fidzu : Django

News

Django security releases issued: 6.0.3, 5.2.12, and 4.2.29

Django 6.0.3, 5.2.12, and 4.2.29 were released to fix two security issues: URLField DoS on Windows and file permission race conditions.

djangoproject.com

Releases

Python 3.12.13, 3.11.15 and 3.10.20 are now available!

Python 3.12.13, 3.11.15, and 3.10.20 fix security and denial-of-service vulnerabilities in email, HTTP cookies, WSGI headers, XML parsing, and SSL.

python.org

Python Software Foundation

PEP 827 - Type Manipulation

PEP 827 proposes extensive type-level introspection and construction APIs in typing to enable computed types for ORMs, dataclass-style transforms, and decorator typing.

python.org

The Python Insider Blog Has Moved!

Python Insider moved to a Git backed Markdown workflow with a static Astro site, GitHub Actions, and RSS, simplifying contributions and versioned posts.

python.org

Djangonaut Space News

2026 Session 6 Team Introductions!

Djangonaut Space introduces the six teams for its sixth session, pairing volunteers and new contributors to collaborate on projects ranging from Django core and accessibility improvements to django CMS, BeeWare, and deployment tools.

djangonaut.space

Wagtail CMS News

Our projects for Google Summer of Code 2026

Wagtail will mentor GSoC 2026 projects, including bakerydemo redesign, starter kit overhaul, and multilingual improvements to core and wagtail-localize for CMS contributors.

wagtail.org

Our roadmap for the next 6 months

Wagtail roadmap targets UX and editor improvements, Django modelsearch enhancements, customizable page models, SEO and AI content checks, autosave polish, and LTS stability.

wagtail.org

Updates to Django

Today, "Updates to Django" is presented by Johanan from Djangonaut Space! 🚀

Last week we had 23 pull requests merged into Django by 17 different contributors - including 6 first-time contributors! Congratulations to Pierre Sassoulas, Abhimanyu Singh Negi, Sam.An, Anurag Verma, Zac Iloka and Elias Hernandis for having their first commits merged into Django - welcome on board!

This week's Django highlights:

• Removed empty exc_info from log_task_finished signal handler.(#36951)

• Renamed permissions upon model renaming in migrations. (#27489) This ticket was created 9 years ago . Thanks to everyone who worked on this 🎉

• Improved the accessibility of admin form label(#34643).

Django Newsletter

Sponsored Link 1

Sponsor Django News

Reach 4,300+ highly-engaged and experienced Django developers.

django-news.com

Articles

Making Django unique constraints case-insensitive (with no downtime)

Fix Django's case-sensitive unique constraint pitfalls by cleaning duplicates, adding Lower() constraints, and safely migrating with PostgreSQL CONCURRENTLY to avoid downtime.

cliffordgama.com

Row Locks With Joins Can Produce Surprising Results in PostgreSQL

A subtle PostgreSQL concurrency edge case shows how SELECT ... FOR UPDATE with joins can unexpectedly return missing or partial results under Read Committed isolation, and explores safer query patterns to avoid it.

hakibenita.com

Pytest parameter functions

Use helper functions that return pytest.param to preprocess multiline strings or file contents, and assign concise IDs to make parametrized pytest test cases clearer.

nedbatchelder.com

I Checked 5 Security Skills for Claude Code. Only One Is Worth Installing

A deep dive into five Claude Code security review skills reveals that most are shallow checklists prone to false positives, while Sentry's standout skill delivers a context-aware methodology that actually finds real vulnerabilities.

timonweb.com

State of WASI support for CPython: March 2026

PEP 816 locks WASI and WASI SDK versions for CPython 3.15, enabling stable build targets while work continues on packaging, deps, and socket support.

snarky.ca

Videos

Python Unplugged on PyTV - Free Online Python Conference livestream available

The first PyTV, a global online Python conference, occurred as a livestream on Wednesday. Django speakers included Sarah Boyce, Sheena O'Connell, Carlton Gibson, Mark Smith, Paul Everitt, and others. Time stamps in the description!

youtube.com

Django Job Board

The Python Software Foundation is hiring an Infrastructure Engineer to help maintain the systems that power Python's infrastructure.

TurnTable is seeking a Lead Backend Engineer to build and scale backend systems for its music collaboration platform.

djangojobboard.com

Projects

Django (anti)patterns

Django Antipatterns is a community-maintained reference that highlights common mistakes in Django projects and explains better patterns developers can use instead.

django-antipatterns.com

yassi/dj-control-room

The control room for your Django app.

github.com

trottomv/django-never-cache

A lightweight Django package to simplify Cache-Control configuration for sensitive views.

github.com

Sponsorship

🚀 Reach 4,300+ Django Developers Every Week

Want to reach developers who actually read what they subscribe to?

