Week ending 2025-10-19 (Week 42)

A week with a good mix of triage, reviews, and some doc updates . Continued progress on the CNA setup, still in the prep stage and moving forward at a careful pace. Also wrapped up the docs update for automatic roadmap generation , which should make future releases a bit smoother. Plenty of meetings in between, keeping things coordinated and on track .

Triaged

• https://code.djangoproject.com/ticket/23517 - Collect static files in parallel (re-triaged to wontfix)
• https://code.djangoproject.com/ticket/36658 - Invalid numeric literal in an {% if %} tag is treated as a variable (wontfix)
• https://code.djangoproject.com/ticket/36665 - Rewrite reference to model manager usage to avoid saying “tricky” (accepted)
• https://code.djangoproject.com/ticket/36622 - FileField.init is triggering storage LazyObject resolution at boot time (accepted)
• https://code.djangoproject.com/ticket/36666 - Drop support for MySQL 8.0 (duplicate)
• https://code.djangoproject.com/ticket/36671 - Drop support for SQLite < 3.37.0. (accepted)
• https://code.djangoproject.com/ticket/36670 - Admin filter_vertical widget selector chooser has incorrect background color (accepted)

Reviewed

• https://github.com/django/deps/pull/100 - Add django command
• https://github.com/django/django/pull/19945 - Fixed #36660 – Fixed a regression in descending Index local field checks.
• https://github.com/django/django/pull/19884 - Fixed #36611, Refs #36580 – Added system check for multicolumn ForeignObjects in Meta.indexes/constraints/unique_together.
• https://github.com/django/django/pull/19950 - Pinned “New contributor” GitHub action to v1.
• https://github.com/django/django/pull/19951 - Fixed #36660 – Regression in descending Index local field checks; ad…
• https://github.com/django/django/pull/19915 - Removed advice to only upload wheels for pre-releases.
• https://github.com/django/django/pull/19953 - Removed setuptools from contributor docs and GitHub actions.
• https://github.com/django/django/pull/19955 - Fixed #36648, Refs #33772 – Accounted for specifying pk fields individually in first()/last() when aggregating.
• https://github.com/django/django/pull/19944 - Fixed #36658 – Raised TemplateSyntaxError for invalid numeric litera…
• https://github.com/django/django/pull/19938 - Fixed #36622 – Prevented LazyObject FileField storages from evaluating at boot time.
• https://github.com/django/django/pull/19968 - Bumped isort to 7.0.0.

Authored

• https://github.com/django/django/pull/19952 - Added notes about automatic roadmap generation for next version in docs/internals/howto-release-django.txt.
• https://github.com/nessita/checklist-generator/pull/21 - Update security checklist to use CNA capabilities.
• https://github.com/nessita/checklist-generator/pull/22 - Provide release checklist links in the admin and on the main site.

Other/Misc

• Monthly Ops call.
• Code of Conduct check-in.
• Fellows weekly sync.
• Attended DSF Office Hours.
• Discourse setup creating the new Packages categories and setting up moderators for it.

Week ending 2025-10-26 (Week 43)

A big week marked by the Django 6.0 beta 1 release , an important step toward the final 6.0 milestone.

The week was heavy on debugging tricky test failures related to Python 3.14 and our parallel runner . Then, the usual: plenty of coordination, a few rabbit holes, but good progress overall .

Triaged

• https://code.djangoproject.com/ticket/36675 - Oracle dialect depends on implementation detail which was changed in python-oracledb 3.4 (duplicate)
• https://code.djangoproject.com/ticket/36677 - Parallel test runner runs system checks with database aliases before those aliases are set up (accepted)
• https://code.djangoproject.com/ticket/36685 - max_size and min_size validation for FileField (duplicate)
• https://code.djangoproject.com/ticket/36679 - Basque locale date format does not handle conditional suffixes (date declination) (accepted)

Reviewed

• https://github.com/django/django/pull/19593 - Fixed #36470 – Potential log injection in development server (runserver)
• https://github.com/django/django/pull/19976 - Fixed RelatedGeoModelTest.test_related_union_aggregate() test on Oracle and GEOS 3.12+.
• https://github.com/django/django/pull/19974 - Removed duplicate display raw key in test case.
• https://github.com/django/django/pull/19956 - Fix Language issue at makemessages
• https://github.com/django/django/pull/19982 - Made RemoteTestResultTest.test_pickle_errors_detection() compatible with tblib 3.2+.
• https://github.com/django/django/pull/19980 - Fixed #36677 – Fixed scheduling of system checks in ParallelTestSuite workers.
• https://github.com/django/django/pull/19978 - Refs #36499 – Made TestUtilsHtml.test_strip_tags() assume behavior change in X.Y.0 version for Python 3.14+.
• https://github.com/django/django/pull/19988 - [5.2.x] Refs #36679 – Updated Basque (eu) locale date formats.
• https://github.com/django/django/pull/19991 - Fixed #36680 – Parametrized formatter discovery in AdminScriptTestCase.

