Week ending 2025-06-01 (Week 22)

Triaged

• https://code.djangoproject.com/ticket/36416 - id_list argument to in_bulk() does not account for composite primary keys when batching (accepted)
• https://code.djangoproject.com/ticket/36417 - Intersects result not matching ‘not disjoint’ result for geography field (needsinfo)
• https://code.djangoproject.com/ticket/36418 - bulk_update None on JSON field sets the value as “null” string in Postgresql (retriage invalid)
• https://code.djangoproject.com/ticket/36419 - bulk_update() incorrectly updates top-level JSONField value to JSON ‘null’ instead of SQL NULL (accepted)
• https://code.djangoproject.com/ticket/36411 - MediaType.get_preferred_type ignores params (accepted)
• https://code.djangoproject.com/ticket/36422 - Settings exception hidden when running management command (duplicate)
• https://code.djangoproject.com/ticket/36424 - Extend documentation related to handling of model name collisions in shell auto-imports (accepted)

Reviewed

• https://github.com/django/django/pull/19490 - Fixed #36402, Refs #35980 – Updated built package name in reusable apps tutorial for PEP 625.
• https://github.com/django/django/pull/19479 - Fixed #36380 – Kept query formatting lazy.
• https://github.com/django/django/pull/19461 - Removed unreachable check for None in TruncBase.convert_value().
• https://github.com/django/django/pull/19424 - Removed redundant redefinition of variable in tests/test_utils/tests.py.
• https://github.com/django/django/pull/19510 - Fixed #36423 – Prevented filter_horizontal buttons from intercepting form submission.
• https://github.com/django/django/pull/19507 - Fixed #36411 – Made HttpRequest.get_preferred_type() consider media type parameters.

Authored

• https://github.com/django/django/pull/19508 - Fixed #34111 – Made test runner with --debug-sql format SQL queries.
• https://github.com/django/django/pull/19509 - Fixed #36380 – Deferred SQL formatting until DEBUG log is emitted.
• https://github.com/django/django/pull/19512 - Fixed #36380 – Deferred SQL formatting when running tests with --debug-sql.

Other/Misc

• Sent invoice for April hours.
• Monthly call with the Steering Council.
• Prepared patches and sent Security Release pre-notifications.

Week ending 2025-06-08 (Week 23)

Triaged

• https://code.djangoproject.com/ticket/36426 - prefetch_related_objects() is doc’d to accept iterables but only accepts sequences (accepted)
• https://code.djangoproject.com/ticket/36421 - Support for msgfmt==0.25 (accepted)
• https://code.djangoproject.com/ticket/36425 - Clarify backend-specific mappings and portable safe ranges of PositiveIntegerField types (accepted)
• https://code.djangoproject.com/ticket/36444 - Create Custom Django Management Command for Project + App Setup (wontfix)

Reviewed

• https://github.com/django/django/pull/19507 - Fixed #36411 – Made HttpRequest.get_preferred_type() consider media type parameters.
• https://github.com/django/django/pull/19503 - Fixed #36419 – Made bulk_update() convert top-level None to SQL NULL for JSONField.
• https://github.com/django/django/pull/19525 - Refs CVE-2025-48432 – Prevented log injection in remaining response logging.
  • This is a follow up of CVE-2025-48432 and will be released in 5.2.3, 5.1.11 and 4.2.23 on June 10th. See the linked release notes for further details.

Other/Misc

• Engaged in security reports.
• 1-1 with Board Liaison Jeff.
• Biweekly meeting with Interim Fellow Line Manager (Andrew Godwin).
• Sent invoice for May hours.
• Attended DSF Office Hours.
• Django Security Release issued!
  • https://www.djangoproject.com/weblog/2025/jun/04/security-releases/

Week ending 2025-06-15 (Week 24)

Triaged

• https://code.djangoproject.com/ticket/36446 - Django 5.2.2 incompatibly removed q from MediaType.params (accepted)
• https://code.djangoproject.com/ticket/36447 - HttpRequest.get_preferred_type misorders types when more specific accepted types have lower q (accepted)
• https://code.djangoproject.com/ticket/36463 - Grammar error in contributions tutorial (accepted)

Reviewed

• https://github.com/django/django/pull/19118 - Refs #36079 – InlineForm header new feature.
• https://github.com/django/django/pull/19532 - Refs #36416, #34378, #36143 – Fixed isolation of LookupTests.test_in_bulk_preserve_ordering_with_batch_size().
• https://github.com/django/django/pull/19550 - Added follow-up to CVE-2025-48432 to security archive.
• https://github.com/django/django/pull/18494 - Fixed #25706 – Refactored geometry widgets to remove inline JavaScript.
• https://github.com/django/django/pull/19520 - Made minor grammar and punctuation improvements in docs/topics/migrations.txt.
• https://github.com/django/django/pull/19262 - Removed default for app_configs from system check functions.
• https://github.com/django/django/pull/19549 - Added linting tool for documentation files.
• https://github.com/django/django/pull/19558 - Fixed #36463 – Fixed grammar in docs/intro/contributing.txt.

