mirror of
https://github.com/django/django.git
synced 2024-11-18 07:26:04 +00:00
1184d07789
uid is now base64 encoded in password reset URLs/views. A backwards compatible password_reset_confirm view/URL will allow password reset links generated before this change to continue to work. This view will be removed in Django 1.7. Thanks jonash for the initial patch and claudep for the review.
418 lines
18 KiB
Plaintext
418 lines
18 KiB
Plaintext
===========================
|
|
Django Deprecation Timeline
|
|
===========================
|
|
|
|
This document outlines when various pieces of Django will be removed or altered
|
|
in a backward incompatible way, following their deprecation, as per the
|
|
:ref:`deprecation policy <internal-release-deprecation-policy>`. More details
|
|
about each item can often be found in the release notes of two versions prior.
|
|
|
|
1.4
|
|
---
|
|
|
|
See the :doc:`Django 1.2 release notes</releases/1.2>` for more details on
|
|
these changes.
|
|
|
|
* ``CsrfResponseMiddleware`` and ``CsrfMiddleware`` will be removed. Use
|
|
the ``{% csrf_token %}`` template tag inside forms to enable CSRF
|
|
protection. ``CsrfViewMiddleware`` remains and is enabled by default.
|
|
|
|
* The old imports for CSRF functionality (``django.contrib.csrf.*``),
|
|
which moved to core in 1.2, will be removed.
|
|
|
|
* The ``django.contrib.gis.db.backend`` module will be removed in favor
|
|
of the specific backends.
|
|
|
|
* ``SMTPConnection`` will be removed in favor of a generic Email backend API.
|
|
|
|
* The many to many SQL generation functions on the database backends
|
|
will be removed.
|
|
|
|
* The ability to use the ``DATABASE_*`` family of top-level settings to
|
|
define database connections will be removed.
|
|
|
|
* The ability to use shorthand notation to specify a database backend
|
|
(i.e., ``sqlite3`` instead of ``django.db.backends.sqlite3``) will be
|
|
removed.
|
|
|
|
* The ``get_db_prep_save``, ``get_db_prep_value`` and
|
|
``get_db_prep_lookup`` methods will have to support multiple databases.
|
|
|
|
* The ``Message`` model (in ``django.contrib.auth``), its related
|
|
manager in the ``User`` model (``user.message_set``), and the
|
|
associated methods (``user.message_set.create()`` and
|
|
``user.get_and_delete_messages()``), will be removed. The
|
|
:doc:`messages framework </ref/contrib/messages>` should be used
|
|
instead. The related ``messages`` variable returned by the
|
|
auth context processor will also be removed. Note that this
|
|
means that the admin application will depend on the messages
|
|
context processor.
|
|
|
|
* Authentication backends will need to support the ``obj`` parameter for
|
|
permission checking. The ``supports_object_permissions`` attribute
|
|
will no longer be checked and can be removed from custom backends.
|
|
|
|
* Authentication backends will need to support the ``AnonymousUser`` class
|
|
being passed to all methods dealing with permissions. The
|
|
``supports_anonymous_user`` variable will no longer be checked and can be
|
|
removed from custom backends.
|
|
|
|
* The ability to specify a callable template loader rather than a
|
|
``Loader`` class will be removed, as will the ``load_template_source``
|
|
functions that are included with the built in template loaders for
|
|
backwards compatibility.
|
|
|
|
* ``django.utils.translation.get_date_formats()`` and
|
|
``django.utils.translation.get_partial_date_formats()``. These functions
|
|
will be removed; use the locale-aware
|
|
``django.utils.formats.get_format()`` to get the appropriate formats.
|
|
|
|
* In ``django.forms.fields``, the constants: ``DEFAULT_DATE_INPUT_FORMATS``,
|
|
``DEFAULT_TIME_INPUT_FORMATS`` and
|
|
``DEFAULT_DATETIME_INPUT_FORMATS`` will be removed. Use
|
|
``django.utils.formats.get_format()`` to get the appropriate
|
|
formats.
|
|
|
|
* The ability to use a function-based test runner will be removed,
|
|
along with the ``django.test.simple.run_tests()`` test runner.
|
|
|
|
* The ``views.feed()`` view and ``feeds.Feed`` class in
|
|
``django.contrib.syndication`` will be removed. The class-based view
|
|
``views.Feed`` should be used instead.
