Week ending 2026-06-28 (Week 26)
This week had a bit of a rush-high “everything coming together at once”
feel, with the 6.1 beta going out last Wed
and preparation for the upcoming security release, with prenotification emails and patches
going out tomorrow
. Most of the effort went into landing as many bugfixes as possible for the βeta, and polishing patches for confirmed security vulnerabilities, which meant careful reviews, backports, double-checking details, and aligning on CVE scoring and metadata
.
Triaged
- #37175 (Add database backend methods to get hardcoded or nonexistent primary key values for tests) – Django - Add database backend methods to get hardcoded or nonexistent primary key values for tests (accepted)
- #37185 (Update the deployment checklist docs to mention environment variables and secrets management) – Django - Update settings documentation topic with environment variable (wontfix)
Reviewed
- Fixed #37161 -- Added system check for default MAILERS configuration. by BaderEddineBenhirt · Pull Request #21478 · django/django · GitHub - Fixed #37161 – Added system check for default MAILERS configuration.
- Fixed #37170 -- Applied the no-argument form of sensitive_post_parameters to MultiValueDict. by jacobtylerwalls · Pull Request #21510 · django/django · GitHub - Fixed #37170 – Applied the no-argument form of sensitive_post_parameters to MultiValueDict.
- Fixed #37101, #37174 -- Used netstring delimiter to prevent collisions in cache keys. by jacobtylerwalls · Pull Request #21516 · django/django · GitHub - Fixed #37101, #37174 – Used netstring delimiter to prevent collisions in cache keys.
- Refs #36983 -- Skipped GC specific tests when GIL disabled. by carltongibson · Pull Request #21521 · django/django · GitHub - Refs #36983 – Skipped GC specific tests when GIL disabled.
- Refs #32785 -- Fixed Sphinx reference in release note. by jacobtylerwalls · Pull Request #21526 · django/django · GitHub - Refs #32785 – Fixed line wrapping in release note.
- Fixed #37166 -- Added system check for non-production EmailBackend. by medmunds · Pull Request #21530 · django/django · GitHub - Fixed #37166 – Added system check for non-production EmailBackend.
- Fixed #37183 -- Prevented writing unserializable attributes in syndication entries. by jacobtylerwalls · Pull Request #21531 · django/django · GitHub - Fixed #37183 – Prevented writing unserializable attributes in syndication entries.
- Refs #35870 -- Mentioned transitional setting in BLANK_CHOICE_DASH release note. by jacobtylerwalls · Pull Request #21539 · django/django · GitHub - Refs #35870 – Mentioned transitional setting in BLANK_CHOICE_DASH release note.
- Fixed #37184 -- Allowed non-UTF-8 bytes passwords in the PBKDF2 and MD5 password hashers. by jacobtylerwalls · Pull Request #21552 · django/django · GitHub - Fixed #37184 – Allowed non-UTF-8 bytes passwords in the PBKDF2 and MD5 password hashers.
- Clarified "plaintext" vs. "plain-text" in password hashers docs. by medmunds · Pull Request #21548 · django/django · GitHub - Clarified “plaintext” vs. “plain-text” in password hashers docs.
Authored
- Fixed a pair of issues in the do_django_release.py script. by nessita · Pull Request #21543 · django/django · GitHub - Fixed a pair of issues in the do_django_release.py script.
Security
- Triaged new reports.
- Review one security patch and review CVE metadata for 3 confirmed vulnerabilities.
- Invested some time together with Jacob to discuss how to use/score the CVSS 3.1 and 4.0 vectors.
Other/Misc
- Weekly Fellows meeting.
- Attended DSF Office Hours.
- Met with Oracle regarding the Test Pilot Program.