Authored

• https://github.com/django/django/pull/19512 - Fixed #36380 – Deferred SQL formatting when running tests with --debug-sql.
  • Restarted work after security release, added extensive testing, ready for review!
• https://github.com/django/django/pull/19548 - Fixed #36446 – Restored “q” in internal MediaType.params property.
• https://github.com/django/django/pull/19552 - Added guidance on AI-assisted security reports to docs/internals/security.txt.
• https://github.com/django/django/pull/19557 - Refs #36009 – Added GitHub action workflow to run tests with latest stable postgis version.
• https://forum.djangoproject.com/t/automatic-docs-linter-for-style-consistency/41383 - Automatic docs linter for style consistency
• https://forum.djangoproject.com/t/testing-newer-geospatial-libs/41404 - Testing newer geospatial libs

Other/Misc

• Security reports triage and follow up.
• Attended monthly Ops call.

Week ending 2025-06-22 (Week 25)

Triaged

• https://code.djangoproject.com/ticket/36468 - Popup stays blank after adding a related object when filter_horizontal is used (worksforme)
• https://code.djangoproject.com/ticket/36474 - Add sphinx-autobuild and livehtml command to make file for live reload of the django documentation (wontfix)

Reviewed

• https://github.com/django/django/pull/19566 - Refs #25706 – Avoided adding an unneeded and potentially non-unique ID.
• https://github.com/django/django/pull/19565 - Fixed #36464 – Fixed tuple in subquery lookup when missing native support.
• https://github.com/django/django/pull/19571 - Clarified that only latest dependency versions are valid for security reports.
• https://github.com/django/django/pull/19569 - Fixed #36466 – Removed the GeneratedField restriction from the E042 check.
• https://github.com/django/django/pull/19330 - Added Prefetch + filter() example for prefetch_related().
• https://github.com/django/django/pull/19393 - Fixed #15727 – Added Content-Security-Policy support.
• https://github.com/django/code.djangoproject.com/pull/268/ - Updated default ticket version to 5.2.

Authored

• https://github.com/django/django/pull/19552 - Added guidance on AI-assisted security reports to docs/internals/security.txt.
  • Incorporated new review feedback and wrote instructions for AI-tools (yes, inception).
• https://code.djangoproject.com/ticket/36470 - Potential log injection in development server (runserver) logging
• https://github.com/nessita/django/pull/26 - Refined CSP violations checks on admin selenium tests.
  • While reviewing the branch that adds CSP support to Django core, I’ve been ensuring that the existing Selenium admin tests properly detect CSP violations.

Other/Misc

• Security:
  • Triaged security reports.
  • Extended pre-defined responses at https://code.djangoproject.com/wiki/SecurityTeam.
• Engaged in many conversations with multiple potential Fellow applicants.
• Watched
• 1-1 with Board Liaison Jeff.
• Biweekly meeting with Interim Fellow Line Manager (Andrew Godwin).

Week ending 2025-06-23 (Week 26)

Heads up: I’ll be off during the second week of July due to school’s Winter Holiday. Besides resting, seeking warm weather is one of our main quests.

Triaged

• https://code.djangoproject.com/ticket/35846 - Reproducibility of staticfiles manifests (accepted)
• https://code.djangoproject.com/ticket/36445 - Value(None, output_field=JSONField()) incorrectly saves as SQL NULL in bulk_update() (accepted → wontfix)
• https://code.djangoproject.com/ticket/36477 - Add an internal helper for deprecating positional arguments in favor of keyword-only arguments (accepted)

Reviewed

• https://github.com/django/django/pull/19586 - Fixed #35846 – Improved reproducibility on staticfiles manifests.
• https://github.com/django/django/pull/19393 - Fixed #15727 – Added Content-Security-Policy support.
  • Most of my week went into finalizing this branch (I literally dreamt about the docs…).
  • The good news: it has now landed!
• https://github.com/django/django/pull/19592 - Fixed #36470 – strip ANSI escape codes from log_message() output
• https://github.com/django/django/pull/19593 - Fixed #36470 – Potential log injection in development server (runserver) logging
• https://github.com/django/django/pull/19597 - Refs #36009 – Added support for PostGIS 3.5
• https://github.com/django/django/pull/19595 - Refs #36481 – Fixed QuerySet.update concrete fields check.
• https://github.com/django/django/pull/19596 - Separated creating the release and setting it as default in Trac in the post-release steps.

Authored

• https://github.com/django/django/pull/19594 - Extended the GitHub pull request template to require AI assistance disclosure.

Other/Misc

• Monthly catch up with the Steering Council.
• Engaged in forum and new-features conversations.

