| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2026-04-28 | Refs CVE-2026-25674 -- Clarified role of umask in upload permissions. | Shai Berger | |
| 2026-04-22 | Fixed #35870 -- Made blank choice label in forms more accessible. | Annabelle Wiegart | |
| Added new constant django.db.models.fields.BLANK_CHOICE_LABEL for an accessible and translatable blank choice label in forms. Deprecated django.db.models.fields.BLANK_CHOICE_DASH constant. Added the immediately deprecated transitional setting USE_BLANK_CHOICE_DASH. Co-Authored-By: Marijke Luttekes <mail@marijkeluttekes.dev> | |||
| 2026-04-07 | Refs CVE-2026-33034 -- Improved security documentation on handling large ↵ | Jake Howard | |
| request bodies. Notably that the limit can be bypassed under ASGI. | |||
| 2026-02-18 | Refs #19221 -- Fixed outdated KEY_FUNCTION definition in docs/ref/settings.txt. | Mike Edmunds | |
| Replaced outdated version of `default_key_func` in settings reference with pointer to current version in cache topic. Rewrote description to match parameter order and behavior of default implementation. Co-authored-by: nessita <124304+nessita@users.noreply.github.com> | |||
| 2026-01-19 | Fixed unbalanced parentheses in docs. | Clifford Gama | |
| 2025-11-06 | Removed community packages admonition from settings docs. | Tim Schilling | |
| 2025-10-30 | Added community package storage backends mention to docs. | Tim Schilling | |
| Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com> | |||
| 2025-10-29 | Fixed #36329 -- Removed non-code custom link text when cross-referencing ↵ | Clifford Gama | |
| Python objects. Thanks Bruno Alla, Sarah Boyce, and Jacob Walls for reviews. Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com> | |||
| 2025-09-17 | Refs #35859 -- Removed support for Task enqueuing on transaction commit. | Jacob Walls | |
| This removes the ability to configure Task enqueueing via a setting, since the proposed `ENQUEUE_ON_COMMIT` did not support multi-database setups. Thanks to Simon Charette for the report. Follow-up to 4289966d1b8e848e5e460b7c782dac009d746b20. | |||
| 2025-09-16 | Fixed #35859 -- Added background Tasks framework interface. | Jake Howard | |
| This work implements what was defined in DEP 14 (https://github.com/django/deps/blob/main/accepted/0014-background-workers.rst). Thanks to Raphael Gaschignard, Eric Holscher, Ran Benita, Sarah Boyce, Jacob Walls, and Natalia Bidart for the reviews. | |||
| 2025-09-12 | Fixed #36597 -- Corrected directives for functions from email module in docs. | Mridul Dhall | |
| Thanks Mike Edmunds for the report. | |||
| 2025-09-05 | Fixed #36564 -- Changed DEFAULT_AUTO_FIELD from AutoField to BigAutoField. | Tim Graham | |
| 2025-08-25 | Refs #36485 -- Rewrapped docs to 79 columns line length. | David Smith | |
| Lines in the docs files were manually adjusted to conform to the 79 columns limit per line (plus newline), improving readability and consistency across the content. | |||
| 2025-08-25 | Refs #36485 -- Removed double spaces after periods in sentences. | Natalia | |
| 2025-08-25 | Refs #36485 -- Removed unnecessary parentheses in :meth: and :func: roles in ↵ | David Smith | |
| docs. | |||
| 2025-06-27 | Fixed #15727 -- Added Content Security Policy (CSP) support. | Rob Hudson | |
| This initial work adds a pair of settings to configure specific CSP directives for enforcing or reporting policy violations, a new `django.middleware.csp.ContentSecurityPolicyMiddleware` to apply the appropriate headers to responses, and a context processor to support CSP nonces in templates for safely inlining assets. Relevant documentation has been added for the 6.0 release notes, security overview, a new how-to page, and a dedicated reference section. Thanks to the multiple reviewers for their precise and valuable feedback. Co-authored-by: Natalia <124304+nessita@users.noreply.github.com> | |||
| 2025-03-21 | Fixed #36138 -- Changed ADMINS and MANAGERS settings to lists of strings. | Mike Edmunds | |
| Previously, the ADMINS and MANAGERS settings were lists of (name, address) tuples (where the name had been unused). Deprecated use of tuples. Updated settings value sanity checks, and changed from ValueError to ImproperlyConfigured. | |||
| 2025-03-19 | Fixed #36000 -- Deprecated HTTP as the default protocol in urlize and ↵ | Ahmed Nassar | |
| urlizetrunc. | |||
| 2025-01-21 | Refs 35653 -- Clarified docs for EMAIL_SSL_CERTFILE and EMAIL_SSL_KEYFILE ↵ | Igor Scheller | |
