Django community: RSS
This page, updated regularly, aggregates Django Software Foundation from the Django community.
-
DSF member of the month - Theresa Seyram Agbenyegah
For March 2026, we welcome Theresa Seyram Agbenyegah as our DSF member of the month! ⭐ Theresa is a passionate community builder serving in the DSF Events Support Working Group. She has demonstrated strong leadership by taking on roles such as LOC Programmes Lead at PyCon Africa 2024 and Programs Chair for PyCon Ghana 2025. She also organized DjangoGirls events across multiple PyCons, including PyCon Ghana 2022 and PyCon Africa 2024. You can learn more about Theresa by visiting Theresa's LinkedIn profile and her GitHub Profile. Let’s spend some time getting to know Theresa better! Can you tell us a little about yourself (hobbies, education, etc)? I’m Theresa Seyram Agbenyegah, mostly referred to in the community as Stancy; a backend engineer, social entrepreneur, and an open source advocate/contributor passionate about using technology for impact. My background is in technology, community management, and systems design. Over the years, I have grown into roles that combine engineering, leadership, and ecosystem building. I know many folks call you Stancy, me included, why specifically this name? So “Stancy” is my initials 😁, People think it is my nickname. How did you start using Django? I was introduced to Django through a Django Girls workshop, … -
Django security releases issued: 6.0.3, 5.2.12, and 4.2.29
In accordance with our security release policy, the Django team is issuing releases for Django 6.0.3, Django 5.2.12, and Django 4.2.29. These releases address the security issues detailed below. We encourage all users of Django to upgrade as soon as possible. CVE-2026-25673: Potential denial-of-service vulnerability in URLField via Unicode normalization on Windows The django.forms.URLField form field's to_python() method used urllib.parse.urlsplit() to determine whether to prepend a URL scheme to the submitted value. On Windows, urlsplit() performs NFKC normalization (unicodedata.normalize), which can be disproportionately slow for large inputs containing certain characters. URLField.to_python() now uses a simplified scheme detection, avoiding Unicode normalization entirely and deferring URL validation to the appropriate layers. As a result, while leading and trailing whitespace is still stripped by default, characters such as newlines, tabs, and other control characters within the value are no longer handled by URLField.to_python(). When using the default URLValidator, these values will continue to raise ValidationError during validation, but if you rely on custom validators, ensure they do not depend on the previous behavior of URLField.to_python(). This issue has severity "moderate" according to the Django Security Policy. Thanks to Seokchan Yoon for the report. CVE-2026-25674: Potential incorrect permissions on newly created file system objects … -
Google Summer of Code 2026 with Django
When we learned that the Django Software Foundation has been accepted as a mentoring organization for Google Summer of Code 2026, it marked another steady milestone in a long-standing relationship. Django first participated in GSoC in 2006, and 2026 represents our 21st consecutive year in the program. Over two decades, GSoC has become a consistent pathway for contributors to engage more deeply with Django — not just through a summer project, but often through continued involvement that extends well beyond the official coding period. For many of you reading this, this might be your first exposure to how Django’s open source ecosystem works. So before we get into applications and expectations, let’s take a step back and understand the environment you’re stepping into. Understanding the Django Ecosystem The Django Software Foundation (DSF) is the non-profit organization that supports the long-term sustainability of Django. Django itself is developed entirely in the open. Feature discussions, architectural debates, bug reports, design proposals, and code reviews all happen publicly. That openness is intentional. It allows anyone, from anywhere in the world, to participate. But it also means decisions are rarely made quickly or casually. Changes are discussed carefully. Trade-offs are evaluated. Backwards compatibility is … -
DSF member of the month - Baptiste Mispelon
For February 2026, we welcome Baptiste Mispelon as our DSF member of the month! ⭐ Photo by Bartek Pawlik - bartpawlik.format.com Baptiste is a long-time Django and Python contributor who co-created the Django Under the Hood conference series and serves on the Ops team maintaining its infrastructure. He has been a DSF member since November 2014. You can learn more about Baptiste by visiting Baptiste's website and his GitHub Profile. Let’s spend some time getting to know Baptiste better! Can you tell us a little about yourself? (hobbies, education, etc) I'm a French immigrant living in Norway. In the day time I work as software engineer at Torchbox building Django and Wagtail sites. Education-wise I'm a "self-taught" (whatever that means) developer and started working when I was very young. In terms of hobbies, I'm a big language nerd and I'm always up for a good etymology fact. I also enjoy the outdoor whether it's on a mountain bike or on foot (still not convinced by this skiing thing they do in Norway, but I'm trying). How did you start using Django? I was working in a startup where I had built an unmaintainable pile of custom framework-less PHP code. I'd … -