Week ending 2025-07-06 (Week 27)

Triaged

• https://code.djangoproject.com/ticket/36485 - Add linting tool for documentation (accepted)
• https://code.djangoproject.com/ticket/36479 - Failing test for black formatter missing install simulation (accepted)
• https://code.djangoproject.com/ticket/36484 - Add optional error-on-integer-overflow setting for QuerySet filters (wontfix)
• https://code.djangoproject.com/ticket/36483 - IntegerField will accept non-ASCII digits, which leads to the same page appearing at many URLs (duplicate)
• https://code.djangoproject.com/ticket/36488 - RedirectView(query_string=True) produces double ‘?’ when both destination URL and request have query parameters (accepted)
• https://code.djangoproject.com/ticket/36489 - OneToOneField + concurrent get_or_create results in wrong object in field cache (accepted)

Reviewed

• https://github.com/django/django/pull/19565 - Fixed #36464 – Fixed tuple in subquery lookup when missing native support.
• https://github.com/django/django/pull/19591 - Fixed #36479 – Improved how FileNotFoundError is triggered in code formatter tests.
• https://github.com/django/django/pull/19586 - Fixed #35846 – Ensured consistent path ordering in ManifestStaticFilesStorage manifest files.
• https://github.com/django/django/pull/19145 - Fixed #36477, Refs #36163 – Implemented deprecate_posargs decorator.

Authored

• https://github.com/django/django/pull/19615 - Fixed AttributeError for enterContext() on Python < 3.11.

Other/Misc

• Sent invoice for June hours.
• Released 5.2.4: https://www.djangoproject.com/weblog/2025/jul/02/bugfix-releases/

Week ending 2025-07-13 (Week 28)

Holidays! We went to a warm beach in the north of Brazil.
I got a cold on our way back though.

Week ending 2025-07-20 (Week 29)

Intense return, lots of catch up to do!

Triaged

• https://code.djangoproject.com/ticket/36499 - strip_tags() fails with patched Python versions due to HTMLParser EOF behavior change (bumped to release blocker)
• https://code.djangoproject.com/ticket/36494 - Various failures for JSONField lookups and right-hand side subqueries (wontfix)
• https://code.djangoproject.com/ticket/36508 - Asymmetry between exact and iexact when filtering JSON keys against None (duplicate)
• https://code.djangoproject.com/ticket/36507 - Document that only the base queryset’s prefetch_related() is preserved when using union() (accepted)

Reviewed

• https://github.com/django/django/pull/19631 - [micro-optimization] Improved speed for form field validation.
• https://github.com/django/django/pull/19145 - Fixed #36477, Refs #36163 – Implemented deprecate_posargs decorator.
• https://github.com/django/django/pull/19566 - Refs #25706 – Avoided adding an unneeded and potentially non-unique ID.
• https://github.com/django/django/pull/19621 - Added tests for assertRedirects() when following a redirect.
• https://github.com/django/django/pull/19186 - Fixed #36163 – Deprecated most positional args to django.core.mail.
• https://github.com/django/django/pull/19643 - Fixed #36410 – Added named template partials to DTL
• https://github.com/django/django/pull/19624 - Fixed #8408. Add ModelAdmin.estimated_count flag for optional fast row estimation in admin changelists
• https://github.com/django/django/pull/19644 - Triggered window resize to fix layout issues.

Authored

• https://github.com/django/django/pull/19639 - Fixed #36499 – Adjusted utils_tests.test_html.TestUtilsHtml.test_strip_tags following Python’s HTMLParser new behavior.
• https://github.com/django/django/pull/19640 - Added GitHub Action to enforce stable branch commit message prefix.
• https://github.com/django/django/pull/19647 - Fixed GitHub Action that checks commit prefixes to fetch PR head correctly.
• https://github.com/django/django/pull/19646 - [5.2.x] Added SimpleTestCase.enterContext() on Python < 3.11.
• https://github.com/django/django/pull/19649 - Refs #35680 – Sorted shell default autoimports to prevent isort mismatches.
• https://forum.djangoproject.com/t/csp-and-geodjango/41879

Other/Misc

• General catch up after a 10-days absence. Good and lots of stuff!
• 1-1 with Board Liaison Jeff.
• Biweekly meeting with Interim Fellow Line Manager (Andrew Godwin).
• Coordination meeting with Steering Council, Fellows and Accessibility representatives for the “Admin Keyboards” feature.
• Moderation work on GitHub.

