============================================
Django 5.2 release notes - UNDER DEVELOPMENT
============================================

*Expected April 2025*

Welcome to Django 5.2!

These release notes cover the :ref:`new features <whats-new-5.2>`, as well as
some :ref:`backwards incompatible changes <backwards-incompatible-5.2>` you
should be aware of when upgrading from Django 5.1 or earlier. We've
:ref:`begun the deprecation process for some features
<deprecated-features-5.2>`.

See the :doc:`/howto/upgrade-version` guide if you're updating an existing
project.

Django 5.2 is designated as a :term:`long-term support release
<Long-term support release>`. It will receive security updates for at least
three years after its release. Support for the previous LTS, Django 4.2, will
end in April 2026.

Python compatibility
====================

Django 5.2 supports Python 3.10, 3.11, 3.12, and 3.13. We **highly recommend**
and only officially support the latest release of each series.

.. _whats-new-5.2:

What's new in Django 5.2
========================

Minor features
--------------

:mod:`django.contrib.admin`
~~~~~~~~~~~~~~~~~~~~~~~~~~~

* The ``admin/base.html`` template now has a new block
  :ref:`extrabody <extrabody>` for adding custom code before the closing
  ``</body>`` tag.

:mod:`django.contrib.admindocs`
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

* ...

:mod:`django.contrib.auth`
~~~~~~~~~~~~~~~~~~~~~~~~~~

* The default iteration count for the PBKDF2 password hasher is increased from
  870,000 to 1,000,000.

* The following new asynchronous methods are now provided, using an ``a``
  prefix:

  * :meth:`.UserManager.acreate_user`
  * :meth:`.UserManager.acreate_superuser`
  * :meth:`.BaseUserManager.aget_by_natural_key`
  * :meth:`.User.aget_user_permissions`
  * :meth:`.User.aget_all_permissions`
  * :meth:`.User.aget_group_permissions`
  * :meth:`.User.ahas_perm`
  * :meth:`.User.ahas_perms`
  * :meth:`.User.ahas_module_perms`
  * :meth:`.User.aget_user_permissions`
  * :meth:`.User.aget_group_permissions`
  * :meth:`.User.ahas_perm`
  * :meth:`.ModelBackend.aauthenticate`
  * :meth:`.ModelBackend.aget_user_permissions`
  * :meth:`.ModelBackend.aget_group_permissions`
  * :meth:`.ModelBackend.aget_all_permissions`
  * :meth:`.ModelBackend.ahas_perm`
  * :meth:`.ModelBackend.ahas_module_perms`
  * :meth:`.RemoteUserBackend.aauthenticate`
  * :meth:`.RemoteUserBackend.aconfigure_user`

* Auth backends can now provide async implementations which are used when
  calling async auth functions (e.g.
  :func:`~.django.contrib.auth.aauthenticate`) to reduce context-switching which
  improves performance. See :ref:`adding an async interface
  <writing-authentication-backends-async-interface>` for more details.

* The :ref:`password validator classes <included-password-validators>`
  now have a new method ``get_error_message()``, which can be overridden in
  subclasses to customize the error messages.

:mod:`django.contrib.contenttypes`
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

* ...

:mod:`django.contrib.gis`
~~~~~~~~~~~~~~~~~~~~~~~~~

* GDAL now supports curved geometries ``CurvePolygon``, ``CompoundCurve``,
  ``CircularString``, ``MultiSurface``, and ``MultiCurve`` via the new
  :attr:`.OGRGeometry.has_curve` property, and the
  :meth:`.OGRGeometry.get_linear_geometry` and
  :meth:`.OGRGeometry.get_curve_geometry` methods.

:mod:`django.contrib.messages`
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

* ...

:mod:`django.contrib.postgres`
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

* ...

:mod:`django.contrib.redirects`
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

* ...

:mod:`django.contrib.sessions`
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

* ...

:mod:`django.contrib.sitemaps`
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

* ...

:mod:`django.contrib.sites`
~~~~~~~~~~~~~~~~~~~~~~~~~~~

* ...

:mod:`django.contrib.staticfiles`
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

* ...

:mod:`django.contrib.syndication`
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

* All :class:`~django.utils.feedgenerator.SyndicationFeed` classes now support
  a ``stylesheets`` attribute. If specified, an ``<? xml-stylesheet ?>``
  processing instruction will be added to the top of the document for each
  stylesheet in the given list. See :ref:`feed-stylesheets` for more details.

Asynchronous views
~~~~~~~~~~~~~~~~~~

* ...

Cache
~~~~~

* ...

CSRF
~~~~

* ...

Database backends
~~~~~~~~~~~~~~~~~

* ...

Decorators
~~~~~~~~~~

* :func:`~django.utils.decorators.method_decorator` now supports wrapping
  asynchronous view methods.

Email
~~~~~

* Tuple items of :class:`EmailMessage.attachments
  <django.core.mail.EmailMessage>` and
  :class:`EmailMultiAlternatives.attachments
  <django.core.mail.EmailMultiAlternatives>` are now named tuples, as opposed
  to regular tuples.

* :attr:`EmailMultiAlternatives.alternatives
  <django.core.mail.EmailMultiAlternatives.alternatives>` is now a list of
  named tuples, as opposed to regular tuples.

* The new :meth:`~django.core.mail.EmailMultiAlternatives.body_contains` method
  returns a boolean indicating whether a provided text is contained in the
  email ``body`` and in all attached MIME type ``text/*`` alternatives.