Authored

• https://code.djangoproject.com/ticket/36680 - Formatters run on TemplateCommand make admin_scripts tests brittle
  • Rabbit hole debugging some failures seen locally and in GHA when running tests in parallel with Python 3.14.
• https://github.com/django/django/pull/19990 - Fixed #36680 – Made test_custom_project_template_context_variables resilient to code formatters.
• https://github.com/django/django/pull/19998 - Fixed IntegrityError on bulk_create.tests.BulkCreateTransactionTests due to duplicate primary keys.

Other/Misc

• Biweekly meeting with Fellows and Board Liaison (Jeff Triplett).
• Biweekly meeting with Fellows and Line Manager (Andrew Godwin).
• Fellows weekly sync.
• Security:
  • Continued work on “DSF becoming a CNA”.
  • Reviewed security patches and requested CVE IDs for confirmed vulnerabilities.
• Django 6.0 beta 1 released!
  • https://www.djangoproject.com/weblog/2025/oct/22/django-60-beta-released/
• Lots of debugging for issues related to Python 3.14 and the parallel test runner.
• (Finally!) Sent invoice for September hours.

Week ending 2025-11-02 (Week 44)

A very security-heavy week . Most of my energy went into preparing and testing patches for the upcoming security release, including a tough vulnerability that I spent quite some time wrestling with. It was demanding and a bit exhausting, but everything is now on track for next week’s release .

Triaged

• https://code.djangoproject.com/ticket/36689 - Top-level __in lookup on JSONField fails on MySQL, Oracle (accepted)
• https://code.djangoproject.com/ticket/36691 - Spanish translation missing for some error messages in Django 5.2.7 (worksforme)
• https://code.djangoproject.com/ticket/36697 - black need to be installed to launch the full test suite and it’s not in the requirements (fixed)
• https://code.djangoproject.com/ticket/36699 - Clarify behavior and documentation for login (404) and logout (405) routes (duplicate)

Reviewed

• https://github.com/django/django/pull/19991 - Fixed #36680 – Parametrized formatter discovery in AdminScriptTestCase.
• https://github.com/django/django/pull/19983 - Fixed #36678 – Propagated errors from _init_worker in ParallelTestRunner.
• https://github.com/django/django/pull/20023 - Refs #36680 – Fixed admin_scripts tests crash when black is not installed.

Authored

• https://github.com/django/django/pull/20007 - Refs #36596 – Skipped SchemaIndexesNotPostgreSQLTests on Postgres.

Other/Misc

• Jenkins main node had again “no free space issues”, fixed that.
• Django Software Foundation was confirmed and announced as CNA!
  • https://www.djangoproject.com/weblog/2025/oct/30/django-is-now-a-cve-numbering-authority-cna/
• Very intense week security-wise:
  • Jacob and I were frustratingly fighting around a confirmed vulnerability trying to improve test quality.
  • Sent pre-notification email for scheduled security release for Nov 5th.
  • Finalized patches for announced security release.

Week ending 2025-11-09 (Week 45)

Another week with a strong focus on security work . Most of the effort went into preparing and issuing the November security release, along with some follow-up permission and access reviews. CNA tasks and training also continued in the background.

Triaged

• #36703 (Undocumented change of SetPasswordForm in django 5.1 release notes) – Django - Undocumented change of SetPasswordForm in django 5.1 release notes (invalid)
• #36706 (Select all but one in admin) – Django - Select all but one in admin (wontfix)
• #36705 (Repeated string concatenation is slow on some python implementations, in particular PyPy) – Django - Repeated string concatenation is slow on some python implementations, in particular PyPy (accepted)
• #36700 (ASGIHandler creates reference cycles that require a gc pass to free) – Django - ASGIHandler creates reference cycles that require a gc pass to free (accepted)
• #36716 (Debugging can get stuck in an infinite loop if a setting is contained in itself) – Django - Debugging can get stuck in an infinite loop if a setting is contained in itself (wontfix)

Reviewed

• Updated triage process diagram and contributing documentation. by ontowhee · Pull Request #19846 · django/django · GitHub - Updated triage process diagram and contributing documentation.
• Refs #36680 -- Avoided manipulating PATH in AdminScriptTestCase. by jacobtylerwalls · Pull Request #20059 · django/django · GitHub - Refs #36680 – Avoided manipulating PATH in AdminScriptTestCase.

Authored

• Followed up on Should we have a whole releases category in here?
  • Created new Forum categories: Releases and Prereleases
  • Created new tags: security, 6-0, 5-2, 5-1, 4-2
• Updates after security release with django cna by nessita · Pull Request #23 · nessita/checklist-generator · GitHub - Updates after security release with DSF as CNA.

Other/Misc

• Assisted the Board in setting up thanks.dev for inspecting funds and planning money retrieval.
• Monthly meeting with the Steering Council.
  • Read proposal and engaged in conversations related to An Annual Release Cycle for Django • Buttondown
• Biweekly meeting with Fellows and Board Liaison (Jeff Triplett).
• Fellows weekly sync.
  • Including CNA training session for Jacob.
• Issued Django Security Release with two security fixes:
  • Django security releases issued: 5.2.8, 5.1.14, and 4.2.26 | Weblog | Django
• Security prenotification membership request review.
• Engaged in Code of Conduct related activities.
• Complete application to get the “django” organization in PyPI.
  • PyPI orgs and releases