Django News lands in the inboxes of 4,300+ Django and Python developers every week. With a 52% open rate and 15% click rate, sponsors get their message in front of builders who actively use Django.

Promote your product, service, event, job, or open source project to a highly engaged developer audience while supporting the newsletter.

👉 Explore sponsorship options: https://django-news.com/sponsorship

django-news.com

This RSS feed is published on https://django-news.com/. You can also subscribe via email.

06 Mar 2026 5:00pm GMT

I've been working for roughly 5 years now in an app that is localized to Swedish, so I have built up some opinions on how to manage translation of a Django project. Here's my list of things I do currently:

Always use gettext_lazy

I've been bitten many times by accidentally using gettext when I should have used gettext_lazy, resulting in strings that were stuck in English or Swedish randomly because a user with a specific language caused that piece of code to be imported.

I realize that there are some performance implications here, but compared to stuff like database access this is tiny and has never shown up in profiler outputs, so I will gladly take this hit and avoid these bugs that tend to be hard to track down (if they even get reported by users at all!).

A simple naive hand-rolled static analysis test that forbids usages of plain gettext in the code base is easy to implement and stops a whole class of bugs.

Django models

The Okrand setting django_model_upgrade which dynamically sets verbose_name for all fields correctly with the normal default, and on the model sets up verbose_name and verbose_name_plural. Then when you run the Okrand collect command you will get strings to translate without polluting your source with silly stuff like

class Foo(Model):
    user = ForeignKey(User, verbose_name=gettext_lazy('user'))
    
    class Meta:
        verbose_name = gettext_lazy('foo')
        verbose_name_plural = gettext_lazy('foos')

and you can instead have models like:

class Foo(Model):
    user = ForeignKey(User)

You can still write them out explicitly if you need them to differ from the defaults.

Elm

There's a built-in regex pattern for ML-style languages in Okrand that makes it quite easy to collect strings from Elm code.

Menu translations

I use the iommi MainMenu system which looks something like this:

menu = MainMenu(
        items=dict(
                albums=M(view=albums_view),
                artists=M(view=artists_view),
        ),
)

Since Okrand has a plugin system, I can build a little function that loops over this menu and collects these identifiers into translation strings. In the example above this would be "albums" and "artists". I enjoy not having to write the English base string that is 99% the exact same as the identifier (after replacing _ with space), which keeps the business logic clean.

Stick to lowercase as far as possible

I was frustrated by the translation files ending up with translations for "album" and "Album", "artist" and "Artist" over and over. The solution I came up with was to define two simple functions:

def Trans(s):
    return capfirst(gettext_lazy(s))

def trans(s):
    return gettext_lazy(s)

I like the semantic weight of having Trans("album") mean that the word should start with uppercase in that place while trans("album") meaning that it should stay as lowercase. One could also add TRANS("album") if one wants all uppercase of a string for example.

05 Mar 2026 6:00am GMT

05 Mar 2026 5:00am GMT

This post is the second in a three-part series reflecting on DjangoCon US 2025. In this post, I'm reflecting on experiencing DjangoCon 2025 from the audience while serving as conference chair.

02 Mar 2026 9:00pm GMT

Recently, I developed a reusable Django app django-clearplaintext for normalizing plain text in Django templates. And to package and test it properly, I had a fresh look to Tox.

Tox is the standard testing tool that creates isolated virtual environments, installs the exact dependencies you specify, and runs your test suite in each one - all from a single command.

This post walks through a complete, working setup using a minimal example app called django-shorturl.

The Example App: django-shorturl

django-shorturl is a self-contained Django app with one model and one view.

shorturl/models.py

from django.db import models
from django.utils.translation import gettext_lazy as _

class ShortLink(models.Model):
    slug = models.SlugField(_("slug"), unique=True)
    target_url = models.URLField(_("target URL"))
    created_at = models.DateTimeField(_("created at"), auto_now_add=True)

    class Meta:
        verbose_name = _("short link")
        verbose_name_plural = _("short links")

    def __str__(self):
        return self.slug

shorturl/views.py

from django.shortcuts import get_object_or_404, redirect

from .models import ShortLink

def redirect_link(request, slug):
    link = get_object_or_404(ShortLink, slug=slug)
    return redirect(link.target_url)

shorturl/urls.py

from django.urls import path

from . import views

urlpatterns = [
    path("<slug:slug>/", views.redirect_link, name="redirect_link"),
]

shorturl/admin.py

from django.contrib import admin
from .models import ShortLink

admin.site.register(ShortLink)

Project Layout

django-shorturl/
├── src/
│   └── shorturl/
│       ├── __init__.py
│       ├── admin.py
│       ├── models.py
│       ├── views.py
│       └── urls.py
├── tests/
│   ├── __init__.py
│   └── test_views.py
├── pyproject.toml
├── test_settings.py
└── tox.ini

The source lives under src/ and the tests are at the top level, separate from the package. This separation prevents the tests from accidentally being shipped inside the installed package.

