summaryrefslogtreecommitdiff
path: root/django/utils/log.py
AgeCommit message (Collapse)Author
2026-06-10Fixed #37142 -- Moved django_file_prefixes() to django.utils.warnings.zhengkangyang
2026-05-13Fixed #35514 -- Implemented dictionary-based MAILERS.Mike Edmunds
See DEP 0018. Added: * MAILERS setting. * django.core.mail.mailers dict-like EmailBackend factory. * `using` argument to mail sending APIs. * `sent_using` attribute to mail.outbox messages in locmem backend. * MAILERS in startproject settings template, set to console backend. * AdminLogHandler.using argument. * BrokenLinkEmailsMiddleware.send_mail() method. Updated: * BaseEmailBackend to track the MAILERS alias used to construct it, and to report errors for unknown kwargs (OPTIONS). * EmailBackend implementations to initialize from kwargs (OPTIONS) only when MAILERS is being used. * smtp.EmailBackend to require `host` option and to default `port` option based on SSL/TLS options. * SimpleTestCase setup to substitute the locmem backend for all defined MAILERS configurations. * Django's tests that send mail to define MAILERS. Deprecated: * EMAIL_BACKEND and other backend-related EMAIL_* settings. * mail.get_connection(). * The `connection`, `fail_silently`, `auth_user`, and `auth_password` arguments to mail functions. * The EmailMessage.connection attribute. * BaseEmailBackend support for `fail_silently`. Backends that support fail_silently (SMTP, console, file) now implement it directly. * AdminEmailHandler.email_backend argument. Removed undocumented features without deprecation: * EmailMessage.get_connection() method. (send() now raises an error if a subclass has attempted to override it.) * EmailMessage.send() no longer sets self.connection to the connection used for sending. (It still _uses_ a pre-existing self.connection.) * AdminEmailHandler.connection() method. (Init now raises an error if a subclass has attempted to override it.) Thanks to Natalia Bidart for shepherding DEP 0018 and for extensive reviews and suggestions on the implementation. Thanks to Jacob Rief for the initial implementation and multiple iterations while refining the design. Co-authored-by: Jacob Rief <jacob.rief@gmail.com>
2026-03-16Fixed #36894 -- Added TypeError for conflicting arguments in mail APIs.Praful Gulani
A TypeError is now raised if fail_silently=True, auth_user, or auth_password are provided along a connection. Updated AdminEmailHandler in django.utils.log to remove redundant fail_silently=True. Thanks Mike Edmunds for the report and Jacob Tyler Walls for the review.
2025-10-20Fixed #36470 -- Prevented log injection in runserver when handling NOT FOUND.YashRaj1506
Migrated `WSGIRequestHandler.log_message()` to use a more robust `log_message()` helper, which was based of `log_response()` via factoring out the common bits. Refs CVE-2025-48432. Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
2025-06-04Fixed CVE-2025-48432 -- Escaped formatting arguments in `log_response()`.Natalia
Suitably crafted requests containing a CRLF sequence in the request path may have allowed log injection, potentially corrupting log files, obscuring other attacks, misleading log post-processing tools, or forging log entries. To mitigate this, all positional formatting arguments passed to the logger are now escaped using "unicode_escape" encoding. Thanks to Seokchan Yoon (https://ch4n3.kr/) for the report. Co-authored-by: Carlton Gibson <carlton@noumenal.es> Co-authored-by: Jake Howard <git@theorangeone.net>
2024-04-12Fixed #35364 -- Stopped AdminEmailHandler rendering email unnecessarily.Adam Johnson
2022-02-07Refs #33476 -- Reformatted code with Black.django-bot
2022-01-12Changed django.utils.log.log_response() to take exception instance.Adam Johnson
There's little point retrieving a fresh reference to the exception in the legacy tuple format, when it's all available via the exception instance we already have.
2021-06-30Refs #32880 -- Moved logging reference to new document.Daniele Procida
Completed a first step in moving reference and how-to material out of the topic document.
2020-04-16Fixed #29329 -- Made datetime logging from runserver more consistent.Hasan Ramezani
Setting default_msec_format=None will make it the same, unfortunately it's not supported by Python, see https://bugs.python.org/issue40300.
2020-01-16Fixed #30752 -- Allowed using ExceptionReporter subclasses in error reports.Pavel Lysak
2019-09-04Fixed #29714 -- Allowed using ExceptionReporter subclass with AdminEmailHandler.Nasir Hussain
2018-05-04Fixed #26688 -- Fixed HTTP request logging inconsistencies.Samir Shah
* Added logging of 500 responses for instantiated responses. * Added logging of all 4xx and 5xx responses.
