summaryrefslogtreecommitdiff
path: root/django/conf/__init__.py
AgeCommit message (Collapse)Author
2026-06-10Fixed #37142 -- Moved django_file_prefixes() to django.utils.warnings.zhengkangyang
2026-06-04Fixed #37110 -- Fixed time zone validation when missing zone directory.jodizzle
On Unix systems that lack time zone information stored at `/usr/share/zoneinfo`, time zones couldn't be validated. Python's `zoneinfo` module was introduced in Python 3.9, meaning all modern Django versions should support it's use.
2026-06-03Refs CVE-2026-6873 -- Defaulted SIGNED_COOKIE_LEGACY_SALT_FALLBACK ↵Jacob Walls
transitional setting to False.
2026-05-13Fixed #37092, Refs #35870 -- Added missing deprecation warnings for ↵Jacob Walls
USE_BLANK_CHOICE_DASH. Follow-up to 63c56cda133a85a158502891c40465bc0331d3d9. Modeled on 5d80843ebc5376d00f98bf2a6aadbada4c29365c.
2026-05-13Fixed #35514 -- Implemented dictionary-based MAILERS.Mike Edmunds
See DEP 0018. Added: * MAILERS setting. * django.core.mail.mailers dict-like EmailBackend factory. * `using` argument to mail sending APIs. * `sent_using` attribute to mail.outbox messages in locmem backend. * MAILERS in startproject settings template, set to console backend. * AdminLogHandler.using argument. * BrokenLinkEmailsMiddleware.send_mail() method. Updated: * BaseEmailBackend to track the MAILERS alias used to construct it, and to report errors for unknown kwargs (OPTIONS). * EmailBackend implementations to initialize from kwargs (OPTIONS) only when MAILERS is being used. * smtp.EmailBackend to require `host` option and to default `port` option based on SSL/TLS options. * SimpleTestCase setup to substitute the locmem backend for all defined MAILERS configurations. * Django's tests that send mail to define MAILERS. Deprecated: * EMAIL_BACKEND and other backend-related EMAIL_* settings. * mail.get_connection(). * The `connection`, `fail_silently`, `auth_user`, and `auth_password` arguments to mail functions. * The EmailMessage.connection attribute. * BaseEmailBackend support for `fail_silently`. Backends that support fail_silently (SMTP, console, file) now implement it directly. * AdminEmailHandler.email_backend argument. Removed undocumented features without deprecation: * EmailMessage.get_connection() method. (send() now raises an error if a subclass has attempted to override it.) * EmailMessage.send() no longer sets self.connection to the connection used for sending. (It still _uses_ a pre-existing self.connection.) * AdminEmailHandler.connection() method. (Init now raises an error if a subclass has attempted to override it.) Thanks to Natalia Bidart for shepherding DEP 0018 and for extensive reviews and suggestions on the implementation. Thanks to Jacob Rief for the initial implementation and multiple iterations while refining the design. Co-authored-by: Jacob Rief <jacob.rief@gmail.com>
2026-05-08Refs #35514 -- Fixed settings deprecation warning helper.Mike Edmunds
Replaced the (currently unused) LazySettings._show_deprecation_warning() with a module-level _show_settings_deprecation_warning() function. The new function can be called from any settings-related code, not just LazySettings methods. It correctly distinguishes internal from external settings usage when override_settings() is involved.
2026-04-27Refs #35514 -- Added warn_about_external_use() deprecation utility.Mike Edmunds
Implemented a new `warn_about_external_use()` helper to conditionally issue warnings depending on whether a deprecated feature is used from within Django. Fixed `LazySettings._show_deprecation_warning()` (Refs #26029) to work correctly when called from anywhere in `LazySettings`. Previously, it assumed a specific code path through `LazyObject.__getattribute__()` and an `@property` getter on `LazySettings`.
2026-04-22Fixed #35870 -- Made blank choice label in forms more accessible.Annabelle Wiegart
Added new constant django.db.models.fields.BLANK_CHOICE_LABEL for an accessible and translatable blank choice label in forms. Deprecated django.db.models.fields.BLANK_CHOICE_DASH constant. Added the immediately deprecated transitional setting USE_BLANK_CHOICE_DASH. Co-Authored-By: Marijke Luttekes <mail@marijkeluttekes.dev>
2025-07-23Refs #36500 -- Rewrapped long docstrings and block comments via a script.django-bot
Rewrapped long docstrings and block comments to 79 characters + newline using script from https://github.com/medmunds/autofix-w505.
2025-01-15Refs #34380 -- Changed the URLField default scheme to https and removed ↵Sarah Boyce
FORMS_URLFIELD_ASSUME_HTTPS per deprecation timeline.
2023-11-28Refs #34380 -- Added FORMS_URLFIELD_ASSUME_HTTPS transitional setting.Mariusz Felisiak
This allows early adoption of the new default "https".
2023-09-18Refs #26029 -- Removed DEFAULT_FILE_STORAGE and STATICFILES_STORAGE settings.Mariusz Felisiak
This also removes django.core.files.storage.get_storage_class(). Per deprecation timeline.
2023-09-11Fixed #34821 -- Prevented DEFAULT_FILE_STORAGE/STATICFILES_STORAGE settings ↵Mariusz Felisiak
from mutating the main STORAGES. Regression in 6b965c600054f970bdf94017ecf2e0e6e0a4326b.
2023-08-18Fixed #34773 -- Fixed syncing DEFAULT_FILE_STORAGE/STATICFILES_STORAGE ↵Mariusz Felisiak
settings with STORAGES. Thanks Petr Dlouhý for the report. Bug in 32940d390a00a30a6409282d314d617667892841.
2023-01-17Refs #32800 -- Removed CSRF_COOKIE_MASKED transitional setting per ↵Mariusz Felisiak
deprecation timeline.