Week ending 2025-07-27 (Week 30)

Triaged

• https://code.djangoproject.com/ticket/36514 - Improve ALLOWED_HOSTS error message: show both values (wontfix)
• https://code.djangoproject.com/ticket/36500 - inconsistent 79 char limit for docstrings and comments (accepted)
• https://code.djangoproject.com/ticket/36520 - Performance Regression in parse_header_params (accepted)
• https://code.djangoproject.com/ticket/36524 - EmailMessage method documentation cannot be cross referenced (accepted)
• https://code.djangoproject.com/ticket/36523 - Implement helper method to find module path of value (someday/maybe)

Reviewed

• https://github.com/django/django/pull/19643 - Fixed #36410 – Added named template partials to DTL
• https://github.com/django/django/pull/18786 - Improved GEOS error messages and tests.
• https://github.com/django/django/pull/19651 - Removed double spaces after periods.
• https://github.com/django/django/pull/18466 - Standardized calling decorators on contrib.auth views.
• https://github.com/django/django/pull/19665 - Update tutorial01.txt: Recommended to name a single app core
• https://github.com/django/django/pull/17338 - Accessibility guidelines for all contributors
• https://github.com/django/django/pull/19597 - Fixed #36009 – Added support for PostGIS 3.5.
• https://github.com/django/django/pull/19661 - Fixed #36500 – Set flake8 max-doc-length config to 79 columns.
• https://github.com/django/django/pull/19669 - Fixed #36519 – Made centre filter consistent for odd padding.
• https://github.com/django/django/pull/19599 - Enforced absolute targets for :doc: in docs.
• https://github.com/django/django/pull/19068 - Add missing command for running-test on contributing page

Authored

• https://discuss.python.org/t/performance-regression-from-using-email-message-message-get-params-as-replacement-of-cgi-parse-header-following-pep-594/99963

Other/Misc

• Security report triage.

Week ending 2025-08-03 (Week 31)

Triaged

• https://code.djangoproject.com/ticket/36526 - bulk_update uses more memory than expected (duplicate)
• https://code.djangoproject.com/ticket/36527 - Allow for runserver development server warning to be silenced via settings. (wontfix)
• https://code.djangoproject.com/ticket/36528 - When “view_on_site” is set to True, the rendered button has an underline. (accepted)
• https://code.djangoproject.com/ticket/36529 - Improvement of the filter and model selection sidebar on the admin changelist page for mobile screens. (accepted)
• https://code.djangoproject.com/ticket/36530 - System check for ManyToManyField & Composite Primary Key checks only one direction (accepted)
• https://code.djangoproject.com/ticket/36532 - Add Content Security Policy (CSP) view decorators (accepted)
• https://code.djangoproject.com/ticket/36537 - Generate unique IDs for the OSM layer mapwidget options json_script tags (accepted)

Reviewed

• https://github.com/django/django/pull/19669 - Fixed #36519 – Made center template filter consistent for even/odd padding.
• https://github.com/django/django/pull/19673 - Fixed #36522 – Added support for filtering composite pks using a tuple of expressions.
• https://github.com/django/django/pull/19681 - Fixed #36531 – Added forkserver support to parallel test runner.
• https://github.com/django/django/pull/19684 - Fixed writer_name deprecation warning in docutils 0.22+.
• https://github.com/django/django/pull/19643 - Fixed #36410 – Added named template partials to DTL
• https://github.com/django/django/pull/19686 - Refs #36005 – Bumped minimum supported versions of docutils to 0.22.
• https://github.com/django/django/pull/19679 - Fixed #36530 – Added system check for ManyToManyField involving CompositePrimaryKeys.
• https://github.com/django/django/pull/19680 - Refs #36532 - Added CSP view decorators.

Authored

• https://github.com/django/django/pull/19683 - Refs #36500 – Ignored formatting changes in git blame.
• https://code.djangoproject.com/ticket/36535 - Ensure compatibility with docutils 0.19 through 0.22+ in admindocs
• https://github.com/django/django/pull/19690 - [5.2.x] Fixed #36535 – Ensured compatibility with docutils < 0.22 and also 0.22+.
• https://github.com/django/django/pull/19693 - Fixed #36535 – Ensured compatibility with docutils 0.19 through 0.22.
• https://github.com/django/django/pull/19694 - [5.1.x] Refs #36535 – Doc’d that docutils < 0.22 is required.

Other/Misc

• Continued benchmarking and analysis of performance regression for Content-Type header parsing (Python Discourse Post)
• Online Community Working Group meeting.
• Attended DSF Office Hours.
• Engaged in security topics and report triage.
• Continued work to have the DSF becoming a CNA.

Week ending 2025-08-10 (Week 32)

Triaged

• https://code.djangoproject.com/ticket/36539 - Label for related fields should use related model verbose_name attribute for field (accepted)
• https://code.djangoproject.com/ticket/36541 - Using the string_if_invalid template configuration breaks the password reset button in the UserAdmin (worksforme)
• https://code.djangoproject.com/ticket/36543 - French Canadian locale formats times incorrectly (accepted)

Reviewed

• https://github.com/django/django/pull/19679 - Fixed #36530 – Added system check for ManyToManyField involving CompositePrimaryKeys.
• https://github.com/django/django/pull/19692 - Fixed #36537 – Ensured unique HTML IDs for geometry widget option scripts in the admin.
• https://github.com/django/django/pull/19605 - Refs #34140, Refs #36485 – Grouped docs checks under a unified make check target.
• https://github.com/django/django/pull/19704 - Fixed #36539 – Admin uses related field verbose_name attribute if available
• https://github.com/django/django/pull/19707 - Converted all relative imports to in-package absolute ones in ./django.
• https://github.com/django/django/pull/19643 - Fixed #36410 – Added named template partials to DTL.
• https://github.com/django/django/pull/19714 - Improved docs.yml GitHub Action covering docs quality checks.
• https://github.com/django/django/pull/19716 - Fixed #36543 – French Canadian locale formats times incorrectly.
• https://github.com/django/django/pull/19680 - Refs #36532 - Added CSP view decorators.

