Django community: RSS
This page, updated regularly, aggregates Django Software Foundation from the Django community.
-
Renew Your PyCharm License and Support Django
Only a few days remain to support the Django Software Foundation through our annual JetBrains fundraiser. You can now use the offer for new purchases and annual renewals. If your PyCharm Professional subscription expires this year, this is a great time to renew or extend it for up to 12 months. Get 30% off PyCharm Professional, and 100% of proceeds from qualifying purchases and renewals go to the DSF to help fund Django Fellows, community programs, events, and the future of Django. 👉 Offer ends May 1: Learn more about the fundraiser 👉 Claim 30% off here: Get the JetBrains offer -
It's time to redesign djangoproject.com
If you've felt like djangoproject.com could use a refresh, you're not alone. The site has served the community well for a long time, it’s beloved by a lot of people but doesn’t reflect where Django is today or who we want to reach. We've been working on a redesign behind the scenes, and we want to share where we're headed and how you can get involved. Why a redesign The case has been building for a while. The excellent user research report from 20tab documented in detail what current site users struggle with, and the more recent community discussion on homepage redesigns on the forum focuses on the image issue. In her recent talk Debunking Django Myths, Sarah Boyce, one of our Django Fellows who helps maintain the project, walked through the gap between how Django is perceived and what it actually offers in 2026. Our website is one of the places where the gap is widest, and we need to close it. Debunking Django Myths - Sarah Boyce @ Python Unplugged on PyTV It’s harder than it looks on the surface, as it’s essential the site serves both as a showcase of the value of Django for newcomers; and … -
DSF member of the month - Rob Hudson
For April 2026, we welcome Rob Hudson as our DSF member of the month! ⭐ Rob is the creator of django-debug-toolbar (DDT), tool used by more than 100 000 folks in the world. He introduces Content-Security-Policy (CSP) support in Django and contribute to many open source packages. He has been a DSF member since February 2024. You can learn more about Rob by visiting Rob's website and his GitHub Profile. Let’s spend some time getting to know Rob better! Can you tell us a little about yourself I'm a backend Python engineer based in Oregon, USA. I studied biochemistry in college, where software was just a curiosity and hobby on the side, but I'm grateful that my curiosity turned into a career in tech. My earliest memory of that curiosity was taking apart my Speak & Spell as a kid to see how it worked and never quite getting it back together again. How did you start using Django? I followed the path of the "P"s: Perl, then PHP, then Python. When Ruby on Rails arrived it was getting a lot of attention, but I was already enjoying Python, so when Django was announced I was immediately drawn to it. … -
New Technical Governance - request for community feedback
Hello Django community, The Steering Council is excited to share our proposed new technical governance and ask for your feedback. Last year we suspended the formal voting process of the Steering Council. The updates we’re proposing would bring how we’ve been operating into alignment with the written governance. From the motivation section: This is a revisitation of Django's technical governance in which a simplification and reduction was made to make it more approachable to more people. The goals of these changes are the following: Make it easier to enact our governance. Make it easier for others to understand our governance. Make the governance more flexible, allowing more action with less procedure. You can read DEP 0019 here. Adoption plan The goal is to have this governance accepted and in place by 2026-07-01. Our timeline is as follows, but may change depending on feedback. 2026-04-16: Announce new technical governance, solicit feedback 2026-05-07: Merge in minor feedback changes 2026-05-28: Resolve major feedback concerns 2026-06-11: Steering Council and DSF Board vote on and approve DEP What we need from you We would like to know if we are achieving our goals with this document. For example, do you feel that this makes our … -
PyCharm & Django annual fundraiser
