Subscribe: The Django weblog
Added By: Feedage Forager Feedage Grade B rated
Language: English
board  claude  community  django software  django  djangocon europe  dsf  release  security  software foundation  software  work 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: The Django weblog

The Django weblog

Latest news about Django, the Python Web framework.

Last Build Date: Tue, 06 Mar 2018 08:44:23 -0600


Django security releases issued: 2.0.3, 1.11.11, and 1.8.19

Tue, 06 Mar 2018 08:44:23 -0600

In accordance with our security release policy, the Django team is issuing Django 1.8.19, Django 1.11.11 and Django 2.0.3. These release addresses the security issues detailed below. We encourage all users of Django to upgrade as soon as possible. CVE-2018-7536: Denial-of-service possibility in urlize and urlizetrunc template filters The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions (one regular expression for Django 1.8). The urlize() function is used to implement the urlize and urlizetrunc template filters, which were thus vulnerable. Thanks James Davis for reporting this issue. CVE-2018-7537: Denial-of-service possibility in truncatechars_html and truncatewords_html template filters If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable. Thanks James Davis for reporting this issue. Affected supported versions Django master branch Django 2.0 Django 1.11 Django 1.8 Per our supported versions policy, Django 1.10, 1.9, and Django 1.7 and older are no longer supported. Resolution Patches to resolve the issue have been applied to Django's master branch and the 2.0, 1.11, and 1.8 release branches. The patches may be obtained from the following changesets: On the development master branch: urlize truncate On the 2.0 release branch: urlize truncate On the 1.11 release branch: urlize truncate On the 1.8 release branch: urlize truncate The following releases have been issued: Django 1.8.19 (download Django 1.8.19 | 1.8.19 checksums) Django 1.11.11 (download Django 1.11.11 | 1.11.11 checksums) Django 2.0.3 (download Django 2.0.3 | 2.0.3 checksums) The PGP key ID used for these releases is Tim Graham: 1E8ABDC773EDE252. General notes regarding security reporting As always, we ask that potential security issues be reported via private email to, and not via Django's Trac instance or the django-developers list. Please see our security policies for further information. [...]

Django security releases issued: 2.0.2 and 1.11.10

Thu, 01 Feb 2018 09:11:25 -0600

In accordance with our security release policy, the Django team is issuing Django 1.11.10 and Django 2.0.2. These release addresses the security issue detailed below. We encourage all users of Django to upgrade as soon as possible.

CVE-2018-6188: Information leakage in AuthenticationForm

A regression in Django 1.11.8 made django.contrib.auth.forms.AuthenticationForm run its confirm_login_allowed() method even if an incorrect password is entered. This can leak information about a user, depending on what messages confirm_login_allowed() raises. If confirm_login_allowed() isn't overridden, an attacker enter an arbitrary username and see if that user has been set to is_active=False. If confirm_login_allowed() is overridden, more sensitive details could be leaked.

Thanks Jack Cushman for reporting this issue.

Affected supported versions

  • Django master branch
  • Django 2.0 and 2.0.1
  • Django 1.11.8 and 1.11.9

Per our supported versions policy, Django 1.10 and 1.9 are no longer supported (but aren't affected). Django 1.8 LTS (for which security support ends on April 1) is unaffected.


Patches to resolve the issue have been applied to Django's master branch and the 2.0 and 1.11 release branches. The patches may be obtained from the following changesets:

The following releases have been issued:

The PGP key ID used for these releases is Tim Graham: 1E8ABDC773EDE252.

General notes regarding security reporting

As always, we ask that potential security issues be reported via private email to, and not via Django's Trac instance or the django-developers list. Please see our security policies for further information.

2017 Malcolm Tredinnick Memorial Prize awarded to Claude Paroz

Mon, 22 Jan 2018 16:53:58 -0600

The Board of the Django Software Foundation is pleased to announce that the 2017 Malcolm Tredinnick Memorial Prize has been awarded to Claude Paroz.

Claude has been a contributor to Django since 2012. He was selected for the prize by the board from amongst the nominees on the basis of his long-term, consistent contribution. Claude has given service to Django though code and also by enabling others to contribute effectively.

His work represents a less-visible but essential aspect of contribution to Django. It's not the kind of work that will be publicly applauded at a conference, or stand out as news, but it's of enormous importance to the project. Claude is owed a debt of thanks for it.