Authored

• https://github.com/orgs/community/discussions/168963 - Receiving unwanted notifications from forked repos after upstream merges (Is any other project maintainer getting this?)

Other/Misc

• Sent invoice for July hours.
• Assisted with https://github.com/django/djangoproject.com/issues/2150 (full context at https://forum.djangoproject.com/t/enable-the-build-of-swedish-documentation/42210).
• Read and caught up with https://github.com/django/new-features/issues/66 which related to the Template Partials new feature I’m actively reviewing.
• Reviewed multiple tickets related to composite primary key filtering with subqueries to provide input on https://github.com/django/django/pull/19459.
• Invested more time benchmarking header parsing implementations (requests, werkzeug) following comments in https://code.djangoproject.com/ticket/36520.

Week ending 2025-08-17 (Week 33)

This week was a brain and energy drain , but with a positive outcome!

About half my time went into reviewing and landing Template Partials (now in main for 6.0 ), around a third into diagnosing and addressing Jenkins CI issues, and the rest split between meetings and new Fellow onboarding tasks.

Triaged

• https://code.djangoproject.com/ticket/36551 - Race condition in savepoint ID generation causes duplicate identifiers (invalid).

Reviewed

• https://github.com/django/django/pull/19643 - Fixed #36410 – Added named template partials to DTL
  • This is in! Enjoy partials since the 6.0 release.
• https://github.com/django/django/pull/19716 - Fixed #36543 – French Canadian locale formats times incorrectly.

Authored

• https://code.djangoproject.com/ticket/36549 - OpenLayersWidget needs special rules when CSP is enabled
• https://github.com/django/django/pull/19639 - Fixed #36499 – Adjusted utils_tests.test_html.TestUtilsHtml.test_strip_tags following Python’s HTMLParser new behavior.
  • More fine tuning and merge of this work to fix failing tests in Jenkins:
  • https://github.com/django/django/pull/19727 - [5.2.x] Fixed #36499, backport of two commits to check CI result.
  • https://github.com/django/django/pull/19728 - [5.1.x] Fixed #36499, backport of two commits to check CI result.
  • https://github.com/django/django/pull/19729 - [4.2.x] Fixed #36499, backport of two commits to check CI result.

Other/Misc

• Monthly Ops call.
• Biweekly meeting with Fellows and Board Liaison (Jeff Triplett).
• Biweekly meeting with Fellows and Line Manager (Andrew Godwin).
• Engaged in security topics, report triage and patch review.
• Lots of hours spent in debugging and attempting fixes for Jenkins CI instability:
  • Investigated repeated failed runs and environment inconsistencies between nodes.
  • Ran and debugged Ansible playbooks for Jenkins deployment.
  • Reviewed internal PRs related to Jenkins ansible config.
  • Raised the issue in relevant meetings.
  • Jenkins CI is experiencing issues, consider re-push of branches for fresh runs - Django Internals

Week ending 2025-08-24 (Week 34)

Triaged

• https://code.djangoproject.com/ticket/36559 - partialdef tag embedded in verbatim tag is treated as the source property for that named partial (accepted)
• https://code.djangoproject.com/ticket/36558 - Unexpected updated design of the “Show all” link in the admin changelist pagination. (accepted)
• https://code.djangoproject.com/ticket/36552 - Repeating QuerySet.filter() generates unwanted LEFT OUTER JOINs (invalid)
• https://code.djangoproject.com/ticket/36562 - StaticFilesStorage should respect base_url and treat STATIC_URL as a fallback (worksforme)
• https://code.djangoproject.com/ticket/36564 - Change DEFAULT_AUTO_FIELD to BigAutoField (accepted)
• https://code.djangoproject.com/ticket/36563 - Adopt PEP 740 attestations for Django release files on PyPI (wontfix)

Reviewed

• https://github.com/django/django/pull/19746 - Refs #25706 – Fixed versionadded indentation in docs/ref/contrib/gis/forms-api.txt.
• https://github.com/django/django/pull/19751 - Fixed spelling of “logged-in” when used as an adjective in docs.
• https://github.com/0saurabh0/django/pull/6 - extended test.yml to include coverage
• https://github.com/django/django/pull/19760 - Updated the minor stylistic changes for cleaner code
• https://github.com/django/django/pull/19762 - Update request.py
• https://github.com/django/django/pull/18977 - Updated event listeners from unload to pagehide.
• https://github.com/django/django/pull/19732 - Fixed incorrect use of “generated field” in django/forms/models.py.
• https://github.com/django/django/pull/19549 - Fixed #36485 – Added linting tool for documentation files.
• https://github.com/django/django/pull/19757 - Refs #36520 – Only passed header value for parsing on multi-part forms

Authored

• https://github.com/django/django/pull/19761 - Fixed failing bulk_create test raising IntegrityError when run in reverse.

