessibility in their projects – and warn against the legal risks of poor accessibility! Raashi getting the devroom started Solving the world’s (localization) problems Eemeli Aro and Ujjwal Sharma introduce MessageFormat 2, a new standard to address long-standing localization challenges. They discuss its potential applications and the tools being built around it. This standard is very promising for Django developers working on multilingual applications to provide better translations for users, and better capabilities for translators. Eemeli and Ujjwal introduce themselves Alternative Text for Images: How Bad Are Our Alt-Text Anyway? Mike Gifford explores the importance of alt text in web accessibility and how often it misses the mark. He demonstrates his alt text scan Python script for auditing alt-text across websites. Alt text is a common issue on Django projects, and the AI generation showcased by Mike has the potential to move the needle. Mike shares his experiments Secure and Inclusive: WebAuthn for (Multi-Factor) Authentication Storm Heg explains how WebAuthn (Passkeys) offers a secure and user-friendly alternative to traditional authentication methods. This talk covers how it works, its accessibility benefits, and how Django developers can integrate it into their projects. Storm showcases his django-otp-webauthn package and other alternatives. Storm’s whoami output How do we work out the environmental savings from accessibility? Chris Adams discusses how supporting older devices through accessible digital services can reduce e-waste. He explores research on hardware obsolescence, data-driven methods for measuring environmental impact, and policy changes in digital sustainability. This builds upon previous work by Chris showcasing the parallels between web accessibility and sustainability. Chris with his cover slide Growing inclusive communities: Djangonaut Space program Raffaella Suardini shares the success of the Djangonaut Space mentorship program in fostering sustainable contributions and welcoming new contributors. She provides strategies for building inclusive tech communities, which are crucial to the success of open-source projects like Django 💜. Raffaella taking questions Multilingual Speech Technologies That Understand You Jessica Rose discusses how Common Voice’s crowdsourced speech dataset helps developers build speech technologies for underrepresented languages. She highlights the challenges of linguistic diversity in tech – which are very relevant for a project with such an international and multiligual user base as Django. Jessica showcases project challenges ATAG accessibility audits: worth your while Thibaud Colas introduces the Authoring Tool Accessibility Guidelines (ATAG) and explains why they are essential for content creation tools, like the Django admin. He shares highlights of where projects can learn a lot from ATAG, making this talk valuable for Django developers working with content publishing. Thibaud lists accessibility standards All recordings You can watch them all on the FOSDEM website: Raashi Saxena - Top Accessibility Errors Found in Open Source Through Automated Testing | FOSDEM 2025 Eemeli Aro and Ujjwal Sharm - Solving the world’s (localization) problems | FOSDEM 2025 Mike Gifford - Alternative Text for Images: How Bad Are Our Alt-Text Anyway? | FOSDEM 2025 Storm Heg - Secure and Inclusive: WebAuthn for (Multi-Factor) Authentication | FOSDEM 2025 Chris Adams - How do we work out the environmental savings from accessibility? | FOSDEM 2025 Raffaella Suardini - Growing inclusive communities: Djangonaut Space program | FOSDEM 2025 Jessica Rose - Multilingual Speech Technologies That Understand You | FOSDEM 2025 Thibaud Colas - ATAG accessibility audits: worth your while | FOSDEM 2025 See you in 2026 We had a blast running this devroom, and we’re looking forward to doing it again in 2026 if we get the chance! Thank you to our speakers, devroom organizers (Saptak, Tom, Sarah, Thibaud, Eli), and helpers (Alex and Storm) for making this event a success! 🎉 Our 2025 devroom speakers, organizers, and helpers. Top left to right: Raffaella, Sarah, Thibaud, Alex, Saptak, Storm [Less]

This International Women's Day, we're celebrating a historic milestone in Django’s journey! 🚀 For the first time ever, Django has women in every leadership position within the project: 2 Django Steering Council members 💜 2 DSF Board members 💜 2 ... [More] Django Fellows 💜 This moment is not just about numbers — it’s about the impact of years of effort to create a more inclusive and welcoming Django community. A huge shoutout to Django Girls for introducing countless women to tech and Django, and to Djangonaut Space for mentoring a diverse set of contributors—many of whom have stepped into leadership roles. In fact, 4 out of 6 women who put their name forward in the latest Board elections were Djangonaut Space alumni. Django thrives when our community grows more diverse, more representative, and more empowered. Today, we celebrate the progress, the leaders, and everyone working to make Django a space where everyone belongs. Happy International Women's Day! 🎉 💜 [Less]

