Subscribe: The Django weblog
Added By: Feedage Forager Feedage Grade B rated
Language: English
abdc ede  bugfix release  django  djangocon europe  djangocon  downloads page  graham abdc  package  page  release  tim graham   
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: The Django weblog

The Django weblog

Latest news about Django, the Python Web framework.

Last Build Date: Tue, 05 Sep 2017 11:25:21 -0500


Django security releases issued: 1.11.5 and 1.10.8

Tue, 05 Sep 2017 11:25:21 -0500

In accordance with our security release policy, the Django team is issuing Django 1.11.5 and Django 1.10.8. These release addresses the security issue detailed below. We encourage all users of Django to upgrade as soon as possible.

CVE-2017-12794: Possible XSS in traceback section of technical 500 debug page

In older versions, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you shouldn't run with DEBUG = True (which makes this page accessible) in your production settings.

Thanks Charles Bideau for reporting this issue.

Affected supported versions

  • Django master development branch
  • Django 1.11
  • Django 1.10

Per our supported versions policy, Django 1.9 is no longer supported. Django 1.8 is unaffected.


Patches to resolve the issues have been applied to Django's master development branch and the 1.11 and 1.10 release branches. The patches may be obtained from the following changesets:

The following releases have been issued:

The PGP key ID used for these releases is Tim Graham: 1E8ABDC773EDE252.

General notes regarding security reporting

As always, we ask that potential security issues be reported via private email to, and not via Django's Trac instance or the django-developers list. Please see our security policies for further information.

Support a Great Partnership: PyCharm and Django Team up Again

Tue, 15 Aug 2017 09:38:34 -0500

Last June (2016) JetBrains PyCharm partnered with the Django Software Foundation to generate a big boost to Django fundraising. The campaign was a huge success. Together we raised a total of $50,000 for the Django Software Foundation!

This year we hope to repeat that success. During the two-week campaign, buy a new PyCharm Professional Edition individual license with a 30% discount code, and all the money raised will go to the DSF’s general fundraising and the Django Fellowship program.

Promotion details

Up until Aug 28th, you can effectively donate to Django by purchasing a New Individual PyCharm Professional annual subscription at 30% off. It’s very simple:

  1. When buying a new annual PyCharm subscription in our e-store, on the checkout page, сlick “Have a discount code?”.
  2. Enter the following 30% discount promo code:

Alternatively, just click this shortcut link to go to the e-store with the code automatically applied

Fill in the other required fields on the page and click the “Place order” button.

All of the income from this promotion code will go to the DSF fundraising campaign 2017 – not just the profits, but actually the entire sales amount including taxes, transaction fees – everything. The campaign will help the DSF to maintain the healthy state of the Django project and help them continue contributing to their different outreach and diversity programs.

Read more details on the special promotion page.

“Django has grown to be a world-class web framework, and coupled with PyCharm’s Django support, we can give tremendous developer productivity,” says Frank Wiles, DSF President. “Last year JetBrains was a great partner for us in support of raising money for the Django Software Foundation, on behalf of the community, I would like to extend our deepest thanks for their generous help. Together we hope to make this a yearly event!”

If you have any questions, get in touch with Django at or JetBrains at

Django bugfix release: 1.11.4

Tue, 01 Aug 2017 07:47:33 -0500

Today we've issued the 1.11.4 bugfix release.

The release package and checksums are available from our downloads page, as well as from the Python Package Index. The PGP key ID used for this release is Tim Graham: 1E8ABDC773EDE252.

DjangoCon Europe 2018 Call for volunteers

Sun, 02 Jul 2017 06:38:44 -0500

2018's DjangoCon Europe will be held in beautiful Heidelberg, from the 23rd to the 27th May.

There is a lot to do, but it's very much worth it – DjangoCon Europe is an extremely friendly, open, inclusive, and informative (for beginners and advanced users alike) conference.

We're looking for support in the following areas, but if you have other interests and want to help out, please contact us:

  • Sponsors – Contacts, logistics, room/booth assignment
  • Communications – Press, community relations, announcements, social media, attendee tools, volunteer coordination
  • Support – Helpdesk, attendee support contact, visa help, travel management, chat support for attendees, on-site volunteer organization, speaker support
  • Financial Aid – Setup, grant selection, aid organisation
  • Marketing/Design – Brochures, advertisements, banners, flyers, travel guide, t-shirts, lanyards, badges, panels, logo
  • Program – Talk selection, scheduling, session chairs, sprint/openspace/keynote/lightning talks/poster session organization
  • Code of Conduct – Drafting documents, handling of requests and issues
  • Diversity advocate – Accessibility considerations, outreach On-site
  • Team – Catering contacts, child care, social events planning, on-site logistics

Of course, we're happy about everyone joining us who has prior experience in one of these areas, but if you don't, that's fine as well! We'll work something out and you'll be experienced in that area afterwards.