|
|
|
|
* ``django.core.context_processors.auth``. This release will
|
|
remove the old method in favor of the new method in
|
|
``django.contrib.auth.context_processors.auth``.
|
|
|
|
* The ``postgresql`` database backend will be removed, use the
|
|
``postgresql_psycopg2`` backend instead.
|
|
|
|
* The ``no`` language code will be removed and has been replaced by the
|
|
``nb`` language code.
|
|
|
|
* Authentication backends will need to define the boolean attribute
|
|
``supports_inactive_user`` until version 1.5 when it will be assumed that
|
|
all backends will handle inactive users.
|
|
|
|
* ``django.db.models.fields.XMLField`` will be removed. This was
|
|
deprecated as part of the 1.3 release. An accelerated deprecation
|
|
schedule has been used because the field hasn't performed any role
|
|
beyond that of a simple ``TextField`` since the removal of oldforms.
|
|
All uses of ``XMLField`` can be replaced with ``TextField``.
|
|
|
|
* The undocumented ``mixin`` parameter to the ``open()`` method of
|
|
``django.core.files.storage.Storage`` (and subclasses) will be removed.
|
|
|
|
|
|
1.5
|
|
---
|
|
|
|
See the :doc:`Django 1.3 release notes</releases/1.3>` for more details on
|
|
these changes.
|
|
|
|
* Starting Django without a :setting:`SECRET_KEY` will result in an exception
|
|
rather than a ``DeprecationWarning``. (This is accelerated from the usual
|
|
deprecation path; see the :doc:`Django 1.4 release notes</releases/1.4>`.)
|
|
|
|
* The ``mod_python`` request handler will be removed. The ``mod_wsgi``
|
|
handler should be used instead.
|
|
|
|
* The ``template`` attribute on :class:`~django.test.client.Response`
|
|
objects returned by the :ref:`test client <test-client>` will be removed.
|
|
The :attr:`~django.test.client.Response.templates` attribute should be
|
|
used instead.
|
|
|
|
* The ``django.test.simple.DjangoTestRunner`` will be removed.
|
|
Instead use a unittest-native class. The features of the
|
|
``django.test.simple.DjangoTestRunner`` (including fail-fast and
|
|
Ctrl-C test termination) can currently be provided by the unittest-native
|
|
:class:`~unittest.TextTestRunner`.
|
|
|
|
* The undocumented function
|
|
``django.contrib.formtools.utils.security_hash`` will be removed,
|
|
instead use ``django.contrib.formtools.utils.form_hmac``
|
|
|
|
* The function-based generic view modules will be removed in favor of their
|
|
class-based equivalents, outlined :doc:`here
|
|
</topics/class-based-views/index>`.
|
|
|
|
* The ``django.core.servers.basehttp.AdminMediaHandler`` will be
|
|
removed. In its place use
|
|
``django.contrib.staticfiles.handlers.StaticFilesHandler``.
|
|
|
|
* The template tags library ``adminmedia`` and the template tag ``{%
|
|
admin_media_prefix %}`` will be removed in favor of the generic static files
|
|
handling. (This is faster than the usual deprecation path; see the
|
|
:doc:`Django 1.4 release notes</releases/1.4>`.)
|
|
|
|
* The :ttag:`url` and :ttag:`ssi` template tags will be
|
|
modified so that the first argument to each tag is a template variable, not
|
|
an implied string. In 1.4, this behavior is provided by a version of the tag
|
|
in the ``future`` template tag library.
|
|
|
|
* The ``reset`` and ``sqlreset`` management commands will be removed.
|
|
|
|
* Authentication backends will need to support an inactive user
|
|
being passed to all methods dealing with permissions.
|
|
The ``supports_inactive_user`` attribute will no longer be checked
|
|
and can be removed from custom backends.
|
|
|
|
* :meth:`~django.contrib.gis.geos.GEOSGeometry.transform` will raise
|
|
a :class:`~django.contrib.gis.geos.GEOSException` when called
|
|
on a geometry with no SRID value.
|
|
|
|
* ``django.http.CompatCookie`` will be removed in favor of
|
|
``django.http.SimpleCookie``.
|
|
|
|
* ``django.core.context_processors.PermWrapper`` and
|
|
``django.core.context_processors.PermLookupDict`` will be removed in
|
|
favor of the corresponding
|
|
``django.contrib.auth.context_processors.PermWrapper`` and
|
|
``django.contrib.auth.context_processors.PermLookupDict``, respectively.