Plan to Adopt Contributor Covenant 3 as Django’s New Code of Conduct
Last month we announced our plan to adopt Contributor Covenant 3 as Django's new Code of Conduct through a multi-step process. Today we're excited to share that we've completed the first step of that journey! What We've Done We've merged new documentation that outlines how any member of the Django community can propose changes to our Code of Conduct and related policies. This creates a transparent, community-driven process for keeping our policies current and relevant. The new process includes: Proposing Changes: Anyone can open an issue with a clear description of their proposed change and the rationale behind it. Community Review: The Code of Conduct Working Group will discuss proposals in our monthly meetings and may solicit broader community feedback through the forum, Discord, or DSF Slack. Approval and Announcement: Once consensus is reached, changes are merged and announced to the community. Changes to the Code of Conduct itself will be sent to the DSF Board for final approval. How You Can Get Involved We welcome and encourage participation from everyone in the Django community! Here's how you can engage with this process: Share Your Ideas: If you have suggestions for improving our Code of Conduct or related documentation, open … -
Django Steering Council 2025 Year in Review
The members of the Steering Council wanted to provide you all with a quick TL;DR of our work in 2025. First off, we were elected at the end of 2024 and got started in earnest in early 2025 with the mission to revive and dramatically increase the role of the Steering Council. We're meeting for a video conference at least monthly, you can deep dive into the meeting notes to see what we've been up to. We also have set up Slack channels we use to communicate in between meetings to keep action items moving along. One of the first things we did was temporarily suspend much of the process around DEP 10. Its heart is in the right place, but it's just too complex and cumbersome day-to-day with a primarily volunteer organization. We're slowly making progress on a revamped and simplified process that addresses our concerns. It is our goal to finish this before our terms expire. New Features Process We've moved the process for proposing new features out of the Django Forum and mailing lists to new-features Github repository. We made this change for a variety of reasons, but the largest being to reduce the workload for the … -
Recent trends in the work of the Django Security Team
Yesterday, Django issued security releases mitigating six vulnerabilities of varying severity. Django is a secure web framework, and that hasn’t changed. What feels new is the remarkable consistency across the reports we receive now. Almost every report now is a variation on a prior vulnerability. Instead of uncovering new classes of issues, these reports explore how an underlying pattern from a recent advisory might surface in a similar code path or under a slightly different configuration. These reports are often technically plausible but only sometimes worth fixing. Over time, this has shifted the Security Team’s work away from discovery towards deciding how far a given precedent should extend and whether the impact of the marginal variation rises to the level of a vulnerability. Take yesterday’s releases: We patched a “low” severity user enumeration vulnerability in the mod_wsgi authentication handler (CVE 2025-13473). It’s a straightforward variation on CVE 2024-39329, which affected authentication more generally. We also patched two potential denial-of-service vulnerabilities when handling large, malformed inputs. One exploits inefficient string concatenation in header parsing under ASGI (CVE 2025-14550). Concatenating strings in a loop is known to be slow, and we’ve done fixes in public where the impact is low. The other … -
Django security releases issued: 6.0.2, 5.2.11, and 4.2.28
