Subscribe: The Django weblog
http://www.djangoproject.com/rss/weblog/
Added By: Feedage Forager Feedage Grade B rated
Language: English
Tags:
channels  code conduct  code  community  conduct  development  django community  django  dsf  new  pycharm  release  security 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: The Django weblog

The Django weblog



Latest news about Django, the Python Web framework.



Last Build Date: Mon, 26 Sep 2016 13:41:10 -0500

 



Django security releases issued: 1.9.10 and 1.8.15

Mon, 26 Sep 2016 13:41:10 -0500

In accordance with our security release policy, the Django team is issuing Django 1.9.10 and 1.8.15. These release addresses a security issue detailed below. We encourage all users of Django to upgrade as soon as possible.

CVE-2016-7401: CSRF protection bypass on a site with Google Analytics

An interaction between Google Analytics and Django's cookie parsing could allow an attacker to set arbitrary cookies leading to a bypass of CSRF protection.

Thanks Sergey Bobrov for reporting the issue.

Affected supported versions

  • Django 1.9
  • Django 1.8

Django 1.10 and the master development branch are not affected.

Per our supported versions policy, Django 1.7 and older are no longer receiving security updates.

Resolution

Patches to resolve the issue have been applied to Django's 1.9 and 1.8 release branches. The patches may be obtained from the following changesets:

The following new releases have been issued:

The PGP key ID used for these releases is Tim Graham: 1E8ABDC773EDE252.

General notes regarding security reporting

As always, we ask that potential security issues be reported via private email to security@djangoproject.com, and not via Django's Trac instance or the django-developers list. Please see our security policies for further information.




Channels adopted as an official Django project

Fri, 09 Sep 2016 09:40:00 -0500

The Django team is pleased to announce that the Channels project is now officially part of the Django project, under our new Official Projects program. Channels is the effort to bring WebSockets, long-poll HTTP, and other non-request-response protocol and business logic handling to Django, as part of our ongoing effort to establish what makes a useful web framework in 2016.

Official projects, like Channels, do not merge into the core django repository but instead remain as separate repositories and packages, living under the Django organization on GitHub. They have their own release schedule and backwards compatibility policies, but fall under the main Django security policy and oversight, and are guaranteed to work with the currently supported versions of Django.

While the Channels project was initially targeted to be included in Django 1.10, it didn't make it for a variety of reasons. We decided that the best move would be to bring it under the Django umbrella, but keep it separate from the core repository, and so DEP 7 and the Official Projects track was born to enable this. DEP 7 describes what it means to maintain a Django package, so we can make sure they stay updated, have security issues patched, and work with current Django releases.

Whether Channels continues as a separate package or is merged into the core repository in the future isn't yet decided, but you can expect to see a 1.0 release very soon, and with that, a stable platform to build applications against, though we'll be keeping backwards compatibility (or, if needed, implementing clear deprecation warnings) for code written against existing Channels releases.

The five packages now under the Django project are:

  • Channels, the Django integration layer
  • Daphne, the HTTP and Websocket termination server
  • asgiref, the base ASGI library/memory backend
  • asgi_redis, the Redis channel backend
  • asgi_ipc, the POSIX IPC channel backend

There's still plenty of work to be done, both on the Channels side, to fix bugs, implement features, and improve our documentation, and on the Django side, to help weave mentions of Channels into the main documentation and make sure people are aware of their options. If you're interested in contributing at all, please read the Channels contribution documentation.

If you're interested in learning more about Channels and what it can do, take a read of the documentation, or have a look through some well-commented example projects.




Django bugfix release issued: 1.10.1

Thu, 01 Sep 2016 18:19:45 -0500

Today we've issued the 1.10.1 bugfix release.

The release package and checksums are available from our downloads page, as well as from the Python Package Index. The PGP key ID used for this release is Tim Graham: 1E8ABDC773EDE252.




Welcome to the new members of the Django Software Foundation

Wed, 17 Aug 2016 09:34:11 -0500

Please welcome our new members. Some were nominated in recognition of their contributions to Django's code, some for their service on Django committees and work in other community organisations, and some in recognition of their contributions to the development of the international Django community.

All were seconded by the existing members of the DSF, and their election approved by the DSF Board.

Nominated 10th June

  • Sergey Fedoseev (Russia)
  • Berker Peksag (Turkey)
  • Alasdair Nicol (UK)
  • Jon Dufresne (Canada)
  • Marten Kenbeek (Netherlands)
  • Daniel Wiesmann (Portugal)
  • Alex Hill (Australia)
  • Michal Petrucha (Slovakia)

All are active technical contributors to Django's code base, with over 300 commits between them, not to mention the help they have offered to others on our support channels.

Jon Dufresne is also the newest member of the Django core development team.