Packaging: pyproject.toml

Tox needs a properly packaged app to install into each environment. With isolated_build = true (more on that below), Tox builds a wheel from your pyproject.toml before running any tests.

pyproject.toml

[project]
name = "django-shorturl"
version = "1.0.0"
requires-python = ">=3.8"
dependencies = [
    "Django>=4.2",
]

[build-system]
requires = ["setuptools"]
build-backend = "setuptools.build_meta"

[tool.setuptools.packages.find]
where = ["src"]

The dependencies list here declares the runtime minimum - your app needs Django, but you don't pin a specific version because that is Tox's job during testing.

For the [build-system] section, we can also use uv_build to gain some performance improvements:

[build-system]
requires = ["uv_build >= 0.10.0, <0.11.0"]
build-backend = "uv_build"

[tool.uv.build-backend]
module-name = "shorturl"

Here module-name lets uv_build not to get confused between django-shorturl and shorturl.

Test Settings: test_settings.py

Django requires a settings module to run. As we don't have an associated project, we have to create a minimal one by defining project settings in the project's settings, create a minimal one dedicated to testing. It lives at the repo root so it's easy to point to from anywhere.

test_settings.py

SECRET_KEY = "test"

INSTALLED_APPS = [
    "shorturl",
]

DATABASES = {
    "default": {
        "ENGINE": "django.db.backends.sqlite3",
        "NAME": ":memory:",
    }
}

ROOT_URLCONF = "shorturl.urls"

DEFAULT_AUTO_FIELD = "django.db.models.AutoField"

A few deliberate choices here:

• SECRET_KEY = "test" - A fixed value, fine for tests, but never use this in production.
• INSTALLED_APPS - Only include apps that your tests actually need. No django.contrib.admin, no auth, nothing extra.
• SQLite in-memory database - ":memory:" means the database is created fresh for every test run and disappears when the process exits. No files left behind, no teardown needed, and it is fast.
• ROOT_URLCONF - The test client resolves URLs through this setting. Without it, reverse() raises NoReverseMatch and the test client has no URL configuration to dispatch against. Point it at your app's urls.py.
• DEFAULT_AUTO_FIELD - Suppresses Django's system check warning about the implicit primary key type. Setting it explicitly keeps the test output clean and makes the expectation clear.

The Core: tox.ini

This is where Tox is configured.

tox.ini

[tox]
envlist =
    py{38,39,310,311,312}-django42,
    py{310,311,312}-django50,
    py{310,311,312,313}-django51,
    py{310,311,312,313,314}-django52,
    py{312,313,314}-django60

isolated_build = true

[testenv]
deps =
    django42: Django>=4.2,<4.3
    django50: Django>=5.0,<5.1
    django51: Django>=5.1,<5.2
    django52: Django>=5.2,<6.0
    django60: Django>=6.0,<6.1
commands =
    python -m django test
setenv =
    DJANGO_SETTINGS_MODULE = test_settings

envlist - the matrix

py{38,39,310,311,312}-django42 is a shortcut used in Tox.

The numbers inside {} are expanded automatically. Tox combines each Python version with django42, creating 5 environments:

• py38-django42
• py39-django42
• py310-django42
• py311-django42
• py312-django42

The full envlist simply lists all Python and Django combinations you want to test, so you can check that your project works in each setup.

Each part separated by a dash in an environment name is called a "factor". You can have as many factors as you like, and they can be named anything. py* factors are a convention for Python versions. Others need to be defined in the [testenv] deps section.

isolated_build = true

This tells tox to build a proper wheel from your pyproject.toml before installing into each environment. Without it, tox would try to install your package with pip install -e ., which bypasses the build system and can hide packaging bugs. With it, each environment tests the package exactly as a user would receive it after pip install django-shorturl.

deps - conditional dependencies

The django42: prefix is a Tox factor condition: the dependency on that line is only installed when the environment name contains the django42 factor. This is how a single [testenv] block handles all Django versions without needing a separate section for each one.