In accordance with our security release policy, the Django team is issuing releases for Django 6.0.2, Django 5.2.11, and Django 4.2.28. These releases address the security issues detailed below. We encourage all users of Django to upgrade as soon as possible. CVE-2025-13473: Username enumeration through timing difference in mod_wsgi authentication handler The django.contrib.auth.handlers.modwsgi.check_password() function for authentication via mod_wsgi allowed remote attackers to enumerate users via a timing attack. Thanks to Stackered for the report. This issue has severity "low" according to the Django security policy. CVE-2025-14550: Potential denial-of-service vulnerability via repeated headers when using ASGI When receiving duplicates of a single header, ASGIRequest allowed a remote attacker to cause a potential denial-of-service via a specifically created request with multiple duplicate headers. The vulnerability resulted from repeated string concatenation while combining repeated headers, which produced super-linear computation resulting in service degradation or outage. Thanks to Jiyong Yang for the report. This issue has severity "moderate" according to the Django security policy. CVE-2026-1207: Potential SQL injection via raster lookups on PostGIS Raster lookups on GIS fields (only implemented on PostGIS) were subject to SQL injection if untrusted data was used as a band index. As a reminder, all untrusted user input should … -
Djangonaut Space - Session 6 Accepting Applications
We are thrilled to announce that Djangonaut Space, a mentorship program for contributing to Django, is open for applicants for our next cohort! 🚀 Djangonaut Space is holding a sixth session! This session will start on March 2nd, 2026. We are currently accepting applications until February 2nd, 2026 Anywhere on Earth. More details can be found in the website. Djangonaut Space is a free, 8-week group mentoring program where individuals will work self-paced in a semi-structured learning environment. It seeks to help members of the community who wish to level up their current Django code contributions and potentially take on leadership roles in Django in the future. “I'm so grateful to have been a part of the Djangonaut Space program. It's a wonderfully warm, diverse, and welcoming space, and the perfect place to get started with Django contributions. The community is full of bright, talented individuals who are making time to help and guide others, which is truly a joy to experience. Before Djangonaut Space, I felt as though I wasn't the kind of person who could become a Django contributor; now I feel like I found a place where I belong.” - Eliana, Djangonaut Session 1 Enthusiastic about contributing … -
DSF member of the month - Omar Abou Mrad
For January 2026, we welcome Omar Abou Mrad as our DSF member of the month! ⭐ Omar is a helper in Django Discord server, he has helped and continuesly help folks around the world in their Django journey! He is part of the Discord Staff Team. He has been a DSF member since June 2024. You can learn more about Omar by visiting Omar's website and his GitHub Profile. Let’s spend some time getting to know Omar better! Can you tell us a little about yourself? (hobbies, education, etc) Hello! My name is Omar Abou Mrad, a 47-year-old husband to a beautiful wife and father of three teenage boys. I’m from Lebanon (Middle East), have a Computer Science background, and currently work as a Technical Lead on a day-to-day basis. I’m mostly high on life and quite enthusiastic about technology, sports, food, and much more! I love learning new things and I love helping people. Most of my friends, acquaintances, and generally people online know me as Xterm. I have already an idea but where your nickname "Xterm" comes from? xterm is simply the terminal emulator for the X Window System. I first encountered it back in the mid to … -
Django bugfix releases issued: 5.2.10, 6.0.1
Today we've issued the 5.2.10 and 6.0.1 bugfix releases. The release packages and checksums are available from our downloads page, as well as from the Python Package Index. The PGP key ID used for these releases is Jacob Walls: 131403F4D16D8DC7 -
DSF member of the month - Clifford Gama
For December 2025, we welcome Clifford Gama as our DSF member of the month! ⭐ Clifford contributed to Django core with more than 5 PRs merged in few months! He is part of the Triage and Review Team. He has been a DSF member since October 2024. You can learn more about Clifford by visiting Clifford's website and his GitHub Profile. Let’s spend some time getting to know Clifford better! Can you tell us a little about yourself (hobbies, education, etc) I'm Clifford. I hold a Bachelor's degree in Mechanical Engineering from the University of Zimbabwe. How did you start using Django? During my first year in college, I was also exploring open online courses on EDx and I came across CS50's introduction to web development. After watching the introductory lecture -- which introduced me to git and GitHub -- I discovered Django's excellent documentation and got started on the polls tutorial. The docs were so comprehensive and helpful I never felt the need to return to CS50. (I generally prefer comprehensive first-hand, written learning material over summaries and videos.) At the time, I had already experimented with flask, but I guess mainly because I didn't know SQL and because … -
Hitting the Home Stretch: Help Us Reach the Django Software Foundation's Year-End Goal!
