Django

Until Quentin Tarantino released his epic movie masterpiece, Django was synonymous with "the best Python framework of all time." While its SEO and search reputation might have taken a hit, Django is still the same top-shelf solution for developing Web applications in Python.

With a dedicated userbase and a plethora of online tutorials, getting started with Django is not only recommended but extremely easy to do also.

This behemoth of the Python development world is extremely well-respected and has been the inspiration of many similar frameworks, some of them even outside of Python's spectrum.

After years and years of development, Django is now an extremely stable tool, with very few bugs and a lot of documentation to help any beginner out. It is also constantly updated and upgraded to the latest Python releases as well.

Right now Django has been used on major Internet sites like Instagram, Mozilla, Disqus, OpenStack, Rdio and Pinterest, just to name a few. What this tells you as a developer is that you can easily trust it to run your clients' projects if it can handle the traffic and userbases the aforementioned sites handle.

What is new in this release:

• Support for performing actions after a transaction commit.
• Support for password validation.
• Permission mixins for class-based views.
• New styling for contrib.admin.
• Support for running tests in parallel.

What is new in version 1.9:

• Support for performing actions after a transaction commit.
• Support for password validation.
• Permission mixins for class-based views.
• New styling for contrib.admin.
• Support for running tests in parallel.

What is new in version 1.8.3:

• Fixed session flushing in the cached_db backend.

What is new in version 1.8.1:

• A formalized API for Model._meta.
• Native support for multiple template engines.
• Support for complex SQL expressions via the ORM.
• New PostgreSQL specific functionality in contrib.postgres.

What is new in version 1.7.5 / 1.8b1:

• Bugfixes:
• Fixed a migration crash when unapplying contrib.contenttypes's or contrib.auth's first migration.
• Made the migration's RenameModel operation rename ManyToManyField tables.
• Fixed a migration crash on MySQL when migrating from a OneToOneField to a ForeignKey.
• Prevented the static.serve view from producing ResourceWarnings in certain circumstances.
• Fixed schema check for ManyToManyField to look for internal type instead of checking class instance, so you can write custom m2m-like fields with the same behavior.

What is new in version 1.7.2:

• Bugfixes:
• Added GeoDjango compatibility with mysqlclient database driver.
• Fixed MySQL 5.6+ crash with GeometryFields in migrations.
• Fixed a migration crash when removing a field that is referenced in AlterIndexTogether or AlterUniqueTogether.
• Updated the first day of the week in the Ukrainian locale to Monday.
• Added support for transactional spatial metadata initialization on SpatiaLite 4.1+.
• Fixed a migration crash that prevented changing a nullable field with a default to non-nullable with the same default.
• Fixed a migration crash when adding GeometryFields with blank=True on PostGIS.
• Allowed usage of DateTimeField() as Transform.output_field.
• Fixed a migration serializing bug involving float("nan") and float("inf").
• Fixed a regression where custom form fields having a queryset attribute but no limit_choices_to could not be used in a ModelForm.
• Fixed a custom field type validation error with MySQL backend when db_type returned None.
• Fixed a migration crash when a field is renamed that is part of an index_together.
• Fixed squashmigrations to respect the --no-optimize parameter.
• Made RenameModel reversible.
• Avoided unnecessary rollbacks of migrations from other apps when migrating backwards.
• Fixed a rare query error when using deeply nested subqueries.
• Fixed a crash in migrations when deleting a field that is part of a index/unique_together constraint.
• Fixed django.core.files.File.__repr__() when the file's name contains Unicode characters.
• Added missing context to the admin's delete_selected view that prevented custom site header, etc. from appearing.
• Fixed a regression with dynamically generated inlines and allowed field references in the admin.
• Fixed an infinite loop bug for certain cyclic migration dependencies, and made the error message for cyclic dependencies much more helpful.
• Added missing index_together handling for SQLite.

What is new in version 1.7.1:

• Allowed related many-to-many fields to be referenced in the admin.
• Added a more helpful error message if you try to migrate an app without first creating the contenttypes table.
• Modified migrations dependency algorithm to avoid possible infinite recursion.
• Fixed a UnicodeDecodeError when the flush error message contained Unicode characters.
• Reinstated missing CHECK SQL clauses which were omitted on some backends when not using migrations.
• Fixed serialization of type objects in migrations.
• Allowed inline and hidden references to admin fields.
• The @deconstructible decorator now fails with a ValueError if the decorated object cannot automatically be imported.
• Fixed a typo in an inlineformset_factory() error message that caused a crash.
• Restored the ability to use ABSOLUTE_URL_OVERRIDES with the 'auth.User' model (#11775). As a side effect, the setting now adds a get_absolute_url() method to any model that appears in ABSOLUTE_URL_OVERRIDES but doesn't define get_absolute_url().
• Avoided masking some ImportError exceptions during application loading.
• Empty index_together or unique_together model options no longer results in infinite migrations.
• Fixed crash in contrib.sitemaps if lastmod returned a date rather than a datetime.
• Allowed migrations to work with app_labels that have the same last part (e.g. django.contrib.auth and vendor.auth).
• Restored the ability to deepcopy F objects.
• Formats for Welsh (cy) and several Chinese locales (zh_CN, zh_Hans, zh_Hant and zh_TW) have been added. Formats for Macedonian have been fixed.
• Added quoting of constraint names in the SQL generated by migrations to prevent crash with uppercase characters in the name.
• Fixed renaming of models with a self-referential many-to-many field (ManyToManyField('self')).
• Added the get_extra(), get_max_num(), and get_min_num() hooks to GenericInlineModelAdmin.
• Made migrations.RunSQL no longer require percent sign escaping. This is now consistent with cursor.execute().
• Made the SERIALIZE entry in the TEST dictionary usable.
• Fixed bug in migrations that prevented foreign key constraints to unmanaged models with a custom primary key.
• Added SchemaEditor for MySQL GIS backend so that spatial indexes will be created for apps with migrations.
• Added SchemaEditor for Oracle GIS backend so that spatial metadata and indexes will be created for apps with migrations.
• Coerced the related_name model field option to Unicode during migration generation to generate migrations that work with both Python 2 and 3.
• Fixed MigrationWriter to handle builtin types without imports.
• Fixed deepcopy on ErrorList.
• Made the admindocs view to browse view details check if the view specified in the URL exists in the URLconf. Previously it was possible to import arbitrary packages from the Python path. This was not considered a security issue because admindocs is only accessible to staff users.
• Fixed UnicodeDecodeError crash in AdminEmailHandler with non-ASCII characters in the request.
• Fixed missing get_or_create and update_or_create on related managers causing IntegrityError.
• Made urlsafe_base64_decode() return the proper type (byte string) on Python 3.
• makemigrations can now serialize timezone-aware values.
• Added a prompt to the migrations questioner when removing the null constraint from a field to prevent an IntegrityError on existing NULL rows.
• Fixed generic relations in ModelAdmin.list_filter.
• Restored RFC compliance for the SMTP backend on Python 3.
• Fixed a crash while parsing cookies containing invalid content.
• The system check framework now raises error models.E020 when the class method Model.check() is unreachable.

What is new in version 1.7:

• A new built-in database migration system. Notes on upgrading from South (a popular third-party application providing migration functionality) are also available.
• A refactored concept of Django applications. Django applications are no longer tied to the existence of a models files, and can now specify both configuration data and code to be executed as Django starts up.
• Improvements to the model Field API to support migrations and, in the future, to enable easy addition of composite-key support to Django's ORM.
• Improvements for custom Manager and QuerySet classes, allowing reverse relationship traversal to specify the Manager to use, and creation of a Manager from a custom QuerySet class.
• A extensible system check framework which can assist developers in detecting and diagnosing errors.

What is new in version 1.6.3 / 1.7b2:

• Fixed:
• MySQL typecasting
• Unexpected code execution using reverse()
• Caching of anonymous pages could reveal CSRF token

What is new in version 1.6.2:

• Fixed mail encoding on Python 3.3.3+.
• Fixed an issue where when settings.DATABASES['default']['AUTOCOMMIT'] = False, the connection wasn't in autocommit mode but Django pretended it was.
• Fixed a regression in multiple-table inheritance exclude() queries.
• Added missing items to django.utils.timezone.__all__.
• Fixed a field misalignment issue with select_related() and model inheritance.
• Fixed join promotion for negated AND conditions.
• Oracle database introspection now works with boolean and float fields.
• Fixed an issue where lazy objects weren't actually marked as safe when passed through mark_safe() and could end up being double-escaped.
• Fixed a crash when executing the changepassword command when the user object representation contained non-ASCII characters.
• The collectstatic command will raise an error rather than default to using the current working directory if STATIC_ROOT is not set. Combined with the --clear option, the previous behavior could wipe anything below the current working directory.