For another year, we are thrilled to partner with our friends at JetBrains on the annual "Buy PyCharm, Support Django" campaign. This is the first of two fundraisers we're running with JetBrains this year, and it's one of the most impactful ways the community can support the Django Software Foundation. "JetBrains is a cornerstone in the Django community, consistently helping us understand our evolving landscape. Their annual survey provides invaluable insights into the community's needs, trends, and tools, ensuring we stay on the pulse of what matters most." Jeff Triplett, President, Django Software Foundation Your support of this campaign helps fund key initiatives such as: Django Fellows: Ensuring the rapid development and maintenance of Django. Djangonaut Space: Onboarding new contributors to the Django project. Django Girls: Making the Django community accessible to programming beginners around the world. International events and conferences: Supporting DjangoCons, one-day events, meetups, and other community gatherings around the world. How the campaign works From today to May 1, when you purchase PyCharm at a 30% discount through our special campaign link, JetBrains will donate an equal amount to the Django Software Foundation. You get a professional IDE that's trusted by Django developers worldwide, and the DSF … -
Django Has Adopted Contributor Covenant 3
We’re excited to announce that Django has officially adopted Contributor Covenant 3 as our new Code of Conduct! This milestone represents the completion of a careful, community-driven process that began earlier this year. What We’ve Accomplished Back in February, we announced our plan to adopt Contributor Covenant 3 through a transparent, multi-step process. Today, we’re proud to share that we’ve completed all three steps: Step 1 (Completed February 2026): Established a community-driven process for proposing and reviewing changes to our Code of Conduct. Step 2 (Completed March 2026): Updated our Enforcement Manual, Reporting Guidelines, and FAQs to align with Contributor Covenant 3 and incorporate lessons learned from our working group’s experience. Step 3 (Completed April 2026): Adopted the Contributor Covenant 3 with Django-specific enhancements. Why Contributor Covenant 3? Contributor Covenant 3 represents a significant evolution in community standards, incorporating years of experience from communities around the world. The new version: Centers impact over intent, recognizing that even unintentional harm requires accountability and repair Emphasizes consent and boundaries, making explicit that community members must respect stated boundaries immediately Addresses modern harassment patterns like sea-lioning, coordinated harassment, and microaggressions Includes clearer guidance on enforcement, transparency, and accountability By adopting this widely-used standard, … -
Django security releases issued: 6.0.4, 5.2.13, and 4.2.30
In accordance with our security release policy, the Django team is issuing releases for Django 6.0.4, Django 5.2.13, and Django 4.2.30. These releases address the security issues detailed below. We encourage all users of Django to upgrade as soon as possible. Django 4.2 has reached the end of extended support Note that with this release, Django 4.2 has reached the end of extended support. All Django 4.2 users are encouraged to upgrade to Django 5.2 or later to continue receiving fixes for security issues. See the downloads page for a table of supported versions and the future release schedule. CVE-2026-3902: ASGI header spoofing via underscore/hyphen conflation ASGIRequest normalizes header names following WSGI conventions, mapping hyphens to underscores. As a result, even in configurations where reverse proxies carefully strip security-sensitive headers named with hyphens, such a header could be spoofed by supplying a header named with underscores. Under WSGI, it is the responsibility of the server or proxy to avoid ambiguous mappings. (Django's runserver was patched in CVE-2015-0219.) But under ASGI, there is not the same uniform expectation, even if many proxies protect against this under default configuration (including nginx via underscores_in_headers off;). Headers containing underscores are now ignored by ASGIRequest, … -
Could you host DjangoCon Europe 2027? Call for organizers
We are looking for the next group of organizers to own and lead the 2027 DjangoCon Europe conference. Could your town's football stadium, theatre, cinema, city hall, circus tent or a private island host this wonderful community event? DjangoCon Europe is a major pillar of the Django community, as people from across the world meet and share. Many qualities make it a unique event: Unconventional and conventional venues, creative happenings, a feast of talks and a dedication to inclusion and diversity. Hosting a DjangoCon is an ambitious undertaking. It's hard work, but each year it has been successfully run by a team of community volunteers, not all of whom have had previous experience - more important is enthusiasm, organizational skills, the ability to plan and manage budgets, time and people - and plenty of time to invest in the project. For 2027, rest assured that we will be there to answer questions and put you in touch with previous organizers through the brand new DSF Events Support Working Group (a reboot of the previous DjangoCon Europe Support Working Group). Step 1: Submit your expression of interest If you're considering organizing DjangoCon Europe (🙌 great!), fill in our DjangoCon Europe 2027 … -