Tim Graham wrote in his nomination:

I nominate Claude Paroz for five years of tireless and unheralded contributions to Django, including shepherding the GeoDjango project and serving as the Django translations manager. He's the primary answering authority on the geodjango and django-i18n mailing lists.

While his contributing began in 2012, Claude is the most active volunteer contributor based on number of commits since 2008. He regularly offers his expertise by triaging tickets and reviewing pull requests. If I ask Claude for some advice in an area of Django in which I'm less versed, his responses are quick, respectful, and helpful.

Several other people were also nominated for this prize. The Malcom Tredinnick prize could once again have deservedly been awarded several times over. It is an enduring pleasure to observe that there is no shortage of members of our community who, like Claude, exemplify the spirit of generosity and support that the prize celebrates.

The other nominees were:

  • Ifunanya Ikemma, for her work teaching and encouraging women in to programming, through PyLadies and Django Girls in Nigeria
  • Katie McLaughlin, for her work in open source projects as a contributor and mentor
  • Melanie Crutchfield, for her work with PyLadies and Django Girls
  • Jeff Triplett, for his huge contribution to the running of DjangoCon US, and the consistently warm, supportive attitude he brings to this and to his other work in the world of Django
  • Veronica Munro, for her work organising Django Girls events in Australia
  • Lacey Williams Henschel, for her work in DjangoCon US (including her magnificent work as the 2017 conference chair), and helping to build the Django community in the US
  • Tim Graham, for being an ever-responsive and valuable point of technical contact for Django.

Many congratulations to Claude, and our sincere thanks to all the nominees for their continued work in Django. Thanks are also due to all who took the trouble to nominate someone.

The DSF Welcomes Carlton Gibson as its Newest Fellow

Fri, 12 Jan 2018 11:07:35 -0600

On November 16, 2017, the DSF made a call for Django Fellow applicants. On behalf of the Django Software Foundation, the DSF Fellowship Committee is pleased to announce Carlton Gibson as the newest Django Fellow. Carlton is joining Tim Graham who recently announced his scale back of hours. Tim will be transitioning to part-time but remaining as a Fellow.

Carlton has been involved in the Django community since 2009. He has been a core team member of the Django REST Framework for several years. He's a major contributor to Django Filter, Django Crispy Forms and Django AppConf as well as Django Compressor and many others. He is also an instructor for Django Girls in Barcelona.

The DSF received 15 applicants, all of which were reviewed by the Fellowship Committee before coming to a consensus decision on Carlton. The level of talent and professionalism in the applicant pool made the decision process a difficult one. We are grateful for all who applied and their desire to participate in this important initiative.

The Fellowship program has been a great success for the past three years and is only possible through generous support of the Django Software Foundation. If you or your organization benefit from Django and the work of the Fellowship program, please consider a donation. Every dollar amount, large or small, makes an impact.

Results of the DSF Board election

Sat, 06 Jan 2018 03:27:24 -0600

The DSF membership elected a new board last month. The six elected directors of the DSF for 2018 are (in alphabetical order):

  • James Bennett
  • Rebecca Conley
  • Anna Makarudze
  • Katie McLaughlin
  • Daniele Procida
  • Frank Wiles

There were 39 candidates this year. Last year, there were just six.

We had multiple candidates from each of: North and South America, Europe, Australia, India and Africa.

This year, half of the board is from outside of the USA; previously the USA has been heavily over-represented.

53 people voted, compared with 12 last year.

Half of our board members are women, and we have our first African director of the DSF (Anna Makarudze).

Many thanks to all who participated - both those who voted, and especially those who put themselves forward to serve on the board. Thanks are also due to the outgoing Board.

Django bugfix releases: 2.0.1 and 1.11.9

Mon, 01 Jan 2018 19:08:45 -0600

Today we've issued the 2.0.1 and 1.11.9 bugfix releases.

The release package and checksums are available from our downloads page, as well as from the Python Package Index. The PGP key ID used for this release is Tim Graham: 1E8ABDC773EDE252.

DjangoCon Europe 2018 Update: Early Bird Tickets, CFP, and Opportunity grants are open!