Your location is not important, either (we can do all things that need to be done in Heidelberg itself) – the only important thing is that you have the energy and free time to help organize a wonderful DjangoCon Europe. You do not need to speak German - all team and attendee communication is in English and we have German-speaking people on board for venue contacts and the like.

Don't be shy - drop us a line at, because we're looking forward to hearing from you!

Tobias Kunze and Raphael Michel

Django bugfix release: 1.11.3

Sat, 01 Jul 2017 18:42:06 -0500

Today we've issued the 1.11.3 bugfix release.

The release package and checksums are available from our downloads page, as well as from the Python Package Index. The PGP key ID used for this release is Tim Graham: 1E8ABDC773EDE252.

DjangoCon US Schedule Is Live

Thu, 22 Jun 2017 12:46:57 -0500

We are less than two months away from DjangoCon US in Spokane, WA, and we are pleased to announce that our schedule is live! We received an amazing number of excellent proposals, and the reviewers and program team had a difficult job choosing the final talks. We think you will love them. Thank you to everyone who submitted a proposal or helped to review them.

Tickets for the conference are still on sale! Check out our website for more information on which ticket type to select. We have also announced our tutorials. They are $150 each, and may be purchased at the same place as the conference tickets.

DjangoCon US will be held August 13-18 at the gorgeous Hotel RL in downtown Spokane. Our hotel block rate expires July 11, so reserve your room today!

(image) (image) (image) (image)

Django bugfix release: 1.11.2

Thu, 01 Jun 2017 11:51:48 -0500

Today we've issued the 1.11.2 bugfix release.

The release package and checksums are available from our downloads page, as well as from the Python Package Index. The PGP key ID used for this release is Tim Graham: 1E8ABDC773EDE252.

Django bugfix release: 1.11.1

Sat, 06 May 2017 08:48:40 -0500

Today we've issued the 1.11.1 bugfix release.

The release package and checksums are available from our downloads page, as well as from the Python Package Index. The PGP key ID used for this release is Tim Graham: 1E8ABDC773EDE252.

DjangoCon Europe 2017 in retrospect

Tue, 25 Apr 2017 04:05:08 -0500

DjangoCon Europe 2017 upheld all the traditions established by previous editions: a volunteer-run event, speakers from all sections of the community and a commitment to stage a memorable, enjoyable conference for all attendees.

Held in a stunning Art Deco cinema in the centre of the city, this year's edition was host to over 350 Djangonauts.

The team of always-smiling and willing volunteers, led by Emanuela Dal Mas and Iacopo Spalletti under the auspices of the Fuzzy Brains association, created a stellar success on behalf of all the community.

Of note in this year's conference was an emphasis on inclusion, as expressed in the conference's manifesto. The organisers' efforts to expand the notion of inclusion was visible in the number of attendees from Africa and south Asia, nearly all of whom were also given a platform at the event. This was made possible not only by the financial assistance programme but also through the considerable logistical help the organisers were able to offer.

The conference's opening keynote talk by Anna Makarudze and Humphrey Butau on the growing Python community in Zimbabwe, and an all-woman panel discussing their journeys in technology, were just two examples of a commitment to making more space for voices and stories that are less often heard.

DjangoCon Europe continues to thrive and sparkle in the hands of the people who care about it most, and who step forward each year as volunteers who commit hundreds of hours of their time to make the best possible success of it. Once again, this care has shone through.

On behalf of the whole Django community, the Django Software Foundation would like to thank the entire organising team and all the other volunteers of this year's DjangoCon Europe, for putting on a superb and memorable production.

The next DjangoCons in Europe

The DSF Board is considering bids for DjangoCon Europe 2018-2020. If you're interested in hosting the event in one of these years, we'd like to hear from you as soon as possible.

Django 1.11 released

Tue, 04 Apr 2017 11:04:14 -0500

The Django team is happy to announce the release of Django 1.11.

This version has been designated as a long-term support (LTS) release, which means that security and data loss fixes will be applied for at least the next three years. It will also receive fixes for crashing bugs, major functionality bugs in newly-introduced features, and regressions from older versions of Django for the next eight months until December 2017.

As always, the release notes cover the medley of new features in detail, but a few highlights are:

You can get Django 1.11 from our downloads page or from the Python Package Index. The PGP key ID used for this release is Tim Graham: 1E8ABDC773EDE252.

With the release of Django 1.11, Django 1.10 has reached the end of mainstream support. The final minor bugfix release (1.10.7) was issued today. Django 1.10 will receive security and data loss fixes for another eight months until December 2017.

Django 1.9 has reached the end of extended support. The final security release (1.9.13) was issued today. All Django 1.9 users are encouraged to upgrade to Django 1.10 or later.

See the downloads page for a table of supported versions and the future release schedule.