summaryrefslogtreecommitdiff
path: root/django/core/mail
AgeCommit message (Collapse)Author
2026-06-16Fixed #37152 -- Raised ValueError when Bcc is used in EmailMessage headers.diaxoaine
Bcc addresses are sent via the SMTP envelope and must never appear in the message itself. A "Bcc" key in `extra_headers` was not excluded like From/To/Cc/Reply-To, so it leaked into the generated message as a visible header. Thanks Mike Edmunds for reviews.
2026-06-10Fixed #37142 -- Moved django_file_prefixes() to django.utils.warnings.zhengkangyang
2026-06-03Fixed CVE-2026-7666 -- Delayed setting SMTP connection until fully configured.Jake Howard
Thanks Kasper Dupont for the report, and Jacob Walls and Natalia Bidart for reviews.
2026-05-14Refs #36664 -- Updated SMTP EmailBackend tests for Python 3.15.Mike Edmunds
Versions of Python prior to 3.15 would incorrectly encode non-ASCII email addresses using rfc2047, resulting in undeliverable email. The SMTP EmailBackend detects and prevents that (#35713). Python 3.15 fixes that behavior (CPython issue gh-122476). Updated test_rejects_non_ascii_local_part() to feature-detect the fix (in case it is backported) and check for a representative section of the Python error message if so; otherwise test for the SMTP EmailBackend workaround. Updated comments to clarify need and requirement.
2026-05-13Fixed #35514 -- Implemented dictionary-based MAILERS.Mike Edmunds
See DEP 0018. Added: * MAILERS setting. * django.core.mail.mailers dict-like EmailBackend factory. * `using` argument to mail sending APIs. * `sent_using` attribute to mail.outbox messages in locmem backend. * MAILERS in startproject settings template, set to console backend. * AdminLogHandler.using argument. * BrokenLinkEmailsMiddleware.send_mail() method. Updated: * BaseEmailBackend to track the MAILERS alias used to construct it, and to report errors for unknown kwargs (OPTIONS). * EmailBackend implementations to initialize from kwargs (OPTIONS) only when MAILERS is being used. * smtp.EmailBackend to require `host` option and to default `port` option based on SSL/TLS options. * SimpleTestCase setup to substitute the locmem backend for all defined MAILERS configurations. * Django's tests that send mail to define MAILERS. Deprecated: * EMAIL_BACKEND and other backend-related EMAIL_* settings. * mail.get_connection(). * The `connection`, `fail_silently`, `auth_user`, and `auth_password` arguments to mail functions. * The EmailMessage.connection attribute. * BaseEmailBackend support for `fail_silently`. Backends that support fail_silently (SMTP, console, file) now implement it directly. * AdminEmailHandler.email_backend argument. Removed undocumented features without deprecation: * EmailMessage.get_connection() method. (send() now raises an error if a subclass has attempted to override it.) * EmailMessage.send() no longer sets self.connection to the connection used for sending. (It still _uses_ a pre-existing self.connection.) * AdminEmailHandler.connection() method. (Init now raises an error if a subclass has attempted to override it.) Thanks to Natalia Bidart for shepherding DEP 0018 and for extensive reviews and suggestions on the implementation. Thanks to Jacob Rief for the initial implementation and multiple iterations while refining the design. Co-authored-by: Jacob Rief <jacob.rief@gmail.com>
2026-05-06Refs #35514 -- Added error for missing EMAIL_FILE_PATH setting.Mike Edmunds
Replaced TypeError in `os.path.abspath(None)` with ImproperlyConfigured error when settings.EMAIL_FILE_PATH is required but missing.
2026-03-16Fixed #36894 -- Added TypeError for conflicting arguments in mail APIs.Praful Gulani
A TypeError is now raised if fail_silently=True, auth_user, or auth_password are provided along a connection. Updated AdminEmailHandler in django.utils.log to remove redundant fail_silently=True. Thanks Mike Edmunds for the report and Jacob Tyler Walls for the review.
