Subscribe: The Django weblog
http://www.djangoproject.com/rss/weblog/
Added By: Feedage Forager Feedage Grade B rated
Language: English
Tags:
abdc ede  community  django  djangocon  downloads page  financial aid  graham abdc  pgp key  release  safe  security  serve  tim graham 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: The Django weblog

The Django weblog



Latest news about Django, the Python Web framework.



Last Build Date: Sat, 06 May 2017 08:48:40 -0500

 



Django bugfix release: 1.11.1

Sat, 06 May 2017 08:48:40 -0500

Today we've issued the 1.11.1 bugfix release.

The release package and checksums are available from our downloads page, as well as from the Python Package Index. The PGP key ID used for this release is Tim Graham: 1E8ABDC773EDE252.




DjangoCon Europe 2017 in retrospect

Tue, 25 Apr 2017 04:05:08 -0500

DjangoCon Europe 2017 upheld all the traditions established by previous editions: a volunteer-run event, speakers from all sections of the community and a commitment to stage a memorable, enjoyable conference for all attendees.

Held in a stunning Art Deco cinema in the centre of the city, this year's edition was host to over 350 Djangonauts.

The team of always-smiling and willing volunteers, led by Emanuela Dal Mas and Iacopo Spalletti under the auspices of the Fuzzy Brains association, created a stellar success on behalf of all the community.

Of note in this year's conference was an emphasis on inclusion, as expressed in the conference's manifesto. The organisers' efforts to expand the notion of inclusion was visible in the number of attendees from Africa and south Asia, nearly all of whom were also given a platform at the event. This was made possible not only by the financial assistance programme but also through the considerable logistical help the organisers were able to offer.

The conference's opening keynote talk by Anna Makarudze and Humphrey Butau on the growing Python community in Zimbabwe, and an all-woman panel discussing their journeys in technology, were just two examples of a commitment to making more space for voices and stories that are less often heard.

DjangoCon Europe continues to thrive and sparkle in the hands of the people who care about it most, and who step forward each year as volunteers who commit hundreds of hours of their time to make the best possible success of it. Once again, this care has shone through.

On behalf of the whole Django community, the Django Software Foundation would like to thank the entire organising team and all the other volunteers of this year's DjangoCon Europe, for putting on a superb and memorable production.

The next DjangoCons in Europe

The DSF Board is considering bids for DjangoCon Europe 2018-2020. If you're interested in hosting the event in one of these years, we'd like to hear from you as soon as possible.




Django 1.11 released

Tue, 04 Apr 2017 11:04:14 -0500

The Django team is happy to announce the release of Django 1.11.

This version has been designated as a long-term support (LTS) release, which means that security and data loss fixes will be applied for at least the next three years. It will also receive fixes for crashing bugs, major functionality bugs in newly-introduced features, and regressions from older versions of Django for the next eight months until December 2017.

As always, the release notes cover the medley of new features in detail, but a few highlights are:

You can get Django 1.11 from our downloads page or from the Python Package Index. The PGP key ID used for this release is Tim Graham: 1E8ABDC773EDE252.

With the release of Django 1.11, Django 1.10 has reached the end of mainstream support. The final minor bugfix release (1.10.7) was issued today. Django 1.10 will receive security and data loss fixes for another eight months until December 2017.

Django 1.9 has reached the end of extended support. The final security release (1.9.13) was issued today. All Django 1.9 users are encouraged to upgrade to Django 1.10 or later.

See the downloads page for a table of supported versions and the future release schedule.