2023-01-17Refs #32365 -- Removed support for pytz timezones per deprecation timeline.Mariusz Felisiak
2023-01-17Refs #32873 -- Removed settings.USE_L10N per deprecation timeline.Mariusz Felisiak
2023-01-17Refs #32379 -- Changed default USE_TZ to True.Mariusz Felisiak
Per deprecation timeline.
2023-01-12Refs #26029 -- Deprecated DEFAULT_FILE_STORAGE and STATICFILES_STORAGE settings.Jarosław Wygoda
2023-01-11Refs #26029 -- Added LazySettings._show_deprecation_warning() hook.Jarosław Wygoda
2022-03-03Optimized lazy wrappers a bit.Collin Anderson
This avoids an extra __getattribute__() call for self._wrapped.
2022-02-16Fixed #28358 -- Prevented LazyObject from mimicking nonexistent attributes.Theo Alexiou
Thanks Sergey Fedoseev for the initial patch.
2022-02-07Refs #33476 -- Reformatted code with Black.django-bot
2022-02-01Fixed #30360 -- Added support for secret key rotation.tschilling
Thanks Florian Apolloner for the implementation idea. Co-authored-by: Andreas Pelme <andreas@pelme.se> Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es> Co-authored-by: Vuyisile Ndlovu <terrameijar@gmail.com>
2021-11-29Fixed #32800 -- Changed CsrfViewMiddleware not to mask the CSRF secret.Chris Jerdonek
This also adds CSRF_COOKIE_MASKED transitional setting helpful in migrating multiple instance of the same project to Django 4.1+. Thanks Florian Apolloner and Shai Berger for reviews. Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2021-09-16Fixed #32365 -- Made zoneinfo the default timezone implementation.Carlton Gibson
Thanks to Adam Johnson, Aymeric Augustin, David Smith, Mariusz Felisiak, Nick Pope, and Paul Ganssle for reviews.
2021-09-14Fixed #32873 -- Deprecated settings.USE_L10N.Claude Paroz
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2021-05-18Fixed #32379 -- Started deprecation toward changing default USE_TZ to True.Claude Paroz
Co-authored-by: Nick Pope <nick@nickpope.me.uk> Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2021-03-24Removed trailing whitespaces in error messages.Mariusz Felisiak
2021-03-24Fixed #29606 -- Added type check for ALLOWED_HOSTS setting.Adam Donaghy
2021-01-14Refs #31842 -- Removed DEFAULT_HASHING_ALGORITHM transitional setting.Mariusz Felisiak
Per deprecation timeline.
2021-01-14Refs #28622 -- Removed settings.PASSWORD_RESET_TIMEOUT_DAYS per deprecation ↵Mariusz Felisiak
timeline.
2020-12-31Fixed #32304 -- Fixed prefixing STATIC_URL and MEDIA_URL by SCRIPT_NAME for ↵Mariusz Felisiak
absolute URLs with no domain. Thanks Adam Hooper for the report. Regression in c574bec0929cd2527268c96a492d25223a9fd576.
2020-08-04Fixed #31842 -- Added DEFAULT_HASHING_ALGORITHM transitional setting.Mariusz Felisiak
It's a transitional setting helpful in migrating multiple instance of the same project to Django 3.1+. Thanks Markus Holtermann for the report and review, Florian Apolloner for the implementation idea and review, and Carlton Gibson for the review.
2020-07-29Fixed #29324 -- Made SECRET_KEY validation lazy (on first access).Florian Apolloner
2020-07-28Improved performance of STATIC_URL and MEDIA_URL setting access.Florian Apolloner
Run `add_script_prefix()` on first access, rather than on every time.
2019-09-25Fixed #25598 -- Added SCRIPT_NAME prefix to STATIC_URL and MEDIA_URL set to ↵Oleg Kainov
relative paths. Thanks Florian Apolloner for reviews. Co-authored-by: Joel Dunham <Joel.Dunham@technicalsafetybc.ca>
2019-09-20Fixed #28622 -- Allowed specifying password reset link expiration in seconds ↵Hasan Ramezani
and deprecated PASSWORD_RESET_TIMEOUT_DAYS.
2019-09-10Refs #29817 -- Removed settings.FILE_CHARSET per deprecation timeline.Mariusz Felisiak
2019-03-05Fixed #30234 -- Disallowed non-upper settings in settings.configure().orlnub123
2019-01-17Refs #27829 -- Removed settings.DEFAULT_CONTENT_TYPE per deprecation timeline.Tim Graham
2019-01-11Moved django.db.migrations.writer.SettingsReference to django.conf.Tim Graham
Reduces the possibility of circular imports.
2018-10-15Fixed #29817 -- Deprecated settings.FILE_CHARSET.Jon Dufresne
2018-10-15Refs #27829 -- Added warning for settings.DEFAULT_CONTENT_TYPE usage outside ↵Jon Dufresne
of Django.
2018-09-28Refs #28909 -- Simplifed code using unpacking generalizations.Sergey Fedoseev
2018-05-26Reverted "Fixed #29324 -- Made Settings raise ImproperlyConfigured if ↵Tim Graham
SECRET_KEY is accessed and not set." This reverts commit b3cffde5559c4fa97625512d7ec41a674be26076 due to a regression and performance concerns.
2018-04-19Ref #23919 -- Replaced some os.path usage with pathlib.Path.Tom
2018-04-17Fixed #29324 -- Made Settings raise ImproperlyConfigured if SECRET_KEY is ↵Jon Dufresne
accessed and not set.
2017-09-13Removed unnecessary parens in various code.Mariusz Felisiak
2017-03-04Refs #27656 -- Updated remaining docstring verbs according to PEP 257.Anton Samarchyan