Error Reporting
~~~~~~~~~~~~~~~

* The attribute :attr:`.SafeExceptionReporterFilter.hidden_settings` now
  treats values as sensitive if their name includes ``AUTH``.

File Storage
~~~~~~~~~~~~

* ...

File Uploads
~~~~~~~~~~~~

* ...

Forms
~~~~~

* The new :class:`~django.forms.ColorInput` form widget is for entering a color
  in ``rrggbb`` hexadecimal format and renders as ``<input type="color" ...>``.
  Some browsers support a visual color picker interface for this input type.

* The new :class:`~django.forms.SearchInput` form widget is for entering search
  queries and renders as ``<input type="search" ...>``.

* The new :class:`~django.forms.TelInput` form widget is for entering telephone
  numbers and renders as ``<input type="tel" ...>``.

Generic Views
~~~~~~~~~~~~~

* ...

Internationalization
~~~~~~~~~~~~~~~~~~~~

* ...

Logging
~~~~~~~

* ...

Management Commands
~~~~~~~~~~~~~~~~~~~

* A new warning is printed to the console when running :djadmin:`runserver` that
  ``runserver`` is unsuitable for production. This warning can be hidden by
  setting the :envvar:`HIDE_PRODUCTION_WARNING` environment variable to
  ``"true"``.

* The :djadmin:`makemigrations` and :djadmin:`migrate` commands  have a new
  ``Command.autodetector`` attribute for subclasses to override in order to use
  a custom autodetector class.

Migrations
~~~~~~~~~~

* ...

Models
~~~~~~

* The ``SELECT`` clause generated when using
  :meth:`QuerySet.values()<django.db.models.query.QuerySet.values>` and
  :meth:`~django.db.models.query.QuerySet.values_list` now matches the
  specified order of the referenced expressions. Previously the order was based
  of a set of counterintuitive rules which made query combination through
  methods such as
  :meth:`QuerySet.union()<django.db.models.query.QuerySet.union>` unpredictable.

* Added support for validation of model constraints which use a
  :class:`~django.db.models.GeneratedField`.

* The new :attr:`.Expression.set_returning` attribute specifies that the
  expression contains a set-returning function, enforcing subquery evaluation.
  This is necessary for many Postgres set-returning functions.

* :attr:`CharField.max_length <django.db.models.CharField.max_length>` is no
  longer required to be set on SQLite, which supports unlimited ``VARCHAR``
  columns.

Requests and Responses
~~~~~~~~~~~~~~~~~~~~~~

* The new :attr:`.HttpResponse.text` property provides the string representation
  of :attr:`.HttpResponse.content`.

* The new :meth:`.HttpRequest.get_preferred_type` method can be used to query
  the preferred media type the client accepts.

Security
~~~~~~~~

* ...

Serialization
~~~~~~~~~~~~~

* Each serialization format now defines a ``Deserializer`` class, rather than a
  function, to improve extensibility when defining a
  :ref:`custom serialization format <custom-serialization-formats>`.

Signals
~~~~~~~

* ...

Templates
~~~~~~~~~

* ...

Tests
~~~~~

* Stack frames from Django's custom assertions are now hidden. This makes test
  failures easier to read and enables :option:`test --pdb` to directly enter
  into the failing test method.

* Data loaded from :attr:`~django.test.TransactionTestCase.fixtures` and from
  migrations enabled with :ref:`serialized_rollback=True
  <test-case-serialized-rollback>` are now available during
  ``TransactionTestCase.setUpClass()``.

URLs
~~~~

* ...

Utilities
~~~~~~~~~

* :class:`~django.utils.safestring.SafeString` now returns
  :py:data:`NotImplemented` in ``__add__`` for non-string right-hand side
  values. This aligns with the :py:class:`str` addition behavior and allows
  ``__radd__`` to be used if available.

* :func:`~django.utils.html.format_html_join` now supports taking an iterable
  of mappings, passing their contents as keyword arguments to
  :func:`~django.utils.html.format_html`.

Validators
~~~~~~~~~~

* ...

.. _backwards-incompatible-5.2:

Backwards incompatible changes in 5.2
=====================================

Database backend API
--------------------

This section describes changes that may be needed in third-party database
backends.

* The new :meth:`Model._is_pk_set() <django.db.models.Model._is_pk_set>` method
  allows checking if a Model instance's primary key is defined.


:mod:`django.contrib.gis`
-------------------------

* Support for PostGIS 3.0 is removed.

* Support for GDAL 3.0 is removed.

Dropped support for PostgreSQL 13
---------------------------------

Upstream support for PostgreSQL 13 ends in November 2025. Django 5.2 supports
PostgreSQL 14 and higher.

Miscellaneous
-------------

* Adding :attr:`.EmailMultiAlternatives.alternatives` is now only supported via
  the :meth:`~.EmailMultiAlternatives.attach_alternative` method.

* The minimum supported version of ``gettext`` is increased from 0.15 to 0.19.

* ``HttpRequest.accepted_types`` is now sorted by the client's preference, based
  on the request's ``Accept`` header.

* :attr:`.UniqueConstraint.violation_error_code` and
  :attr:`.UniqueConstraint.violation_error_message` are now always used when
  provided. Previously, these were ignored when :attr:`.UniqueConstraint.fields`
  were set without a :attr:`.UniqueConstraint.condition`.

* The :func:`~django.template.context_processors.debug` context processor is no
  longer included in the default project template.

.. _deprecated-features-5.2:

Features deprecated in 5.2
==========================

Miscellaneous
-------------

* The ``all`` argument for the ``django.contrib.staticfiles.finders.find()``
  function is deprecated in favor of the ``find_all`` argument.