Week ending 2025-10-19 (Week 42)

A week with a good mix of triage, reviews, and some doc updates . Continued progress on the CNA setup, still in the prep stage and moving forward at a careful pace. Also wrapped up the docs update for automatic roadmap generation , which should make future releases a bit smoother. Plenty of meetings in between, keeping things coordinated and on track .

Triaged

• https://code.djangoproject.com/ticket/23517 - Collect static files in parallel (re-triaged to wontfix)
• https://code.djangoproject.com/ticket/36658 - Invalid numeric literal in an {% if %} tag is treated as a variable (wontfix)
• https://code.djangoproject.com/ticket/36665 - Rewrite reference to model manager usage to avoid saying “tricky” (accepted)
• https://code.djangoproject.com/ticket/36622 - FileField.init is triggering storage LazyObject resolution at boot time (accepted)
• https://code.djangoproject.com/ticket/36666 - Drop support for MySQL 8.0 (duplicate)
• https://code.djangoproject.com/ticket/36671 - Drop support for SQLite < 3.37.0. (accepted)
• https://code.djangoproject.com/ticket/36670 - Admin filter_vertical widget selector chooser has incorrect background color (accepted)

Reviewed

• https://github.com/django/deps/pull/100 - Add django command
• https://github.com/django/django/pull/19945 - Fixed #36660 – Fixed a regression in descending Index local field checks.
• https://github.com/django/django/pull/19884 - Fixed #36611, Refs #36580 – Added system check for multicolumn ForeignObjects in Meta.indexes/constraints/unique_together.
• https://github.com/django/django/pull/19950 - Pinned “New contributor” GitHub action to v1.
• https://github.com/django/django/pull/19951 - Fixed #36660 – Regression in descending Index local field checks; ad…
• https://github.com/django/django/pull/19915 - Removed advice to only upload wheels for pre-releases.
• https://github.com/django/django/pull/19953 - Removed setuptools from contributor docs and GitHub actions.
• https://github.com/django/django/pull/19955 - Fixed #36648, Refs #33772 – Accounted for specifying pk fields individually in first()/last() when aggregating.
• https://github.com/django/django/pull/19944 - Fixed #36658 – Raised TemplateSyntaxError for invalid numeric litera…
• https://github.com/django/django/pull/19938 - Fixed #36622 – Prevented LazyObject FileField storages from evaluating at boot time.
• https://github.com/django/django/pull/19968 - Bumped isort to 7.0.0.

Authored

• https://github.com/django/django/pull/19952 - Added notes about automatic roadmap generation for next version in docs/internals/howto-release-django.txt.
• https://github.com/nessita/checklist-generator/pull/21 - Update security checklist to use CNA capabilities.
• https://github.com/nessita/checklist-generator/pull/22 - Provide release checklist links in the admin and on the main site.

Other/Misc

• Monthly Ops call.
• Code of Conduct check-in.
• Fellows weekly sync.
• Attended DSF Office Hours.
• Discourse setup creating the new Packages categories and setting up moderators for it.

Week ending 2025-10-26 (Week 43)

A big week marked by the Django 6.0 beta 1 release , an important step toward the final 6.0 milestone.

The week was heavy on debugging tricky test failures related to Python 3.14 and our parallel runner . Then, the usual: plenty of coordination, a few rabbit holes, but good progress overall .

Triaged

• https://code.djangoproject.com/ticket/36675 - Oracle dialect depends on implementation detail which was changed in python-oracledb 3.4 (duplicate)
• https://code.djangoproject.com/ticket/36677 - Parallel test runner runs system checks with database aliases before those aliases are set up (accepted)
• https://code.djangoproject.com/ticket/36685 - max_size and min_size validation for FileField (duplicate)
• https://code.djangoproject.com/ticket/36679 - Basque locale date format does not handle conditional suffixes (date declination) (accepted)

Reviewed

• https://github.com/django/django/pull/19593 - Fixed #36470 – Potential log injection in development server (runserver)
• https://github.com/django/django/pull/19976 - Fixed RelatedGeoModelTest.test_related_union_aggregate() test on Oracle and GEOS 3.12+.
• https://github.com/django/django/pull/19974 - Removed duplicate display raw key in test case.
• https://github.com/django/django/pull/19956 - Fix Language issue at makemessages
• https://github.com/django/django/pull/19982 - Made RemoteTestResultTest.test_pickle_errors_detection() compatible with tblib 3.2+.
• https://github.com/django/django/pull/19980 - Fixed #36677 – Fixed scheduling of system checks in ParallelTestSuite workers.
• https://github.com/django/django/pull/19978 - Refs #36499 – Made TestUtilsHtml.test_strip_tags() assume behavior change in X.Y.0 version for Python 3.14+.
• https://github.com/django/django/pull/19988 - [5.2.x] Refs #36679 – Updated Basque (eu) locale date formats.
• https://github.com/django/django/pull/19991 - Fixed #36680 – Parametrized formatter discovery in AdminScriptTestCase.