As we wrap up another strong year for the Django community, we wanted to share an update and a thank you. This year, we raised our fundraising goal from $200,000 to $300,000, and we are excited to say we are now over 88% of the way there. That puts us firmly in the home stretch, and a little more support will help us close the gap and reach 100%. So why the higher goal this year? We expanded the Django Fellows program to include a third Fellow. In August, we welcomed Jacob Tyler Walls as our newest Django Fellow. That extra capacity gives the team more flexibility and resilience, whether someone is taking parental leave, time off around holidays, or stepping away briefly for other reasons. It also makes it easier for Fellows to attend more Django events and stay connected with the community, all while keeping the project running smoothly without putting too much pressure on any one person. We are also preparing to raise funds for an executive director role early next year. That work is coming soon, but right now, the priority is finishing this year strong. We want to say a sincere thank you to our … -
Introducing the 2026 DSF Board
Thank You to Our Outgoing Directors We extend our gratitude to Thibaud Colas and Sarah Abderemane, who are completing their terms on the board. Their contributions shaped the foundation in meaningful ways, and the following highlights only scratch the surface of their work. Thibaud served as President in 2025 and Secretary in 2024. He was instrumental in governance improvements, the Django CNA initiative, election administration, and creating our first annual report. He also led our birthday campaign and helped with the creation of several new working groups this year. His thoughtful leadership helped the board navigate complex decisions. Sarah served as Vice President in 2025 and contributed significantly to our outreach efforts, working group coordination, and membership management. She also served as a point of contact for the Django CNA initiative alongside Thibaud. Both Thibaud and Sarah did too many things to list here. They were amazing ambassadors for the DSF, representing the board at many conferences and events. They will be deeply missed, and we are happy to have their continued membership and guidance in our many working groups. On behalf of the board, thank you both for your commitment to Django and the DSF. The community is better … -
Django Code of Conduct Transparency Report 2025
The Code of Conduct working group received 4 reports and met 12 times in 2025. This transparency report is a brief account of how those reports were handled. This year’s number is lower than previous years in part because of the formation of the Online Community Working Group which handles moderation on our official spaces and has been able to act directly on smaller scale infractions. In some cases we received additional reporting while investigating initial reports, but have not counted those as separate instances. This working group conducts business in several ways. It has online meetings, typically once per month. It also discusses issues in a Slack channel, but most cases are handled in the meetings. The group welcomed three new members this year: Ariane Djeupang, Natalia Bidart, and Priya Pahwa. Natalia was selected by the new Online Communities Working Group as their liaison to the Code of Conduct Working group; Ariane and Priya were elected by the working group. The group also saw Jay Miller step down this year. We all want to thank Jay for his continued role in our community and for all the work he did with the Code of Conduct group. It was the … -
Online Community Working Group GitHub repo and project
The Online Community Working Group has introduced a new GitHub repository designed to manage and track ideas, suggestions, and improvements across Django's various online community platforms. Introducing the Online Community Working Group Repository Primarily inspired by the rollout of the New Features repository, the Online Community Working Group has launched their own version that works in conjunction with the Online Community Working Group Ideas GitHub project to provide a mechanism to gather feedback, suggestions, and ideas from across the online community and track their progression. The primary aim is to help better align Django's presence across multiple online platforms by providing: Centralisation: A community-platform-agnostic place to collect feedback, suggestions, and ideas from members of any of Django's online communities. Visibility: With a variety of platforms in use across the community, some of which require an account before their content can even be read, discussions can happen in what effectively amount to private silos. This centralised repository allows all suggestions and ideas to be viewed by everybody, regardless of their community platform of choice. Consistency: A suggestion for one platform can often be a good idea for another. Issues and ideas raised centrally can be assessed against all platforms to better … -
Django 6.0 released