2017-12-07Refs #23919 -- Replaced super() calls for old-style classes.Nick Pope
2017-11-18Fixed #28810 -- Replaced '%' style logging formatting with str.format() style.Chris Lamb
2017-01-25Refs #23919 -- Replaced super(ClassName, self) with super().chillaranand
2017-01-18Refs #23919 -- Removed encoding preambles and future importsClaude Paroz
2016-09-27Fixed #27271 -- Fixed a crash in runserver logging.Sergey Fursov
Allowed ServerFormatter to handle simple string messages or messages with formatting arguments. The formatter will set the server_time variable on the log record if it's required by the format string but wasn't passed in extra parameters.
2016-05-10Stopped truncating AdminEmailHandler message subjectsClaude Paroz
Refs #26572, #17281. The RFC doesn't limit total length, just the line length which is already taken care of by Python itself. Thanks Tim Graham for the review.
2016-01-14Fixed #25999 -- Removed promotion of RemovedInNextVersionWarning to loud by ↵Tim Graham
default.
2016-01-11Fixed #25684 -- Made runserver use logging for request/response output.Flavio Curella
Thanks andreif for the contributing to the patch.
2015-11-07Amended comment to remove reference to the no longer used NullHandlerNeal Todd
2015-09-23Refs #24526 -- Made the django logger handle INFO messages.Tim Graham
Without an explicit 'level', only messages at WARNING or higher are handled. This makes the config consistent with the docs which say, "The django catch-all logger sends all messages at the INFO level or higher to the console."
2015-08-31Fixed #25331 -- Removed trailing blank lines in docstrings.Maxime Lorant
2015-07-13Fixed #25099 -- Cleaned up HttpRequest representations in error reporting.Vlastimil Zíma
2015-05-07Fixed logging regression introduced in bbe28496d32f76ca161f5c33787d6ad62267fcc6Tim Graham
2015-04-24Fixed #24526 -- Combined django.request/security loggers with the root logger.Tim Graham
Thanks Carl Meyer for review.
2015-03-24Removed getLogger alias in django.utils.log.Tim Graham
2015-03-24Removed the null handler in Django's default logging config.Tim Graham
It's unused since f0f327bb.
2015-02-05Removed old import aliases.Tim Graham
2014-12-03Removed redundant numbered parameters from str.format().Berker Peksag
Since Python 2.7 and 3.1, "{0} {1}" is equivalent to "{} {}".
2014-11-15Fixed #22407 -- Added AdminEmailHandler.send_mail().Berker Peksag
2014-10-06Fixed #23593 -- Fixed crash in AdminEmailHandler with non-ASCII characters ↵Tim Graham
in request. Thanks edevil for the report and Simon Charette for review.
2014-09-30Fixed #23569 -- Allowed using configs besides dictConfig in LOGGING_CONFIG.Seth Hill
2014-03-30Corrected many style guide violations that the newest version of flake8 catchesAlex Gaynor
2014-03-08Avoided changing raw DeprecationWarning filter behaviorClaude Paroz
Refs #21188. Now pure Python DeprecationWarning visibility should be back to Python defaults.
2014-02-08Fixed #21674 -- Deprecated the import_by_path() function in favor of ↵Berker Peksag
import_string(). Thanks Aymeric Augustin for the suggestion and review.
2013-12-31Fixed #21714 -- Moved logging configuration to global setup()Claude Paroz
Thanks Aymeric Augustin for the report and the review.
2013-11-02Fixed #21302 -- Fixed unused imports and import *.Tim Graham
2013-09-13Fixed #20844 -- Made AdminEmailHandler respect LOGGING 'formatter' setting.Daniel Sokolowski
2013-07-01Relied on NullHandler from the logging stdlib module.Aymeric Augustin
2013-07-01Deprecated django.utils.dictconfig.Aymeric Augustin
The module still exists for whoever uses it in its current state, but it isn't imported by Django anywhere.
2013-05-26Replaced `and...or...` constructs with PEP 308 conditional expressions.Ramiro Morales
2013-05-25Fixed #19866 -- Added security logger and return 400 for SuspiciousOperation.Preston Holmes
SuspiciousOperations have been differentiated into subclasses, and are now logged to a 'django.security.*' logger. SuspiciousOperations that reach django.core.handlers.base.BaseHandler will now return a 400 instead of a 500. Thanks to tiwoc for the report, and Carl Meyer and Donald Stufft for review.
2013-05-17Replaced an antiquated pattern.Aymeric Augustin
Thanks Lennart Regebro for pointing it out.
2013-01-21Fixed #19637 -- Ensured AdminEmailHandler fails silentlyClaude Paroz
Thanks lsaffre for the report. Refs #19325.
2012-12-29Removed backwards-compatibility shim for #16288.Aymeric Augustin
Also unit-tested django.utils.log.RequireDebugTrue for consistency.
2012-11-20Fixed #19325 - Made email backend of AdminEmailHandler configurableHannes Struss
2012-11-16Fixed #18985 -- made DeprecationWarnings loudPreston Holmes
Capture warnings in Python >= 2.7 and route through console handler, which is subject to DEBUG==True Thanks to dstufft for the idea, and claudep for initial patch
2012-11-12Negligible spacing fix in utils/log.pyAdrian Holovaty