Nominated 19th July

  • Paul Hallett (UK)
  • Lucie Daeye (France)

Both have made substantial contributions to the Django community, through their work on Django Girls and by taking on roles in Django community organisation. Lucie works for the Django Girls Foundation and Paul serves on the Django Project Code of Conduct committee. Both have worked hard to make the Django community ever more inclusive and good to be part of.

Nominated 1st August

  • Helen Sherwood-Taylor (UK)
  • Aisha Bello (Nigeria)
  • Anna Makarudze (Zimbabwe)
  • Humphrey Butau (Zimbabwe)
  • Jessica Upani (Namibia)
  • Loek van Gent (Netherlands)

All have been active in the Django community around the world, and were an important part of the success of PyCon Namibia this year. They're all continuing to work on the community's development, and are involved in efforts to bring new community conferences to fruition in Africa (in Zimbabwe and Nigeria just to name two).

Expanding our membership

The new members represent a substantial increase in the membership, of about 16%.

They also represent the way the Django Software Foundation is starting to recognise a more diverse community of people who can contribute in many different ways, and a genuinely global membership, including five more African members.

Thanks to those who nominated these new Django Software Foundation members, and thanks to our new members too, for their past, present and future contributions.




Django 1.10 released

Mon, 01 Aug 2016 13:52:29 -0500

The Django team is happy to announce the release of Django 1.10.

As always, the release notes cover the panoply of new features in detail, but a few highlights are:

You can get Django 1.10 from our downloads page or from the Python Package Index. The PGP key ID used for this release is Tim Graham: 1E8ABDC773EDE252.

Django 1.10 will receive fixes for security issues, data loss bugs, crashing bugs, major functionality bugs in newly-introduced features, and regressions from older versions of Django for eight months until April 2017. Fixes for security issues and data loss bugs will be provided for another eight months until December 2017.

With the release of Django 1.10, Django 1.9 has reached the end of mainstream support. The final minor bugfix release (1.9.9) was issued today. Django 1.9 will receive security and data loss fixes for another eight months until April 2017. See the downloads page for a table of supported versions and the future release schedule.




Registration for Django: Under the Hood 2016 is now open!

Mon, 25 Jul 2016 09:35:05 -0500

Django: Under the Hood is back for its third edition!

DUTH is an annual Django conference that takes place in Amsterdam, the Netherlands. On 3rd - 6th November this year, we're going to see 9 deep dive talks into topics of Django channels, testing, Open Source funding, JavaScript, Django forms validation, debugging and many more.

Django: Under the Hood also gives the opportunity to bring many Django core developers to work together and shape the future of Django with a group of 300 passionate Django developers attending the conference.

This year, the registration process for the conference became a lottery to avoid mad rush and tickets selling out in minutes.

Registration

You can register now, and the lottery is only open until 26th of July at noon Amsterdam time.

If you want to make sure that tickets for your team are reserved and set aside, Django: Under the Hood still has few sponsorship opportunities open. Please get in touch on hello@djangounderthehood.com.




DSF Code of Conduct committee releases transparent documentation

Tue, 19 Jul 2016 09:00:00 -0500

Almost exactly three years ago Django community adopted a Code of Conduct, we were one of the first communities to do so in the tech industry. Since then, we have come a long way and learned about how to effectively enforce the Code of Conduct.

Today we're proud to open source the documentation that describes how the Django Code of Conduct committee enforces our Code of Conduct. This documentation covers the structure of Code of Conduct committee membership, the process of handling Code of Conduct violations, our decision making process, record keeping, and transparency.

In addition, we're also publishing summarized statistics about Code of Conduct issues handled by the committee thus far. We're hoping this is just the beginning of making our work more transparent to the wider community.

We believe this documentation will help keep ourselves accountable to the Django community, as well as offer an insight into how decisions are made and issues are dealt with. We also hope that sharing our experiences is going to help other communities to not only adopt, but also implement and enforce the Code of Conduct.

The DSF Code of Conduct committee looks forward to your feedback and contributions!