Authored

• https://code.djangoproject.com/ticket/36680 - Formatters run on TemplateCommand make admin_scripts tests brittle
  • Rabbit hole debugging some failures seen locally and in GHA when running tests in parallel with Python 3.14.
• https://github.com/django/django/pull/19990 - Fixed #36680 – Made test_custom_project_template_context_variables resilient to code formatters.
• https://github.com/django/django/pull/19998 - Fixed IntegrityError on bulk_create.tests.BulkCreateTransactionTests due to duplicate primary keys.

Other/Misc

• Biweekly meeting with Fellows and Board Liaison (Jeff Triplett).
• Biweekly meeting with Fellows and Line Manager (Andrew Godwin).
• Fellows weekly sync.
• Security:
  • Continued work on “DSF becoming a CNA”.
  • Reviewed security patches and requested CVE IDs for confirmed vulnerabilities.
• Django 6.0 beta 1 released!
  • https://www.djangoproject.com/weblog/2025/oct/22/django-60-beta-released/
• Lots of debugging for issues related to Python 3.14 and the parallel test runner.
• (Finally!) Sent invoice for September hours.

Week ending 2025-11-02 (Week 44)

A very security-heavy week . Most of my energy went into preparing and testing patches for the upcoming security release, including a tough vulnerability that I spent quite some time wrestling with. It was demanding and a bit exhausting, but everything is now on track for next week’s release .

Triaged

• https://code.djangoproject.com/ticket/36689 - Top-level __in lookup on JSONField fails on MySQL, Oracle (accepted)
• https://code.djangoproject.com/ticket/36691 - Spanish translation missing for some error messages in Django 5.2.7 (worksforme)
• https://code.djangoproject.com/ticket/36697 - black need to be installed to launch the full test suite and it’s not in the requirements (fixed)
• https://code.djangoproject.com/ticket/36699 - Clarify behavior and documentation for login (404) and logout (405) routes (duplicate)

Reviewed

• https://github.com/django/django/pull/19991 - Fixed #36680 – Parametrized formatter discovery in AdminScriptTestCase.
• https://github.com/django/django/pull/19983 - Fixed #36678 – Propagated errors from _init_worker in ParallelTestRunner.
• https://github.com/django/django/pull/20023 - Refs #36680 – Fixed admin_scripts tests crash when black is not installed.

Authored

• https://github.com/django/django/pull/20007 - Refs #36596 – Skipped SchemaIndexesNotPostgreSQLTests on Postgres.

Other/Misc

• Jenkins main node had again “no free space issues”, fixed that.
• Django Software Foundation was confirmed and announced as CNA!
  • https://www.djangoproject.com/weblog/2025/oct/30/django-is-now-a-cve-numbering-authority-cna/
• Very intense week security-wise:
  • Jacob and I were frustratingly fighting around a confirmed vulnerability trying to improve test quality.
  • Sent pre-notification email for scheduled security release for Nov 5th.
  • Finalized patches for announced security release.

Week ending 2025-11-09 (Week 45)

Another week with a strong focus on security work . Most of the effort went into preparing and issuing the November security release, along with some follow-up permission and access reviews. CNA tasks and training also continued in the background.

Triaged

• #36703 (Undocumented change of SetPasswordForm in django 5.1 release notes) – Django - Undocumented change of SetPasswordForm in django 5.1 release notes (invalid)
• #36706 (Select all but one in admin) – Django - Select all but one in admin (wontfix)
• #36705 (Repeated string concatenation is slow on some python implementations, in particular PyPy) – Django - Repeated string concatenation is slow on some python implementations, in particular PyPy (accepted)
• #36700 (ASGIHandler creates reference cycles that require a gc pass to free) – Django - ASGIHandler creates reference cycles that require a gc pass to free (accepted)
• https://code.djangoproject.com/ticket/36716 - Debugging can get stuck in an infinite loop if a setting is contained in itself (wontfix)

Reviewed

• Updated triage process diagram and contributing documentation. by ontowhee · Pull Request #19846 · django/django · GitHub - Updated triage process diagram and contributing documentation.
• https://github.com/django/django/pull/20059 - Refs #36680 – Avoided manipulating PATH in AdminScriptTestCase.

