| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2026-04-22 | Fixed #35870 -- Made blank choice label in forms more accessible. | Annabelle Wiegart | |
| Added new constant django.db.models.fields.BLANK_CHOICE_LABEL for an accessible and translatable blank choice label in forms. Deprecated django.db.models.fields.BLANK_CHOICE_DASH constant. Added the immediately deprecated transitional setting USE_BLANK_CHOICE_DASH. Co-Authored-By: Marijke Luttekes <mail@marijkeluttekes.dev> | |||
| 2025-09-23 | Fixed #36609 -- Added Haitian Creole (ht) language. | Jean Patrick Prenis | |
| Thanks Rebecca Conley for the review. Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com> | |||
| 2025-09-16 | Fixed #35859 -- Added background Tasks framework interface. | Jake Howard | |
| This work implements what was defined in DEP 14 (https://github.com/django/deps/blob/main/accepted/0014-background-workers.rst). Thanks to Raphael Gaschignard, Eric Holscher, Ran Benita, Sarah Boyce, Jacob Walls, and Natalia Bidart for the reviews. | |||
| 2025-09-05 | Fixed #36564 -- Changed DEFAULT_AUTO_FIELD from AutoField to BigAutoField. | Tim Graham | |
| 2025-07-23 | Refs #36500 -- Corrected rewrapped long lines fixed via a script. | Mike Edmunds | |
| Manually reformatted some comments and docstrings where autofix_w505.py changed the meaning of the formatting. | |||
| 2025-07-23 | Refs #36500 -- Rewrapped long docstrings and block comments via a script. | django-bot | |
| Rewrapped long docstrings and block comments to 79 characters + newline using script from https://github.com/medmunds/autofix-w505. | |||
| 2025-07-23 | Removed double spaces after periods and within phrases. | Sarah Boyce | |
| 2025-07-22 | Refs #36138 -- Corrected ADMINS setting format in ↵ | Mike Edmunds | |
| django/conf/global_settings.py comment. | |||
| 2025-06-27 | Fixed #15727 -- Added Content Security Policy (CSP) support. | Rob Hudson | |
| This initial work adds a pair of settings to configure specific CSP directives for enforcing or reporting policy violations, a new `django.middleware.csp.ContentSecurityPolicyMiddleware` to apply the appropriate headers to responses, and a context processor to support CSP nonces in templates for safely inlining assets. Relevant documentation has been added for the 6.0 release notes, security overview, a new how-to page, and a dedicated reference section. Thanks to the multiple reviewers for their precise and valuable feedback. Co-authored-by: Natalia <124304+nessita@users.noreply.github.com> | |||
| 2025-03-19 | Fixed #36000 -- Deprecated HTTP as the default protocol in urlize and ↵ | Ahmed Nassar | |
| urlizetrunc. | |||
| 2025-01-15 | Refs #34380 -- Changed the URLField default scheme to https and removed ↵ | Sarah Boyce | |
| FORMS_URLFIELD_ASSUME_HTTPS per deprecation timeline. | |||
| 2024-09-19 | Updated link with valid options for LANGUAGE_CODE in global_settings.py. | r0Zh-ovanya | |
| Co-authored-by: Natalia <124304+nessita@users.noreply.github.com> | |||
| 2023-11-28 | Refs #34380 -- Added FORMS_URLFIELD_ASSUME_HTTPS transitional setting. | Mariusz Felisiak | |
| This allows early adoption of the new default "https". | |||
| 2023-09-18 | Refs #26029 -- Removed DEFAULT_FILE_STORAGE and STATICFILES_STORAGE settings. | Mariusz Felisiak | |
| This also removes django.core.files.storage.get_storage_class(). Per deprecation timeline. | |||
| 2023-08-12 | Added Uyghur language. | Azat | |
| 2023-02-14 | Fixed CVE-2023-24580 -- Prevented DoS with too many uploaded files. | Markus Holtermann | |
| Thanks to Jakob Ackermann for the report. | |||
| 2023-01-17 | Refs #32800 -- Removed CSRF_COOKIE_MASKED transitional setting per ↵ | Mariusz Felisiak | |
| deprecation timeline. | |||
| 2023-01-17 | Refs #32365 -- Removed support for pytz timezones per deprecation timeline. | Mariusz Felisiak | |
| 2023-01-17 | Refs #32873 -- Removed settings.USE_L10N per deprecation timeline. | Mariusz Felisiak | |
| 2023-01-17 | Refs #32379 -- Changed default USE_TZ to True. | Mariusz Felisiak | |
| Per deprecation timeline. | |||
| 2023-01-12 | Refs #26029 -- Deprecated DEFAULT_FILE_STORAGE and STATICFILES_STORAGE settings. | Jarosław Wygoda | |
| 2023-01-12 | Fixed #26029 -- Allowed configuring custom file storage backends. | Jarosław Wygoda | |
| 2022-08-30 | Added Central Kurdish (Sorani) language. | Swara | |
| 2022-02-07 | Refs #33476 -- Refactored code to strictly match 88 characters line length. | Mariusz Felisiak | |
