Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.
http://docs.djangoproject.com/en/dev/releases/1.4/ - May 19, 2013 12:47:20 AM - May 13, 2011 1:36:55 AM
Last fetch attempt was insuccessful.
Reason: Timeout was reached
. For instance, to decouple “myapp” from the project module and import it as just
Django’s auth system ( algorithm, but increasing processor speeds and theoretical attacks have revealed that SHA1 isn’t as secure as we’d like. Thus, Django 1.4 introduces a new password storage system: by default Django now uses the
We’ve switched the admin and other bundled templates to use the HTML5 doctype. While Django will be careful to maintain compatibility with older browsers, this change means that you can use any HTML5 features you need in admin pages without having to lose HTML validity or override the provided templates to change the doctype.
app let you specify change list filters by specifying a field lookup, but it didn’t allow you to create custom filters. This has been rectified with a simple API (previously used internally and known as “FilterSpec”). For more details, see the documentation for
to store the session data in the client’s browser.
Session data is signed and validated by the server, but it’s not encrypted. This means a user can view any data stored in the session but cannot change it. Please read the documentation for further clarification before using this backend.
has been replaced with a new implementation based on the class-based views introduced in Django 1.3. It features a pluggable storage API and doesn’t require the wizard to pass around hidden fields for every previous step.
also introduced in Django 1.4 to store the wizard’s state in the user’s cookies.
was added to allow using URL reversals before the project’s URLconf gets loaded.
helper function. It’s also now possible to define translatable URL patterns using
, and there’s no need to catch and unwrap
This new filter truncates a string to be no longer than the specified number of characters. Truncated strings end with a translatable ellipsis sequence (”...”). See the documentation for
storage backend. It uses the storage backend’s
management command) by appending the MD5 hash of the file’s content to the filename. For example, the file
We’ve added a middleware to provide easy protection against header. It’s not enabled by default for backwards compatibility reasons, but you’ll almost certainly want to
We’ve made various improvements to our CSRF features, including the
to test whether the client’s response contains a given HTML fragment. See the
- – the name of the timezone of the given datetime object
- – the ISO 8601 year number
- A more usable stacktrace in the technical 500 page. Frames in the stack trace that reference Django’s framework code are dimmed out, while frames in application code are slightly emphasized. This change makes it easier to scan a stacktrace for issues in application code.
- It’s now possible to load fixtures containing forward references when using MySQL with the InnoDB database engine.
setting useful. It solves the problem of your proxy “eating” the fact that a request came in via HTTPS. But only use this setting if you know what you’re doing.
It’s now possible to pass initial values to the model forms that are part of both model formsets and inline model formsets as returned from factory functions
that’s lighter than and company. It can be useful in tests that don’t need to hit a database. See
disables many of Django’s security protections and can lead to remote-code-execution vulnerabilities. No Django site should ever be run without a
Starting in Django 1.4, the admin’s static files also follow this convention, to make the files easier to deploy. In previous versions of Django, it was also common to define an setting to point to the URL where the admin’s static files live on a Web server. This setting has now been deprecated and replaced by the more general setting
If you’ve previously used a URL path for
setting to the correct URL – for example,
If you’re implicitly relying on the path of the admin static files within Django’s source code, you’ll need to update that path. The files were moved from
Django hasn’t had a clear policy on which browsers are supported by the admin app. Our new policy formalizes existing practices: YUI’s A-grade
As part of an effort to improve the performance and usability of the admin’s change-list sorting interface and “filter” widgets, some icon files were removed and grouped into two sprite files.
If you used those icons to customize the admin, then you’ll need to replace them with your own icons or get the files from a previous release.
- Consequences: The user will see the validation error “Security hash failed.”
- Note: This is actually a Django 1.1 fallback, not Django 1.2, and it applies only if you’re upgrading from 1.1.
- Consequences: Each user’s password will be updated to a stronger password hash when it’s written to the database in 1.4. This means that if you upgrade to 1.4 and then need to downgrade to 1.3, version 1.3 won’t be able to read the updated passwords.
- to use your original password hashing when you initially upgrade to 1.4. After you confirm your app works well with Django 1.4 and you won’t have to roll back to 1.3, enable the new password hashes.
- It includes milliseconds for datetime and time objects. There is still some precision loss, because Python stores microseconds (6 digits) and JSON only supports milliseconds (3 digits). However, it’s better than discarding microseconds entirely.
when a query triggered an exception. We’ve fixed this bug, and we now raise , you’ll need to update your
Database connection’s thread-locality
object anymore and is now a proxy to access that object’s attributes. If you need to access the actual
Finally, while it’s now possible to pass connections between threads, Django doesn’t make any effort to synchronize access to the underlying backend. Concurrency behavior is defined by the underlying backend implementation. Check their documentation for details.
Django’s has historically supported excluding the comments of a special user group, but we’ve never documented the feature properly and didn’t enforce the exclusion in other parts of the app such as the template tags. To fix this problem, we removed the code from the feed class.
Until Django 1.3, it was possible to exclude some URLs from Django’s
, which is a list of compiled regular expressions. Django won’t send an email for 404 errors on URLs that match any of them.
It’s not Django’s role to decide if your website has a legacy
Don’t forget to escape characters that have a special meaning in a regular expression, such as periods.
Previously, Django’s – i.e., we exempt GET, HEAD, OPTIONS and TRACE, and we enforce protection on everything else.
If you’re using PUT or DELETE methods in AJAX applications, please see the
parameter, which is passed to the password save form as a keyword argument. If you are using this view with a custom password reset form, then you will need to ensure your form’s
since 2005, and we’ve removed it without emitting a warning due to the length of the deprecation. If your code still referenced this, please use
is able to construct any Python object, which may trigger arbitrary code execution if you process a YAML document that comes from an untrusted source. This feature isn’t necessary for Django’s YAML deserializer, whose primary use is to load fixtures consisting of simple objects. Even though fixtures are trusted data, the YAML deserializer now uses
now assumes that the URL is already escaped and doesn’t apply URL escaping again. This is wrong for URLs whose unquoted form contains a
It’s now possible to check whether a template was used within a block of code with
The default test runner no longer restores the database connections after tests’ execution. This prevents the production database from being exposed to potential threads that would still be running and attempting to create new connections.
If your code relied on connections to the production database being created after tests’ execution, then you can restore the previous behavior by subclassing
now groups available commands by application. If you depended on the output of this command – if you parsed it, for example – then you’ll need to update your code. To get a list of all available management commands in a script, use
tag used a buggy method of parsing arguments, which could lead to it erroneously considering an argument as a string literal when it wasn’t. It now uses
The internals of the tag aren’t part of the official stable API, but in the interests of full disclosure, the
The code that powers Databrowse is licensed under the same terms as Django itself, so it’s available to be adopted by an individual or group as a third-party project.
in order to make the parent “project” directory importable under the old flat
This function was never documented or part of the public API, but it was widely recommended for use in setting up a “Django environment” for a user script. These uses should be replaced by setting the
, define how each template filter interacts with Django’s auto-escaping behavior. They used to be attributes of the filter function:
, but it actually provided the body of the HTTP request. It’s been renamed to
objects used in sitemap classes were cached, which could result in stale site maps. We’ve removed the caching, so each request to a site map now creates a new Paginator object and calls the