Tox also installs your package itself into each environment (because of isolated_build), so you don't need to list it here.

commands

commands =
    python -m django test

python -m django test is Django's built-in test runner. It discovers tests by looking for files matching test*.py under the current directory, which picks up everything in your tests/ folder automatically.

setenv

setenv =
    DJANGO_SETTINGS_MODULE = test_settings

Django refuses to run without a settings module. This environment variable tells it where to find yours. Because test_settings.py is at the repo root and tox runs from the repo root, the module name test_settings resolves correctly without any path manipulation.

Writing the Tests

Create test cases for each (critical) component of your app. For example, if you have models, views, and template tags, create tests/test_models.py, tests/test_views.py, and tests/test_templatetags.py.

tests/test_views.py

from django.test import TestCase
from django.urls import reverse

from shorturl.models import ShortLink


class RedirectLinkViewTest(TestCase):
    def setUp(self):
        ShortLink.objects.create(
            slug="dt",
            target_url="https://www.djangotricks.com",
        )

    def test_redirects_to_target_url(self):
        response = self.client.get(
            reverse(
                "redirect_link", kwargs={"slug": "dt"}
            )
        )
        self.assertRedirects(
            response,
            "https://www.djangotricks.com",
            fetch_redirect_response=False,
        )

    def test_returns_404_for_unknown_slug(self):
        response = self.client.get(
            reverse(
                "redirect_link", kwargs={"slug": "nope"}
            )
        )
        self.assertEqual(response.status_code, 404)

Installing Python Versions with pyenv

Tox needs the actual Python binaries for every version in your envlist. If you try to run tox without them installed, it will fail immediately with an InterpreterNotFound error. pyenv is the standard way to install and manage multiple Python versions side by side.

Install pyenv

Use Homebrew on macOS (or follow the official instructions for Linux):

brew install pyenv

Add the following to your shell config (~/.zshrc, ~/.bashrc, etc.) and restart your shell:

export PYENV_ROOT="$HOME/.pyenv"
export PATH="$PYENV_ROOT/bin:$PATH"
eval "$(pyenv init -)"

Install each Python version

Install every version that appears in your envlist:

pyenv install 3.8
pyenv install 3.9
pyenv install 3.10
pyenv install 3.11
pyenv install 3.12
pyenv install 3.13
pyenv install 3.14

Make them all reachable at once

Tox resolves py312 by looking for a binary named python3.12 on PATH. The trick is pyenv global, which accepts multiple versions and places all of their binaries on your PATH simultaneously:

pyenv global 3.14 3.13 3.12 3.11 3.10 3.9 3.8

List the first (the one python3 and python resolve to) and work downward. After running this, confirm every interpreter is visible:

python3.8 --version   # Python 3.8.x
python3.9 --version   # Python 3.9.x
python3.10 --version   # Python 3.10.x
python3.11 --version   # Python 3.11.x
python3.12 --version   # Python 3.12.x
python3.13 --version   # Python 3.13.x
python3.14 --version   # Python 3.14.x

Now tox can find all of them and the full matrix will run without InterpreterNotFound errors.

Running tox

Run the full matrix:

tox

Or run a single environment:

tox -e py312-django52

tox will print a summary at the end showing which environments passed and which failed.

  py38-django42: OK (3.25=setup[2.32]+cmd[0.93] seconds)
  py39-django42: OK (2.88=setup[2.16]+cmd[0.72] seconds)
  py310-django42: OK (2.61=setup[2.02]+cmd[0.59] seconds)
  py311-django42: OK (2.70=setup[2.09]+cmd[0.61] seconds)
  py312-django42: OK (3.28=setup[2.46]+cmd[0.82] seconds)
  py310-django50: OK (2.67=setup[2.09]+cmd[0.58] seconds)
  py311-django50: OK (2.61=setup[2.02]+cmd[0.59] seconds)
  py312-django50: OK (2.85=setup[2.25]+cmd[0.60] seconds)
  py310-django51: OK (2.81=setup[2.27]+cmd[0.54] seconds)
  py311-django51: OK (2.85=setup[2.30]+cmd[0.55] seconds)
  py312-django51: OK (2.70=setup[2.09]+cmd[0.61] seconds)
  py313-django51: OK (2.97=setup[2.29]+cmd[0.68] seconds)
  py310-django52: OK (3.03=setup[2.31]+cmd[0.72] seconds)
  py311-django52: OK (2.88=setup[2.22]+cmd[0.66] seconds)
  py312-django52: OK (2.80=setup[2.13]+cmd[0.67] seconds)
  py313-django52: OK (4.70=setup[3.66]+cmd[1.04] seconds)
  py314-django52: OK (6.41=setup[5.18]+cmd[1.23] seconds)
  py312-django60: OK (5.13=setup[4.06]+cmd[1.07] seconds)
  py313-django60: OK (5.35=setup[4.15]+cmd[1.21] seconds)
  py314-django60: OK (6.01=setup[4.65]+cmd[1.37] seconds)
  congratulations :) (70.59 seconds)

Final Words

What makes this setup robust?