Django security releases issued: 1.10 release candidate 1, 1.9.8, and 1.8.14

Mon, 18 Jul 2016 13:50:46 -0500

In accordance with our security release policy, the Django team is issuing Django 1.10 release candidate 1, Django 1.9.8 and 1.8.14. These release addresses a security issue detailed below. We encourage all users of Django to upgrade as soon as possible. The Django master branch is also updated. Django 1.10 is now at release candidate stage. This marks the string freeze and the call for translators to submit translations. Provided no major bugs are discovered that can't be solved in the next two weeks, 1.10 final will be issued on or around August 1. Any delays will be communicated on the django-developers mailing list thread. CVE-2016-6186: XSS in admin's add/change related popup Unsafe usage of JavaScript's Element.innerHTML could result in XSS in the admin's add/change related popup. Element.textContent is now used to prevent execution of the data. The debug view also used innerHTML. Although a security issue wasn't identified there, out of an abundance of caution it's also updated to use textContent. Thanks Vulnerability Laboratory for reporting the issue and Paulo Alvarado for forwarding it to us. Affected supported versions Django master development branch Django 1.10 (now at release candidate status) Django 1.9 Django 1.8 Per our supported versions policy, Django 1.7 and older are no longer receiving security updates. Resolution Patches to resolve the issues have been applied to Django's master development branch and the 1.10, 1.9, and 1.8 release branches. The patches may be obtained from the following changesets: On the development master branch On the 1.10 release branch On the 1.9 release branch On the 1.8 release branch The following new releases have been issued: Django 1.10rc1 (download Django 1.10rc1 | 1.10rc1 checksums) Django 1.9.8 (download Django 1.9.8 | 1.9.8 checksums) Django 1.8.14 (download Django 1.8.14 | 1.8.14 checksums) The PGP key ID used for these releases is Tim Graham: 1E8ABDC773EDE252. General notes regarding security reporting As always, we ask that potential security issues be reported via private email to security@djangoproject.com, and not via Django's Trac instance or the django-developers list. Please see our security policies for further information. [...]



PyCharm Fundraising Campaign Extended to July 20th

Wed, 13 Jul 2016 15:56:04 -0500

So far hundreds of supporting developers have purchased PyCharm at a 30% discount with the proceeds going to help support the Django Software Foundation.

Considering the campaign is so successful, JetBrains and the DSF have opted to extend the offer until July 20th! Which coincidentally will cover most of DjangoCon 2016.

Everyone in the DSF would like to thank all of the many supports who have taken advantage of this great offer to help fund Django development and related activities into the future. Please spread the word to your friends and colleagues and perhaps we can make this fundraiser one of our largest yet!

Get PyCharm now for 30% off and help support the Django Software Foundation!




PyCharm and Django Announce 30% Discount With All Proceeds Going to DSF

Thu, 30 Jun 2016 13:47:30 -0500

Today and for the next two weeks, our fundraising program is getting a big boost from JetBrains PyCharm, a premiere Python IDE that has supported Django for many years. During this campaign, buy PyCharm Professional Edition with a 30% discount and all money raised will go to our general fundraising and Django Fellowship program. Additionally, JetBrains is sponsoring PEP 484 type hinting in Django through a separate DSF Fellowship grant. “Django has grown to be a world-class web framework, and coupled with PyCharm’s Django support, we can give tremendous developer productivity,” says Frank Wiles. “The DSF helps make this growth happen, and we are delighted to have JetBrains support in our fundraising.” “For six years, Django has been the stable rock in our feature set. We share common ideals, and the success of Django is invaluable for us as well as for the whole Python community,” says Dmitry Filippov, JetBrains Product Marketing Manager. “This promotion gives us an opportunity to strengthen PyCharm’s relationship with Django by helping the DSF reach its fully-funded campaign goal.” Take Advantage of the Promotion During this two-week promotion, you can effectively contribute* to Django by purchasing an Individual PyCharm Professional annual subscription at a 30% discount: Click this link to go to the PyCharm annual subscription page. On the check-out page, сlick “Have a discount code?”. Enter this 30% discount promo code: IDONATETODJANGO Fill in other required fields on the page and click the “Place order” button. Read more details on the special promotion page. Again, all proceeds from this promotion will go to the DSF fundraising campaign—not just the profits, but actually the entire sales amount. The funds will go towards our outreach and diversity programs: Django Girls workshops, the Django Fellowship program, sponsoring official Django conferences, and others. *Please note this purchase is not a tax-deductible donation. Type Hinting (PEP 484) in Django under the Django Fellowship Program Additionally, the DSF and JetBrains announce a grant for the Django core development activity under the Django Fellowship program, in order to bring the new Python Type Hints standard (PEP 484) into future versions of Django. “Python 3 support has been a strong focus for Django in recent years,” says Wiles. “Python 3.5 and type hinting are a huge step towards developer productivity, especially combined with powerful tools like PyCharm. This JetBrains grant helps our Django Fellows and community bring type hinting to Django.” The standard is already quite stable, with only a few amendments over the last year. With this work, which is starting soon, the DSF will be funding Django core developers and other community members to help with the development. “We believe in Python 3 and the benefits of type hinting, particularly for frameworks like Django,” says Filippov. “Type hints in Django can let PyCharm boost Django developer productivity with better code inspections, code completion, and refactorings. We’re going to pioneer PEP 484 use in Django, making tremendous headway into the future of Django and Python.” There's no exact timeline for the project yet, but keep an eye on the django-developers mailing list and the Django blog for updates as work progresses. If you have any questions, get in touch with us at fundraising@djangoproject.com or JetBrains at sales@jetbrains.com. [...]