django.git/django/contrib/admin/options.py, branch main

Refs #15759 -- Fixed ModelAdmin.list_editable form submission for non-editable instances.

2026-04-28T17:44:04Z

Added formset that excludes objects for which user has no permission for POST formset as well. Fixed regression test: the test was not simulating real behaviour properly. By providing full form data for the post request we skipped the part where the user was actually limited in permissions and only modified some of the rows. Improved tests by getting rid of obj.id % 2 approach for granting permissions per object for users, since it is not the safest. Instead granting permissions simply by 'alive' parameter, which is simpler and more stable. Bug in 84db026228413dda4cd195464554d51c0b208e32.

Fixed #10919 -- Added delete_confirmation_max_display to ModelAdmin.

2026-04-23T02:22:55Z

The new ModelAdmin.delete_confirmation_max_display attribute allows limiting the number of related objects shown on the delete confirmation page. When the limit is reached, a "…and N more objects." message is shown. The feature relies on a new truncated_unordered_list template filter added to django.contrib.admin.templatetags.admin_filters. Thanks Jacob Tyler Walls for the review and guidance, Tobias McNulty for the report, and terminator14 for the solution suggested.

Fixed #35870 -- Made blank choice label in forms more accessible.

2026-04-22T21:06:29Z

Added new constant django.db.models.fields.BLANK_CHOICE_LABEL for an accessible and translatable blank choice label in forms. Deprecated django.db.models.fields.BLANK_CHOICE_DASH constant. Added the immediately deprecated transitional setting USE_BLANK_CHOICE_DASH. Co-Authored-By: Marijke Luttekes

Fixed #15759 -- Excluded fields by per-object permissions for ModelAdmin.list_editable.

2026-04-22T14:13:58Z

Instead of going over all objects in a queryset and filtering by user permissions, added skipping while saving the formset so there is no need to refetch objects again.

Refs #15759 -- Factored out _save_formset() in ModelAdmin.

2026-04-22T14:13:58Z

Fixed CVE-2026-4292 -- Disallowed instance creation via ModelAdmin.list_editable.

2026-04-07T11:12:20Z

Thanks Natalia Bidart, Jake Howard, and Markus Holtermann for reviews.

Fixed #36127 -- Applied default empty display value to links otherwise containing only whitespace in admin.

2026-02-20T14:43:41Z

Fixed #36921 -- Fixed KeyError in inline form for model not registered with admin.

2026-02-11T23:07:40Z

Regression in b1ffa9a9d78b0c2c5ad6ed5a1d84e380d5cfd010.

Fixed #36865 -- Removed casting from exact lookups in admin searches.

2026-01-30T16:45:39Z

Instead of casting non-text fields to CharField (which prevents index usage), skip exact lookups when the search term fails formfield.to_python(). This preserves index usage for valid searches while gracefully handling invalid search terms by simply not including them in the query for that field. For multi-term searches like 'foo 123' on search_fields=['name', 'age__exact']: - 'foo': invalid for age, so only name lookup is used - '123': valid for both, so both lookups are used This entails a slight increase in permissiveness for search terms that can be normalized by formfield.to_python().

Fixed #13883 -- Rendered named choice groups with in FilteredSelectMultiple.

2026-01-23T02:12:23Z

This patch adds support for s in FilteredSelectMultiple widgets. When a popup returns a new object, if the source field contains optgroup choices, the optgroup is now also included in the response data. Additionally, this adds error handling for invalid source_model parameters to prevent crashes and display user-friendly error messages instead. Co-authored-by: Michael McLarnon