Mon, 18 Dec 2017 09:00:00 -0600

In case you missed the news, DjangoCon Europe 2018 will take place in beautiful Heidelberg, Germany, from May 23-27, 2018! We've started selling early bird tickets, and opened the Call for Participation and Opportunity Grant applications. We are also looking for sponsors. Early Bird Tickets Early Bird Tickets are now available for a reduced price. Early Bird tickets are currently planned to be available until end of January, so be sure to get yours soon! Buying an Early Bird Ticket isn’t just great for you, it also helps us estimate the amount of attendees we will have, and to give us more time to handle any special requirements you may have. You will notice that our ticket pricing allows you to input a ticket price of your choice. With the additional money, we are able to make it a more inclusive conference by investing in accessibility improvements as well as our opportunity grant program, helping people with little resources, and/or a lack of representation in our community to participate in DjangoCon Europe 2018. Please choose to give more if you can – you’ll have a very direct impact on how wonderful our conference and our community will be. Call for Participation (CFP) Our CFP for talks and tutorials is now open! The deadline for submissions is February 1, 2018. We’re looking for speakers of all experience levels and backgrounds, and are currently working on our (opt-in) speaker mentoring program. Talk and tutorial presenters receive free admission to DjangoCon Europe. You can edit your submission until the deadline, so there's no need to wait. If you need additional financial support, please apply to the Opportunity Grant program, where speakers are given special consideration. Opportunity Grant Application We are very proud of our opportunity grant program – this is what you may know from other or previous conferences as the financial aid program. If (either as an attendee or a speaker) paying acommodations and travelling expenses would be difficult for you, especially if you belong to a marginalized or underrepresented group in tech, please check it out. You have until February 1st to submit your request, to give us sufficient time to go through requests, which in turn gives you sufficient time to plan your journey, handle visa applications, and answer all questions you may have. Sponsor opportunities We are only able to run this conference with the support of sponsors that share our goal to create a wonderful, diverse and insightful event. If you are interested in sponsoring DjangoCon Europe 2018, please see our sponsorship page and brochure. Sponsoring is a great opportunity to market developer-focused products, recruit developers, and to give back to the community if you use Django to build your products. DjangoCon Europe has a great track record in supporting diversity in tech. We are committed to continue this tradition and we need strong partners to make this possible. Your own employees can profit a lot from attending DjangoCon Europe. Not only does the conference provide valuable education in form of talks and workshops that improve their professional and technical skills, it is also the single best place to start building a network within a community of potential future partners. Many sponsorship packages include a number of tickets. [...]

DSF travel grants available for PyCon Namibia 2018

Tue, 12 Dec 2017 10:37:59 -0600

About PyCon Namibia

PyCon Namibia held its first edition in 2015.

The conference has been held annually since then, and has been at the heart of a new open-source software movement in Namibia. In particular, through PyNam, the Namibian Python Society, Python has become the focus of self-organised community volunteering activity in schools and universities.

In the last two years, assisted greatly by Helen Sherwood-Taylor, Django Girls has become an important part of the event too.

PyCons in Africa

The conference has also been the direct prompt for further new PyCons across Africa; Zimbabwe in 2016, Nigeria in 2017 and a planned PyCon Ghana next year. In each case, PyCon attendees from another country have returned home to set up their own events.

An important aspect of these events is the opportunity to establish relationships with the international community. Numerous people have travelled from other corners of the world to meet African programmers in their own countries, and many have returned multiple times.

Be a Pythonista, not a tourist

There is enormous value in this exchange, which gives Python/Django programmers from beyond Africa a unique opportunity to encounter African programmers in their own country, and to visit not as passing tourists but as Pythonistas and Djangonauts who will form long-term relationships with their African counterparts. This helps ensure that the international Python community meaningfully includes its members, wherever in the world they may be, and represents a chance like no other to understand them and what Python might mean in Africa.

There is probably no better way to understand what Python might mean in Namibia, for example, than having lunch with a group of Namibian high-school pupils and hearing about their ideas and plans for programming.

This exchange enriches not only the PyCon itself, but also the lives of the Pythonistas that it embraces, from both countries, and the communities they are a part of.

About the travel fund

In order to help maintain this valuable exchange between international Python communities, the Django Software Foundation has set aside a total of US$1500 to help enable travellers from abroad to visit Namibia for next year's PyCon, 20th-22nd February.

The DSF seeks expressions of interest from members of the international Django community who'd like to take advantage of these funds.

