Weblog

March archive

Django 1.5.1 released

March 28, 2013

We've just released Django 1.5.1, a bugfix release fixing a few issues with last month's 1.5 release.

The biggest fix is for a memory leak introduced in Django 1.5. Under certain circumstances, repeated iteration over querysets could leak memory - sometimes quite a bit of it. If you'd like more information, the details are in our ticket tracker (and in a related issue in Python itself).

If you've noticed memory problems under Django 1.5, upgrading to 1.5.1 should fix those issues.

Django 1.5.1 also includes a couple smaller fixes:

  • Module-level warnings emitted during tests are no longer silently hidden (#18985).
  • Prevented filtering on password hashes in the user admin (#20078).

All users are encouraged to upgrade to Django 1.5.1 at your earliest convenience. You can install Django using pip or download Django 1.5.1 from the Django downloads page. As always signed checksums of the package are available.

On that last point: astute readers may notice that Django 1.5.1 is signed by a new key. Until today, all releases were signed by James Bennett, but to increase our bus factor we're moving to a system where multiple people will be authorized to release Django. See our Django releasers document for the list of approved releasers.

Announcing another member in the DjangoCon family - DjangoCon AU

March 22, 2013

We've got DjangoCon US, and DjangoCon Europe -- and now we have something for those of us in the Southern Hemisphere: DjangoCon AU!

DjangoCon AU is a single track conference featuring Django and Django-related talks and tutorials, supporting the growing community of Australasian Django Developers. It is being organized as a mini-conference leading into PyCon AU. DjangoCon AU will be held on July 5; PyCon AU will be on July 6 and 7; sprints will be held on July 8 and 9.

The Call for Proposals is now open, and closes on Friday April 5, 2013. If you want to submit a talk for DjangoCon AU, please head to the PyCon AU submissions page.

Earlybird registration will open next week.

If you're interested in sponsoring the event, or in helping out with organisation, please get in touch.

Start working on those proposals, and we hope we'll see you at DjangoCon AU!

Kickstarting Schema Migrations for Django

March 22, 2013

One big feature that has been missing from Django since its inception is a built-in framework for managing changes in database models over time. The importance of this feature in practice led to the development of South, which has essentially become a defacto standard within the Django community.

South developer and member of the Django core team Andrew Godwin would like fix this situation, and bring schema migrations to Django's core. However, to do this he needs the community's help.

Developing something as large and complex as a schema migration tool takes time, and that time can be hard to find in a busy schedule. To help fund development, Andrew has launched a project on Kickstarter. The funds will be used to pay for Andrew's time so that he can finish work on the codebase and get it ready for inclusion in Django.

You can find a lot more details about Andrew's plans on the Kickstarter project page.

The Django Software Foundation and the Django Core team have both endorsed this effort. We hope that you will join us in supporting Andrew's Kickstarter project, and help finally bring schema migrations to Django's core.

py-bcrypt security release issued

March 21, 2013

py-bcrypt, the library used by the Django Bcrypt password hasher, issued a new release on Monday for a concurrency bug that could potentially be used to bypass password checking by an attacker. Users of the py-bcrypt library should upgrade immediately to version 0.3.

It's important to point out that this issue does not affect all users of Django. py-bcrypt is a third-party module and is not created by or distributed by the Django core team.

However, we're choosing to publicize this security release here because py-bcrypt is in common use on many Django sites and is in use by the Bcrypt Password Hasher distributed with Django. We're hoping that publicizing this fix widely will help protect all Django users.

General notes regarding security

As always, we ask that potential security issues in Django be reported via private email to security@djangoproject.com, and not via Django's Trac instance or the django-developers mailing list.

Security issues in third-party modules should be reported to the relevant maintainer(s). When in doubt, we're happy to receive security reports about third-party modules to security@djangoproject.com; we can help direct you to the proper venue for the issue.

Goodbye, Malcolm

March 19, 2013

Hello fellow Djangonauts,

We have difficult news: Malcolm Tredinnick has passed away.

Malcolm was a long-time contributor to Django, a model community member, a brilliant mind, and a friend. His contributions to Django — and to many other open source projects — are nearly impossible to enumerate. Many on the core Django team had their first patches reviewed by him; his mentorship enriched us. His consideration, patience, and dedication will always be an inspiration to us.

To say we'll miss him is an understatement.

Our thoughts are with Malcolm's friends, colleagues, and family at this difficult time.

This came as quite a shock, and we're still sorting out details. We'll update this post once we know the details of how you can express your condolences to Malcolm's friends and family.

Update, March 21:

There will be a funeral for Malcolm in Sydney on Thursday, April 4th, at 2:30pm. Members of the Django community are welcome; if you would like to attend, please contact us so we can pass your information on to the family.

— The Django Core Team

Sprint with us at PyCon!

March 7, 2013

We'll be hosting a Django sprint March 18-21 at PyCon US 2013 in Santa Clara.

A Django sprint is an excuse for people to focus their undivided attention, for a set time frame, on improving Django. It's a focused, scheduled effort to test, fix bugs, add new features and improve documentation.

If you can't be there in person, you can still join in via the #django-sprint IRC channel on Freenode.

For more information on contributing to Django, see the contributing docs.

If you've never contributed to Django before, a sprint is the perfect chance for you to chip in.

DjangoCon Europe 2013 tickets are on sale

March 1, 2013

This year, DjangoCon Europe will take place in Warsaw, capital of Poland! There is one crazy twist though - this edition is going to be circus edition - the conference will be held inside a real circus tent, in the calm, green area of Warsaw Horse Racing Track.

Conference talks include:
  • Class-Based Views: Untangling the mess
  • Getting past the Django ORM limitations with Postgres
  • Bleed for Speed: Django for Rapid Prototyping
  • Advanced Python through Django: Metaclasses
  • How to combine JavaScript & Django in a smart way
  • Dynamic Models in Django
  • Processing payments for the paranoid
  • Django Internet of Things

A full list of all talks is available on the DjangoCon Europe website.

Schedule:
  • 15-17 May, 2013 - Conference
  • 18-19 May, 2013 - Sprints

Tickets are US$500 (approximately €380). You can buy tickets at http://tickets.djangocon.eu/

Wonder how to convince your boss to pay for your conference trip and ticket? Here is a blog post with a few suggestions.

This year's edition of DjangoCon Europe is shaping up to be epic. Why not come and be a part of it?