============================================ Django 1.8 release notes - UNDER DEVELOPMENT ============================================ Welcome to Django 1.8! These release notes cover the `new features`_, as well as some `backwards incompatible changes`_ you'll want to be aware of when upgrading from Django 1.6 or older versions. We've also dropped some features, which are detailed in :ref:`our deprecation plan `, and we've `begun the deprecation process for some features`_. .. _`new features`: `What's new in Django 1.8`_ .. _`backwards incompatible changes`: `Backwards incompatible changes in 1.8`_ .. _`begun the deprecation process for some features`: `Features deprecated in 1.8`_ Python compatibility ==================== Like Django 1.7, Django 1.8 requires Python 2.7 or above, though we **highly recommend** the latest minor release. What's new in Django 1.8 ======================== Security enhancements ~~~~~~~~~~~~~~~~~~~~~ Several features of the django-secure_ third-party library have been integrated into Django. :class:`django.middleware.security.SecurityMiddleware` provides several security enhancements to the request/response cycle. The new :djadminopt:`--deploy` option of the :djadmin:`check` command allows you to check your production settings file for ways to increase the security of your site. .. _django-secure: https://pypi.python.org/pypi/django-secure New data types ~~~~~~~~~~~~~~ * Django now has a :class:`~django.db.models.UUIDField` for storing universally unique identifiers. There is a corresponding :class:`form field `. It is stored as the native ``uuid`` data type on PostgreSQL and as a fixed length character field on other backends. Minor features ~~~~~~~~~~~~~~ :mod:`django.contrib.admin` ^^^^^^^^^^^^^^^^^^^^^^^^^^^ * :class:`~django.contrib.admin.ModelAdmin` now has a :meth:`~django.contrib.admin.ModelAdmin.has_module_permission` method to allow limiting access to the module on the admin index page. * :class:`~django.contrib.admin.InlineModelAdmin` now has an attribute :attr:`~django.contrib.admin.InlineModelAdmin.show_change_link` that supports showing a link to an inline object's change form. * Use the new ``django.contrib.admin.RelatedOnlyFieldListFilter`` in :attr:`ModelAdmin.list_filter ` to limit the ``list_filter`` choices to foreign objects which are attached to those from the ``ModelAdmin``. * The :meth:`ModelAdmin.delete_view() ` displays a summary of objects to be deleted on the deletion confirmation page. * The jQuery library embedded in the admin has been upgraded to version 1.11.1. * You can now specify :attr:`AdminSite.site_url ` in order to display a link to the front-end site. * You can now specify :attr:`ModelAdmin.show_full_result_count ` to control whether or not the full count of objects should be displayed on a filtered admin page. :mod:`django.contrib.auth` ^^^^^^^^^^^^^^^^^^^^^^^^^^ * Authorization backends can now raise :class:`~django.core.exceptions.PermissionDenied` in :meth:`~django.contrib.auth.models.User.has_perm` and :meth:`~django.contrib.auth.models.User.has_module_perms` to short-circuit permission checking. * :class:`~django.contrib.auth.forms.PasswordResetForm` now has a method :meth:`~django.contrib.auth.forms.PasswordResetForm.send_email` that can be overridden to customize the mail to be sent. * The ``max_length`` of :attr:`Permission.name ` has been increased from 50 to 255 characters. Please run the database migration. * :attr:`~django.contrib.auth.models.CustomUser.USERNAME_FIELD` and :attr:`~django.contrib.auth.models.CustomUser.REQUIRED_FIELDS` now supports :class:`~django.db.models.ForeignKey`\s. :mod:`django.contrib.formtools` ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * A :doc:`form wizard ` using the :class:`~django.contrib.formtools.wizard.views.CookieWizardView` will now ignore an invalid cookie, and the wizard will restart from the first step. An invalid cookie can occur in cases of intentional manipulation, but also after a secret key change. Previously, this would raise ``WizardViewCookieModified``, a ``SuspiciousOperation``, causing an exception for any user with an invalid cookie upon every request to the wizard, until the cookie is removed. :mod:`django.contrib.gis` ^^^^^^^^^^^^^^^^^^^^^^^^^^ * Compatibility shims for ``SpatialRefSys`` and ``GeometryColumns`` changed in Django 1.2 have been removed. * The Spatialite backend now supports ``Collect`` and ``Extent`` aggregates when the database version is 3.0 or later. :mod:`django.contrib.messages` ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * ... :mod:`django.contrib.redirects` ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * ... :mod:`django.contrib.sessions` ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Session cookie is now deleted after :meth:`~django.contrib.sessions.backends.base.SessionBase.flush()` is called. :mod:`django.contrib.sitemaps` ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * The new :attr:`Sitemap.i18n ` attribute allows you to generate a sitemap based on the :setting:`LANGUAGES` setting. :mod:`django.contrib.sites` ^^^^^^^^^^^^^^^^^^^^^^^^^^^ * :func:`~django.contrib.sites.shortcuts.get_current_site` will now lookup the current site based on :meth:`request.get_host() ` if the :setting:`SITE_ID` setting is not defined. :mod:`django.contrib.staticfiles` ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * ... :mod:`django.contrib.syndication` ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * ... Cache ^^^^^ * The ``incr()`` method of the ``django.core.cache.backends.locmem.LocMemCache`` backend is now thread-safe. Database backends ^^^^^^^^^^^^^^^^^ * The MySQL backend no longer strips microseconds from ``datetime`` values as MySQL 5.6.4 and up supports fractional seconds depending on the declaration of the datetime field (when ``DATETIME`` includes fractional precision greater than 0). Email ^^^^^ * :ref:`Email backends ` now support the context manager protocol for opening and closing connections. * The SMTP email backend now supports ``keyfile`` and ``certfile`` authentication with the :setting:`EMAIL_SSL_CERTFILE` and :setting:`EMAIL_SSL_KEYFILE` settings. * The SMTP :class:`~django.core.mail.backends.smtp.EmailBackend` now supports setting the ``timeout`` parameter with the :setting:`EMAIL_TIMEOUT` setting. File Storage ^^^^^^^^^^^^ * ... File Uploads ^^^^^^^^^^^^ * ... Forms ^^^^^ * Form widgets now render attributes with a value of ``True`` or ``False`` as HTML5 boolean attributes. * The new :meth:`~django.forms.Form.has_error()` method allows checking if a specific error has happened. * If :attr:`~django.forms.Form.required_css_class` is defined on a form, then the ``