• No shared state between environments. Each Tox environment is its own virtualenv with its own Django installation.
• The package is built, not symlinked. isolated_build = true catches packaging mistakes before they reach users.
• The database never persists between runs. SQLite in-memory means no stale data, no cleanup scripts, no CI-specific teardown.
• The test settings are minimal by design. Fewer installed apps means faster startup, fewer implicit dependencies, and tests that fail for clear, local reasons rather than configuration noise from elsewhere in the project.

This setup is not the only way to test a Django app with Tox, but it is a solid starting point that balances comprehensiveness with maintainability. With a little effort upfront, you can ensure your app works across a wide range of Python and Django versions - and catch packaging bugs before they hit real users.

27 Feb 2026 6:00pm GMT

News

Google Summer of Code 2026 with Django

All the information you need to apply for Django's 21st consecutive year in the program.

djangoproject.com

Django Software Foundation

DSF member of the month - Baptiste Mispelon

Baptiste is a long-time Django and Python contributor who co-created the Django Under the Hood conference series and serves on the Ops team maintaining its infrastructure. He has been a DSF member since November 2014. You can learn more about Baptiste by visiting Baptiste's website and his GitHub Profile.

djangoproject.com

Wagtail CMS News

The *1000 most popular* Django packages

Based on GitHub stars and PyPI download numbers.

wagtail.org

Updates to Django

Today, "Updates to Django" is presented by Johanan from Djangonaut Space! 🚀

Last week we had 11 pull requests merged into Django by 10 different contributors - including 4 first-time contributors! Congratulations to Saish Mungase, Marco Aurélio da Rosa Haubrich, 조형준 and Muhammad Usman for having their first commits merged into Django - welcome on board!

This week's Django highlights:

• BuiltinLookup.as_sql() now correctly handles parameters returned as tuples, ensuring consistency with release note guidance for custom lookups. This avoids the need for developers to audit both process_lhs() and as_sql() for tuple/list resilience when subclassing BuiltinLookup. (#36934) (#35972)

• Support for GEOS 3.9 dropped.(#36929)

• SessionBase.__bool__() has been implemented, allowing session objects to be evaluated directly in boolean contexts instead of relying on truthiness checks. (#36899)

Django Newsletter

Django Fellow Reports

Django Fellow Report - Jacob

A short week with a US holiday and some travel to visit family, but still 4 tickets triaged, 12 reviewed, 3 authored, security report, and more.

djangoproject.com

Django Fellow Report - Natalia

Roughly 70% of my time this week went into security work, which continues being quite demanding. The remaining time was primarily dedicated to Mike's excellent write-up on the dictionary-based EMAIL_PROVIDERS implementation and migration, along with a smaller amount of ticket triage and PR review.

Also 2 tickets triaged, 9 reviewed, and other misc.

djangoproject.com

Sponsored Link 1

PyTV - Free Online Python Conference (March 4th)

1 Day, 15 Speakers, 6 hours of live talks including from Sarah Boyce, Sheena O'Connell, Carlton Gibson, and Will Vincent. Sign up and save the date!

jetbrains.com

Articles

⭐ Django ORM Standalone⁽¹⁾: Querying an existing database

A practical step-by-step guide to using Django ORM in standalone mode to connect to and query an existing database using inspectdb.

paulox.net

Using tox to Test a Django App Across Multiple Django Versions

A practical, production-ready guide to using tox to test your reusable Django app across multiple Python and Django versions, complete with packaging, minimal test settings, and a full version matrix.

djangotricks.com

How I Use django-simple-nav for Dashboards, Command Palettes, and More

Jeff shares how he uses django-simple-nav to define navigation once in Python and reuse it across dashboards and even a lightweight HTMX-powered command palette.

webology.dev

Serving Private Files with Django and S3

Django's FileField and ImageField are good at storing files, but on their own they don't let us control access. When …

lincolnloop.com

CLI subcommands with lazy imports

In case you didn't hear, PEP 810 got accepted which means Python 3.15 is going to support lazy imports! One of the selling points of lazy imports is with code that has a CLI so that you only import code as necessary, making the app a bit more snappy

snarky.ca

Events

DjangoCon US Updated Dates

The conference is now August 24-28, 2026 in Chicago, Illinois. The Call for Proposals (CFP) is open until March 16. And Early Bird Tickets are now available!