Other/Misc

• More Jenkins fixing work, Jenkins-related PR reviews, some debugging and fixing of issues.
• Security related work.

Week ending 2025-08-31 (Week 35)

This week was especially intense as I tried to cover as much as possible ahead of Feature Freeze and in preparation for my trip to DjangoCon US (leaving on Thursday). I’ll be mostly unavailable until Sept 15th!

Triaged

• https://code.djangoproject.com/ticket/36562 - StaticFilesHandler should respect StaticFilesStorage.base_url and treat STATIC_URL as a fallback (re-triaged as wontfix)
• https://code.djangoproject.com/ticket/36571 - Deprecated usage of BINARY expr in MySQL lookups (accepted)
• https://code.djangoproject.com/ticket/36577 - Remove try/except around GIS layermapping imports (accepted)
• https://code.djangoproject.com/ticket/36578 - Visual regression in inline delete button size (accepted)
• https://code.djangoproject.com/ticket/36526 - Document memory usage of bulk_update and ways to batch updates. (re-triaged to accepted)
• https://code.djangoproject.com/ticket/36579 - yesno filter broken for translations that do not respect the ascii comma (accepted)
  • This is an interesting one because we had incorrect translations in Transifex that I had to fix manually.

Reviewed

• https://github.com/django/django/pull/19775 - Refs #15727 – Captured failed request log in test_csp.py.
• https://github.com/django/django/pull/19782 - Removed mention of new features from “needsinfo” status description.
• https://github.com/django/django/pull/19776 - Clarified description of Version attribute in Trac.
• https://github.com/django/django/pull/19770 - Fixed #36568 – Confirmed support for GEOS 3.14.
• https://github.com/django/django/pull/19680 - Refs #36532 - Added CSP view decorators.
• https://github.com/django/django/pull/19784 - Fixed #36577 – Removed obsolete try-except for GIS layermapping imports.
• https://github.com/nessita/checklist-generator/pull/17 - Added landing stub release notes and release date update step to security checklist.
• https://github.com/django/django/pull/19765 - Refs #36549 – Updated OpenLayers to v10.6.0.
• https://github.com/django/django/pull/19599 - Enforced absolute targets for :doc: in docs.
• https://github.com/django/django/pull/19757# - Refs #36520 – Only passed header value for parsing on multi-part forms
• https://github.com/django/django/pull/19789 - Fixed #36578 – Updated inline delete icon button dimensions to 24x24 pixels.
• https://github.com/django/django/pull/19791 - Fixed #36579 – Improved yesno template filter handling of invalid arguments.
• https://github.com/django/django/pull/19795 - Refs #36485 – Fixed false negative in docs linter for file’s last line.

Authored

• https://github.com/django/django/pull/19773 - Refs #36485 – Ignored line-length formatting changes in git blame.
• https://github.com/django/django/pull/19785 - Fine tune postgis GHA (see commits).

Other/Misc

• Monthly Ops call.
• Biweekly meeting with Fellows and Board Liaison (Jeff Triplett).
• Biweekly meeting with Fellows and Line Manager (Andrew Godwin).
• Engaged in security topics and report triage.
• New Fellow onboarding! Welcome @jacobtylerwalls
• Looked again into isort versions issues (context https://github.com/django/django/pull/19109).
• Online Communities monthly meetings catch up.
• Attended DSF Office Hours.

Week ending 2025-09-07 (Week 36)

Another intense week! Between racing toward feature freeze , juggling travel prep for DjangoCon , and keeping all the triage, reviews, and security plates spinning , it was short (3-day work days) but productive. Here is the roundup!

