summaryrefslogtreecommitdiff
path: root/docs/ref
AgeCommit message (Collapse)Author
2026-06-16Fixed #36881 -- Corrected documentation for ModelAdmin.search_fields.Amar
2026-06-16Refs #37142 -- Removed docs for django.utils.warnings.django_file_prefixes().Natalia
This reverts docs changes from commit f970a98e464320c09dde8d45009eadfb4d038a57.
2026-06-11Fixed #37141 -- Added --using option to sendtestemail command.NagaKartheekReddy
2026-06-11Refs #24941 -- Doc'd get_exclude() in base features shared by InlineModelAdmin.Jacob Walls
2026-06-10Fixed #37142 -- Moved django_file_prefixes() to django.utils.warnings.zhengkangyang
2026-06-05Fixed #36984 -- Made inline formset error messages respect ↵Karolis Ryselis
delete_confirmation_max_display.
2026-06-03Refs #36905 -- Moved JSONResponse safe param discussion to versionchanged box.Jacob Walls
Follow-up to 6e15ac8066312328de279e3e072667416c205bfc.
2026-06-03Refs CVE-2026-6873 -- Defaulted SIGNED_COOKIE_LEGACY_SALT_FALLBACK ↵Jacob Walls
transitional setting to False.
2026-06-03Fixed #34699 -- Added examples of database comparisons against ↵wesley
Extract()/Trunc().
2026-06-03Fixed CVE-2026-6873 -- Prevented signed cookie salt namespace collisions.Paul McMillan
Made signed cookies derive their signer namespace from an injective encoding of `(name, salt)` while preserving compatibility with legacy `name + salt` cookies behind SIGNED_COOKIE_LEGACY_SALT_FALLBACK. Thanks Peng Zhou for the report, and Shai Berger, Markus Holterman, Jake Howard, and Paul McMillan for reviews. Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com> Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
2026-06-01Fixed #28800 -- Added a listurls management command.Chris Rose
Thanks JaeHyuck Sa, Jacob Walls, and Tim McCurrach for reviews. Co-authored-by: Ülgen Sarıkavak <ulgensrkvk@gmail.com>
2026-06-01Fixed #37119 -- Clarified middleware ordering note for nonce access.vishwa
2026-05-29Refs #35514 -- Improved docs for MAILERS setting and mailers migration guide.Natalia
Thanks Mike Edmunds for flagging these issues and for the review.
2026-05-27Fixed #36905 -- Deprecated the safe parameter of JSONResponse.Tim Harris
Peer frameworks have long since dropped their analogous checks for this vulnerability that was fixed in ES5.
2026-05-26Refs #35514 -- Removed specific Django versions from outside deprecated blocks.Natalia
This follows the contributing guidelines that state: [...] Avoid referring to a specific version of Django outside a ``deprecated`` block. Even inside a block, it's often redundant to do so as these annotations render as "Deprecated since version A.B".
2026-05-26Refs #35870 -- Moved deprecated notice at the bottom for USE_BLANK_CHOICE_DASH.Natalia
Also expended a bit on details for the setting so readers know what is it about.
2026-05-26Fixed #37116 -- Explained why a code is useful in a ValidationError.Arthur Vuillard
2026-05-20Removed versionadded/changed annotations for 6.0.Sarah Boyce
2026-05-20Fixed #37091 -- Confirmed support for GDAL 3.13.Milad Zarour
Thanks David Smith for reviews.
2026-05-20Refs #35514 -- Cleaned up mailers docs.Mike Edmunds
* Fixed typos related to automated EMAIL_PROVIDERS -> MAILERS renaming. * Clarified wording in some recently added/updated sections. * Removed deprecated, extraneous `fail_silently=False` from examples. * Moved EmailBackend API documentation out of "Email backends" intro into a dedicated section in email.txt. * Sorted MAILERS alphabetically in settings.txt.
2026-05-15Fixed #37062 -- Added preserve_request support to RedirectView.VAIBHAVPANT07
2026-05-13Fixed #35514 -- Implemented dictionary-based MAILERS.Mike Edmunds
See DEP 0018. Added: * MAILERS setting. * django.core.mail.mailers dict-like EmailBackend factory. * `using` argument to mail sending APIs. * `sent_using` attribute to mail.outbox messages in locmem backend. * MAILERS in startproject settings template, set to console backend. * AdminLogHandler.using argument. * BrokenLinkEmailsMiddleware.send_mail() method. Updated: * BaseEmailBackend to track the MAILERS alias used to construct it, and to report errors for unknown kwargs (OPTIONS). * EmailBackend implementations to initialize from kwargs (OPTIONS) only when MAILERS is being used. * smtp.EmailBackend to require `host` option and to default `port` option based on SSL/TLS options. * SimpleTestCase setup to substitute the locmem backend for all defined MAILERS configurations. * Django's tests that send mail to define MAILERS. Deprecated: * EMAIL_BACKEND and other backend-related EMAIL_* settings. * mail.get_connection(). * The `connection`, `fail_silently`, `auth_user`, and `auth_password` arguments to mail functions. * The EmailMessage.connection attribute. * BaseEmailBackend support for `fail_silently`. Backends that support fail_silently (SMTP, console, file) now implement it directly. * AdminEmailHandler.email_backend argument. Removed undocumented features without deprecation: * EmailMessage.get_connection() method. (send() now raises an error if a subclass has attempted to override it.) * EmailMessage.send() no longer sets self.connection to the connection used for sending. (It still _uses_ a pre-existing self.connection.) * AdminEmailHandler.connection() method. (Init now raises an error if a subclass has attempted to override it.) Thanks to Natalia Bidart for shepherding DEP 0018 and for extensive reviews and suggestions on the implementation. Thanks to Jacob Rief for the initial implementation and multiple iterations while refining the design. Co-authored-by: Jacob Rief <jacob.rief@gmail.com>
2026-05-13Fixed #12090 -- Added admin actions to the admin change form.Marcelo Galigniana
Thank you to Benjamin Balder Bach and Jacob Walls for reviews. Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
2026-05-12Fixed #27825 -- Doc'd that setting model fields does not convert types.1wos
Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com>
2026-05-11Refs #36593 -- Deprecated setting ModelAdmin.list_select_related to True.Adam Johnson
Now that calling `QuerySet.select_related()` without arguments is deprecated, this commit deprecates the corresponding admin features.