Django security releases issued: 1.10.7, 1.9.13, and 1.8.18

Tue, 04 Apr 2017 10:24:05 -0500

In accordance with our security release policy, the Django team is issuing Django 1.10.7, Django 1.9.13 and 1.8.18. These release addresses two security issues detailed below. We encourage all users of Django to upgrade as soon as possible. The Django master and stable/1.11.x branches are also updated. The Django 1.11 release is forthcoming shortly in a separate blog post. CVE-2017-7233: Open redirect and possible XSS attack via user-supplied numeric redirect URLs Django relies on user input in some cases (e.g. django.contrib.auth.views.login() and i18n) to redirect the user to an "on success" URL. The security check for these redirects (namely django.utils.http.is_safe_url()) considered some numeric URLs (e.g. http:999999999) "safe" when they shouldn't be. Also, if a developer relies on is_safe_url() to provide safe redirect targets and puts such a URL into a link, they could suffer from an XSS attack. CVE-2017-7234: Open redirect vulnerability in django.views.static.serve() A maliciously crafted URL to a Django site using the django.views.static.serve() view could redirect to any other domain. The view no longer does any redirects as they don't provide any known, useful functionality. Note, however, that this view has always carried a warning that it is not hardened for production use and should be used only as a development aid. Thanks Phithon from Chaitin Tech (@ChaitinTech) for reporting this issue. Affected supported versions Django master development branch Django 1.11 (at release candidate status, final release forthcoming) Django 1.10 Django 1.9 Django 1.8 Per our supported versions policy, Django 1.7 and older are no longer receiving security updates. Also, Django 1.9.x has reached end-of-life -- this is the final release of that series. Resolution Patches to resolve the issues have been applied to Django's master development branch and the 1.11, 1.10, 1.9, and 1.8 release branches. The patches may be obtained from the following changesets: On the development master branch: is_safe_url() serve() On the 1.11 release branch: is_safe_url() serve() On the 1.10 release branch: is_safe_url() serve() On the 1.9 release branch: is_safe_url() serve() On the 1.8 release branch: is_safe_url() serve() The following releases have been issued: Django 1.10.7 (download Django 1.10.7 | 1.10.7 checksums) Django 1.9.13 (download Django 1.9.13 | 1.9.13 checksums) Django 1.8.18 (download Django 1.8.18 | 1.8.18 checksums) The PGP key ID used for these releases is Tim Graham: 1E8ABDC773EDE252. General notes regarding security reporting As always, we ask that potential security issues be reported via private email to security@djangoproject.com, and not via Django's Trac instance or the django-developers list. Please see our security policies for further information. [...]



DjangoCon US 2017 Update

Thu, 30 Mar 2017 13:41:11 -0500

Tickets are on sale for DjangoCon US 2017 in Spokane, WA! We’re also looking for reviewers for our talk and tutorial proposals, and our CFP and financial aid application are closing soon.

Tickets Are on Sale

Tickets are now on sale! DjangoCon US has tiered pricing, and we put together a blog post with more details. We hope to see you in Spokane August 13-18.

Call for Reviewers

We’re looking for volunteers to help review talk and tutorial proposals. This will require a few hours of time from now until April 24. Reviewing talks only takes a couple of minutes per talk. Reviewers don’t need to review all talks and tutorials and don’t need to review them all in one day. Most people find that reviewing talks for 30 minutes at a time, once or twice a week, gets them through the talks pretty quickly. If you’re interested, please email hello@djangocon.us. Thank you to all of the awesome volunteers who have already signed up!

Call for Proposals Deadline

Our Call for Proposals (CFP) deadline is quickly approaching! April 10 at midnight Anywhere on Earth is the deadline to submit a talk or tutorial proposal. We would love to see a few more tutorial proposals (tutorials are compensated!). Please get in touch with us or our wonderful speaker mentors if you need help refining or expanding on an idea.

Financial Aid Deadline

The DjangoCon US financial aid application also closes on April 10. We have more information and FAQs about financial aid on our website. The application is short and sweet, so please apply today!




Django 1.11 release candidate 1 released

Tue, 21 Mar 2017 18:03:12 -0500

Django 1.11 release candidate 1 is the final opportunity for you to try out the medley of new features before Django 1.11 is released.

The release candidate stage marks the string freeze and the call for translators to submit translations. Provided no major bugs are discovered that can't be solved in the next two weeks, 1.11 final will be issued on or around April 4. Any delays will be communicated on the django-developers mailing list thread.

Please use this opportunity to help find and fix bugs (which should be reported to the issue tracker). You can grab a copy of the package from our downloads page or on PyPI.