Authored

• Followed up on Should we have a whole releases category in here?
  • Created new Forum categories: Releases and Prereleases
  • Created new tags: security, 6-0, 5-2, 5-1, 4-2
• Updates after security release with DSF as CNA. by nessita · Pull Request #23 · nessita/checklist-generator · GitHub - Updates after security release with DSF as CNA.

Other/Misc

• Assisted the Board in setting up thanks.dev for inspecting funds and planning money retrieval.
• Monthly meeting with the Steering Council.
  • Read proposal and engaged in conversations related to An Annual Release Cycle for Django • Buttondown
• Biweekly meeting with Fellows and Board Liaison (Jeff Triplett).
• Fellows weekly sync.
  • Including CNA training session for Jacob.
• Issued Django Security Release with two security fixes:
  • Django security releases issued: 5.2.8, 5.1.14, and 4.2.26 | Weblog | Django
• Security prenotification membership request review.
• Engaged in Code of Conduct related activities.
• Complete application to get the “django” organization in PyPI.
  • PyPI orgs and releases

Week ending 2025-11-16 (Week 46)

Security work was again the main theme this week, with a higher-than-usual stream of reports and follow-up tasks (though this higher incoming flow may be the new normal ). A nice milestone on the side: the DSF was confirmed as an official PyPI organization, which makes Django’s package ownership story cleaner and more robust, and less tied to individual accounts . The rest was the usual mix of triage, reviews, and a bit of debugging, but the week was definitely security-heavy overall .

Triaged

• #36717 (Admin login should redirect already logged-in users to page specified in next parameter) – Django - Admin login should redirect already logged-in users to page specified in next parameter (accepted)
• #36729 (Pre-compile regular expressions as standard) – Django - Pre-compile regular expressions as standard (accepted)
• #36728 (Validate template tag context argument at definition time, rather than compile time) – Django - Validate template tag context argument at definition time, rather than compile time (accepted)

Reviewed

• https://github.com/django/django/pull/20059 - Refs #36680 – Avoided manipulating PATH in AdminScriptTestCase.
• https://github.com/django/django/pull/19703 - Clarified EmailValidator docs to specify it validates an email address.
• Fixed typo in docs/ref/models/fields.txt. by cliffordgama · Pull Request #20073 · django/django · GitHub - Clarified “get_db_prep_value” default result in docs/ref/models/fields.txt.
• Fixed typo in docs/ref/databases.txt. by cliffordgama · Pull Request #20068 · django/django · GitHub - Fixed typo in docs/ref/databases.txt.
• Fixed #36717 -- Redirect authenticated users on admin login view to next URL. by beheh · Pull Request #20076 · django/django · GitHub - Fixed #36717 – Redirect authenticated users on admin login view to next URL.
• https://github.com/django/django/pull/20001/ - Fixed #36686 – Clarified Meta.ordering is ignored in GROUP BY queries.
• Refs #28877 -- Eased ordinal translations for languages like French. by JulienPalard · Pull Request #20028 · django/django · GitHub - Refs #28877 – Eased ordinal translations for languages like French.
• Added community package upgrade utilities mention to docs. by tim-schilling · Pull Request #20093 · django/django · GitHub - Added community package upgrade utilities mention to docs.

Authored

• Should we adjust Django's versioning to use a form of CalVer? - #35 by nessita - Concrete proposal for “Should we adjust Django’s versioning to use a form of CalVer?”
• https://github.com/django/online-community-working-group/pull/27 - Improve README structure and wording, adding details about the repo and project board.