djangocon.us

Sponsored Link 2

Sponsor Django News

Reach 4,300+ highly-engaged and experienced Django developers.

django-news.com

Podcasts

Django Chat #196: Freelancing & Community - Andrew Miller

Andrew is a prolific software developer based out of Cambridge, UK. He runs the solo agency Software Crafts, writes regularly, is a former Djangonaut, and co-founder of the AI banking startup Hamilton Rock.

djangochat.com

PyPodcats Episode 11 with Sheena O'Connell

Sheena O'Connell tells us about her journey, the importance of community and good practices for teachers and educators in Python, and organizational psychology. We talk about how to enable a 10x team and how to enable the community through guild of educators.

pypodcats.live

Django Job Board

This week there is a very rare Infrastructure Engineer position for the PSF.

Infrastructure Engineer at Python Software Foundation 🆕

Lead Backend Engineer at TurnTable

Backend Software Developer at Chartwell Resource Group Ltd.

Django Newsletter

Projects

yassi/dj-control-room

The control room for your Django app.

github.com

adamchainz/icu4py

Python bindings to the ICU (International Components for Unicode) library (ICU4C).

github.com

matagus/awesome-django-articles

📚 Articles explaining topics about Django like admin, ORM, views, forms, scaling, performance, testing, deployments, APIs, and more!

github.com

Sponsorship

🚀 Reach 4,300+ Django Developers Every Week

Want to reach developers who actually read what they subscribe to?

Django News is opened by thousands of engaged Django and Python developers every week. A 52% open rate and 15% click rate means your message lands in front of people who pay attention.

Support the newsletter and promote your product, service, event, or job to builders who use Django daily.

👉 Explore sponsorship options: https://django-news.com/sponsorship

django-news.com

This RSS feed is published on https://django-news.com/. You can also subscribe via email.

27 Feb 2026 5:00pm GMT

🔗 Links

• Personal website
• GitHub, Mastodon, and LinkedIn
• In Progress podcast
• Hamilton Rock
• Comprehension Debt
• Builder Methods

📦 Projects

• django-prodserver
• django-health-check
• Online Community Working Group

📚 Books

• How to Build a LLM From Scratch by Sebastian Raschka
• World of Astrom
• Rob Walling books
• Jonathan Stark books
• David Kadavy books
• Manifesto of winning without pitching

🎥 YouTube

• YouTube Channel: @djangochat

Sponsor

This episode is brought to you by Six Feet Up, the Python, Django, and AI experts who solve hard software problems. Whether it's scaling an application, deriving insights from data, or getting results from AI, Six Feet Up helps you move forward faster.

See what's possible at sixfeetup.com.

25 Feb 2026 6:00pm GMT

I'm writing this in late February 2026. The skills ecosystem for Claude Code is moving fast, and the specific numbers and repos here will probably be outdated within a month. But the thinking still applies, so consider this a snapshot.

If you're using Claude Code, you've probably wondered: can …

Read now

25 Feb 2026 10:51am GMT

Introduction

📣 Sponsor Django News

Reach 4,305 engaged Django developers with a single weekly placement. High open rates. Real clicks. Only two sponsor spots per issue.

👉 Book your spot

django-news.com

Django Software Foundation

Plan to Adopt Contributor Covenant 3 as Django's New Code of Conduct

Django establishes a transparent community-driven process and advances the adoption of Contributor Covenant 3 as its Code of Conduct with staged policy updates.

djangoproject.com

Python Software Foundation

Join the Python Security Response Team!

Python core adds public governance and onboarding for the Python Security Response Team, enabling broader community nominations and coordinated CVE and OSV vulnerability remediation.

blogspot.com

Wagtail CMS News

Open source AI we use to work on Wagtail

Wagtail team recommends using open source AI models and inference providers like Scaleway, Neuralwatt, Ollama, and Mistral to power Wagtail AI integrations.

wagtail.org

Updates to Django

Today, "Updates to Django" is presented by Raffaella from Djangonaut Space! 🚀

Last week we had 25 pull requests merged into Django by 13 different contributors - including 2 first-time contributors! Congratulations to 93578237 and Hossam Hassan for having their first commits merged into Django - welcome on board!

News in Django 6.1:

• The new QuerySet.totally_ordered property returns True if the QuerySet is ordered and the ordering is deterministic.
• HttpRequest.multipart_parser_class can now be customized to use a different multipart parser class.
• StringAgg now supports distinct=True on SQLite when using the default delimiter Value(",") only.
• first() and last() no longer order by the primary key when a QuerySet's ordering has been forcibly cleared by calling order_by() with no arguments.