|
|
|
|
* The :setting:`MEDIA_URL` or :setting:`STATIC_URL` settings will be
|
|
required to end with a trailing slash to ensure there is a consistent
|
|
way to combine paths in templates.
|
|
|
|
* ``django.db.models.fields.URLField.verify_exists`` will be removed. The
|
|
feature was deprecated in 1.3.1 due to intractable security and
|
|
performance issues and will follow a slightly accelerated deprecation
|
|
timeframe.
|
|
|
|
* Translations located under the so-called *project path* will be ignored during
|
|
the translation building process performed at runtime. The
|
|
:setting:`LOCALE_PATHS` setting can be used for the same task by including the
|
|
filesystem path to a ``locale`` directory containing non-app-specific
|
|
translations in its value.
|
|
|
|
* The Markup contrib app will no longer support versions of Python-Markdown
|
|
library earlier than 2.1. An accelerated timeline was used as this was
|
|
a security related deprecation.
|
|
|
|
* The ``CACHE_BACKEND`` setting will be removed. The cache backend(s) should be
|
|
specified in the :setting:`CACHES` setting.
|
|
|
|
1.6
|
|
---
|
|
|
|
See the :doc:`Django 1.4 release notes</releases/1.4>` for more details on
|
|
these changes.
|
|
|
|
* ``django.contrib.databrowse`` will be removed.
|
|
|
|
* ``django.contrib.localflavor`` will be removed following an accelerated
|
|
deprecation.
|
|
|
|
* ``django.contrib.markup`` will be removed following an accelerated
|
|
deprecation.
|
|
|
|
* The compatibility modules ``django.utils.copycompat`` and
|
|
``django.utils.hashcompat`` as well as the functions
|
|
``django.utils.itercompat.all`` and ``django.utils.itercompat.any`` will
|
|
be removed. The Python builtin versions should be used instead.
|
|
|
|
* The ``csrf_response_exempt`` and ``csrf_view_exempt`` decorators will
|
|
be removed. Since 1.4 ``csrf_response_exempt`` has been a no-op (it
|
|
returns the same function), and ``csrf_view_exempt`` has been a
|
|
synonym for ``django.views.decorators.csrf.csrf_exempt``, which should
|
|
be used to replace it.
|
|
|
|
* The ``django.core.cache.backends.memcached.CacheClass`` backend
|
|
was split into two in Django 1.3 in order to introduce support for
|
|
PyLibMC. The historical ``CacheClass`` will be removed in favor of
|
|
``django.core.cache.backends.memcached.MemcachedCache``.
|
|
|
|
* The UK-prefixed objects of ``django.contrib.localflavor.uk`` will only
|
|
be accessible through their GB-prefixed names (GB is the correct
|
|
ISO 3166 code for United Kingdom).
|
|
|
|
* The ``IGNORABLE_404_STARTS`` and ``IGNORABLE_404_ENDS`` settings have been
|
|
superseded by :setting:`IGNORABLE_404_URLS` in the 1.4 release. They will be
|
|
removed.
|
|
|
|
* The :doc:`form wizard </ref/contrib/formtools/form-wizard>` has been
|
|
refactored to use class-based views with pluggable backends in 1.4.
|
|
The previous implementation will be removed.
|
|
|
|
* Legacy ways of calling
|
|
:func:`~django.views.decorators.cache.cache_page` will be removed.
|
|
|
|
* The backward-compatibility shim to automatically add a debug-false
|
|
filter to the ``'mail_admins'`` logging handler will be removed. The
|
|
:setting:`LOGGING` setting should include this filter explicitly if
|
|
it is desired.
|
|
|
|
* The builtin truncation functions ``django.utils.text.truncate_words()``
|
|
and ``django.utils.text.truncate_html_words()`` will be removed in
|
|
favor of the ``django.utils.text.Truncator`` class.
|
|
|
|
* The :class:`~django.contrib.gis.geoip.GeoIP` class was moved to
|
|
:mod:`django.contrib.gis.geoip` in 1.4 -- the shortcut in
|
|
:mod:`django.contrib.gis.utils` will be removed.