Other/Misc

• Fellows weekly sync.
• Monthly Ops call.
• Did some debugging for https://code.djangoproject.com/ticket/36720 (was not able to reproduce).
• Engaged in security topics:
  • Reviewed request from a company to be added to the security prenotification list.
  • Merged security patches for one of our GitHub Actions.
  • Worked on confirmed vulnerabilities.
• Built script for migrating EOL stable branches to be tags instead.
• Received confirmation that the DSF was accepted as an organization in PyPI. Made some team/user configuration cleanup.
  • Profile of Django Software Foundation · PyPI
• Attended DSF Office Hours

Week ending 2025-11-23 (Week 47)

This week was again heavy on security work . The flow of incoming security reports keeps growing , and even when many are medium to low impact, keeping up is starting to get tough: most of my time went into security report triage, patch review, and planning so we can (try to) stay on top of things. I also pushed forward the Django 6.0 RC1 release and wrapped up a few small docs and tooling updates .

Triaged

• #36141 (After double squashing migrate command fails with InconsistentMigrationHistory) – Django - After double squashing migrate command fails with InconsistentMigrationHistory (accepted)
• #36743 (Max URL length of 2048 is too conservative for redirect targets) – Django - Max URL length of 2048 is too conservative for redirect targets (accepted)
• #36736 (Please restore h-rules on the docs home page, which were removed in the 4.2 docs.) – Django - Please restore h-rules on the docs home page, which were removed in the 4.2 docs. (invalid)
• https://code.djangoproject.com/ticket/36744 - Improve/correct scrypt password hasher documentation (accepted)

Authored

• Clarified forum post updates for pre-releases. by nessita · Pull Request #25 · nessita/checklist-generator · GitHub - Clarified forum post updates for pre-releases.
• A few scripts to rule them all. by nessita · Pull Request #20279 · django/django · GitHub - A few scripts to rule them all.
• Ensure that Sitemap.items is described as a method in docs/ref/contrib/sitemaps.txt. by nessita · Pull Request #20275 · django/django · GitHub - Ensured that Sitemap.items is described as a method in docs/ref/contrib/sitemaps.txt.

Other/Misc

• Biweekly meeting with Fellows and Board Liaison (Jeff Triplett).
• Biweekly meeting with Fellows and Line Manager (Andrew Godwin).
• Fellows weekly sync.
• Released Django 6.0 RC1:
  • Django 6.0 release candidate 1 released | Weblog | Django
• Engaged in multiple security topics:
  • Vulnerability reports triage, path review, security release planning.
  • Security Team governance and responsibilities conversation.
  • Brainstorming for mitigation plans for the almost-unmanageable uptick in medium-to-low-but-not-evidently-wrong security reports.

Week ending 2025-11-30 (Week 48)

Security dominated most of the week again. Between preparing fixes, navigating some unexpected GitHub Actions limitations, and juggling a new batch of incoming reports, most of my time went into keeping things moving smoothly for the upcoming releases (security release on Dec 2nd and 6.0 final on Dec 3rd). Outside that, I made small but useful progress on workflow tweaks, reviews, and the “DSF as CNA” blogpost draft. Busy enough, even if it does not look dramatic on paper .

Reviewed

• Fixed #36743 -- Increased max redirect URL length to 16384. by varunkasyap · Pull Request #20273 · django/django · GitHub - Fixed #36743 – Increased URL max length enforced in HttpResponseRedirectBase.
• Fix IndexError in capfirst() when object converts to empty string by khanashes · Pull Request #20333 · django/django · GitHub - Fix IndexError in capfirst() when object converts to empty string
  • Poorly used LLM.
• Optimize slugify() performance using str.translate() by khanashes · Pull Request #20334 · django/django · GitHub - Optimize slugify() performance using str.translate()
  • Poorly used LLM.
• Added community package upgrade utilities mention to docs. by tim-schilling · Pull Request #20093 · django/django · GitHub - Added community package upgrade utilities mention to docs.
• micro optimize strip_spaces_between_tags for speed by KRRT7 · Pull Request #20011 · django/django · GitHub - micro optimize strip_spaces_between_tags for speed
• Fix generatedfield autodetector by Ou7law007 · Pull Request #20304 · django/django · GitHub - Fix generatedfield autodetector

Authored

• Corrected assertions for True/False results in tests/auth_tests/test_handlers.py. by nessita · Pull Request #20316 · django/django · GitHub - Corrected assertions for True/False results in tests/auth_tests/test_handlers.py.
• Reverted "Fixed #36620 -- Added coverage workflow to summarize coverage in pull requests." by nessita · Pull Request #20322 · django/django · GitHub - Reverted “Fixed #36620 – Added coverage workflow to summarize coverage in pull requests.”
• Added timeout-minutes directive to all GitHub Actions workflows. by nessita · Pull Request #20324 · django/django · GitHub - Added timeout-minutes directive to all GitHub Actions workflows.
• Extended scripts with more utilities. by nessita · Pull Request #20330 · django/django · GitHub - Extended scripts with more utilities.
• Refs #36743 -- Added missing release notes for 5.1.15 and 4.2.27. by nessita · Pull Request #20332 · django/django · GitHub - Refs #36743 – Added missing release notes for 5.1.15 and 4.2.27.