| settings. | |||
| 2025-01-15 | Refs #34380 -- Changed the URLField default scheme to https and removed ↵ | Sarah Boyce | |
| FORMS_URLFIELD_ASSUME_HTTPS per deprecation timeline. | |||
| 2024-09-03 | Added EMAIL_USE_SSL to the 'Core Settings Topical Index' docs. | github-user-en | |
| 2024-06-24 | Fixed #35306 -- Documented fallback localization formats in templates when ↵ | lufafajoshua | |
| localization is disabled. | |||
| 2024-06-13 | Fixed #35470 -- Separated i18n and l10n globalization settings docs. | lufafajoshua | |
| 2024-05-22 | Removed versionadded/changed annotations for 5.0. | Natalia | |
| This also removes remaining versionadded/changed annotations for older versions. | |||
| 2024-05-22 | Fixed #31405 -- Added LoginRequiredMiddleware. | Hisham Mahmood | |
| Co-authored-by: Adam Johnson <me@adamj.eu> Co-authored-by: Mehmet İnce <mehmet@mehmetince.net> Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com> | |||
| 2024-04-05 | Refs #35354 -- Clarified FORCE_SCRIPT_NAME docs. | Carlton Gibson | |
| 2024-03-06 | Fixed broken links and redirects in docs. | Mariusz Felisiak | |
| 2024-02-20 | Fixed #35153 -- Added note about locale name notation to FORMAT_MODULE_PATH ↵ | sandjio | |
| docs. Co-authored-by: Paul Hermans <paul.hermans@benemtech.com> | |||
| 2024-01-29 | Fixed #35141 -- Clarified the expected type of CACHE_MIDDLEWARE_SECONDS setting. | Alexander Lazarević | |
| 2024-01-26 | Applied Black's 2024 stable style. | Mariusz Felisiak | |
| https://github.com/psf/black/releases/tag/24.1.0 | |||
| 2024-01-16 | Used more specific link to email backends in EMAIL_BACKEND docs. | Baptiste Mispelon | |
| 2023-12-28 | Improved DEFAULT_FROM_EMAIL/SERVER_EMAIL docs. | David D Lowe | |
| Co-authored-by: nessita <124304+nessita@users.noreply.github.com> | |||
| 2023-12-14 | Added clarifications about the DATABASES.TIME_ZONE setting in docs. | David Sanders | |
| These include: - Doc'd which is the default used when DATABASES.TIME_ZONE is None. - Doc'd that the database connection's time zone setting is set for PostgreSQL and clarified that it may be necessary to set it to the same value as TIME_ZONE. Co-authored-by: David Smith <39445562+smithdc1@users.noreply.github.com> Co-authored-by: Natalia Bidart <124304+nessita@users.noreply.github.com> | |||
| 2023-11-29 | Refs #25778 -- Updated some links and references to HTTPS. | Adam Johnson | |
| 2023-11-28 | Refs #34380 -- Added FORMS_URLFIELD_ASSUME_HTTPS transitional setting. | Mariusz Felisiak | |
| This allows early adoption of the new default "https". | |||
| 2023-10-06 | Refs #32275 -- Added scrypt password hasher to PASSWORD_HASHERS setting docs. | ume | |
| 2023-10-04 | Corrected wrap_socket() reference in docs/ref/settings.txt. | Mariusz Felisiak | |
| 2023-09-18 | Refs #26029 -- Removed DEFAULT_FILE_STORAGE and STATICFILES_STORAGE settings. | Mariusz Felisiak | |
| This also removes django.core.files.storage.get_storage_class(). Per deprecation timeline. | |||
| 2023-09-18 | Removed versionadded/changed annotations for 4.2. | Mariusz Felisiak | |
| This also removes remaining versionadded/changed annotations for older versions. | |||
| 2023-07-24 | Refs #34712 -- Doc'd that defining STORAGES overrides the default configuration. | Bruno Alla | |
| 2023-06-23 | Improved style of n-tuple wording in docs and comments. | Nick Pope | |
| 2023-04-21 | Added meaningful titles to ..admonition:: directives. | Mariusz Felisiak | |
| 2023-03-01 | Fixed #34140 -- Reformatted code blocks in docs with blacken-docs. | django-bot | |
| 2023-02-14 | Fixed CVE-2023-24580 -- Prevented DoS with too many uploaded files. | Markus Holtermann | |
| Thanks to Jakob Ackermann for the report. | |||
| 2023-02-10 | Refs #34140 -- Applied rst code-block to non-Python examples. | Carlton Gibson | |
| Thanks to J.V. Zammit, Paolo Melchiorre, and Mariusz Felisiak for reviews. | |||
| 2023-01-17 | Refs #32800 -- Removed CSRF_COOKIE_MASKED transitional setting per ↵ | Mariusz Felisiak | |
| deprecation timeline. | |||
| 2023-01-17 | Refs #32365 -- Removed support for pytz timezones per deprecation timeline. | Mariusz Felisiak | |
| 2023-01-17 | Refs #32873 -- Removed settings.USE_L10N per deprecation timeline. | Mariusz Felisiak | |
| 2023-01-17 | Refs #32379 -- Changed default USE_TZ to True. | Mariusz Felisiak | |
| Per deprecation timeline. | |||
| 2023-01-17 | Refs #32446 -- Removed SERIALIZE test database setting per deprecation timeline. | Mariusz Felisiak | |