DSF member of the month - Theresa Seyram Agbenyegah
For March 2026, we welcome Theresa Seyram Agbenyegah as our DSF member of the month! ⭐ Theresa is a passionate community builder serving in the DSF Events Support Working Group. She has demonstrated strong leadership by taking on roles such as LOC Programmes Lead at PyCon Africa 2024 and Programs Chair for PyCon Ghana 2025. She also organized DjangoGirls events across multiple PyCons, including PyCon Ghana 2022 and PyCon Africa 2024. You can learn more about Theresa by visiting Theresa's LinkedIn profile and her GitHub Profile. Let’s spend some time getting to know Theresa better! Can you tell us a little about yourself (hobbies, education, etc)? I’m Theresa Seyram Agbenyegah, mostly referred to in the community as Stancy; a backend engineer, social entrepreneur, and an open source advocate/contributor passionate about using technology for impact. My background is in technology, community management, and systems design. Over the years, I have grown into roles that combine engineering, leadership, and ecosystem building. I know many folks call you Stancy, me included, why specifically this name? So “Stancy” is my initials 😁, People think it is my nickname. How did you start using Django? I was introduced to Django through a Django Girls workshop, … -
Django security releases issued: 6.0.3, 5.2.12, and 4.2.29
In accordance with our security release policy, the Django team is issuing releases for Django 6.0.3, Django 5.2.12, and Django 4.2.29. These releases address the security issues detailed below. We encourage all users of Django to upgrade as soon as possible. CVE-2026-25673: Potential denial-of-service vulnerability in URLField via Unicode normalization on Windows The django.forms.URLField form field's to_python() method used urllib.parse.urlsplit() to determine whether to prepend a URL scheme to the submitted value. On Windows, urlsplit() performs NFKC normalization (unicodedata.normalize), which can be disproportionately slow for large inputs containing certain characters. URLField.to_python() now uses a simplified scheme detection, avoiding Unicode normalization entirely and deferring URL validation to the appropriate layers. As a result, while leading and trailing whitespace is still stripped by default, characters such as newlines, tabs, and other control characters within the value are no longer handled by URLField.to_python(). When using the default URLValidator, these values will continue to raise ValidationError during validation, but if you rely on custom validators, ensure they do not depend on the previous behavior of URLField.to_python(). This issue has severity "moderate" according to the Django Security Policy. Thanks to Seokchan Yoon for the report. CVE-2026-25674: Potential incorrect permissions on newly created file system objects … -
Google Summer of Code 2026 with Django
When we learned that the Django Software Foundation has been accepted as a mentoring organization for Google Summer of Code 2026, it marked another steady milestone in a long-standing relationship. Django first participated in GSoC in 2006, and 2026 represents our 21st consecutive year in the program. Over two decades, GSoC has become a consistent pathway for contributors to engage more deeply with Django — not just through a summer project, but often through continued involvement that extends well beyond the official coding period. For many of you reading this, this might be your first exposure to how Django’s open source ecosystem works. So before we get into applications and expectations, let’s take a step back and understand the environment you’re stepping into. Understanding the Django Ecosystem The Django Software Foundation (DSF) is the non-profit organization that supports the long-term sustainability of Django. Django itself is developed entirely in the open. Feature discussions, architectural debates, bug reports, design proposals, and code reviews all happen publicly. That openness is intentional. It allows anyone, from anywhere in the world, to participate. But it also means decisions are rarely made quickly or casually. Changes are discussed carefully. Trade-offs are evaluated. Backwards compatibility is … -
DSF member of the month - Baptiste Mispelon
For February 2026, we welcome Baptiste Mispelon as our DSF member of the month! ⭐ Photo by Bartek Pawlik - bartpawlik.format.com Baptiste is a long-time Django and Python contributor who co-created the Django Under the Hood conference series and serves on the Ops team maintaining its infrastructure. He has been a DSF member since November 2014. You can learn more about Baptiste by visiting Baptiste's website and his GitHub Profile. Let’s spend some time getting to know Baptiste better! Can you tell us a little about yourself? (hobbies, education, etc) I'm a French immigrant living in Norway. In the day time I work as software engineer at Torchbox building Django and Wagtail sites. Education-wise I'm a "self-taught" (whatever that means) developer and started working when I was very young. In terms of hobbies, I'm a big language nerd and I'm always up for a good etymology fact. I also enjoy the outdoor whether it's on a mountain bike or on foot (still not convinced by this skiing thing they do in Norway, but I'm trying). How did you start using Django? I was working in a startup where I had built an unmaintainable pile of custom framework-less PHP code. I'd … -