| 2022-02-07 | Refs #33476 -- Reformatted code with Black. | django-bot | |
| 2022-02-01 | Refs #33476 -- Used vertical hanging indentation for format lists with ↵ | Mariusz Felisiak | |
| inline comments. Lists with multiple values and comments per-line are reformatted by Black to multiple lines with a single comment. For example: DATE_INPUT_FORMATS = "%Y-%m-%d", "%m/%d/%Y", "%m/%d/%y", # '2006-10-25', '10/25/2006', '10/25/06' ] is reformatted to the: DATE_INPUT_FORMATS = "%Y-%m-%d", "%m/%d/%Y", "%m/%d/%y", # '2006-10-25', '10/25/2006', '10/25/06' ] This reformats affected entries to multiple lines with corresponding comments. | |||
| 2022-02-01 | Fixed #30360 -- Added support for secret key rotation. | tschilling | |
| Thanks Florian Apolloner for the implementation idea. Co-authored-by: Andreas Pelme <andreas@pelme.se> Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es> Co-authored-by: Vuyisile Ndlovu <terrameijar@gmail.com> | |||
| 2021-11-29 | Fixed #32800 -- Changed CsrfViewMiddleware not to mask the CSRF secret. | Chris Jerdonek | |
| This also adds CSRF_COOKIE_MASKED transitional setting helpful in migrating multiple instance of the same project to Django 4.1+. Thanks Florian Apolloner and Shai Berger for reviews. Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com> | |||
| 2021-11-18 | Added Malay language. | jhisham | |
| 2021-09-16 | Fixed #32365 -- Made zoneinfo the default timezone implementation. | Carlton Gibson | |
| Thanks to Adam Johnson, Aymeric Augustin, David Smith, Mariusz Felisiak, Nick Pope, and Paul Ganssle for reviews. | |||
| 2021-09-14 | Fixed #32873 -- Deprecated settings.USE_L10N. | Claude Paroz | |
| Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com> | |||
| 2021-07-29 | Fixed 32956 -- Lowercased spelling of "web" and "web framework" where ↵ | David Smith | |
| appropriate. | |||
| 2021-07-22 | Fixed #32275 -- Added scrypt password hasher. | ryowright | |
| Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com> | |||
| 2021-04-30 | Fixed #32678 -- Removed SECURE_BROWSER_XSS_FILTER setting. | Tim Graham | |
| 2021-03-30 | Fixed #31840 -- Added support for Cross-Origin Opener Policy header. | bankc | |
| Thanks Adam Johnson and Tim Graham for the reviews. Co-authored-by: Tim Graham <timograham@gmail.com> | |||
| 2021-01-14 | Refs #31842 -- Removed DEFAULT_HASHING_ALGORITHM transitional setting. | Mariusz Felisiak | |
| Per deprecation timeline. | |||
| 2021-01-14 | Refs #28622 -- Removed settings.PASSWORD_RESET_TIMEOUT_DAYS per deprecation ↵ | Mariusz Felisiak | |
| timeline. | |||
| 2020-12-15 | Fixed #31007 -- Allowed specifying type of auto-created primary keys. | Tom Forbes | |
| This also changes the default type of auto-created primary keys for new apps and projects to BigAutoField. | |||
| 2020-08-10 | Fixed #31871 -- Updated SESSION_COOKIE_SAMESITE comment in global_settings.py. | אורי | |
| Follow up to b33bfc383935cd26e19a2cf71d066ac6edd1425f. | |||
| 2020-08-04 | Fixed #31842 -- Added DEFAULT_HASHING_ALGORITHM transitional setting. | Mariusz Felisiak | |
| It's a transitional setting helpful in migrating multiple instance of the same project to Django 3.1+. Thanks Markus Holtermann for the report and review, Florian Apolloner for the implementation idea and review, and Carlton Gibson for the review. | |||
| 2020-07-14 | Added Igbo language. | Kelechi Precious Nwachukwu | |
| 2020-07-08 | Added Turkmen language. | Resulkary | |
| 2020-06-12 | Added support for the Tajik language. | Claude Paroz | |
| Thanks Sirius Sufiew for contributing that support. | |||
| 2020-05-20 | Added Kyrgyz language. | Claude Paroz | |
| Thanks Soyuzbek orozbek uulu for contributing that support. | |||
| 2020-05-05 | Refs #28622 -- Corrected PASSWORD_RESET_TIMEOUT/PASSWORD_RESET_TIMEOUT_DAYS ↵ | Chris Burchhardt | |
| docs. Removed outdated note about an extra day in PASSWORD_RESET_TIMEOUT docs and incorrect "minimum" phrase. | |||
| 2020-02-05 | Fixed #31232 -- Changed default SECURE_REFERRER_POLICY to 'same-origin'. | Adam Johnson | |
| 2020-01-16 | Fixed #30752 -- Allowed using ExceptionReporter subclasses in error reports. | Pavel Lysak | |
| 2020-01-07 | Fixed #15982 -- Added DATE_INPUT_FORMATS to forms.DateTimeField default ↵ | Claude Paroz | |
| input formats. | |||
| 2019-12-14 | Added Algerian Arabic language. | Rabah Saadi | |
| 2019-11-04 | Added Uzbek language. | Claude Paroz | |