The Django team is happy to announce the release of Django 6.0. The release notes assembles a mosaic of modern tools and thoughtful design. A few highlights are: Template Partials: modularize templates using small, named fragments for cleaner, more maintainable code. (GSoC project by Farhan Ali Raza, mentored by Carlton Gibson) Background Tasks: run code outside the HTTP request-response cycle with a built-in, flexible task framework. (Jake Howard) Content Security Policy (CSP): easily configure and enforce browser-level security policies to protect against content injection. (Rob Hudson) Modernized Email API: compose and send emails with Python's EmailMessage class for a cleaner, Unicode-friendly interface. (Mike Edmunds) You can get Django 6.0 from our downloads page or from the Python Package Index. The PGP key ID used for this release is Natalia Bidart: 2EE82A8D9470983E With the release of Django 6.0, Django 5.2 has reached the end of mainstream support. The final minor bug fix release, 5.2.9, was issued yesterday. Django 5.2 will receive security and data loss fixes until April 2028. All users are encouraged to upgrade before then to continue receiving fixes for security issues. Django 5.1 has reached the end of extended support. The final security release, 5.1.15, was issued on … -
Django security releases issued: 5.2.9, 5.1.15, and 4.2.27
In accordance with our security release policy, the Django team is issuing releases for Django 5.2.9, Django 5.1.15, and Django 4.2.27. These releases address the security issues detailed below. We encourage all users of Django to upgrade as soon as possible. CVE-2025-13372: Potential SQL injection in FilteredRelation column aliases on PostgreSQL FilteredRelation was subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to QuerySet.annotate() or QuerySet.alias() on PostgreSQL. Thanks to Stackered for the report. This issue has severity "high" according to the Django security policy. CVE-2025-64460: Potential denial-of-service vulnerability in XML serializer text extraction Algorithmic complexity in django.core.serializers.xml_serializer.getInnerText() allowed a remote attacker to cause a potential denial-of-service triggering CPU and memory exhaustion via specially crafted XML input submitted to a service that invokes XML Deserializer. The vulnerability resulted from repeated string concatenation while recursively collecting text nodes, which produced superlinear computation resulting in service degradation or outage. Thanks to Seokchan Yoon (https://ch4n3.kr/) for the report. This issue has severity "moderate" according to the Django security policy. Affected supported versions Django main Django 6.0 (currently at release candidate status) Django 5.2 Django 5.1 Django 4.2 Resolution Patches to resolve the issue … -
2026 DSF Board Election Results
The 2026 DSF Board Election has closed, and the following candidates have been elected: Jacob Kaplan-Moss Priya Pahwa Ryan Cheley They will all serve two years for their term. 2026 Board Directors elected for the 2025 DSF Board - Abigail Gbadago, Jeff Triplett, Paolo Melchiorre, Tom Carrick - are continuing with one year left to serve on the board. Therefore, the combined 2026 DSF Board of Directors are: Abigail Gbadago Jacob Kaplan-Moss* Jeff Triplett Paolo Melchiorre Priya Pahwa* Ryan Cheley* Tom Carrick * Elected to a two year term Congratulations to our winners, and a huge thank you to our departing board members Sarah Abderemane and Thibaud Colas. Thank you again to everyone who nominated themselves. Even if you were not successful, you gave our community the chance to make their voices heard in who they wanted to represent them. -
DSF member of the month - Akio Ogasahara
For November 2025, we welcome Akio Ogasahara as our DSF member of the month! ⭐ Akio is a technical writer and systems engineer. He contributed to the Japanese translation for many years. He has been a DSF member since June 2025. You can learn more about Akio by visiting Akio's X account and his GitHub Profile. Let’s spend some time getting to know Akio better! Can you tell us a little about yourself (hobbies, education, etc.) I was born in 1986 in Rochester, Minnesota, to Japanese parents, and I’ve lived in Japan since I was one. I’ve been fascinated by machines for as long as I can remember. I hold a master’s degree in mechanical engineering. I’ve worked as a technical writer and a software PM, and I’m currently in QA at a Japanese manufacturer. I'm curious, where does your nickname “libratech” come from? I often used “Libra” as a handle because the symbol of Libra—a balanced scale—reflects a value I care deeply about: fairness in judgment. I combined that with “tech,” from “tech writer,” to create “libratech.” How did you start using Django? Over ten years ago, I joined a hands-on workshop using a Raspberry Pi to visualize sensor … -
Twenty years of Django releases
