chango.git/docs/internals, branch main django http://cgit.adnoto.dev/chango.git/atom?h=main 2026-04-28T17:07:11Z Fixed #35738 -- Deprecated double-dot variable lookups. 2026-04-28T17:07:11Z David Smith smithdc@gmail.com 2026-04-26T06:53:13Z urn:sha1:5d911f2d2fecc703be91b2b9b28acc59d34b35f3 Fixed #35870 -- Made blank choice label in forms more accessible. 2026-04-22T21:06:29Z Annabelle Wiegart annabelle.wiegart@proton.me 2026-01-18T19:03:28Z urn:sha1:63c56cda133a85a158502891c40465bc0331d3d9 Added new constant django.db.models.fields.BLANK_CHOICE_LABEL for an accessible and translatable blank choice label in forms. Deprecated django.db.models.fields.BLANK_CHOICE_DASH constant. Added the immediately deprecated transitional setting USE_BLANK_CHOICE_DASH. Co-Authored-By: Marijke Luttekes <mail@marijkeluttekes.dev> Fixed #35007 -- Replaced ESLint with Biome for JavaScript linting and formatting. 2026-04-19T10:45:56Z Tom Carrick tom@carrick.eu 2026-04-19T08:54:02Z urn:sha1:290fefe6f8e47c2f35a9d857749c1e5166d9288b Updated release procedure with new CVE workflows. 2026-04-19T09:30:30Z Jacob Walls jacobtylerwalls@gmail.com 2026-04-10T18:40:40Z urn:sha1:8ddc5b444c175c696c8197dc8f24273252b0de77 Now that the DSF is a CVE Numbering Authority (CNA), we manage our own CVE assignments. Fixed #37028 -- Added BitAnd(), BitOr(), and BitXor() aggregates. 2026-04-18T06:53:21Z Mariusz Felisiak felisiak.mariusz@gmail.com 2026-04-18T06:53:21Z urn:sha1:ed79c5959add54b6e8ea589ec601e0d2e801517e Clarified that reporters shouldn't set their own tickets as "Accepted". 2026-04-17T20:26:55Z Jonathan Biemond jonbiemond@gmail.com 2026-04-05T16:40:05Z urn:sha1:d687d412a9abd9c80e31945f16ce32c020512394 Fixed #37020 -- Removed guidance to edit fetched .po files by hand. 2026-04-10T17:37:12Z Jacob Walls jacobtylerwalls@gmail.com 2026-04-02T18:20:42Z urn:sha1:9391beeb8799a4b7deb4bb3048bd63465a0e96ef Altering the .po files by hand was causing incorrect line numbers and plural forms. Since our fetching procedure does not recompile any hand-edited .po files to .mo files for production use, just accept Transifex's plural forms as a source of truth. https://forum.djangoproject.com/t/discourage-releasers-from-editing-po-files-by-hand/44441 Refs #37020 -- Corrected example command to update translation catalogs. 2026-04-10T17:37:12Z Jacob Walls jacobtylerwalls@gmail.com 2026-04-02T17:14:26Z urn:sha1:4d8cc40c730cf0daf1d0c9a7e5ccd198b269b3ad Passing the --domain flag again just overwrites the prior value. Added section for respecting maintainer time to the security policy. 2026-04-02T14:36:26Z Natalia 124304+nessita@users.noreply.github.com 2026-03-30T19:59:30Z urn:sha1:90cd510b3b033605907f6521ef98f35d2bd6c3a0 This follows a post from Seth Larson (Security Developer-in-Residence at the PSF): https://sethmlarson.dev/respecting-maintainer-time-should-be-in-security-policies Fixed #36862 -- Doc'd the need for a proxy when deploying RemoteUserMiddleware under ASGI. 2026-04-02T13:19:07Z Jacob Walls jacobtylerwalls@gmail.com 2026-03-31T19:43:18Z urn:sha1:2ee757ee502d5663f932dc5c35175c39af4640ce We have a flood of nuisance security reports describing ASGI deployments using RemoteUserMiddleware without a fronting proxy, which is not realistic.