I Use This!
Very High Activity

News

Analyzed about 19 hours ago. based on code collected about 20 hours ago.
Posted almost 4 years ago by Carlton Gibson
Today we've issued the 2.0.13 bugfix release. The release package and checksums are available from our downloads page, as well as from the Python Package Index. The PGP key ID used for this release is Carlton Gibson: E17DF5C82B4F9D00.
Posted almost 4 years ago by Carlton Gibson
Today we've issued the 2.1.7, 2.0.12 and 1.11.20 bugfix releases. The release package and checksums are available from our downloads page, as well as from the Python Package Index. The PGP key ID used for this release is Carlton Gibson: E17DF5C82B4F9D00.
Posted almost 4 years ago by Carlton Gibson
Django 2.2 beta 1 is now available. It represents the second stage in the 2.2 release cycle and is an opportunity for you to try out the changes coming in Django 2.2. Django 2.2 has a salmagundi of new features which you can read about in the ... [More] in-development 2.2 release notes. Only bugs in new features and regressions from earlier versions of Django will be fixed between now and 2.2 final (also, translations will be updated following the "string freeze" when the release candidate is issued). The current release schedule calls for a release candidate in a month from now with the final release to follow about two weeks after that around April 1. Early and often testing from the community will help minimize the number of bugs in the release. Updates on the release schedule schedule are available on the django-developers mailing list. As with all beta and beta packages, this is not for production use. But if you'd like to take some of the new features for a spin, or to help find and fix bugs (which should be reported to the issue tracker), you can grab a copy of the beta package from our downloads page or on PyPI. The PGP key ID used for this release is Carlton Gibson: E17DF5C82B4F9D00. [Less]
Posted almost 4 years ago by Carlton Gibson
In accordance with our security release policy, the Django team is issuing Django 1.11.19, Django 2.1.6, and Django 2.0.11. These releases addresses the security issue detailed below. We encourage all users of Django to upgrade as soon as possible. ... [More] CVE-2019-6975: Memory exhaustion in django.utils.numberformat.format() If django.utils.numberformat.format() -- used by contrib.admin as well as the the floatformat, filesizeformat, and intcomma templates filters -- received a Decimal with a large number of digits or a large exponent, it could lead to significant memory usage due to a call to '{:f}'.format(). To avoid this, decimals with more than 200 digits are now formatted using scientific notation. Thanks Sjoerd Job Postmus for reporting this issue. Affected supported versions Django master branch Django 2.2 (which will be released in a separate blog post later today) Django 2.1 Django 2.0 Django 1.11 Per our supported versions policy, Django 1.10 and older are no longer supported. Resolution Patches to resolve the issue have been applied to Django's master branch and the 2.2, 2.1, 2.0, and 1.11 release branches. The patches may be obtained from the following changesets: On the master branch On the 2.2 branch On the 2.1 release branch On the 2.0 release branch On the 1.11 release branch The following releases have been issued: Django 1.11.19 (download Django 1.11.19 | 1.11.19 checksums) Django 2.0.11 (download Django 2.0.11 | 2.0.11 checksums) Django 2.1.6 (download Django 2.1.6 | 2.1.6 checksums) Update: A packaging error affected these releases. Please use Django 1.11.20 (download Django 1.11.20 | 1.11.20 checksums), Django 2.0.13 (download Django 2.0.13 | 2.0.13 checksums), or Django 2.1.7 (download Django 2.1.7 | 2.1.7 checksums) or later versions. The PGP key ID used for these releases is Carlton Gibson: E17DF5C82B4F9D00. General notes regarding security reporting As always, we ask that potential security issues be reported via private email to security@djangoproject.com, and not via Django's Trac instance or the django-developers list. Please see our security policies for further information. [Less]
Posted almost 4 years ago by Brian Moloney
On December 21, 2018, the DSF made a call for Django Fellow applicants. On behalf of the Django Software Foundation, the DSF Fellowship Committee is pleased to announce Mariusz Felisiak as the newest Django Fellow. Mariusz is replacing Tim Graham ... [More] who recently announced his retirement as a Django Fellow after four years of service. Mariusz has been designing and implementing Python/Django applications for the past 11 years. He is an active Django Core Team Member, focusing on the ORM and Oracle back-end along with triaging tickets, reviewing pull requests and backporting changes. In addition, he has contributed to more than a dozen open-source projects and is a coach for Django Girls Heidelberg. The DSF received 6 applicants, all of which were reviewed by the Fellowship Committee before coming to a consensus decision on Mariusz. The level of talent and professionalism in the applicant pool made the decision process challenging. We are grateful for all who applied and their desire to participate in this important initiative. The Fellowship program has been a great success and is only possible through generous support of the Django Software Foundation. If you or your organization benefit from Django and the work of the Fellowship program, please consider a donation. Every dollar amount, large or small, makes an impact. [Less]