In accordance with our security release policy, the Django team is issuing releases for Django 5.1.7, Django 5.0.13 and Django 4.2.20. These releases address the security issues detailed below. We encourage all users of Django to upgrade as soon as ... [More] possible. CVE-2025-26699: Potential denial-of-service in django.utils.text.wrap() The django.utils.text.wrap() and wordwrap template filter were subject to a potential denial-of-service attack when used with very long strings. Thanks to sw0rd1ight for the report. This issue has severity "moderate" according to the Django security policy. Affected supported versions Django main Django 5.2 (currently at pre-release beta status) Django 5.1 Django 5.0 Django 4.2 Resolution Patches to resolve the issue have been applied to Django's main, 5.2, 5.1, 5.0, and 4.2 branches. The patches may be obtained from the following changesets. CVE-2025-26699: Potential denial-of-service in django.utils.text.wrap() On the main branch On the 5.2 branch On the 5.1 branch On the 5.0 branch On the 4.2 branch The following releases have been issued Django 5.1.7 (download Django 5.1.7 | 5.1.7 checksums) Django 5.0.13 (download Django 5.0.13 | 5.0.13 checksums) Django 4.2.20 (download Django 4.2.20 | 4.2.20 checksums) The PGP key ID used for this release is Sarah Boyce: 3955B19851EA96EF General notes regarding security reporting As always, we ask that potential security issues be reported via private email to [email protected], and not via Django's Trac instance, nor via the Django Forum. Please see our security policies for further information. [Less]

The call for proposals for DjangoCon Africa 2025 is officially open! 💃🏻 Come be a part of this headline event by submitting a talk. Submit a proposal for DjangoCon Africa 2025 Why speak at DjangoCon Africa Simply put, it’s an excellent opportunity to ... [More] put your ideas out there, share knowledge with fellow Djangonauts, and give back to our community. You get to reach both a passitonate local audience, and the global Django community once your talk is published online. If you’re interested in our Opportunity Grants, being an approved speaker or tutorial presenter also puts you first in line to receive that. What to cover We’re looking for proposals from first-time speakers as well as veterans. We want talks (20 - 45 min), workshops and tutorials, (60 - 90 min), and also lightning talks (5 min). As far as topics, here are suggested ones: Django internals and challenges in modern web development. Wild ideas, clever hacks, surprising or cool use cases. Improving Django and Python developers’ lives. Pushing Django to its limits. The Django and Python community, culture, history, past, present & future, the why, the who and the what of it all. Security Emerging technologies and industries – AI, Blockchain, Open Source etc. Diversity, Equity and Inclusion Whatever you deem appropriate - it’s your conference after all Ubuntu In addition to Django, this year's edition will feature a new Pan-African open source event running alongside DjangoCon Africa - UbuCon at DjangoCon Africa! We invite proposals on any of these topics, and more: Desktop, Cloud and Infrastructure, Linux Containers and Container Orchestration, DevOps, Virtualisation, Automation, Networking Windows Subsystem for Linux(WSL), IoT, Embedded, Robotics, Appliances, Packaging, Documentation, QA and Bug triage, Security, Compliance and Kernel, Data and AI, Video, Audio and Image editing, Open source tools, Community, Diversity, Local Outreach and Social Context. I’m in! What do I do? Great! 🤘 Go submit your proposal. You have until the end of March to do that but no need to wait – submit now and you can always edit the proposal later. And if you’d like to increase your changes, make sure to review our Speaking at DjangoCon Africa 2025 documentation, and the Speakers resources. Submit a proposal for DjangoCon Africa 2025 Not convinved yet? Check out our Connections that count: Reflecting on DjangoCon Africa 2023 in Zanzibar to hear from our 2023 participants on what the conference meant for them. [Less]