06 Mar 2026
Django community aggregator: Community blog posts
Django News - Django Security Fixes, Python Releases, and New Tools - Mar 6th 2026
News
Django security releases issued: 6.0.3, 5.2.12, and 4.2.29
Django 6.0.3, 5.2.12, and 4.2.29 were released to fix two security issues: URLField DoS on Windows and file permission race conditions.
Releases
Python 3.12.13, 3.11.15 and 3.10.20 are now available!
Python 3.12.13, 3.11.15, and 3.10.20 fix security and denial-of-service vulnerabilities in email, HTTP cookies, WSGI headers, XML parsing, and SSL.
Python Software Foundation
PEP 827 - Type Manipulation
PEP 827 proposes extensive type-level introspection and construction APIs in typing to enable computed types for ORMs, dataclass-style transforms, and decorator typing.
The Python Insider Blog Has Moved!
Python Insider moved to a Git backed Markdown workflow with a static Astro site, GitHub Actions, and RSS, simplifying contributions and versioned posts.
Djangonaut Space News
2026 Session 6 Team Introductions!
Djangonaut Space introduces the six teams for its sixth session, pairing volunteers and new contributors to collaborate on projects ranging from Django core and accessibility improvements to django CMS, BeeWare, and deployment tools.
Wagtail CMS News
Our projects for Google Summer of Code 2026
Wagtail will mentor GSoC 2026 projects, including bakerydemo redesign, starter kit overhaul, and multilingual improvements to core and wagtail-localize for CMS contributors.
Our roadmap for the next 6 months
Wagtail roadmap targets UX and editor improvements, Django modelsearch enhancements, customizable page models, SEO and AI content checks, autosave polish, and LTS stability.
Updates to Django
Today, "Updates to Django" is presented by Johanan from Djangonaut Space! ๐
Last week we had 23 pull requests merged into Django by 17 different contributors - including 6 first-time contributors! Congratulations to Pierre Sassoulas, Abhimanyu Singh Negi, Sam.An, Anurag Verma, Zac Iloka and Elias Hernandis for having their first commits merged into Django - welcome on board!
This week's Django highlights:
-
Removed empty exc_info from log_task_finished signal handler.(#36951)
-
Renamed permissions upon model renaming in migrations. (#27489) This ticket was created 9 years ago . Thanks to everyone who worked on this ๐
-
Improved the accessibility of admin form label(#34643).
Django Newsletter
Sponsored Link 1
Sponsor Django News
Reach 4,300+ highly-engaged and experienced Django developers.
Articles
Making Django unique constraints case-insensitive (with no downtime)
Fix Django's case-sensitive unique constraint pitfalls by cleaning duplicates, adding Lower() constraints, and safely migrating with PostgreSQL CONCURRENTLY to avoid downtime.
Row Locks With Joins Can Produce Surprising Results in PostgreSQL
A subtle PostgreSQL concurrency edge case shows how SELECT ... FOR UPDATE with joins can unexpectedly return missing or partial results under Read Committed isolation, and explores safer query patterns to avoid it.
Pytest parameter functions
Use helper functions that return pytest.param to preprocess multiline strings or file contents, and assign concise IDs to make parametrized pytest test cases clearer.
I Checked 5 Security Skills for Claude Code. Only One Is Worth Installing
A deep dive into five Claude Code security review skills reveals that most are shallow checklists prone to false positives, while Sentry's standout skill delivers a context-aware methodology that actually finds real vulnerabilities.
State of WASI support for CPython: March 2026
PEP 816 locks WASI and WASI SDK versions for CPython 3.15, enabling stable build targets while work continues on packaging, deps, and socket support.
Videos
Python Unplugged on PyTV - Free Online Python Conference livestream available
The first PyTV, a global online Python conference, occurred as a livestream on Wednesday. Django speakers included Sarah Boyce, Sheena O'Connell, Carlton Gibson, Mark Smith, Paul Everitt, and others. Time stamps in the description!
Django Job Board
The Python Software Foundation is hiring an Infrastructure Engineer to help maintain the systems that power Python's infrastructure.
TurnTable is seeking a Lead Backend Engineer to build and scale backend systems for its music collaboration platform.
Projects
Django (anti)patterns
Django Antipatterns is a community-maintained reference that highlights common mistakes in Django projects and explains better patterns developers can use instead.
yassi/dj-control-room
The control room for your Django app.
trottomv/django-never-cache
A lightweight Django package to simplify Cache-Control configuration for sensitive views.
Sponsorship
๐ Reach 4,300+ Django Developers Every Week
Want to reach developers who actually read what they subscribe to?