It's also fixed for Django 5.2 NameError when inspecting functions making use of deferred annotations in Python 3.14 (#36903).

Is deprecated in Django 6.0: Passing a string to the delimiter argument of the (deprecated) PostgreSQL StringAgg class is deprecated. Use a Value or expression instead to prepare for compatibility with the generally available StringAgg class.

Django Newsletter

Sponsored Link 1

PyTV - Free Online Python Conference (March 4th)

1 Day, 15 Speakers, 6 hours of live talks including from Sarah Boyce, Sheena O'Connell, Carlton Gibson, and Will Vincent. Sign up and save the date!

jetbrains.com

Articles

Checking Django Settings

Use Python type hints and runtime Django checks to validate core settings types and provide typed helpers for structured settings to catch misconfigurations early.

dev.to

Difference Between render() and HttpResponse() in Django (With Practical Examples)

render() loads and renders templates with context and returns an HttpResponse, while HttpResponse returns raw content directly, best for simple or API responses.

dev.to

A CLI to fight GitHub spam

gh triage provides gh CLI extensions to automate marking GitHub issues and PRs as spam or invalid and bulk unassigning reviewers and assignees.

hugovk.dev

Deploying a project to the world

Outlines IaC and deployment pipeline practices: state-aware deployments, environment separation, and bootstrap management to deploy applications reliably with Pulumi at scale.

softwarecrafts.co.uk

Tech Hiring Has a Fraud Problem

Fraudulent and AI deepfake candidates are increasingly infiltrating Python and Django hiring pipelines, requiring earlier screening, identity checks, and community verification.

foxleytalent.com

Events

DjangoCon Europe 2026 Opportunity Grants

Need financial support to attend DjangoCon Europe 2026?

Apply for an opportunity grant by March 1st, 2026.

djangocon.eu

PyCon US 2026: Maintainers Summit

The Maintainers Summit at PyCon US 2026 invites Python project leaders to gather in Long Beach on May 16 to share real-world insights on building sustainable projects and thriving communities.

pycon.org

Django Job Board

Infrastructure Engineer at Python Software Foundation 🆕

Software Engineer (Python / Django) at Mirvie 🆕

Python Developer REST APIs at Worx-ai 🆕

Lead Backend Engineer at TurnTable

Backend Software Developer at Chartwell Resource Group Ltd.

Django Newsletter

Projects

RealOrangeOne/django-tasks-db

An ORM-based backend for Django Tasks.

github.com

RealOrangeOne/django-tasks-rq

A Django Tasks backend which uses RQ as its underlying queue.

github.com

UnknownPlatypus/djangofmt

A fast, HTML aware, Django template formatter, written in Rust.

github.com

yassi/dj-urls-panel

Visualize Django URL routing inside the Django Admin, including patterns, views, namespaces, and conflicts.

github.com

Sponsorship

🚀 Reach 4,300+ Django Developers Every Week

Django News is read by thousands of engaged Django and Python developers each week. With a 52% open rate and 15% click-through rate, our audience doesn't just subscribe. They pay attention.

Put your product, service, event, or job in front of developers who build with Django every day.

👉 Explore sponsorship options

django-news.com

This RSS feed is published on https://django-news.com/. You can also subscribe via email.

20 Feb 2026 5:00pm GMT

A practical step-by-step guide to using Django ORM in standalone mode to connect to and query an existing database using inspectdb.

20 Feb 2026 5:00am GMT

At the end of January, I was building out the deployment and infrastructure components for the startup project, so figured it would be an appropriate time to document how I think about these concepts at high level, perhaps they will help others. Generally I think about these processes two ways. First, is to create an environment, such as a virtual machine, PaaS, or container with a code spaced hole in it for your application, then create a process that moves the code from source control into that code spaced hole environment. This represents the initial deployment at a high level. Second, I think of deployments as pipelines. With the rise of infrastructure as code over the past decade, traditional CI/CD pipelines have become cyclical: code is pushed, deployed to production, and the cycle repeats. Infrastructure code is similar to application code, but its cadence is much slower. While a typical application deployment aims for multiple pushes per day-or at least a few per week-Infrastructure as Code (IaC) is usually deployed far less frequently, often annually. Early in a project, or when creating environments for feature branches, infrastructure deployments may occur more often, but they remain cyclical: a code push triggers an action that updates the infrastructure.

Both application and infrastructure code require state management. Application code often involves database migrations, where the current state is known and migrations are applied directly. In contrast, infrastructure can drift over time, requiring tools to read the existing state and apply only the necessary changes. Managing this state is crucial; for example, you wouldn't redeploy an entire domain each time-some elements, like DNS records, must remain consistent to avoid breaking the system.