Posted almost 4 years ago by Carlton Gibson
Django 2.2 alpha 1 is now available. It represents the first stage in the 2.2 release cycle and is an opportunity for you to try out the changes coming in Django 2.2. Django 2.2 has a salmagundi of new features which you can read about in the ... [More] in-development 2.2 release notes. This alpha milestone marks the feature freeze. The current release schedule calls for a beta release in about a month and a release candidate about a month from then. We'll only be able to keep this schedule if we get early and often testing from the community. Updates on the release schedule are available on the django-developers mailing list. As with all alpha and beta packages, this is not for production use. But if you'd like to take some of the new features for a spin, or to help find and fix bugs (which should be reported to the issue tracker), you can grab a copy of the alpha package from our downloads page or on PyPI. The PGP key ID used for this release is Carlton Gibson: E17DF5C82B4F9D00. [Less]
Posted almost 4 years ago by Daniele Procida and the DjangoCon Europe 2019 team
Call for Participation We invite all Djangonauts, Pythonistas and people who could make a contribution to our community to attend and share their knowledge and insight. Our call for proposals remains open for another week, until the 20th January. ... [More] We’re looking for speakers of all experience levels and backgrounds, on any topic that could be relevant to our attendees - this includes non-technical talks that shed light on Django and our work with it. We support our speakers with: free admission to DjangoCon Europe grants to ensure that those who need additional financial support will be given the opportunity to attend (see below) a mentorship programme for speakers who'd like it Speaker diversity at DjangoCon Europe We especially want to feature more speakers from the sections of our community that are less well-represented at our events - we know they're there, and we know they're making contributions, but they get to speak less often to our audiences. Diversity in our community is a goal for us, and with each proposal and each speaker, we feel a real lift in our motivation, because we value the contribution it will make to our conference. We need to present a balanced roster of speakers, that captures a wealth of experience only possible through diversity of gender, ethnicity, age and other attributes, so we ask you to help us by coming forward with your proposal. Each year, DjangoCon Europe makes substantial efforts put together a diverse programme, and each year succeeds in bringing some new faces to the stage. We're trying to build on that - please help us. If you could be be a speaker yourself, tell us what you have to share; if you know someone else who has done something or thought something new or interesting - encourage them to put themselves forward. Opportunity Grants Our conference opportunity grant programme will provide financial assistance to attendees who'd otherwise find it difficult to attend. We can help with the cost of acommodation, travel and tickets. As usual, this is an important part of our event, and we have allocated substantial resources to supporting it. Please take advantage of it! Application must be submitted via our Grants page by 20th January. Accessibility at DjangoCon Europe 2019 You'll be glad to know that: Our venue is wheelchair-friendly. Catering will provide options to suit all dietary requirements (just let us know in advance, by the 26th March). We will have free child-care provision (important - we need to know your requirements by the 19th March.) Our talks will be supported by a live speech-to-text reporting service. There will be quiet spaces at the event where you can take a break from the conference bustle if you need one. We will be glad to hear from you about anything you need in order to make the event more accessible - and we will do our best to provide it. Please don't hesitate to ask. Social events Social events will reflect the character of Copenhagen and our venue, and in line with our conference aims will be safe (our Code of Conduct covers all conference-related activities) and suitable for all our attendees. Tickets Tickets are on sale, and generously discounted early-bird tickets are available until the end of January. As usual, tickets to the conference will sell out in advance. Don't leave it until too late! Sponsorship DjangoCon Europe is only possible through the contribution of commercial sponsors. We invite you to support us. We value the generous participation that businesses using Python and Django make to our event, and it's appreciated by our attendees too - they know how vital sponsors are to the event. Sponsors receive recognition in a number of ways. Please see our Sponsorship page for more information and the sponsorship opportunities available. [Less]
Posted almost 4 years ago by Tim Graham