2025-07-25Fixed #35581 -- Updated django.core.mail to Python's modern email API.Mike Edmunds
- Changed EmailMessage.message() to construct a "modern email API" email.message.EmailMessage and added policy keyword arg. - Added support for modern MIMEPart objects in EmailMessage.attach() (and EmailMessage constructor, EmailMessage.attachments list). - Updated SMTP EmailBackend to use modern email.policy.SMTP. Deprecated: - Attaching MIMEBase objects (replace with MIMEPart) - BadHeaderError (modern email uses ValueError) - SafeMIMEText, SafeMIMEMultipart (unnecessary for modern email) - django.core.mail.forbid_multi_line_headers() (undocumented, but exposed via `__all__` and in wide use) - django.core.mail.message.sanitize_address() (undocumented, but in wide use) Removed without deprecation (all undocumented): - EmailMessage.mixed_subtype - EmailMultiAlternatives.alternative_subtype - Support for setting (undocumented) EmailMessage.encoding property to a legacy email.charset.Charset object Related changes: - Dropped tests for incorrect RFC 2047 encoding of non-ASCII email address localparts. This is specifically prohibited by RFC 2047, and not supported by any known MTA or email client. (Python still mis-applies encoded-word to non-ASCII localparts, but it is a bug that may be fixed in the future.) - Added tests that try to discourage using Python's legacy email APIs in future updates to django.core.mail.
2025-07-23Refs #36500 -- Rewrapped long docstrings and block comments via a script.django-bot
Rewrapped long docstrings and block comments to 79 characters + newline using script from https://github.com/medmunds/autofix-w505.
2025-07-17Fixed #36163 -- Deprecated most positional arguments in django.core.mail.Mike Edmunds
In public mail APIs, changed less frequently used parameters from keyword-or-positional to keyword-only, emitting a warning during the required deprecation period.
2025-06-26Fixed #36478 -- Fixed inconsistent mail attachment handling.Mike Edmunds
Fixed an inconsistency between EmailMessage.attach() and .attachments when attaching bytes content with a text/* mimetype. The attach() function decodes UTF-8 bytes if possible and otherwise changes the mimetype to application/octet-stream to preserve the content's unknown encoding (refs #27007). Providing equivalent content directly in EmailMessage.attachments did not apply the same logic, leading to an "AttributeError: 'bytes' object has no attribute 'encode'" in SafeMIMEText.set_payload(). Updated EmailMessage._create_mime_attachment() to match attach()'s handling for text/* mimetypes with bytes content. Updated test cases to accurately cover behavior on both paths.
2025-04-24Fixed #36309 -- Made email alternatives and attachments pickleable.nessita
Regression in aba0e541caaa086f183197eaaca0ac20a730bbe4 and in d5bebc1c26d4c0ec9eaa057aefc5b38649c0ba3b. Thanks Florent Messa for the report, and Jake Howard and Claude Paroz for the review.
2025-03-21Fixed #36138 -- Changed ADMINS and MANAGERS settings to lists of strings.Mike Edmunds
Previously, the ADMINS and MANAGERS settings were lists of (name, address) tuples (where the name had been unused). Deprecated use of tuples. Updated settings value sanity checks, and changed from ValueError to ImproperlyConfigured.
2025-03-18Refs #36138 -- Cleaned up duplicate code in mail_admins()/mail_managers().Mike Edmunds
2025-01-31Fixed #36119 -- Fixed UnicodeEncodeError when attaching a file with 8bit ↵greg
Content-Transfer-Encoding.
2024-08-05Refs #35537 -- Improved documentation and test coverage for email ↵Jake Howard
attachments and alternatives.
2024-07-11Fixed #35033, Refs #28912 -- Fixed repeated headers in EmailMessage.Mike Edmunds
Fixed a regression which would cause multiple To, Cc, and Reply-To headers in the result of EmailMessage.message() if values were supplied for both to/cc/reply_to and the corresponding extra_headers fields. Updated related tests to check the generated message() has exactly one of each expected header using get_all(). Regression in b03d5002955256c4b3ed7cfae5150eb79c0eb97e.
2024-06-21Fixed #35528 -- Added EmailMultiAlternatives.body_contains() helper method.Ronny Vedrilla
2024-06-20Fixed #35537 -- Changed EmailMessage.attachments and ↵Jake Howard
EmailMultiAlternatives.alternatives to use namedtuples. This makes it more descriptive to pull out the named fields.
2024-03-15Refs #34900 -- Fixed SafeMIMEText.set_payload() crash on Python 3.13.Mariusz Felisiak
Payloads with surrogates are passed to the set_payload() since https://github.com/python/cpython/commit/f97f25ef5dfcdfec0d9a359fd970abd139cf3428
2024-01-26Applied Black's 2024 stable style.Mariusz Felisiak
https://github.com/psf/black/releases/tag/24.1.0
2023-10-25Fixed #34904 -- Prevented mutating sent emails from outbox in locmem email ↵sindre
backend.