Triaged

• https://code.djangoproject.com/ticket/36587 - Misleading sentence in documentation about upload handlers (accepted)
• https://code.djangoproject.com/ticket/36584 - Loosen tuple lookup check for rhs subquery field cardinality to allow selecting ForeignObject (accepted)
• https://code.djangoproject.com/ticket/36586 - Escaping (ampersand) in browsable API URLs (invalid)
• https://code.djangoproject.com/ticket/33180 - Debug 500 HTML broken with strict Content-Security-Policy (CSP) (re-triaged to fixed)
• https://code.djangoproject.com/ticket/36589 - assertTemplateUsed asserts against template partial name regardless of origin (accepted)
• https://code.djangoproject.com/ticket/36595 - Confirm support for PostGIS 3.6 (accepted)

Reviewed

• https://github.com/django/django/pull/19765 - Fixed #36549 – Doc’d use of OpenLayersWidget and OSMWidget with CSP.
• https://github.com/django/django/pull/19750 - Fixed #36559 – Ignored partials embedded in verbatim or comment blocks in PartialTemplate.source.
  • High-level review after merge.
• https://github.com/django/django/pull/19789 - Fixed #36578 – Updated inline delete icon button dimensions to 24x24 pixels.
• https://github.com/django/django/pull/19814 - Refs #36588 – Added warning about malicious app and project templates

Authored

• https://code.djangoproject.com/ticket/36588 - Harden django.utils.archive against decompression bombs
• Another rabbit hole trip for Performance Regression in parse_header_params
  • This is getting harrier and confusing. We’ll likely revert for 6.0.

Other/Misc

• A little bit more of Jenkins work. Again :-).
• Sent invoice for August hours.
• Security:
  • Completed and submitted the form requesting the DFS to become a CNA.
    • https://www.djangoproject.com/foundation/cve-numbering-authority/
  • Engaged in security reports and follow ups.

Week ending 2025-09-14 (Week 37)

I attended DjangoCon US 2025 in Chicago . It was an intense and rewarding week, with many new faces and meaningful hallway conversations . There were also discussions around potential new features in Django, some of which generated lively debate and will need further consideration .

I also participated in the sprints, assisting other attendees with questions and contributions, which was a valuable opportunity to collaborate and support the community.

Lastly and luckily, I had the chance to enjoy some of the city during the weekend before the conference, being pleasantly surprised about how lovely and walkable the city is.

Week ending 2025-09-21 (Week 38)

Django 6.0 Feature Freeze is in effect and the Django 6.0 alpha is out!

Triaged

• https://code.djangoproject.com/ticket/36608 - Clarify dumpdata behavior and docs for custom serializers with internal_use_only flag (re-triaged as accepted for docs changes)
• https://code.djangoproject.com/ticket/36602 - Enhance showmigrations command with structured data collection and display separation (wontfix)
  • See https://github.com/django/new-features/issues/75 for the new feature request.

Reviewed

• https://github.com/django/django/pull/19847 - Fixed #36589 – Handled full PartialTemplate path in assertTemplateUsed/NotUsed.
• https://github.com/django/django/pull/18627 - Fixed #35859 – Implement Tasks interface as per DEP 14
• https://github.com/django/django/pull/19834 - Bootstrapped Django 6.1.
• https://github.com/django/django/pull/19876 - Refs #35859 – Removed deferral of task enqueuing until transaction commit.
• https://github.com/django/djangoproject.com/pull/2208 - Prevent EOL date from being set on alpha1 releases
• https://github.com/django/django/pull/19879 - Added cleanup of cache clearing to DjangoFilePrefixesTests.setUp().
• https://github.com/django/django/pull/19837 - Fixed #36601 – Fixed a color contrast issue in admin FilteredSelectMultiple widget chosen label.

Authored

• https://github.com/django/django/pull/19851 - Refs #35667 – Updated contributing guide to use django file prefixes on deprecations.
• https://github.com/django/django/pull/19867 - Fixed #36520 – Reverted “Fixed #35440 – Simplified parse_header_parameters by leveraging stdlid’s Message.”
• https://github.com/django/django/pull/19872 - Pre-edits for 6.0a1.
• https://github.com/django/django/pull/19877 - [5.2.x] Updated translations from Transifex.
• https://github.com/django/django/pull/19878 - [6.0.x] Updated source translation catalogs.
• https://github.com/django/djangoproject.com/pull/2209 - Updated docs-related model fixtures for 6.0 release.
• https://github.com/django/django/pull/19881 - Clarified feature freeze and alpha release steps in docs/internals/howto-release-django.txt.

Other/Misc

• Django 6.0 Feature Freeze
  • https://github.com/django/django/tree/stable/6.0.x
  • https://djangoci.com/job/django-6.0/
• Django 6.0 Alpha 1 released
  • https://www.djangoproject.com/weblog/2025/sep/17/django-60-alpha-released/
  • https://forum.djangoproject.com/t/django-release-announcements/655/102

Week ending 2025-09-28 (Week 39)

Spring holidays in Uruguay so we took most of the week off to visit family. I did attend the scheduled meetings.

Week ending 2025-10-05 (Week 40)

Catch-up week! After being mostly away for a week, there was plenty waiting, and the Django community never slows down (which I both admire and appreciate) . It was also Sarah’s last few days before starting her leave, so there was a mix of happy and a little bit of sad in the air .