Plan to Adopt Contributor Covenant 3 as Django’s New Code of Conduct
Last month we announced our plan to adopt Contributor Covenant 3 as Django's new Code of Conduct through a multi-step process. Today we're excited to share that we've completed the first step of that journey! What We've Done We've merged new documentation that outlines how any member of the Django community can propose changes to our Code of Conduct and related policies. This creates a transparent, community-driven process for keeping our policies current and relevant. The new process includes: Proposing Changes: Anyone can open an issue with a clear description of their proposed change and the rationale behind it. Community Review: The Code of Conduct Working Group will discuss proposals in our monthly meetings and may solicit broader community feedback through the forum, Discord, or DSF Slack. Approval and Announcement: Once consensus is reached, changes are merged and announced to the community. Changes to the Code of Conduct itself will be sent to the DSF Board for final approval. How You Can Get Involved We welcome and encourage participation from everyone in the Django community! Here's how you can engage with this process: Share Your Ideas: If you have suggestions for improving our Code of Conduct or related documentation, open … -
Django Steering Council 2025 Year in Review
The members of the Steering Council wanted to provide you all with a quick TL;DR of our work in 2025. First off, we were elected at the end of 2024 and got started in earnest in early 2025 with the mission to revive and dramatically increase the role of the Steering Council. We're meeting for a video conference at least monthly, you can deep dive into the meeting notes to see what we've been up to. We also have set up Slack channels we use to communicate in between meetings to keep action items moving along. One of the first things we did was temporarily suspend much of the process around DEP 10. Its heart is in the right place, but it's just too complex and cumbersome day-to-day with a primarily volunteer organization. We're slowly making progress on a revamped and simplified process that addresses our concerns. It is our goal to finish this before our terms expire. New Features Process We've moved the process for proposing new features out of the Django Forum and mailing lists to new-features Github repository. We made this change for a variety of reasons, but the largest being to reduce the workload for the … -
Recent trends in the work of the Django Security Team
Yesterday, Django issued security releases mitigating six vulnerabilities of varying severity. Django is a secure web framework, and that hasn’t changed. What feels new is the remarkable consistency across the reports we receive now. Almost every report now is a variation on a prior vulnerability. Instead of uncovering new classes of issues, these reports explore how an underlying pattern from a recent advisory might surface in a similar code path or under a slightly different configuration. These reports are often technically plausible but only sometimes worth fixing. Over time, this has shifted the Security Team’s work away from discovery towards deciding how far a given precedent should extend and whether the impact of the marginal variation rises to the level of a vulnerability. Take yesterday’s releases: We patched a “low” severity user enumeration vulnerability in the mod_wsgi authentication handler (CVE 2025-13473). It’s a straightforward variation on CVE 2024-39329, which affected authentication more generally. We also patched two potential denial-of-service vulnerabilities when handling large, malformed inputs. One exploits inefficient string concatenation in header parsing under ASGI (CVE 2025-14550). Concatenating strings in a loop is known to be slow, and we’ve done fixes in public where the impact is low. The other … -
Django security releases issued: 6.0.2, 5.2.11, and 4.2.28