Security

(Upgraded to its own section given how much time this now consumes.)

• Triaged a steady flow of new reports.
• Polished patches, targeted stable branches, and sent prenotifications.
• Discussed options for improving how we process security reports across different platforms.
• Ran into GitHub Actions private-repo usage limits, which made patch polishing far more painful than it needed to be.
  • Reached out to a few folks about this, and ended up giving direct feedback to someone at GitHub. Hoping that seed eventually sprouts!

Other/Misc

• Sent invoice for October hours.
• Worked on blogpost draft for “How the Django Software Foundation Became a CNA”.
• Voted for DSF Board.

Week ending 2025-12-07 (Week 49)

Big week. I issued security releases early in the week, and then the Django 6.0 final release right after. Getting both out the door smoothly took most of my focus, and it felt good to see them completed.
The flow of LLM driven contributions is becoming hard to ignore, across PRs, tickets, and even security reports. Skynet would be proud (?). This week was also heavy on meetings and coordinations.

Triaged

• #36770 (SQLite threading tests are flaky when parallel test suite runs in forkserver/spawn) – Django - SQLite threading tests are flaky when parallel test suite runs in forkserver/spawn (accepted)
• #36769 (Limit recursive extraction of field values in XML deserializer) – Django - Limit recursive extraction of field values in XML deserializer (accepted)
• #36778 (Extend admonition to avoid constructing query expressions from unsanitized user input) – Django - Extend admonition to avoid constructing query expressions from unsanitized user input (accepted)

Reviewed

• Refs #36743 -- Corrected docstring for DisallowedRedirect. by jacobtylerwalls · Pull Request #20350 · django/django · GitHub - Refs #36743 – Corrected docstring for DisallowedRedirect.
• Fix variable shadowing in ValidationError.__init__() by Cybersinuu15 · Pull Request #20349 · django/django · GitHub - Fix variable shadowing in ValidationError.init()
• Fixed #36712 -- Evaluated type annotations lazily in template tag registration. by jacobtylerwalls · Pull Request #20340 · django/django · GitHub - Fixed #36712 – Evaluated type annotations lazily in template tag registration.
• [6.0.x] Refs #35444 -- Fixed typo in PostgreSQL StringAgg deprecation warning. by felixxm · Pull Request #20361 · django/django · GitHub - [6.0.x] Refs #35444 – Fixed typo in PostgreSQL StringAgg deprecation warning.
• Refs #35859 -- Clarified the need for installing a production task backend separately. by jacobtylerwalls · Pull Request #20359 · django/django · GitHub - Refs #35859 – Clarified the need for installing a production task backend separately.
• Improved docs/releases/6.0.txt. by adamchainz · Pull Request #20364 · django/django · GitHub - Improved docs/releases/6.0.txt.

Authored

• [6.0.x] Updated translations from Transifex. by nessita · Pull Request #20353 · django/django · GitHub - [6.0.x] Updated translations from Transifex.
• #36767 (Allow overriding redirect URL max length in `HttpResponseRedirectBase`) – Django - Allow overriding redirect URL max length in HttpResponseRedirectBase
• Updated robots.docs.txt for Django 6.0. by nessita · Pull Request #2368 · django/djangoproject.com · GitHub - Updated robots.docs.txt for Django 6.0.
• Updated download page for 6.0 release. by nessita · Pull Request #2369 · django/djangoproject.com · GitHub - Updated download page for 6.0 release.
• Updated default ticket version to 6.0. by nessita · Pull Request #283 · django/code.djangoproject.com · GitHub - Updated default ticket version to 6.0.
• Updates following Django 6.0 final release. by nessita · Pull Request #27 · nessita/checklist-generator · GitHub - Updates following Django 6.0 final release.

Security

• Django security releases issued: 5.2.9, 5.1.15, and 4.2.27
  • Django security releases issued: 5.2.9, 5.1.15, and 4.2.27 | Weblog | Django
• Follow up on existing reports.

