[54 total ]
Posted
4 days
ago
No, you’re not hallucinating, it’s really here.
Around three years ago, Adrian, Simon, Wilson and I released some code to the
world. Our plan was to hack quietly on it for a bit, release a solid 1.0
release, and then
... [More]
really get the ball rolling.
Well.
What happened, of course, was that an amazing community sprung up literally
overnight — our IRC channel had over a hundred people in it the day after
release, and it’s never been that “empty” since.
I really can’t stress enough how amazing our community of users and developers
are. About half of the code that’s gone into Django over the past three years
has been contributed by someone other than a core committer. Since our last
stable release, we’ve made over 4,000 code commits, fixed more than 2,000 bugs,
and edited, added, or removed around 350,000 lines of code. We’ve also added
40,000 lines of new documentation, and greatly improved what was already there.
Django 1.0 represents a the largest milestone in Django’s development to date: a
web framework that a group of perfectionists can truly be proud of. Without this
amazing community, though, it would have never happened.
You can download Django 1.0 on the Django downloads
page, and read the complete release
notes.
For distributors and for verification purposes, a file containing the MD5 and
SHA1 checksums of the 1.0 package has been placed on the djangoproject.com
server. This file
is PGP-signed with the Django release manager’s public key. This key has the ID
0x8C8B2AE1 and can be obtained from, e.g., the MIT PGP
keyserver. [Less]
Posted
5 days
ago
In accordance with the (updated) Django 1.0 release roadmap, today we've released the first release candidate for Django 1.0.
To grab a copy of the release candidate, head over to the Django downloads page, and be sure to read the release
... [More]
notes. Please keep in mind, though, that this release is not meant for production use, and is intended primarily for developers who are interested in checking out the new features in 1.0 and helping to identify and resolve bugs prior to the final release. The 1.0 alpha and beta releases and release candidates will not receive long-term support and will not be updated with security fixes, since their main purpose is to serve as a stepping-stone on the path to the final Django 1.0, due to be released as soon as possible..
For distributors and for verification purposes, a file containing the MD5 and SHA1 checksums of the release candidate package has been placed on the djangoproject.com server. This file is PGP-signed with the Django release manager's public key. This key has the ID 0x8C8B2AE1 and can be obtained from, e.g., the MIT PGP keyserver. [Less]
Posted
5 days
ago
In accordance with our security policy, today the Django project is
issuing a set of releases to fix a security vulnerability reported to
us. This message contains a description of the vulnerability, a
description of the changes made to
... [More]
fix it, and pointers to the patches
for each supported version of Django.
Description of vulnerability
The Django administration application, as a convenience for users
whose sessions expire, will attempt to preserve HTTP POST data from an
incoming submission while re-authenticating the user, and will -- on
successful authentication -- allow the submission to continue without
requiring data to be re-entered.
Django developer Simon Willison has presented the Django development
team with a proof-of-concept cross-site request forgery (CSRF) which
exploits this behavior to perform unrequested deletion/modification of
data. This exploit has been tested and verified by the Django team,
and succeeds regardless of whether Django's bundled CSRF-protection
module is active.
Affected versions
Django development trunk
Django 0.96
Django 0.95
Django 0.91
Resolution
As it represents a persistent vector for CSRF attacks, this behavior
is being removed from Django; henceforth, attempted posts from users
whose sessions have expired will be discarded and the data will need
to be re-entered.
This is, then, backwards-incompatible with existing behavior and may
be considered a feature removal; however, the Django team feel that
the security risks of this feature outweigh its minor utility.
The fix for this issue was applied to the Django repository in
changeset 8877, which contains the relevant changes for each affected
version
Based on these changes, the Django team is issuing three new releases:
Django 0.96.3: http://www.djangoproject.com/download/0.91.3/tarball/
Django 0.95.4: http://www.djangoproject.com/download/0.95.4/tarball/
Django 0.91.3: http://www.djangoproject.com/download/0.96.3/tarball/
The relevant patch has been applied to Django trunk as well, and so
will be included in the forthcoming Django 1.0 release candidate (to
be issued later today) and the final Django 1.0 release.
All users of affected Django versions are encouraged to upgrade
immediately.
A file containing the MD5 and SHA1 checksums of the new release
packages has been placed on the djangoproject.com server.
This file is PGP-signed with the Django release manager's public
key. This key has the ID 0x8C8B2AE1 and can be obtained
from, e.g., the MIT PGP keyserver
Release manager's note
If you are currently maintaining and distributing a packaged version
of Django (e.g., for a Linux or other Unix distribution), or if you
are a hosting company which officially supports Django as an option
for customers, and you did not receive an advance notification of
this issue, please contact Django's release manager (James Bennett,
james at b-list dot org) as soon as possible so that you can be added
to the list of known distributors who receive such notifications. [Less]
Posted
12 days
ago
In accordance with the (updated) Django 1.0 release roadmap, today we've released the second "beta" testing version of Django 1.0.
To grab a copy of 1.0 beta 2, head over to the Django downloads page, and be sure to read the release notes.
... [More]
Please keep in mind, though, that this release is not meant for production use, and is intended primarily for developers who are interested in checking out the new features in 1.0 and helping to identify and resolve bugs prior to the final release. The 1.0 alpha and beta releases will not receive long-term support and will not be updated with security fixes, since their main purpose is to serve as a stepping-stone on the path to the final Django 1.0, due to be released on September 2, 2008.
As of this release, Django is officially in a feature freeze for 1.0; from here on out, we'll only be working on bugs and stability before the final 1.0 release. If you'd like to help out, please review our documentation for contributors and feel free to join in one of the development sprints scheduled for the run up to 1.0. [Less]
Posted
12 days
ago
Come help us celebrate the release of Django 1.0!
