============================================ Django 4.2 release notes - UNDER DEVELOPMENT ============================================ *Expected April 2023* Welcome to Django 4.2! These release notes cover the :ref:`new features `, as well as some :ref:`backwards incompatible changes ` you'll want to be aware of when upgrading from Django 4.1 or earlier. We've :ref:`begun the deprecation process for some features `. See the :doc:`/howto/upgrade-version` guide if you're updating an existing project. Python compatibility ==================== Django 4.2 supports Python 3.8, 3.9, 3.10, and 3.11. We **highly recommend** and only officially support the latest release of each series. .. _whats-new-4.2: What's new in Django 4.2 ======================== Minor features -------------- :mod:`django.contrib.admin` ~~~~~~~~~~~~~~~~~~~~~~~~~~~ * The light or dark color theme of the admin can now be toggled in the UI, as well as being set to follow the system setting. :mod:`django.contrib.admindocs` ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ * ... :mod:`django.contrib.auth` ~~~~~~~~~~~~~~~~~~~~~~~~~~ * The default iteration count for the PBKDF2 password hasher is increased from 390,000 to 480,000. :mod:`django.contrib.contenttypes` ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ * ... :mod:`django.contrib.gis` ~~~~~~~~~~~~~~~~~~~~~~~~~ * The :doc:`GeoJSON serializer ` now outputs the ``id`` key for serialized features, which defaults to the primary key of objects. * The :class:`~django.contrib.gis.gdal.GDALRaster` class now supports :class:`pathlib.Path`. * The :class:`~django.contrib.gis.geoip2.GeoIP2` class now supports ``.mmdb`` files downloaded from DB-IP. * The OpenLayers template widget no longer includes inline CSS (which also removes the former ``map_css`` block) to better comply with a strict Content Security Policy. :mod:`django.contrib.messages` ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ * ... :mod:`django.contrib.postgres` ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ * The new :lookup:`trigram_strict_word_similar` lookup, and the :class:`TrigramStrictWordSimilarity() ` and :class:`TrigramStrictWordDistance() ` expressions allow using trigram strict word similarity. :mod:`django.contrib.redirects` ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ * ... :mod:`django.contrib.sessions` ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ * ... :mod:`django.contrib.sitemaps` ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ * ... :mod:`django.contrib.sites` ~~~~~~~~~~~~~~~~~~~~~~~~~~~ * ... :mod:`django.contrib.staticfiles` ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ * ... :mod:`django.contrib.syndication` ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ * ... Cache ~~~~~ * ... CSRF ~~~~ * ... Decorators ~~~~~~~~~~ * ... Email ~~~~~ * ... Error Reporting ~~~~~~~~~~~~~~~ * ... File Storage ~~~~~~~~~~~~ * ... File Uploads ~~~~~~~~~~~~ * ... Forms ~~~~~ * ... Generic Views ~~~~~~~~~~~~~ * ... Internationalization ~~~~~~~~~~~~~~~~~~~~ * ... Logging ~~~~~~~ * ... Management Commands ~~~~~~~~~~~~~~~~~~~ * :djadmin:`makemessages` command now supports locales with private sub-tags such as ``nl_NL-x-informal``. * The new :option:`makemigrations --update` option merges model changes into the latest migration and optimizes the resulting operations. Migrations ~~~~~~~~~~ * ... Models ~~~~~~ * ... Requests and Responses ~~~~~~~~~~~~~~~~~~~~~~ * ... Security ~~~~~~~~ * ... Serialization ~~~~~~~~~~~~~ * ... Signals ~~~~~~~ * ... Templates ~~~~~~~~~ * ... Tests ~~~~~ * ... URLs ~~~~ * ... Utilities ~~~~~~~~~ * The new ``encoder`` parameter for :meth:`django.utils.html.json_script` function allows customizing a JSON encoder class. * The private internal vendored copy of ``urllib.parse.urlsplit()`` now strips ``'\r'``, ``'\n'``, and ``'\t'`` (see :cve:`2022-0391` and :bpo:`43882`). This is to protect projects that may be incorrectly using the internal ``url_has_allowed_host_and_scheme()`` function, instead of using one of the documented functions for handling URL redirects. The Django functions were not affected. Validators ~~~~~~~~~~ * ... .. _backwards-incompatible-4.2: Backwards incompatible changes in 4.2 ===================================== Database backend API -------------------- This section describes changes that may be needed in third-party database backends. * ... Dropped support for MariaDB 10.3 -------------------------------- Upstream support for MariaDB 10.3 ends in May 2023. Django 4.2 supports MariaDB 10.4 and higher. Dropped support for MySQL 5.7 ----------------------------- Upstream support for MySQL 5.7 ends in October 2023. Django 4.2 supports MySQL 8 and higher. Dropped support for PostgreSQL 11 --------------------------------- Upstream support for PostgreSQL 11 ends in November 2023. Django 4.2 supports PostgreSQL 12 and higher. Miscellaneous ------------- * The undocumented ``SimpleTemplateResponse.rendering_attrs`` and ``TemplateResponse.rendering_attrs`` are renamed to ``non_picklable_attrs``. * The undocumented ``django.http.multipartparser.parse_header()`` function is removed. Use ``django.utils.http.parse_header_parameters()`` instead. * :ttag:`{% blocktranslate asvar … %}` result is now marked as safe for (HTML) output purposes. .. _deprecated-features-4.2: Features deprecated in 4.2 ========================== ``index_together`` option is deprecated in favor of ``indexes`` --------------------------------------------------------------- The :attr:`Meta.index_together ` option is deprecated in favor of the :attr:`~django.db.models.Options.indexes` option. Migrating existing ``index_together`` should be handled as a migration. For example:: class Author(models.Model): rank = models.IntegerField() name = models.CharField(max_length=30) class Meta: index_together = [["rank", "name"]] Should become:: class Author(models.Model): rank = models.IntegerField() name = models.CharField(max_length=30) class Meta: indexes = [models.Index(fields=["rank", "name"])] Running the :djadmin:`makemigrations` command will generate a migration containing a :class:`~django.db.migrations.operations.RenameIndex` operation which will rename the existing index. The ``AlterIndexTogether`` migration operation is now officially supported only for pre-Django 4.2 migration files. For backward compatibility reasons, it's still part of the public API, and there's no plan to deprecate or remove it, but it should not be used for new migrations. Use :class:`~django.db.migrations.operations.AddIndex` and :class:`~django.db.migrations.operations.RemoveIndex` operations instead. Miscellaneous ------------- * The ``BaseUserManager.make_random_password()`` method is deprecated. See `recipes and best practices `_ for using Python's :py:mod:`secrets` module to generate passwords. * The ``length_is`` template filter is deprecated in favor of :tfilter:`length` and the ``==`` operator within an :ttag:`{% if %}` tag. For example .. code-block:: html+django {% if value|length == 4 %}…{% endif %} {% if value|length == 4 %}True{% else %}False{% endif %} instead of: .. code-block:: html+django {% if value|length_is:4 %}…{% endif %} {{ value|length_is:4 }} * ``django.contrib.auth.hashers.SHA1PasswordHasher``, ``django.contrib.auth.hashers.UnsaltedSHA1PasswordHasher``, and ``django.contrib.auth.hashers.UnsaltedMD5PasswordHasher`` are deprecated. * ``django.contrib.postgres.fields.CICharField`` is deprecated in favor of ``CharField(db_collation="…")`` with a case-insensitive non-deterministic collation. * ``django.contrib.postgres.fields.CIEmailField`` is deprecated in favor of ``EmailField(db_collation="…")`` with a case-insensitive non-deterministic collation. * ``django.contrib.postgres.fields.CITextField`` is deprecated in favor of ``TextField(db_collation="…")`` with a case-insensitive non-deterministic collation. * ``django.contrib.postgres.fields.CIText`` mixin is deprecated.