On November 16th 2005, Django co-creator Adrian Holovaty announced the first ever Django release, Django 0.90. Twenty years later, today here we are shipping the first release candidate of Django 6.0 🚀. Since we’re celebrating Django’s 20th birthday this year, here are a few release-related numbers that represent Django’s history: 447 releases over 20 years. That’s about 22 per year on average. We’re at 38 so far for 2025. Fun fact: 33 of those releases predate PyPI, and were published via the Django website only! 131 security vulnerabilities addressed in those Django releases. Our security issues archive is a testament to our stellar track-record. 262,203 releases of Django-related packages. Django’s community ecosystem is gigantic. There’s tens of releases of Django packages per day as of 2025. There were 52 just today. With the caveat this depends a lot on what you classify as a "Django" package. This is what decades’ worth of a stable framework looks like. Expect more gradual improvements and bug fixes over the next twenty years’ worth of releases. And if you like this kind of data, check out the State of Django 2025 report by JetBrains, with lots of statistics on our ecosystem (and there’s a … -
Django 6.0 release candidate 1 released
Django 6.0 release candidate 1 is now available. It represents the final opportunity for you to try out a mosaic of modern tools and thoughtful design before Django 6.0 is released. The release candidate stage marks the string freeze and the call for translators to submit translations. Provided no major bugs are discovered that can't be solved in the next two weeks, Django 6.0 will be released on or around December 3. Any delays will be communicated on the on the Django forum. Please use this opportunity to help find and fix bugs (which should be reported to the issue tracker), you can grab a copy of the release candidate package from our downloads page or on PyPI. The PGP key ID used for this release is Natalia Bidart: 2EE82A8D9470983E -
Going build-free with native JavaScript modules
For the last decade and more, we've been bundling CSS and JavaScript files. These build tools allowed us to utilize new browser capabilities in CSS and JS while still supporting older browsers. They also helped with client-side network performance, minimizing the content to be as small as possible and combining files into one large bundle to reduce network handshakes. We've gone through a lot of build tools iterations in the process; from Grunt (2012) to Gulp (2013) to Webpack (2014) to Parcel (2017) to esbuild (2020) and Vite (2020). And with modern browser technologies there is less need for these build tools. Modern CSS supports many of the features natively that the build tools were created for. CSS nesting to organize code, variables, @supports for feature detection. JavaScript ES6 / ES2015 was a big step forward, and the language has been progressing steadily ever since. It now has native module support with the import / export keywords Meanwhile, with HTTP/2 performance improvements, parallel requests can be made over the same connection, removing the constraints of the HTTP/1.x protocol. These build processes are complex, particularly for beginners to Django. The tools and associated best practices move quickly. There is a lot … -
Django at PyCon FR 2025 🇫🇷
Last week, we had a great time at PyCon FR 2025 - a free (!) gathering for Pythonistas in France. Here are some of our highlights. Sprints on Django, our website, IA, marketing Over two days, the conference started with 27 contributors joining us to contribute to Django and our website and online presence. Half in the room were complete newcomers to open source, wanting to get a taste of what it’s like behind the scenes. We also had people who were new to Django, taking the excellent Django Girls tutorial to get up to speed with the project. The tutorial is translated in 20 languages(!), so it’s excellent in situations like this where people come from all over Europe. Carmen, one of our sprint contributors, took the time to test that our software for ongoing Board elections is accessible 💚 Discussing Django’s direction At the sprints, we also organized discussions on Django’s direction - specifically on marketing, Artificial Intelligence, and technical decisions. Some recurring topics were: Highlights from the State of Django 2025 report produced by JetBrains, and the need for fundraising partnerships like their ongoing 30% Off PyCharm Pro – 100% for Django campaign. What “batteries included” means … -
2026 DSF Board Candidates
Thank you to the 19 individuals who have chosen to stand for election. This page contains their candidate statements submitted as part of the 2026 DSF Board Nominations. Our deepest gratitude goes to our departing board members who are at the end of their term and chose not to stand for re-elections: Sarah Abderemane and Thibaud Colas; thank you for your contributions and commitment to the Django community ❤️. Those eligible to vote in this election will receive information on how to vote shortly. Please check for an email with the subject line “2026 DSF Board Voting”. Voting will be open until 23:59 on November 26, 2025 Anywhere on Earth. Any questions? Reach out on our dedicated forum thread or via email to foundation@djangoproject.com. All candidate statements ¶ To make it simpler to review all statements, here they are as a list of links. Voters: please take a moment to read all statements before voting! It will take some effort to rank all candidates on the ballot. We believe in you. Aayush Gauba (he/him) — St. Louis, MO Adam Hill (he/him) — Alexandria, VA Andy Woods (he/they) — UK Apoorv Garg (he/him) — India, now living in Japan Ariane Djeupang …