The PGP key ID used for this release is Tim Graham: 1E8ABDC773EDE252.




Django bugfix release: 1.10.6

Wed, 01 Mar 2017 07:25:58 -0600

Today we've issued the 1.10.6 bugfix release.

The release package and checksums are available from our downloads page, as well as from the Python Package Index. The PGP key ID used for this release is Tim Graham: 1E8ABDC773EDE252.




Django 1.11 beta 1 released

Mon, 20 Feb 2017 17:27:02 -0600

Django 1.11 beta 1 is an opportunity for you to try out the medley of new features in Django 1.11.

Only bugs in new features and regressions from earlier versions of Django will be fixed between now and 1.11 final (also, translations will be updated following the "string freeze" when the release candidate is issued). The current release schedule calls for a release candidate about a month from now with the final release to follow about two weeks after that around April 1. We'll only be able to keep this schedule if we get early and often testing from the community. Updates on the release schedule schedule are available on the django-developers mailing list.

As with all alpha and beta packages, this is not for production use. But if you'd like to take some of the new features for a spin, or to help find and fix bugs (which should be reported to the issue tracker), you can grab a copy of the beta package from our downloads page or on PyPI.

The PGP key ID used for this release is Tim Graham: 1E8ABDC773EDE252.




DjangoCon US 2017 Update: Call for Proposals, Mentorship, and Financial Aid Are Open!

Mon, 13 Feb 2017 10:13:57 -0600

In case you missed the news, DjangoCon US 2017 will take place in beautiful Spokane, Washington, from August 13-18, 2017! We’ll have more information on the venue and ticket sales soon, but we’re pleased to announce the following items.

Call for Proposals (CFP)

Our CFP for talks and tutorials is now open! The deadline for submissions is April 10, 2017. We’re looking for speakers of all experience levels and backgrounds. Talk and tutorial presenters also receive free admission to DjangoCon US.

Financial Aid Application

Grants to assist with your travel and lodging expenses are available as well. Our Financial Aid application is also now open. The deadline is April 10, 2017.

Seeking Speaker Mentors

Preparing and giving a talk at a conference is no small task, and it can be even more intimidating to first-time presenters. We're looking for encouraging people with talk or tutorial experience to volunteer to be mentors for this year's DjangoCon US 2017 speakers. Mentors provide encouragement and advice to participating presenters on an informal basis.

A good mentor should:

  • have previous speaking experience
  • ...or have previous experience giving tutorials
  • be familiar with how to propose a talk or tutorial
  • be able to help construct an effective, engaging talk
  • encourage first-time speakers, non-native English speakers, or anyone needing a little boost
  • be able to provide critique, advice, or refinements on a presentation

This is a strictly volunteer position with a small time commitment. It's so rewarding to help someone else kick off their speaking career!

If you'd like to help out as a mentor, please contact us and include a quick description of yourself, your speaking experience, and why you'd like to help.




Call for Volunteers - Code of Conduct Committee

Wed, 25 Jan 2017 12:45:26 -0600

Happy New Year to the Django Community! As we begin 2017, many of us are reflecting on how to maintain safe, inclusive spaces within our communities. One meaningful way to do that is to serve on the Django Code of Conduct committee. In 2013, with input from the community, Django Core members and the DSF board developed a code of conduct, the purpose of which was explained by Alex Gaynor and Jacob Kaplan Moss:

“Why do we need a code of conduct? To best keep with some of our core values: documentation and 'explicit is better than implicit.' We want to maintain a vibrant, diverse, and technically excellent community, and we believe that a part of that is writing down the standards of behavior we hold ourselves to.”

As of May 2016, Committee members serve a six month fixed term. You will serve in a rotation of being “on-call” (via email) for a week at a time in order to respond to reports from the community. This is a great service to the Django community, particularly to those who are most at risk, and it is made more manageable when shared.

If you are interested in volunteering to serve a six-month term, please review the online documentation and procedures regarding the CofC Committee, then email conduct@djangoproject.com. Thank you for reading, and all the best in 2017!