2023-07-17Refs #34118 -- Improved sanitize_address() error message for tuple with ↵Mariusz Felisiak
empty strings.
2023-03-14Improved connection clean-up for SMTP backend.Carlton Gibson
2023-03-06Fixed #34386 -- Made SMTP backend load default system root CA certificates ↵Dmitriy Sintsov
by default. Regression in 2848e5d0ce5cf3c31fe87525536093b21d570f69.
2022-11-16Refs #34118 -- Used smtplib's context parameter instead of keyfile and certfile.Mariusz Felisiak
keyfile and certfile parameters were removed in Python 3.12, see https://github.com/python/cpython/commit/ef0e72b31d22f780d3a165d7d0471806061fe380
2022-11-10Updated documentation and comments for RFC updates.Nick Pope
- Updated references to RFC 1123 to RFC 5322 - Only partial as RFC 5322 sort of sub-references RFC 1123. - Updated references to RFC 2388 to RFC 7578 - Except RFC 2388 Section 5.3 which has no equivalent. - Updated references to RFC 2396 to RFC 3986 - Updated references to RFC 2616 to RFC 9110 - Updated references to RFC 3066 to RFC 5646 - Updated references to RFC 7230 to RFC 9112 - Updated references to RFC 7231 to RFC 9110 - Updated references to RFC 7232 to RFC 9110 - Updated references to RFC 7234 to RFC 9111 - Tidied up style of text when referring to RFC documents
2022-02-07Refs #33476 -- Reformatted code with Black.django-bot
2021-03-19Refs #32508 -- Raised Type/ValueError instead of using "assert" in django.core.Daniyal
2020-07-20Fixed #31784 -- Fixed crash when sending emails on Python 3.6.11+, 3.7.8+, ↵Florian Apolloner
and 3.8.4+. Fixed sending emails crash on email addresses with display names longer then 75 chars on Python 3.6.11+, 3.7.8+, and 3.8.4+. Wrapped display names were passed to email.headerregistry.Address() what caused raising an exception because address parts cannot contain CR or LF. See https://bugs.python.org/issue39073 Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2020-05-12Fixed E128, E741 flake8 warnings.Mariusz Felisiak
2020-04-30Doc'd send_email() behavior when from_email is None.Adrian D'Alessandro
2019-11-06Refs #29983 -- Added pathlib.Path support to the file email backend.Jon Dufresne
2019-08-07Corrected several typos in string literals and test names.Min ho Kim
2019-07-03Fixed #30608 -- Fixed non-unicode EmailMessage crash when domain name for ↵Chason Chaffin
localhost is non-ASCII. Assisted by felixxm.
2019-07-03Refs #30608 -- Added django.utils.encoding.punycode().Mariusz Felisiak
2019-07-02Fixed #30604 -- Made mail_admins()/mail_managers() raise ValueError if ↵Hasan Ramezani
ADMINS/MANAGERS is set incorrectly.
2019-06-13Fixed #30512 -- Used email.headerregistry.parser for parsing emails in ↵Joachim Jablon
sanitize_address().
2019-02-06Refs #27753 -- Favored force/smart_str() over force/smart_text().Aymeric Augustin
2019-01-31Fixed #30147 -- Simplified directory creation with os.makedirs(..., ↵Jon Dufresne
exist_ok=True).
2019-01-28Fixed #30137 -- Replaced OSError aliases with the canonical OSError.Jon Dufresne
Used more specific errors (e.g. FileExistsError) as appropriate.
2018-12-26Fixed #30058 -- Made SMTP EmailBackend.send_messages() return 0 for ↵Denis Stebunov
empty/error cases.
2018-10-22Fixed #29830 -- Fixed loss of custom utf-8 body encoding in mails.jannschu
2018-04-19Ref #23919 -- Replaced some os.path usage with pathlib.Path.Tom
2018-03-16Fixed hanging indentation in various code.Mariusz Felisiak
2018-02-20Fixed #29140 -- Fixed EmailMessage crash when body is None.Williams Mendez
2018-01-12Fixed #28996 -- Simplified some boolean constructs and removed trivial ↵Дилян Палаузов
continue statements.
2018-01-03Fixed #28982 -- Simplified code with and/or.Дилян Палаузов
2017-12-30Fixed #28912 -- Made EmailMessage.message() omit an empty To header.Jon Dufresne
2017-12-30Fixed #28971 -- Made EmailMessage.message() set Cc from headers dict if it ↵Jon Dufresne
exists.