Next week is going to be huge. We’ll be releasing Django 1.0 early in the week, and then the first DjangoCon kicks next Friday.
To celebrate the release of Django 1.0
... [More]
, we’ll be holding a dinner party at the Tied House in Mountain View on Saturday, September 6th at 7pm. The date and time are designed to tie in with DjangoCon, but anyone is invited — especially those who can’t attend DjangoCon.
We’ve reserved the whole restaurant for Django friends and fans. Dinner starts at 7pm, and the festivities should continue until about 10:30 or so. The party’s free, though the dinner and drinks aren’t. Tied House has good food and great beer; come hungry!
To make the night extra fun, we’ll be holding “lightning talks” at the party — five minute presentations on various Django-related topics. We’ll be asking speakers at the conference to present vastly twimmed-down versions of their conference talks, and we’ll be opening the floor up to anyone to present their own cool shit.
Tied House is located in downtown Mountain View (map). For DjangoCon attendees, that’s about 15 minutes away from the conference venue; we’ll caravan over (and provide transportation for folks without cars) right after the day’s talks end.
If you’ll be coming, please RSVP so that we can get an accurate headcount.
We’re also looking for sponsors for the party, so if you’re interested please contact us.
We hope to see you all there! [Less]
Posted
24 days
ago
In accordance with the Django 1.0 release roadmap, tonight we've released the first "beta" testing version of Django 1.0.
To grab a copy of 1.0 beta 1, head over to the Django downloads page, and be sure to read the release notes. Please
... [More]
keep in mind, though, that this release is not meant for production use, and is intended primarily for developers who are interested in checking out the new features in 1.0 and helping to identify and resolve bugs prior to the final release. The 1.0 alpha and beta releases will not receive long-term support and will not be updated with security fixes, since their main purpose is to serve as a stepping-stone on the path to the final Django 1.0 release.
The next step on that path will be the first Django 1.0 release candidate, currently scheduled for August 21. If you'd like to help out, please review our documentation for contributors and feel free to join in one of the development sprints scheduled for the run up to 1.0; the full schedule is available in the Django 1.0 release roadmap. [Less]
Posted
about 1 month
ago
In accordance with the Django 1.0 release roadmap, tonight we've released the second "alpha" testing version of Django 1.0.
To grab a copy of 1.0 alpha 2, head over to the Django downloads page, and be sure to read the release notes. Please
... [More]
keep in mind, though, that this release is not meant for production use, and is intended primarily for developers who are interested in checking out the new features in 1.0 and helping to identify and resolve bugs prior to the final release. The 1.0 alpha releases will not receive long-term support and will not be updated with security fixes, since their main purpose is to serve as a stepping-stone on the path to the final Django 1.0 release.
The next step on that path will be the Django 1.0 beta release, currently scheduled for August 14. If you'd like to help out, please review our documentation for contributors and feel free to join in one of the development sprints scheduled for the run up to 1.0; the full schedule is available in the Django 1.0 release roadmap. [Less]
Posted
about 1 month
ago
A couple of quick updates:
DjangoCon tickets
Tickets for DjangoCon will be made available in a
couple of batches of 100 tickets each. The first set of tickets will be
available at 12:00pm (noon) UTC on Thursday, July 31st
... [More]
, and
the second set will be released at 6:00pm UTC on Friday, August 1st.
We’ll add a registration link to djangocon.org at those times.
We’re very sorry that we couldn’t accommodate more attendees; we’re limited by a tight schedule and a limited budget. The good news is that all the talks will be videotaped and made available online for those who can’t attend.
Django 1.0 release schedule
We’ve been plowing ahead towards Django’s 1.0 release in early September. Since last week’s 1.0 alpha release we’ve continued to make some pretty nice improvements, including more flexible syntax for admin registration, support for custom cache backends, and “else” option for the “ifchanged” tag, and — the biggie — support for intermediary models in many-to-many relations.
We plan to release Django 1.0 beta in about a week. This first beta release will mark feature-freeze for 1.0, so this weekend’s sprint will be critical in getting the final features for 1.0 wrapped up and out the door. We’d love to have your help this weekend! [Less]
Posted
about 1 month
ago
In accordance with the Django 1.0 release roadmap, tonight we've released the first "alpha" testing version of Django 1.0. This release includes all of the major features due for inclusion in the final Django 1.0, though some lower-priority items are
... [More]
still scheduled to be included before the 1.0 feature freeze, which will occur with the first beta release next month.
To grab a copy of the 1.0 alpha, head over to the Django downloads page, and be sure to read the release notes. Please keep in mind, though, that this release is not meant for production use, and is intended primarily for developers who are interested in checking out the new features in 1.0 and helping to identify and resolve bugs prior to the final release. The 1.0 alpha will not receive long-term support and will not be updated with security fixes, since its main purpose is to serve as a stepping-stone on the path to the final Django 1.0 release.
The next step on that path will be the first Django 1.0 beta release, currently scheduled for August 5. If you'd like to help out, please review our documentation for contributors and feel free to join in one of the development sprints scheduled for the run up to 1.0; the full schedule is available in the Django 1.0 release roadmap. [Less]
Posted
about 1 month
ago
This is a quick PSA for Django users following Django’s development
version.
At today’s sprint in
Sausalito we’ll
be making a series of backwards-incompatible changes with an eye towards the
1.0
... [More]
alpha
release next
week. These changes have been planned for some time, but today we’ll be making
them all at once.
So expect some big changes over the course of the day. We’ll post a summary of
the results of the sprint tonight.
Of course, if you aren’t too busy today, come join the
sprint! [Less]