2026-05-11Fixed #36593 -- Deprecated QuerySet.select_related() with no arguments.Adam Johnson
This commit deprecates the "fetch all relations" form of `QuerySet.select_related()` due to its poor performance characteristics, and updates several tests relying on that feature to ignore the new warning.
2026-05-07Fixed #37084 -- Added CSP nonce context processor system check.Milad Zarour
2026-05-07Refs #15727 -- Moved security.E026 out of list of deploy=True checks.Jacob Walls
2026-05-06Fixed #36784 -- Added csp_nonce_attr template tag for CSP nonce inclusion.Natalia
New default tag `{% csp_nonce_attr %}` was added for explicit CSP nonce inclusion into `<script>` and `<link>` elements. `{% csp_nonce_attr %}` renders `nonce="<value>"` when `csp_nonce` is present in the template context, and renders nothing otherwise. `{% csp_nonce_attr media %}` renders a `Media` object's assets with the nonce attr applied to each tag. Thanks Jacob Walls for the accurate and spot on review comments. Co-authored-by: Johannes Maron <johannes@maron.family>
2026-05-04Fixed #36767 -- Allowed max redirect URL length to be set on ↵varunkasyap
HttpResponseRedirect.
2026-05-04Fixed #37039 -- Removed outdated note from QuerySet.iterator() docs.Manas225
2026-04-29Fixed #16429 -- Extracted set_choices() method from FilePathField.__init__().TildaDares
2026-04-28Refs CVE-2026-25674 -- Clarified role of umask in upload permissions.Shai Berger
2026-04-24Replaced references in docs to accepted PEPs with specific Python docs links.Mike Edmunds
Where the docs used `:pep:` links for established Python language features, replaced them with direct references to the Python docs (usually glossary terms).
2026-04-23Refs #12090 -- Documented parameters for contrib.admin.decorators.action().Sarah Boyce
2026-04-22Fixed #10919 -- Added delete_confirmation_max_display to ModelAdmin.Rodrigo Vieira
The new ModelAdmin.delete_confirmation_max_display attribute allows limiting the number of related objects shown on the delete confirmation page. When the limit is reached, a "…and N more objects." message is shown. The feature relies on a new truncated_unordered_list template filter added to django.contrib.admin.templatetags.admin_filters. Thanks Jacob Tyler Walls for the review and guidance, Tobias McNulty for the report, and terminator14 for the solution suggested.
2026-04-22Fixed #35870 -- Made blank choice label in forms more accessible.Annabelle Wiegart
Added new constant django.db.models.fields.BLANK_CHOICE_LABEL for an accessible and translatable blank choice label in forms. Deprecated django.db.models.fields.BLANK_CHOICE_DASH constant. Added the immediately deprecated transitional setting USE_BLANK_CHOICE_DASH. Co-Authored-By: Marijke Luttekes <mail@marijkeluttekes.dev>
2026-04-19Fixed #37024 -- Made SITE_ID system check validation use Site._meta.pk.Tim Graham
2026-04-18Fixed #37028 -- Added BitAnd(), BitOr(), and BitXor() aggregates.Mariusz Felisiak
2026-04-13Fixed #33113 -- Documented usage and caveats of HTML5 date input in ↵Samriddha9619
DateInput widget.
2026-04-07Fixed #37021 -- Added Permission.user_perm_str property.mariatta
For use in checking user permissions via has_perm(). Co-authored-by: 사재혁 <jaehyuck.sa.dev@gmail.com>
2026-04-07Fixed #36816 -- Allowed **kwargs in @task decorator.Nilesh Kumar Pahari
The decorator was updated to accept **kwargs and forward them to task_class, allowing additional parameters to be passed to custom Task subclasses.
2026-04-07Refs CVE-2026-33034 -- Improved security documentation on handling large ↵Jake Howard
request bodies. Notably that the limit can be bypassed under ASGI.
2026-04-02Refs #36862 -- Reiterated security note on both variants of ↵Jacob Walls
RemoteUserMiddleware.
2026-04-02Fixed #36862 -- Doc'd the need for a proxy when deploying ↵Jacob Walls
RemoteUserMiddleware under ASGI. We have a flood of nuisance security reports describing ASGI deployments using RemoteUserMiddleware without a fronting proxy, which is not realistic.
2026-03-28Refs #36526 -- Fixed bulk_update() batching example in docs.Georgios Verigakis
2026-03-19Fixed #36904 -- Clarified how to hide form field labels in docs.Amar
2026-03-16Removed reference to spatialreference.org being a Django website.David Smith
spatialreference.org has been redesigned, possibly in 2023 [1], and no longer uses Django, see repo [2]. [1] https://spatialreference.org/about.html [2] https://github.com/OSGeo/spatialreference.org
2026-03-14Fixed #35786 -- Removed outdated note about database defaults in ↵Ahmed Nassar
AddField/AlterField docs.
2026-03-04Fixed #21080 -- Ignored urls inside comments during collectstatic.James Bligh
Thanks Mariusz Felisiak for the review. Co-authored-by: Nathan Gaberel <nathan@gnab.fr>