|
|
|
|
* ``django.conf.urls.defaults`` will be removed. The functions
|
|
:func:`~django.conf.urls.include`, :func:`~django.conf.urls.patterns` and
|
|
:func:`~django.conf.urls.url` plus :data:`~django.conf.urls.handler404`,
|
|
:data:`~django.conf.urls.handler500`, are now available through
|
|
:mod:`django.conf.urls` .
|
|
|
|
* The functions ``setup_environ()`` and ``execute_manager()`` will be removed
|
|
from :mod:`django.core.management`. This also means that the old (pre-1.4)
|
|
style of :file:`manage.py` file will no longer work.
|
|
|
|
* Setting the ``is_safe`` and ``needs_autoescape`` flags as attributes of
|
|
template filter functions will no longer be supported.
|
|
|
|
* The attribute ``HttpRequest.raw_post_data`` was renamed to ``HttpRequest.body``
|
|
in 1.4. The backward compatibility will be removed --
|
|
``HttpRequest.raw_post_data`` will no longer work.
|
|
|
|
* The value for the ``post_url_continue`` parameter in
|
|
``ModelAdmin.response_add()`` will have to be either ``None`` (to redirect
|
|
to the newly created object's edit page) or a pre-formatted url. String
|
|
formats, such as the previous default ``'../%s/'``, will not be accepted any
|
|
more.
|
|
|
|
1.7
|
|
---
|
|
|
|
See the :doc:`Django 1.5 release notes</releases/1.5>` for more details on
|
|
these changes.
|
|
|
|
* The module ``django.utils.simplejson`` will be removed. The standard library
|
|
provides :mod:`json` which should be used instead.
|
|
|
|
* The function ``django.utils.itercompat.product`` will be removed. The Python
|
|
builtin version should be used instead.
|
|
|
|
* Auto-correction of INSTALLED_APPS and TEMPLATE_DIRS settings when they are
|
|
specified as a plain string instead of a tuple will be removed and raise an
|
|
exception.
|
|
|
|
* The ``mimetype`` argument to the ``__init__`` methods of
|
|
:class:`~django.http.HttpResponse`,
|
|
:class:`~django.template.response.SimpleTemplateResponse`, and
|
|
:class:`~django.template.response.TemplateResponse`, will be removed.
|
|
``content_type`` should be used instead. This also applies to the
|
|
:func:`~django.shortcuts.render_to_response` shortcut and
|
|
the sitemamp views, :func:`~django.contrib.sitemaps.views.index` and
|
|
:func:`~django.contrib.sitemaps.views.sitemap`.
|
|
|
|
* When :class:`~django.http.HttpResponse` is instantiated with an iterator,
|
|
or when :attr:`~django.http.HttpResponse.content` is set to an iterator,
|
|
that iterator will be immediately consumed.
|
|
|
|
* The ``AUTH_PROFILE_MODULE`` setting, and the ``get_profile()`` method on
|
|
the User model, will be removed.
|
|
|
|
* The ``cleanup`` management command will be removed. It's replaced by
|
|
``clearsessions``.
|
|
|
|
* The ``daily_cleanup.py`` script will be removed.
|
|
|
|
* The ``depth`` keyword argument will be removed from
|
|
:meth:`~django.db.models.query.QuerySet.select_related`.
|
|
|
|
* The undocumented ``get_warnings_state()``/``restore_warnings_state()``
|
|
functions from :mod:`django.test.utils` and the ``save_warnings_state()``/
|
|
``restore_warnings_state()``
|
|
:ref:`django.test.*TestCase <django-testcase-subclasses>` methods are
|
|
deprecated. Use the :class:`warnings.catch_warnings` context manager
|
|
available starting with Python 2.6 instead.
|
|
|
|
* The undocumented ``check_for_test_cookie`` method in
|
|
:class:`~django.contrib.auth.forms.AuthenticationForm` will be removed
|
|
following an accelerated deprecation. Users subclassing this form should
|
|
remove calls to this method, and instead ensure that their auth related views
|
|
are CSRF protected, which ensures that cookies are enabled.
|
|
|
|
* The version of :func:`django.contrib.auth.views.password_reset_confirm` that
|
|
supports base36 encoded user IDs
|
|
(``django.contrib.auth.views.password_reset_confirm_uidb36``) will be
|
|
removed. If your site has been running Django 1.6 for more than
|
|
:setting:`PASSWORD_RESET_TIMEOUT_DAYS`, this change will have no effect. If
|
|
not, then any password reset links generated before you upgrade to Django 1.7
|
|
won't work after the upgrade.