Django News lands in the inboxes of 4,300+ Django and Python developers every week. With a 52% open rate and 15% click rate, sponsors get their message in front of builders who actively use Django.
Promote your product, service, event, job, or open source project to a highly engaged developer audience while supporting the newsletter.
๐ Explore sponsorship options: https://django-news.com/sponsorship
This RSS feed is published on https://django-news.com/. You can also subscribe via email.
06 Mar 2026 5:00pm GMT
05 Mar 2026
Django community aggregator: Community blog posts
Smoother translations in Django
I've been working for roughly 5 years now in an app that is localized to Swedish, so I have built up some opinions on how to manage translation of a Django project. Here's my list of things I do currently:
Always use gettext_lazy
I've been bitten many times by accidentally using gettext when I should have used gettext_lazy, resulting in strings that were stuck in English or Swedish randomly because a user with a specific language caused that piece of code to be imported.
I realize that there are some performance implications here, but compared to stuff like database access this is tiny and has never shown up in profiler outputs, so I will gladly take this hit and avoid these bugs that tend to be hard to track down (if they even get reported by users at all!).
A simple naive hand-rolled static analysis test that forbids usages of plain gettext in the code base is easy to implement and stops a whole class of bugs.
Django models
The Okrand setting django_model_upgrade which dynamically sets verbose_name for all fields correctly with the normal default, and on the model sets up verbose_name and verbose_name_plural. Then when you run the Okrand collect command you will get strings to translate without polluting your source with silly stuff like
class Foo(Model):
user = ForeignKey(User, verbose_name=gettext_lazy('user'))
class Meta:
verbose_name = gettext_lazy('foo')
verbose_name_plural = gettext_lazy('foos')
and you can instead have models like:
class Foo(Model):
user = ForeignKey(User)
You can still write them out explicitly if you need them to differ from the defaults.
Elm
There's a built-in regex pattern for ML-style languages in Okrand that makes it quite easy to collect strings from Elm code.
Menu translations
I use the iommi MainMenu system which looks something like this:
menu = MainMenu(
items=dict(
albums=M(view=albums_view),
artists=M(view=artists_view),
),
)
Since Okrand has a plugin system, I can build a little function that loops over this menu and collects these identifiers into translation strings. In the example above this would be "albums" and "artists". I enjoy not having to write the English base string that is 99% the exact same as the identifier (after replacing _ with space), which keeps the business logic clean.
Stick to lowercase as far as possible
I was frustrated by the translation files ending up with translations for "album" and "Album", "artist" and "Artist" over and over. The solution I came up with was to define two simple functions:
def Trans(s):
return capfirst(gettext_lazy(s))
def trans(s):
return gettext_lazy(s)
I like the semantic weight of having Trans("album") mean that the word should start with uppercase in that place while trans("album") meaning that it should stay as lowercase. One could also add TRANS("album") if one wants all uppercase of a string for example.
05 Mar 2026 6:00am GMT
Write the docs meetup: developers documentation, your hidden strength - Frรฉdรฉric Harper
(One of my summaries of the Amsterdam *write the docs* meetup).
If you have a product, you need good developer documentation. "It is an integral part of your product: one cannot exist without the other". You might have the best product, but if people don't know how to use it, it doesn't matter.
What he tells developers: good documentation reduces support tickets and angry customers. You should be able to "sell" good documentation to your company: it saves money and results in more sales.
Some notes on documentation contents:
- You need a search function. The first thing you need to add.
- Think about John Snow (game of thrones): "you know nothing, John Snow". Be detailed in your instructions, they'll need it. Start with the assumption that the user knows nothing about your program. Advanced users can easily skip those parts.
- Have a proper architecture/structure. Simply having a "home" link to get back to the start already helps. Add a "getting started" section with step-by-step instructions to get something simple running. And detailed how-to guides where you go into depth.
- Show a table of contents of the current page.
- Keep the docs of previous versions available.
- Take great screenshots. Docs should have great quality and it especially shows in the screenshots.
- Don't show off your language skills too much. Keep the language simple. Not everyone will have your documentation's language as their native language.
- Test the code in your documentation! There's nothing more irritating than errors in example code. And keep it up to date. Especially watch out when the software gets updated. Do you give your documentation time to get updated?
Some extra notes:
- Make your docs accessible for people with disabilities.
- Are your docs fast? Load times help you get ranked higher in search engines.
- Some people read your documentation on their phones: does it work there?
- Try to make your docs open source. You might get an occasional fix. And perhaps more feedback.
05 Mar 2026 5:00am GMT