mirrors/django
mirrors/django
0
0
Fork 0
mirror of https://github.com/django/django.git synced 2024-11-25 07:59:34 +01:00
Code Issues Releases Wiki Activity
03eec9ff6c
django/docs/releases/4.2.txt
Michael Manfre 03eec9ff6c Updated vendored _urlsplit() to strip newline and tabs. 
Refs Python CVE-2022-0391. Django is not affected, but others who
incorrectly use internal function url_has_allowed_host_and_scheme()
with unsanitized input could be at risk.
2022-07-01 08:48:38 +02:00

278 lines
5.0 KiB
Plaintext
Raw Blame History

============================================
Django 4.2 release notes - UNDER DEVELOPMENT
============================================
*Expected April 2023*
Welcome to Django 4.2!
These release notes cover the :ref:`new features <whats-new-4.2>`, as well as
some :ref:`backwards incompatible changes <backwards-incompatible-4.2>` you'll
want to be aware of when upgrading from Django 4.1 or earlier. We've
:ref:`begun the deprecation process for some features
<deprecated-features-4.2>`.
See the :doc:`/howto/upgrade-version` guide if you're updating an existing
project.
Python compatibility
====================
Django 4.2 supports Python 3.8, 3.9, 3.10, and 3.11. We **highly recommend**
and only officially support the latest release of each series.
.. _whats-new-4.2:
What's new in Django 4.2
========================
Minor features
--------------
:mod:`django.contrib.admin`
~~~~~~~~~~~~~~~~~~~~~~~~~~~
* ...
:mod:`django.contrib.admindocs`
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* ...
:mod:`django.contrib.auth`
~~~~~~~~~~~~~~~~~~~~~~~~~~
* The default iteration count for the PBKDF2 password hasher is increased from
390,000 to 480,000.
:mod:`django.contrib.contenttypes`
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* ...
:mod:`django.contrib.gis`
~~~~~~~~~~~~~~~~~~~~~~~~~
* The :doc:`GeoJSON serializer </ref/contrib/gis/serializers>` now outputs the
``id`` key for serialized features, which defaults to the primary key of
objects.
:mod:`django.contrib.messages`
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* ...
:mod:`django.contrib.postgres`
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* The new :lookup:`trigram_strict_word_similar` lookup, and the
:class:`TrigramStrictWordSimilarity()
<django.contrib.postgres.search.TrigramStrictWordSimilarity>` and
:class:`TrigramStrictWordDistance()
<django.contrib.postgres.search.TrigramStrictWordDistance>` expressions allow
using trigram strict word similarity.
:mod:`django.contrib.redirects`
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* ...
:mod:`django.contrib.sessions`
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* ...
:mod:`django.contrib.sitemaps`
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* ...
:mod:`django.contrib.sites`
~~~~~~~~~~~~~~~~~~~~~~~~~~~
* ...
:mod:`django.contrib.staticfiles`
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* ...
:mod:`django.contrib.syndication`
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* ...
Cache
~~~~~
* ...
CSRF
~~~~
* ...
Decorators
~~~~~~~~~~
* ...
Email
~~~~~
* ...
Error Reporting
~~~~~~~~~~~~~~~
* ...
File Storage
~~~~~~~~~~~~
* ...
File Uploads
~~~~~~~~~~~~
* ...
Forms
~~~~~
* ...
Generic Views
~~~~~~~~~~~~~
* ...
Internationalization
~~~~~~~~~~~~~~~~~~~~
* ...
Logging
~~~~~~~
* ...
Management Commands
~~~~~~~~~~~~~~~~~~~
* :djadmin:`makemessages` command now supports locales with private sub-tags
such as ``nl_NL-x-informal``.
* The new :option:`makemigrations --update` option merges model changes into
the latest migration and optimizes the resulting operations.
Migrations
~~~~~~~~~~
* ...
Models
~~~~~~
* ...
Requests and Responses
~~~~~~~~~~~~~~~~~~~~~~
* ...
Security
~~~~~~~~
* ...
Serialization
~~~~~~~~~~~~~
* ...
Signals
~~~~~~~
* ...
Templates
~~~~~~~~~
* ...
Tests
~~~~~
* ...
URLs
~~~~
* ...
Utilities
~~~~~~~~~
* The new ``encoder`` parameter for :meth:`django.utils.html.json_script`
function allows customizing a JSON encoder class.
* The private internal vendored copy of ``urllib.parse.urlsplit()`` now strips
``'\r'``, ``'\n'``, and ``'\t'`` (see :cve:`2022-0391` and :bpo:`43882`).
This is to protect projects that may be incorrectly using the internal
``url_has_allowed_host_and_scheme()`` function, instead of using one of the
documented functions for handling URL redirects. The Django functions were
not affected.
Validators
~~~~~~~~~~
* ...
.. _backwards-incompatible-4.2:
Backwards incompatible changes in 4.2
=====================================
Database backend API
--------------------
This section describes changes that may be needed in third-party database
backends.
* ...
Dropped support for MariaDB 10.3
--------------------------------
Upstream support for MariaDB 10.3 ends in May 2023. Django 4.2 supports MariaDB
10.4 and higher.
Dropped support for PostgreSQL 11
---------------------------------
Upstream support for PostgreSQL 11 ends in November 2023. Django 4.2 supports
PostgreSQL 12 and higher.
Miscellaneous
-------------
* The undocumented ``SimpleTemplateResponse.rendering_attrs`` and
``TemplateResponse.rendering_attrs`` are renamed to ``non_picklable_attrs``.
* The undocumented ``django.http.multipartparser.parse_header()`` function is
removed. Use ``django.utils.http.parse_header_parameters()`` instead.
.. _deprecated-features-4.2:
Features deprecated in 4.2
==========================
Miscellaneous
-------------
* The ``BaseUserManager.make_random_password()`` method is deprecated. See
`recipes and best practices
<https://docs.python.org/3/library/secrets.html#recipes-and-best-practices>`_
for using Python's :py:mod:`secrets` module to generate passwords.
View Git Blame Copy Permalink