Please get in touch with us by email. We'd like to know:

  • who you are
  • why you'd like to participate
  • where you are travelling from and how much you estimate you will need

PyCon Namibia will benefit most from attendees who are interested in developing long-term relationships with its community and attendees.

See the conference website for information about travel and more.

What it's like to serve on the DSF Board

Thu, 07 Dec 2017 08:27:55 -0600

I am currently the Vice-President of the Django Software Foundation, and have served as a member of the DSF Board for two years. This article is intended to help give a clearer picture of what's involved in being on the DSF Board, and might help some people decide whether they wish to stand for election. What we do Each month we - the six directors - have a board meeting, via Hangout. This lasts about an hour. We follow an agenda, and discuss questions that have arisen, have report on the state of our finances, and vote on any questions that have come up. Each month a number of the questions we vote on are about grant applications for events (conferences, Django Girls and so on) and nominations for new members. Mostly it's fairly routine business, and doesn't require much deliberation. Occasionally there are trickier questions, for example that might concern: matters where we are not sure what the best way forward is legal questions about what the DSF is and isn't allowed to do disagreements or contentious questions within the DSF or Django community On the whole we find that when it's a matter of judgement about something, that we come to agreement pretty quickly. At each meeting we'll each agree to take on certain administrative tasks that follow on from the discussion. During the month a number of email messages come in that need to be answered - mostly enquiries about support for events, use of the Django logo, and so on, and also several for technical help with Django that we refer elsewhere. Any one of us will answer those, if we can. Some members of the board have special duties or interests - for example the Treasurer and Secretary have official duties, while I often take up enquiries about events. Overall, it's a few hours' work each month. What you need to be a board member The board members are officially "Directors of the Django Software Foundation", which might make it sound more glamorous and/or difficult than it really is. It's neither... If you can: spare a few hours each month spare some personal energy for the job take part in meetings and help make decisions answer email read proposals, requests, applications and other documents carefully help write documents (whether it's composing or proof-reading) listen to people and voices in the Django community then you probably have everything that's required to make a genuine, valuable contribution to Django by serving on the board. Obviously, to serve as the Treasurer or Secretary requires some basic suitable skills for those roles - but you don't need to be a qualified accountant or have formal training. In any case, no-one is born a DSF board member, and it's perfectly reasonable that in such a role you will learn to do new things if you don't know them already. What it's like I can only speak for myself - but I enjoy the work very much. Everyone on the board has a common aim of serving Django and its community, and the way the board works is friendly, collaborative and supportive. There's room for a variety of skills, special knowledge and experience. Different perspectives are welcomed. There's also a very clear Django ethos and direction, that aims at inclusivity and generosity. The sustainability of the project and the well-being of people involved in it are always concerns that are visibly and explicitly on the table in board discussions. It's a very good feeling each month to have our board meeting and be reminded how true the "boring means stable" equation is. Django is a big ship, and it sails on month after month, steadily. It requires some steering, and a shared vision of the way ahead, but progresses without big dramas. As a member of the board, this makes me feel that I am involved in something safe and sustainable. I've been on the DSF board for nearly two years. Serving on the board does require some[...]

Results of the Django/PyCharm Promotion 2017

Wed, 06 Dec 2017 15:14:45 -0600

We’re happy to report that our second iteration of the Django/PyСharm fundraising campaign - which we ran this summer - was a huge success. This year we helped raise a total of $66,094 USD for the Django Software Foundation! Last year (2016) we ran a similar campaign which resulted in a collective contribution of $50,000 USD to the cause. We’re happy we could raise even more money this year for the Django community!

If you missed the campaign here’s the essence of the past promotion: For 3 weeks this summer, Django developers could effectively donate to Django Software Foundation by purchasing a new individual PyCharm Professional annual subscription at 30% off, with all proceeds from the sales going to the Django Software Foundation. Read more details here.

All the money raised goes toward Django outreach and diversity programs: supporting DSF, the Django Fellowship program, Django Girls workshops, sponsoring official Django conferences, and other equally incredible projects.

We want to say huge thanks to the DSF for their active collaboration and making this fundraiser happen. We hope that in 2018 we’ll be able to make this yearly event even more successful!

The DSF general fundraising campaign is still on-going, and we encourage everyone to contribute to the success of Django by donating to DSF directly.

If you have any questions, get in touch with us at or JetBrains at