In accordance with our security release policy, the Django team is issuing releases for Django 6.0.2, Django 5.2.11, and Django 4.2.28. These releases address the security issues detailed below. We encourage all users of Django to upgrade as soon as possible. CVE-2025-13473: Username enumeration through timing difference in mod_wsgi authentication handler The django.contrib.auth.handlers.modwsgi.check_password() function for authentication via mod_wsgi allowed remote attackers to enumerate users via a timing attack. Thanks to Stackered for the report. This issue has severity "low" according to the Django security policy. CVE-2025-14550: Potential denial-of-service vulnerability via repeated headers when using ASGI When receiving duplicates of a single header, ASGIRequest allowed a remote attacker to cause a potential denial-of-service via a specifically created request with multiple duplicate headers. The vulnerability resulted from repeated string concatenation while combining repeated headers, which produced super-linear computation resulting in service degradation or outage. Thanks to Jiyong Yang for the report. This issue has severity "moderate" according to the Django security policy. CVE-2026-1207: Potential SQL injection via raster lookups on PostGIS Raster lookups on GIS fields (only implemented on PostGIS) were subject to SQL injection if untrusted data was used as a band index. As a reminder, all untrusted user input should … -
Djangonaut Space - Session 6 Accepting Applications
We are thrilled to announce that Djangonaut Space, a mentorship program for contributing to Django, is open for applicants for our next cohort! 🚀 Djangonaut Space is holding a sixth session! This session will start on March 2nd, 2026. We are currently accepting applications until February 2nd, 2026 Anywhere on Earth. More details can be found in the website. Djangonaut Space is a free, 8-week group mentoring program where individuals will work self-paced in a semi-structured learning environment. It seeks to help members of the community who wish to level up their current Django code contributions and potentially take on leadership roles in Django in the future. “I'm so grateful to have been a part of the Djangonaut Space program. It's a wonderfully warm, diverse, and welcoming space, and the perfect place to get started with Django contributions. The community is full of bright, talented individuals who are making time to help and guide others, which is truly a joy to experience. Before Djangonaut Space, I felt as though I wasn't the kind of person who could become a Django contributor; now I feel like I found a place where I belong.” - Eliana, Djangonaut Session 1 Enthusiastic about contributing … -
DSF member of the month - Omar Abou Mrad
For January 2026, we welcome Omar Abou Mrad as our DSF member of the month! ⭐ Omar is a helper in Django Discord server, he has helped and continuesly help folks around the world in their Django journey! He is part of the Discord Staff Team. He has been a DSF member since June 2024. You can learn more about Omar by visiting Omar's website and his GitHub Profile. Let’s spend some time getting to know Omar better! Can you tell us a little about yourself? (hobbies, education, etc) Hello! My name is Omar Abou Mrad, a 47-year-old husband to a beautiful wife and father of three teenage boys. I’m from Lebanon (Middle East), have a Computer Science background, and currently work as a Technical Lead on a day-to-day basis. I’m mostly high on life and quite enthusiastic about technology, sports, food, and much more! I love learning new things and I love helping people. Most of my friends, acquaintances, and generally people online know me as Xterm. I have already an idea but where your nickname "Xterm" comes from? xterm is simply the terminal emulator for the X Window System. I first encountered it back in the mid to … -
Django bugfix releases issued: 5.2.10, 6.0.1
Today we've issued the 5.2.10 and 6.0.1 bugfix releases. The release packages and checksums are available from our downloads page, as well as from the Python Package Index. The PGP key ID used for these releases is Jacob Walls: 131403F4D16D8DC7 -
DSF member of the month - Clifford Gama
For December 2025, we welcome Clifford Gama as our DSF member of the month! ⭐ Clifford contributed to Django core with more than 5 PRs merged in few months! He is part of the Triage and Review Team. He has been a DSF member since October 2024. You can learn more about Clifford by visiting Clifford's website and his GitHub Profile. Let’s spend some time getting to know Clifford better! Can you tell us a little about yourself (hobbies, education, etc) I'm Clifford. I hold a Bachelor's degree in Mechanical Engineering from the University of Zimbabwe. How did you start using Django? During my first year in college, I was also exploring open online courses on EDx and I came across CS50's introduction to web development. After watching the introductory lecture -- which introduced me to git and GitHub -- I discovered Django's excellent documentation and got started on the polls tutorial. The docs were so comprehensive and helpful I never felt the need to return to CS50. (I generally prefer comprehensive first-hand, written learning material over summaries and videos.) At the time, I had already experimented with flask, but I guess mainly because I didn't know SQL and because … -
Hitting the Home Stretch: Help Us Reach the Django Software Foundation's Year-End Goal!