I like to think of IaC as building with Legos: components such as networking, load balancers, instances, databases, and caches are assembled into an application, which is then placed into an environment like staging or production. Some resources, like DNS records or mail settings, exist outside these environments to keep them in a global environment and reduce blast radius if something fails. This separation ensures that a failure in one environment doesn't affect an entire company. Finally, a bootstrap or management environment provides out‑of‑band control for emergency recovery, enforcing the principle of least privilege.

This high‑level view covers the initial deployment cycle; ongoing operation, monitoring, and maintenance are separate concerns. Ideally, I would like to see IaC repos that could be treated like a pipeline, allowing continuous deployment despite the need to read existing state rather than simply overwriting it, but then I am not an expert into the internals of these systems and have no desire to be an expert at this stage in my career. However the above concepts allows me to from zero to deployed with Pulumi code (having never used it before) in a matter of days rather than weeks.

18 Feb 2026 6:00am GMT

Hey everyone, quick heads up: I'm adding analytics to the blog.

Before you reach for your adblocker, hear me out. I'm using Umami, which is open source, privacy-respecting, and doesn't use cookies. It doesn't track you across sites, doesn't collect personal data, and is fully open source so you can verify that yourself.

On top of that, I'm self-hosting it on my own infrastructure, so the data never touches a third party. No Google Analytics, no Cloudflare analytics, no one else sees anything.

I mainly want to know which posts are actually useful to people and which ones are just me yelling into the void. That's it.

If you have any questions or concerns, you know where to find me on the Contact page.

18 Feb 2026 6:00am GMT

In the AI age the importance of readable APIs goes up, as this can mean the difference between not reading the code because it's too much, and easily reading it to verify it is correct because it's tiny. It's been pretty clear that one of the superpowers of AI development is that it happily deals with enormous amounts of boilerplate and workarounds in a way that would drive a human insane. But we need to be careful of this, and notice that this is what is happening.

High level APIs with steep learning curves (like iommi) are now just as easy to use as simpler APIs, since the cost of initial learning is moved from the human to the AI. Since we also invested heavily in great error messages and validating as much as possible up front, the feedback to the AI models is great. We've been banging the drum of "no silent fixes!" for a decade, and nothing kills human or AI productivity as silent failures.

This is the time to focus our attention as humans to making APIs that are succinct and clear. It was vital before, but it's growing in importance for every day.

16 Feb 2026 6:00am GMT

In the AI age the importance of readable APIs goes up, as this can mean the difference between not reading the code because it's too much, and easily reading it to verify it is correct because it's tiny. It's been pretty clear that one of the superpowers of AI development is that it happily deals with enormous amounts of boilerplate and workarounds in a way that would drive a human insane. But we need to be careful of this, and notice that this is what is happening.

High level APIs with steep learning curves (like iommi) are now just as easy to use as simpler APIs, since the cost of initial learning is moved from the human to the AI. Since we also invested heavily in great error messages and validating as much as possible up front, the feedback to the AI models is great. We've been banging the drum of "no silent fixes!" for a decade, and nothing kills human or AI productivity as silent failures.

This is the time to focus our attention as humans to making APIs that are succinct and clear. It was vital before, but it's growing in importance for every day.

16 Feb 2026 6:00am GMT

On the pytest discord channel Sviatoslav mentioned a pull request with a bunch of spelling and grammar fixes. We had a discussion about the morality of not disclosing that it was an AI driven pull request up front, but what was pretty clear was that the quality was surprisingly high.

Since I have a project with extensive documentation that I've spelled checked thoroughly this interested me. I write all the documentation with PyCharm which has built in spelling and grammar checks, so I was thinking it would be hard to find many errors.

I sent this prompt to Claude:

Go through the docs directory. Strings marked with # language: rst will be visible as normal text in the documentation. Suggest spelling, grammar, and language clarity improvements.

Claude fires up ~8 sub agents and found a surprising amount of things. Every single change was good.

A funny detail was that Claude ignored my request to only check the docs directory and found some issues in docstrings in the main source code. I can't be angry about that :P

The funniest mistake was that the docs had the word "underling" instead of "underlying" in one place ("feature set of the underling Query and Form classes"). Perfectly fine spelling and grammar, but Claude correctly spots that this is mistake.

If you have some documentation, you definitely should give this a shot.

15 Feb 2026 6:00am GMT

The biggest djust release yet with 20+ major features. Authentication, server-push, multi-tenancy, PWA support, AI tooling, automatic change tracking, CSS framework support, and security hardening make 0.3 production-ready.

15 Feb 2026 2:06am GMT