============================================ Django 4.2 release notes - UNDER DEVELOPMENT ============================================ *Expected April 2023* Welcome to Django 4.2! These release notes cover the :ref:`new features `, as well as some :ref:`backwards incompatible changes ` you'll want to be aware of when upgrading from Django 4.1 or earlier. We've :ref:`begun the deprecation process for some features `. See the :doc:`/howto/upgrade-version` guide if you're updating an existing project. Python compatibility ==================== Django 4.2 supports Python 3.8, 3.9, 3.10, and 3.11. We **highly recommend** and only officially support the latest release of each series. .. _whats-new-4.2: What's new in Django 4.2 ======================== Minor features -------------- :mod:`django.contrib.admin` ~~~~~~~~~~~~~~~~~~~~~~~~~~~ * ... :mod:`django.contrib.admindocs` ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ * ... :mod:`django.contrib.auth` ~~~~~~~~~~~~~~~~~~~~~~~~~~ * The default iteration count for the PBKDF2 password hasher is increased from 390,000 to 480,000. :mod:`django.contrib.contenttypes` ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ * ... :mod:`django.contrib.gis` ~~~~~~~~~~~~~~~~~~~~~~~~~ * The :doc:`GeoJSON serializer ` now outputs the ``id`` key for serialized features, which defaults to the primary key of objects. :mod:`django.contrib.messages` ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ * ... :mod:`django.contrib.postgres` ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ * The new :lookup:`trigram_strict_word_similar` lookup, and the :class:`TrigramStrictWordSimilarity() ` and :class:`TrigramStrictWordDistance() ` expressions allow using trigram strict word similarity. :mod:`django.contrib.redirects` ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ * ... :mod:`django.contrib.sessions` ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ * ... :mod:`django.contrib.sitemaps` ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ * ... :mod:`django.contrib.sites` ~~~~~~~~~~~~~~~~~~~~~~~~~~~ * ... :mod:`django.contrib.staticfiles` ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ * ... :mod:`django.contrib.syndication` ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ * ... Cache ~~~~~ * ... CSRF ~~~~ * ... Decorators ~~~~~~~~~~ * ... Email ~~~~~ * ... Error Reporting ~~~~~~~~~~~~~~~ * ... File Storage ~~~~~~~~~~~~ * ... File Uploads ~~~~~~~~~~~~ * ... Forms ~~~~~ * ... Generic Views ~~~~~~~~~~~~~ * ... Internationalization ~~~~~~~~~~~~~~~~~~~~ * ... Logging ~~~~~~~ * ... Management Commands ~~~~~~~~~~~~~~~~~~~ * :djadmin:`makemessages` command now supports locales with private sub-tags such as ``nl_NL-x-informal``. * The new :option:`makemigrations --update` option merges model changes into the latest migration and optimizes the resulting operations. Migrations ~~~~~~~~~~ * The new :ref:`generic mechanism ` allows handling the deprecation of migration operations. Models ~~~~~~ * ... Requests and Responses ~~~~~~~~~~~~~~~~~~~~~~ * ... Security ~~~~~~~~ * ... Serialization ~~~~~~~~~~~~~ * ... Signals ~~~~~~~ * ... Templates ~~~~~~~~~ * ... Tests ~~~~~ * ... URLs ~~~~ * ... Utilities ~~~~~~~~~ * The new ``encoder`` parameter for :meth:`django.utils.html.json_script` function allows customizing a JSON encoder class. * The private internal vendored copy of ``urllib.parse.urlsplit()`` now strips ``'\r'``, ``'\n'``, and ``'\t'`` (see :cve:`2022-0391` and :bpo:`43882`). This is to protect projects that may be incorrectly using the internal ``url_has_allowed_host_and_scheme()`` function, instead of using one of the documented functions for handling URL redirects. The Django functions were not affected. Validators ~~~~~~~~~~ * ... .. _backwards-incompatible-4.2: Backwards incompatible changes in 4.2 ===================================== Database backend API -------------------- This section describes changes that may be needed in third-party database backends. * ... Dropped support for MariaDB 10.3 -------------------------------- Upstream support for MariaDB 10.3 ends in May 2023. Django 4.2 supports MariaDB 10.4 and higher. Dropped support for MySQL 5.7 ----------------------------- Upstream support for MySQL 5.7 ends in October 2023. Django 4.2 supports MySQL 8 and higher. Dropped support for PostgreSQL 11 --------------------------------- Upstream support for PostgreSQL 11 ends in November 2023. Django 4.2 supports PostgreSQL 12 and higher. Miscellaneous ------------- * The undocumented ``SimpleTemplateResponse.rendering_attrs`` and ``TemplateResponse.rendering_attrs`` are renamed to ``non_picklable_attrs``. * The undocumented ``django.http.multipartparser.parse_header()`` function is removed. Use ``django.utils.http.parse_header_parameters()`` instead. * :ttag:`{% blocktranslate asvar … %}` result is now marked as safe for (HTML) output purposes. .. _deprecated-features-4.2: Features deprecated in 4.2 ========================== ``index_together`` option is deprecated in favor of ``indexes`` --------------------------------------------------------------- The :attr:`Meta.index_together ` option is deprecated in favor of the :attr:`~django.db.models.Options.indexes` option. Migrating existing ``index_together`` should be handled as a migration. For example:: class Author(models.Model): rank = models.IntegerField() name = models.CharField(max_length=30) class Meta: index_together = [["rank", "name"]] Should become:: class Author(models.Model): ranl = models.IntegerField() name = models.CharField(max_length=30) class Meta: indexes = [models.Index(fields=["rank", "name"])] Running the :djadmin:`makemigrations` command will generate a migration containing a :class:`~django.db.migrations.operations.RenameIndex` operation which will rename the existing index. Miscellaneous ------------- * The ``BaseUserManager.make_random_password()`` method is deprecated. See `recipes and best practices `_ for using Python's :py:mod:`secrets` module to generate passwords. * The ``AlterIndexTogether`` migration operation is deprecated. * The ``length_is`` template filter is deprecated in favor of :tfilter:`length` and the ``==`` operator within an :ttag:`{% if %}` tag. For example .. code-block:: html+django {% if value|length == 4 %}…{% endif %} {% if value|length == 4 %}True{% else %}False{% endif %} instead of: .. code-block:: html+django {% if value|length_is:4 %}…{% endif %} {{ value|length_is:4 }} * ``django.contrib.auth.hashers.SHA1PasswordHasher``, ``django.contrib.auth.hashers.UnsaltedSHA1PasswordHasher``, and ``django.contrib.auth.hashers.UnsaltedMD5PasswordHasher`` are deprecated.