In accordance with our security release policy, the Django team is issuing Django 1.11.18, Django 2.0.10, and Django 2.1.5. These release addresses the security issue detailed below. We encourage all users of Django to upgrade as soon as possible. ... [More] CVE-2019-3498: Content spoofing possibility in the default 404 page An attacker could craft a malicious URL that could make spoofed content appear on the default page generated by the django.views.defaults.page_not_found() view. The URL path is no longer displayed in the default 404 template and the request_path context variable is now quoted to fix the issue for custom templates that use the path. Affected supported versions Django master branch Django 2.1 Django 2.0 Django 1.11 Per our supported versions policy, Django 1.10 and older are no longer supported. Resolution Patches to resolve the issue have been applied to Django's master branch and the 2.1, 2.0, and 1.11 release branches. The patches may be obtained from the following changesets: On the master branch On the 2.1 release branch On the 2.0 release branch On the 1.11 release branch The following releases have been issued: Django 1.11.18 (download Django 1.11.18 | 1.11.18 checksums) Django 2.0.10 (download Django 2.0.10 | 2.0.10 checksums) Django 2.1.5 (download Django 2.1.5 | 2.1.5 checksums) The PGP key ID used for these releases is Tim Graham: 1E8ABDC773EDE252. General notes regarding security reporting As always, we ask that potential security issues be reported via private email to security@djangoproject.com, and not via Django's Trac instance, Django's GitHub repositories, or the django-developers list. Please see our security policies for further information. This issue was publicly reported through a GitHub pull request, therefore we fixed the issue as soon as possible without the usual prenotification process. [Less]
Posted almost 4 years ago by Brian Moloney
After ten years of contributing to Django, four of which were paid as part of the Django Fellowship program, Tim Graham has decided to step down as a Django Fellow this spring to explore other things. Tim has made an extraordinary impact as a Django ... [More] Fellow. The Django Software Foundation is grateful for his service and assistance. The Fellowship program was started in 2014 as a way to dedicate high-quality and consistent resources to the maintenance of Django. As Django has matured, the DSF has been able to fundraise and earmark funds for this vital role. As a result, the DSF currently supports two Fellows - Tim and Carlton Gibson. With the departure of Tim, the Django Software Foundation is announcing a call for Django Fellow applications. The new Fellow will work alongside Carlton. The position of Fellow is focused on maintenance and community support - the work that benefits most from constant, guaranteed attention rather than volunteer-only efforts. In particular, the duties include: Answering contributor questions on IRC and the django-developers mailing list Helping new Django contributors land patches and learn our philosophy Monitoring the security@djangoproject.com email alias and ensuring security issues are acknowledged and responded to promptly Fixing release blockers and helping to ensure timely releases Fixing severe bugs and helping to backport fixes to these and security issues Reviewing and merging pull requests Triaging tickets on Trac Being a Django contributor isn't a prerequisite for this position. We'll consider applications from anyone with a proven history of working with either the Django community or another similar open-source community. Geographical location isn't important either - we have several methods of remote communication and coordination that we can use depending on the timezone difference to the supervising members of Django. If you're interested in applying for the position, please email us describing why you would be a good fit along with details of your relevant experience and community involvement. Also, please include the amount of time each week you'd like to dedicate to the position (a minimum of 20 hours a week), your preferred hourly rate, and when you'd like to start working. Lastly, please include at least one recommendation. Applicants will be evaluated based on the following criteria: Details of Django and/or other open-source contributions Details of community support in general Understanding of the position Clarity, formality and precision of communications Strength of recommendation(s) Applications will be open until 1200 UTC, January 11, 2019, with the expectation that the successful candidate will be notified around January 25, 2019. [Less]
Posted almost 4 years ago by Frank Wiles
It is that time of year again when we recognize someone from our community in memory of our friend Malcolm. Malcolm was an early core contributor to Django and had both a huge influence and large impact on Django as we know it today. Besides being ... [More] knowledgeable he was also especially friendly to new users and contributors. He exemplified what it means to be an amazing Open Source contributor. We still miss him. The DSF Prize page summarizes the prize nicely: The Malcolm Tredinnick Memorial Prize is a monetary prize, awarded annually, to the person who best exemplifies the spirit of Malcolm’s work - someone who welcomes, supports and nurtures newcomers; freely gives feedback and assistance to others, and helps to grow the community. The hope is that the recipient of the award will use the award stipend as a contribution to travel to a community event -- a DjangoCon, a PyCon, a sprint -- and continue in Malcolm’s footsteps. We will take nominations until Sunday, December 23rd AoE and will announce the winner soon after. Please make your nominations using this google form. If you have any questions please reach out to the DSF Board at foundation@djangoproject.com. [Less]