What is new in version 1.6.1:

• Bugs fixed:
• Fixed display of inline instances in formsets when parent has 0 for primary key.
• Fixed a regression where custom querysets for foreign keys were overwritten if ModelAdmin had ordering set.
• Removed mention of a feature in the --locale/-l option of the makemessages and compilemessages commands that never worked as promised: Support of multiple locale names separated by commas. It's still possible to specify multiple locales in one run by using the option multiple times.
• Fixed a regression that unnecessarily triggered settings configuration when importing get_wsgi_application.
• Fixed test client logout() method when using the cookie-based session backend.
• Fixed a crash when a GeometryField uses a non-geometric widget.
• Fixed password hash upgrade when changing the iteration count.
• Fixed a bug in the debug view when the URLconf only contains one element.
• Re-added missing search result count and reset link in changelist admin view.
• The current language is no longer saved to the session by LocaleMiddleware on every response, but rather only after a logout.
• Fixed a crash when executing runserver on non-English systems and when the formatted date in its output contained non-ASCII characters.
• Fixed a crash in the debug view after an exception occurred on Python ≥ 3.3.
• Fixed a crash in ImageField on some platforms (Homebrew and RHEL6 reported).
• Fixed a regression when using generic relations in ModelAdmin.list_filter.

What is new in version 1.6:

• Django 1.6 simplifies the default project and application templates, turning on clickjacking protection and the admin interface by default.
• Django 1.6 overhauls Django's transaction handling, and now enables database-level autocommit by default. This involves some deprecations, so please be sure to read the notes about migrating from 1.5-style transaction handling.
• Django 1.6 supports persistent database connections. Note that this is not the same as connection pooling; this simply allows connections to live (for a configurable time) across requests handled by the same worker.

What is new in version 1.5.4 / 1.6 Beta 4:

• Fixed:
• Denial of Service via large passwords.

What is new in version 1.5.3 / 1.6 Beta 3:

• These releases address a directory-traversal vulnerability in one of Django's built-in template tags.

What is new in version 1.5.2:

• Fixed:
• Cross-site scripting (XSS) in admin interface
• Possible XSS via is_safe_url

What is new in version 1.5.1:

• Module-level warnings emitted during tests are no longer silently hidden.
• Prevented filtering on password hashes in the user admin.

What is new in version 1.5.0:

• Django 1.5 introduces support for a configurable User model.
• Django 1.5 is the first Django release with support for Python 3 (specifically, Python 3.2 and newer).
• Django's documentation has also gotten some pretty significant work.

What is new in version 1.4.4 / 1.5 RC 2:

• These security releases fix four issues: one potential phishing vector, one denial-of-service vector, an information leakage issue, and a range of XML vulnerabilities.

What is new in version 1.4.2:

• Fixed host header poisoning.
• Documentation of HttpOnly cookie option.

What is new in version 1.4.1:

• Fixed security bugs:
• For cross-site scripting in authentication views.
• Denial-of-service in image validation.
• Denial-of-service via get_image_dimensions().

What is new in version 1.4:

• Django 1.4 is the last official release of Django which will support Python 2.5.

What is new in version 1.4 RC 2:

• Django 1.4 drops support for Python 2.4
• Support for in-browser testing frameworks
• SELECT FOR UPDATE support
• Model.objects.bulk_create in the ORM
• QuerySet.prefetch_related
• Improved password hashing
• HTML5 doctype
• List filters in admin interface
• Multiple sort in admin interface
• New ModelAdmin methods
• Admin inlines respect user permissions
• Tools for cryptographic signing
• Cookie-based session backend
• New form wizard
• reverse_lazy
• Translating URL patterns
• Contextual translation support for {% trans %} and {% blocktrans %}
• Customizable SingleObjectMixin URLConf kwargs
• Assignment template tags
• *args and **kwargs support for template tag helper functions
• No wrapping of exceptions in TEMPLATE_DEBUG mode
• truncatechars template filter
• static template tag
• CachedStaticFilesStorage storage backend
• Simple clickjacking protection
• CSRF improvements
• Error report filtering
• Extended IPv6 support
• Updated default project layout and manage.py
• Improved WSGI support
• Custom project and app templates
• Support for time zones
• HTML comparisons in tests
• Two new date format strings

What is new in version 1.3.1:

• Session manipulation.
• Denial of service attack via URLField.
• URLField redirection.
• Advisory: Host header and CSRF.
• Advisory: DEBUG pages and sensitive POST data.

What is new in version 1.3:

• A framework for writing class-based views.
• Built-in support for using Python's logging facilities.
• Contrib support for easy handling of static files.
• Django's testing framework now supports (and ships with a copy of) the unittest2 library.

What is new in version 1.2.5:

• Security fixes:
• Flaw in CSRF handling.
• Potential XSS in file field rendering.
• Directory-traversal vulnerability on Windows.

What is new in version 1.3 beta 1:

• Changes to the login methods of the admin.
• Django 1.3 ships with a new contrib app django.contrib.staticfiles to help developers handle the static media files (images, CSS, JavaScript, etc.) that are needed to render a complete web page.
• Further tweaks to the staticfiles app.

What is new in version 1.2.3 / 1.3 alpha 1:

• Class-based views.
• Logging.
• Extended static files handling.
• Transaction context managers.

Requirements:

• Python 2.7 or higher