|
|
|
|
1.8
|
|
---
|
|
|
|
* ``django.contrib.comments`` will be removed.
|
|
|
|
* The following transaction management APIs will be removed:
|
|
|
|
- ``TransactionMiddleware``,
|
|
- the decorators and context managers ``autocommit``, ``commit_on_success``,
|
|
and ``commit_manually``, defined in ``django.db.transaction``,
|
|
- the functions ``commit_unless_managed`` and ``rollback_unless_managed``,
|
|
also defined in ``django.db.transaction``,
|
|
- the ``TRANSACTIONS_MANAGED`` setting.
|
|
|
|
Upgrade paths are described in the :ref:`transaction management docs
|
|
<transactions-upgrading-from-1.5>`.
|
|
|
|
* The :ttag:`cycle` and :ttag:`firstof` template tags will auto-escape their
|
|
arguments. In 1.6 and 1.7, this behavior is provided by the version of these
|
|
tags in the ``future`` template tag library.
|
|
|
|
* The ``SEND_BROKEN_LINK_EMAILS`` setting will be removed. Add the
|
|
:class:`django.middleware.common.BrokenLinkEmailsMiddleware` middleware to
|
|
your :setting:`MIDDLEWARE_CLASSES` setting instead.
|
|
|
|
* ``Model._meta.module_name`` was renamed to ``model_name``.
|
|
|
|
* Remove the backward compatible shims introduced to rename ``get_query_set``
|
|
and similar queryset methods. This affects the following classes:
|
|
``BaseModelAdmin``, ``ChangeList``, ``BaseCommentNode``,
|
|
``GenericForeignKey``, ``Manager``, ``SingleRelatedObjectDescriptor`` and
|
|
``ReverseSingleRelatedObjectDescriptor``.
|
|
|
|
* Remove the backward compatible shims introduced to rename the attributes
|
|
``ChangeList.root_query_set`` and ``ChangeList.query_set``.
|
|
|
|
* ``django.conf.urls.shortcut`` and ``django.views.defaults.shortcut`` will be
|
|
removed.
|
|
|
|
* Support for the Python Imaging Library (PIL) module will be removed, as it
|
|
no longer appears to be actively maintained & does not work on Python 3.
|
|
You are advised to install `Pillow`_, which should be used instead.
|
|
|
|
.. _`Pillow`: https://pypi.python.org/pypi/Pillow
|
|
|
|
* The following private APIs will be removed:
|
|
|
|
- ``django.db.backend``
|
|
- ``django.db.close_connection()``
|
|
- ``django.db.backends.creation.BaseDatabaseCreation.set_autocommit()``
|
|
- ``django.db.transaction.is_managed()``
|
|
- ``django.db.transaction.managed()``
|
|
|
|
* ``django.forms.widgets.RadioInput`` will be removed in favor of
|
|
``django.forms.widgets.RadioChoiceInput``.
|
|
|
|
* The module ``django.test.simple`` and the class
|
|
``django.test.simple.DjangoTestSuiteRunner`` will be removed. Instead use
|
|
``django.test.runner.DiscoverRunner``.
|
|
|
|
* The module ``django.test._doctest`` will be removed. Instead use the doctest
|
|
module from the Python standard library.
|
|
|
|
* The ``CACHE_MIDDLEWARE_ANONYMOUS_ONLY`` setting will be removed.
|
|
|
|
* Usage of the hard-coded *Hold down "Control", or "Command" on a Mac, to select
|
|
more than one.* string to override or append to user-provided ``help_text`` in
|
|
forms for ManyToMany model fields will not be performed by Django anymore
|
|
either at the model or forms layer.
|
|
|
|
2.0
|
|
---
|
|
|
|
* ``django.views.defaults.shortcut()``. This function has been moved
|
|
to ``django.contrib.contenttypes.views.shortcut()`` as part of the
|
|
goal of removing all ``django.contrib`` references from the core
|
|
Django codebase. The old shortcut will be removed in the 2.0
|
|
release.
|
|
|
|
* ``ssi`` and ``url`` template tags will be removed from the ``future`` template
|
|
tag library (used during the 1.3/1.4 deprecation period).
|