As we wrap up another strong year for the Django community, we wanted to share an update and a thank you. This year, we raised our fundraising goal from $200,000 to $300,000, and we are excited to say we are now over 88% of the way there. That puts us firmly in the home stretch, and a little more support will help us close the gap and reach 100%. So why the higher goal this year? We expanded the Django Fellows program to include a third Fellow. In August, we welcomed Jacob Tyler Walls as our newest Django Fellow. That extra capacity gives the team more flexibility and resilience, whether someone is taking parental leave, time off around holidays, or stepping away briefly for other reasons. It also makes it easier for Fellows to attend more Django events and stay connected with the community, all while keeping the project running smoothly without putting too much pressure on any one person. We are also preparing to raise funds for an executive director role early next year. That work is coming soon, but right now, the priority is finishing this year strong. We want to say a sincere thank you to our … -
Introducing the 2026 DSF Board
Thank You to Our Outgoing Directors We extend our gratitude to Thibaud Colas and Sarah Abderemane, who are completing their terms on the board. Their contributions shaped the foundation in meaningful ways, and the following highlights only scratch the surface of their work. Thibaud served as President in 2025 and Secretary in 2024. He was instrumental in governance improvements, the Django CNA initiative, election administration, and creating our first annual report. He also led our birthday campaign and helped with the creation of several new working groups this year. His thoughtful leadership helped the board navigate complex decisions. Sarah served as Vice President in 2025 and contributed significantly to our outreach efforts, working group coordination, and membership management. She also served as a point of contact for the Django CNA initiative alongside Thibaud. Both Thibaud and Sarah did too many things to list here. They were amazing ambassadors for the DSF, representing the board at many conferences and events. They will be deeply missed, and we are happy to have their continued membership and guidance in our many working groups. On behalf of the board, thank you both for your commitment to Django and the DSF. The community is better … -
Django Code of Conduct Transparency Report 2025
The Code of Conduct working group received 4 reports and met 12 times in 2025. This transparency report is a brief account of how those reports were handled. This year’s number is lower than previous years in part because of the formation of the Online Community Working Group which handles moderation on our official spaces and has been able to act directly on smaller scale infractions. In some cases we received additional reporting while investigating initial reports, but have not counted those as separate instances. This working group conducts business in several ways. It has online meetings, typically once per month. It also discusses issues in a Slack channel, but most cases are handled in the meetings. The group welcomed three new members this year: Ariane Djeupang, Natalia Bidart, and Priya Pahwa. Natalia was selected by the new Online Communities Working Group as their liaison to the Code of Conduct Working group; Ariane and Priya were elected by the working group. The group also saw Jay Miller step down this year. We all want to thank Jay for his continued role in our community and for all the work he did with the Code of Conduct group. It was the … -
Online Community Working Group GitHub repo and project
The Online Community Working Group has introduced a new GitHub repository designed to manage and track ideas, suggestions, and improvements across Django's various online community platforms. Introducing the Online Community Working Group Repository Primarily inspired by the rollout of the New Features repository, the Online Community Working Group has launched their own version that works in conjunction with the Online Community Working Group Ideas GitHub project to provide a mechanism to gather feedback, suggestions, and ideas from across the online community and track their progression. The primary aim is to help better align Django's presence across multiple online platforms by providing: Centralisation: A community-platform-agnostic place to collect feedback, suggestions, and ideas from members of any of Django's online communities. Visibility: With a variety of platforms in use across the community, some of which require an account before their content can even be read, discussions can happen in what effectively amount to private silos. This centralised repository allows all suggestions and ideas to be viewed by everybody, regardless of their community platform of choice. Consistency: A suggestion for one platform can often be a good idea for another. Issues and ideas raised centrally can be assessed against all platforms to better … -
Django 6.0 released
The Django team is happy to announce the release of Django 6.0. The release notes assembles a mosaic of modern tools and thoughtful design. A few highlights are: Template Partials: modularize templates using small, named fragments for cleaner, more maintainable code. (GSoC project by Farhan Ali Raza, mentored by Carlton Gibson) Background Tasks: run code outside the HTTP request-response cycle with a built-in, flexible task framework. (Jake Howard) Content Security Policy (CSP): easily configure and enforce browser-level security policies to protect against content injection. (Rob Hudson) Modernized Email API: compose and send emails with Python's EmailMessage class for a cleaner, Unicode-friendly interface. (Mike Edmunds) You can get Django 6.0 from our downloads page or from the Python Package Index. The PGP key ID used for this release is Natalia Bidart: 2EE82A8D9470983E With the release of Django 6.0, Django 5.2 has reached the end of mainstream support. The final minor bug fix release, 5.2.9, was issued yesterday. Django 5.2 will receive security and data loss fixes until April 2028. All users are encouraged to upgrade before then to continue receiving fixes for security issues. Django 5.1 has reached the end of extended support. The final security release, 5.1.15, was issued on …