Other/Misc

• Sent invoice for November hours.
• Monthly meeting with the Steering Council.
• Meeting with the Security Team to progress the Security Team charter,
• Biweekly meeting with Fellows and Board Liaison (Jeff Triplett).
• Biweekly meeting with Fellows and Line Manager (Andrew Godwin).
• Fellows weekly sync.
• Attended DSF Office Hours.
• Django 6.0 final was released!
  • Django 6.0 released | Weblog | Django

Week ending 2025-12-14 (Week 50)

This week focus was unblocking a few regressions and handling a grab bag of reviews and security follow-ups. Also, a nice change of pace occurred with some community-facing work around the Django 6.0 release. Looking ahead, I will be less available during the second half of December , though I will still be around keeping an eye on the essentials .

Triaged

• #36782 (Add management command for generating a Django SECRET_KEY) – Django - Add management command for generating a Django SECRET_KEY (duplicate)
• #36787 (In and Range lookups crash when provided to filter() if RHS contains mix of expressions and strings) – Django - In and Range lookups crash when provided to filter() if RHS contains mix of expressions and strings (accepted)
• #36784 (Add CSP support to Django's script object and media objects) – Django - Add CSP support to Django’s script object and media objects (accepted)
• #36789 (PDF Docs builds are broken) – Django - PDF Docs builds are broken (accepted)

Reviewed

• Fixed #36783: Fixed querystring regression for multi-value QueryDict in 6.0 by marcgibbons · Pull Request #20379 · django/django · GitHub - Fixed #36783: Fixed querystring regression for multi-value QueryDict in 6.0
• Refs #36499 -- Adjusted test_strip_tags following Python behavior change for incomplete entities. by jacobtylerwalls · Pull Request #20390 · django/django · GitHub - Refs #36499 – Adjusted test_strip_tags following Python behavior change for incomplete entities.
• fixes #36789 -- added missing .pdf version contribution_process.svg by p-r-a-v-i-n · Pull Request #20387 · django/django · GitHub - Fixed #36789 – Added missing PDF file for docs/internals/_images/contribution_process.svg.
• Refs #27890 -- Avoided overwriting TMPDIR in runtests.py under forkserver mode. by jacobtylerwalls · Pull Request #20392 · django/django · GitHub - Refs #27890 – Avoided overwriting TMPDIR in runtests.py under forkserver mode.

Security

• Triaged multiple LLM-driven-low-quality HackerOne reports.
• Continued conversations on in-progress reports.

Other/Misc

• Ops monthly meeting:
  • Besides regular topics, we also discuss the Ops Team Charter.
• Fellows weekly sync.
• Attended DSF Office Hours.
• CoC monthly meeting.
• Participated in a DjangoChat episode to discuss Django 6.0 recent release:
  • https://djangochat.com/episodes/django-60-natalia-bidart

Week ending 2025-12-21 (Week 51)

This week was a bit quieter on the security front for once I had limited availability thanks to a trip to a very beach-y location, with plenty of sun, heat, and outdoor time.

Looking ahead, the coming days will be very hot here, and my availability will remain reduced through the end-of-year holidays. Normal schedule should resume after that.

Triaged

• #36799 (Create a how-to on how to test a pre-release version of Django) – Django - Create a how-to on how to test a pre-release version of Django (accepted)
• #36810 (SimpleLazyObject.__repr__ causes infinite recursion when setup function is a bound method) – Django - SimpleLazyObject.repr causes infinite recursion when setup function is a bound method (re-triaged to non-release blocker)
• #36809 (Allow EmailValidator to customize error messages depending on the part that failed validation) – Django - Allow EmailValidator to customize error messages depending on the part that failed validation (accepted)