Triaged

• https://code.djangoproject.com/ticket/36639 - Add CI step to run makemigrations --check against test models (accepted)

Reviewed

• https://github.com/django/django/pull/19806 - Fixed #36587 – Clarified usage of list.insert() for upload handlers.
• https://github.com/django/django/pull/19904 - Added PostgreSQL 18 to scheduled tests workflow.
• https://github.com/django/django/pull/19884 - Fixed #36611, Refs #36580 – Added system check for ForeignObjects in Meta.indexes/constraints/unique_together.
• https://github.com/django/django/pull/19899 - Fixed #36619 – Vendored eslint configuration dependencies.
• https://github.com/nessita/checklist-generator/pull/18 - Improve error handling, add help text, other tidy ups

Authored

• https://github.com/django/django/pull/19911 - Bumped latest PostgreSQL to 18 in scheduled tests workflow.
• https://github.com/nessita/checklist-generator/pull/19 - Adjusted Alpha PreRelease checklist following 6.0a1.
• https://github.com/django/djangoproject.com/pull/2233 - Automatically generate Django series roadmaps from Release data

Other/Misc

• Fellow weekly sync and small see-you-soon party for Sarah.
• Meeting with Lilian and Fellows to sync on improving contributor experience.
• Paired with Jacob on his first security release. It was a success (not without the mandatory 3-5 mini panic attacks). Well done!
• Engaged in security reports and broader security related conversations.
• Intense work regarding the DSF becoming a CVE Numbering Authority:
  • Got the onboarding session with the CNA coordinator.
  • Completed homework assignments to advance the application.

Week ending 2025-10-12 (Week 41)

A security-heavy week with a steady flow of incoming reports keeping things quite busy (and sadly not that fun). The CNA process also moved forward, with hands-on testing and API study taking a fair share of focus. I also started work on the release checklist generator to update the CVE management process in preparation when CNA status is fully confirmed.

Add to that a full lineup of meetings and follow-ups, and it made for a packed but hopefully productive week. The new auto-magic roadmap pages also landed in djangoproject.com, with links from the Download page: this reduces the manual work required for future feature freezes/alpha releases.

Triaged

• https://code.djangoproject.com/ticket/36646 - oracledb 3.4.0 TypeError: isinstance() arg 2 must be a type, a tuple of types, or a union (accepted)
• https://code.djangoproject.com/ticket/36642 - makemessages provides invalid locale suggestions when attempting to format the locale string (accepted)
• https://code.djangoproject.com/ticket/36494 - Various failures in JSONField lookups when using expressions in right-hand side (re-triaged to accepted)
• https://code.djangoproject.com/ticket/36648 - “pk” exception when using first() on unordered queryset with aggregation does not consider composite pk fields provided separately (accepted)
• https://code.djangoproject.com/ticket/36647 - Annotation with Coalesce subquery unexpectedly included in group by (invalid)
• https://code.djangoproject.com/ticket/36643 - Migrate should not check for consistent history when faking migrations (wontfix)
• https://code.djangoproject.com/ticket/36655 - GZipMiddleware buffers streaming responses (duplicate)

Reviewed

• https://github.com/django/django/pull/19928 - Refs #36595 – Ran GitHub tests against PostGIS 3.6.
  • Had to take a look also to https://github.com/django/django/pull/19916 to understand why #36595 wasn’t marked as “fixed”.
• https://github.com/django/dsf-working-groups/pull/56 - Add draft of security team charter.
• https://github.com/django/django/pull/19927 - Pinned “New contributor” GitHub action to v3.0 to fix “Error: Input required and not supplied: issue_message”.
• https://github.com/django/django/pull/18246 - Removing unnecessary section in the second step of the tutorial
• https://github.com/django/django/pull/19593 - Fixed #36470 – Potential log injection in development server (runserver) logging
• https://github.com/django/django/pull/18892/ - Fixed #35961 – Conformed license metadata to PEP 639 specification.
• https://github.com/django/django/pull/19941 - [5.1.x] Refs #36646 – Doc’d that oracledb < 3.3.0 is required.
• https://github.com/nessita/checklist-generator/pull/20 - Multiple fixes following security release from Oct 1st.

Authored

• https://github.com/django/django/pull/19792 - Fixed #36526 – Doc’d QuerySet.bulk_update() memory usage when batching. (updated and merged)

Other/Misc

• Migrated every wiki page for “VersionX.YRoadmap” (X > 1) to the new roadmap pages in https://www.djangoproject.com/download/X.Y/roadmap/.
• Monthly catch up with the Steering Council.
• Biweekly meeting with Fellows and Board Liaison (Jeff Triplett).
• Biweekly meeting with Fellows and Line Manager (Andrew Godwin).
• Attended DSF Office Hours.
• Engaged in security topics and report triage.
  • Incoming report rate continues to be higher than past-year average. The quality of reports is poor but still time-consuming.
  • CNA update: the DSF was given test credentials to issue test CVEs. I reviewed docs, tried a few options to interact with the CVE RESTful APIs, and completed some exercises.