Reviewed

• Fix #36533: Fix manage.py startapp directory conflict error in 5.2.x by cqh-xmf · Pull Request #20407 · django/django · GitHub - Fix #36533: Fix manage.py startapp directory conflict error in 5.2.x
• Fix #36793: Sync permission-ContentType on model rename/rollback (Django 6.0.x) by cqh-xmf · Pull Request #20408 · django/django · GitHub - Fix #36793: Sync permission-ContentType on model rename/rollback (Django 6.0.x)
• Fixed #36783: Fixed querystring regression for multi-value QueryDict in 6.0 by marcgibbons · Pull Request #20379 · django/django · GitHub - Fixed #36783 – Ensured proper handling of multi-value QueryDicts in querystring template tag.
• Fixed #36809 -- Added domain_part to EmailValidator error params. by DanielEOnetti · Pull Request #20419 · django/django · GitHub - Fixed #36809 – Added domain_part to EmailValidator error params.
• Fixed #36809 -- Added domain_part to EmailValidator error params by DanielEOnetti · Pull Request #20424 · django/django · GitHub - Fixed #36809 – Added domain_part to EmailValidator error params
• Fixed #36810 -- Avoided __repr__ recursion in SimpleLazyObject. by sean-reed · Pull Request #20427 · django/django · GitHub - Fixed #36810 – Avoided repr recursion in SimpleLazyObject.
• Fixed URL resolution for lazy routes used with include() (ticket #36796). by kundan223 · Pull Request #20403 · django/django · GitHub - Fixed URL resolution for lazy routes used with include() (ticket #36796).
• Charters for Ops, Mergers and Releasers teams:
  • Added Mergers team charter. by tim-schilling · Pull Request #3 · tim-schilling/dsf-working-groups · GitHub
  • Added Releasers team charter. by tim-schilling · Pull Request #4 · tim-schilling/dsf-working-groups · GitHub
  • Added Operations team charter. by tim-schilling · Pull Request #5 · tim-schilling/dsf-working-groups · GitHub

Security

• Handled incoming security reports, though this week the flow was smaller .

Other/Misc

• Read: Connecting with Django contributors on Mastodon · Better Simple
• Biweekly meeting with Fellows and Board Liaison (Jeff Triplett).
• Fellows weekly sync.
• Restored wrong edits in #35824 (Improve patch_cache_control documentation) – Django

Week ending 2025-12-28 (Week 52)

Last week of the year! I focused on clearing release blockers and final prep for the Jan 6 release. Also I prioritized unblocking urgent items and closing loose ends so things are in good shape heading into a short holiday break.

Triaged

• #36812 (Drop support for MariaDB 10.6-10.10.) – Django - Drop support for MariaDB 10.6-10.10. (accepted)
• #36824 (FileField storage parameter should support string references to STORAGES dict keys) – Django - FileField storage parameter should support string references to STORAGES dict keys (wontfix)
• #36825 (CSP nonces are not applied in the Django admin) – Django - CSP nonces are not applied in the Django admin (accepted)
• #36819 (Async login does not reuse authenticated user instance) – Django - Async login does not reuse authenticated user instance (wontfix)

Reviewed

• Fixed #36305 -- Added documentation indentation guidelines to contributing docs. by Ankan0503 · Pull Request #20271 · django/django · GitHub - Fixed #36305 – Added documentation indentation guidelines to contributing docs. (re-review for decide on backport to 6.0.x)
• Docs: improve clarity in Django overview by Nabhye · Pull Request #20451 · django/django · GitHub - Docs: improve clarity in Django overview
• Replaced individual linter calls in CI with the existing pre-commit hooks setup. by ulgens · Pull Request #20449 · django/django · GitHub - Replaced individual linter calls in CI with the existing pre-commit hooks setup.
• Pyupggrade by ulgens · Pull Request #20440 · django/django · GitHub - Pyupggrade
• Added the missing sentence period in tutorial02.txt. by yilei · Pull Request #20450 · django/django · GitHub - Added missing sentence period in docs/intro/tutorial02.txt.
• Fixed #36810 -- Avoided __repr__ recursion in SimpleLazyObject. by sean-reed · Pull Request #20427 · django/django · GitHub - Fixed #36810 – Avoided repr recursion in SimpleLazyObject.
• https://github.com/django/django/pull/20403 - Fixed URL resolution for lazy routes used with include() (ticket #36796).
• Fixed #30515 -- Added documentation for resolve_url() shortcut. by duane9 · Pull Request #20441 · django/django · GitHub - Fixed #30515 – Added documentation for resolve_url() shortcut.
• docs: improve clarity in Documentation by p-r-a-v-i-n · Pull Request #19967 · django/django · GitHub - docs: improve clarity in Documentation

Authored

• Fixed #36796 -- Handled lazy routes correctly in RoutePattern.match(). by nessita · Pull Request #20459 · django/django · GitHub - Fixed #36796 – Handled lazy routes correctly in RoutePattern.match().

Security

• Triaged HackerOne reports and reports received on the security mailing list.

Other/Misc

• Hid a bunch of spam messages on old PRs.

I created a new topic for the 2026 reports.