Django 1.8 release notes

April 1, 2015

Welcome to Django 1.8!

These release notes cover the new features, as well as some backwards incompatible changes you’ll want to be aware of when upgrading from Django 1.7 or older versions. We’ve also begun the deprecation process for some features, and some features have reached the end of their deprecation process and have been removed.

See the How to upgrade Django to a newer version guide if you’re updating an existing project.

Django 1.8 has been designated as Django’s second long-term support release. It will receive security updates for at least three years after its release. Support for the previous LTS, Django 1.4, will end 6 months from the release date of Django 1.8.

Python compatibility

Django 1.8 requires Python 2.7, 3.2, 3.3, 3.4, or 3.5. We highly recommend and only officially support the latest release of each series.

Django 1.8 is the first release to support Python 3.5.

Due to the end of upstream support for Python 3.2 in February 2016, we won’t test Django 1.8.x on Python 3.2 after the end of 2016.

What’s new in Django 1.8

Model._meta API

Django now has a formalized API for Model._meta, providing an officially supported way to retrieve fields and filter fields based on their attributes.

The Model._meta object has been part of Django since the days of pre-0.96 “Magic Removal” – it just wasn’t an official, stable API. In recognition of this, we’ve endeavored to maintain backwards-compatibility with the old API endpoint where possible. However, API endpoints that aren’t part of the new official API have been deprecated and will eventually be removed.

Multiple template engines

Django 1.8 defines a stable API for integrating template backends. It includes built-in support for the Django template language and for Jinja2. It supports rendering templates with multiple engines within the same project. Learn more about the new features in the topic guide and check the upgrade instructions in older versions of the documentation.

Security enhancements

Several features of the django-secure third-party library have been integrated into Django. django.middleware.security.SecurityMiddleware provides several security enhancements to the request/response cycle. The new check —deploy option allows you to check your production settings file for ways to increase the security of your site.

New PostgreSQL specific functionality

Django now has a module with extensions for PostgreSQL specific features, such as ArrayField, HStoreField, Range Fields, and unaccent lookup. A full breakdown of the features is available in the documentation.

New data types

• Django now has a UUIDField for storing universally unique identifiers. It is stored as the native uuid data type on PostgreSQL and as a fixed length character field on other backends. There is a corresponding form field.
• Django now has a DurationField for storing periods of time - modeled in Python by timedelta. It is stored in the native interval data type on PostgreSQL, as a INTERVAL DAY(9) TO SECOND(6) on Oracle, and as a bigint of microseconds on other backends. Date and time related arithmetic has also been improved on all backends. There is a corresponding form field.

Query Expressions, Conditional Expressions, and Database Functions

Query Expressions allow you to create, customize, and compose complex SQL expressions. This has enabled annotate to accept expressions other than aggregates. Aggregates are now able to reference multiple fields, as well as perform arithmetic, similar to F() objects. order_by() has also gained the ability to accept expressions.

Conditional Expressions allow you to use if … elif … else logic within queries.

A collection of database functions is also included with functionality such as Coalesce, Concat, and Substr.

TestCase data setup

TestCase has been refactored to allow for data initialization at the class level using transactions and savepoints. Database backends which do not support transactions, like MySQL with the MyISAM storage engine, will still be able to run these tests but won’t benefit from the improvements. Tests are now run within two nested atomic() blocks: one for the whole class and one for each test.

• The class method TestCase.setUpTestData() adds the ability to set up test data at the class level. Using this technique can speed up the tests as compared to using setUp().
• Fixture loading within TestCase is now performed once for the whole TestCase.

Minor features

django.contrib.admin

• ModelAdmin now has a has_module_permission() method to allow limiting access to the module on the admin index page.
• InlineModelAdmin now has an attribute show_change_link that supports showing a link to an inline object’s change form.
• Use the new django.contrib.admin.RelatedOnlyFieldListFilter in ModelAdmin.list_filter to limit the list_filter choices to foreign objects which are attached to those from the ModelAdmin.
• The ModelAdmin.delete_view() displays a summary of objects to be deleted on the deletion confirmation page.
• The jQuery library embedded in the admin has been upgraded to version 1.11.2.
• You can now specify AdminSite.site_url in order to display a link to the front-end site.
• You can now specify ModelAdmin.show_full_result_count to control whether or not the full count of objects should be displayed on a filtered admin page.
• The AdminSite.password_change() method now has an extra_context parameter.
• You can now control who may login to the admin site by overriding only AdminSite.has_permission() and AdminSite.login_form. The base.html template has a new block usertools which contains the user-specific header. A new context variable has_permission, which gets its value from has_permission(), indicates whether the user may access the site.
• Foreign key dropdowns now have buttons for changing or deleting related objects using a popup.

django.contrib.admindocs

• reStructuredText is now parsed in model docstrings.

django.contrib.auth

• Authorization backends can now raise PermissionDenied in has_perm() and has_module_perms() to short-circuit permission checking.
• PasswordResetForm now has a method send_mail() that can be overridden to customize the mail to be sent.
• The max_length of Permission.name has been increased from 50 to 255 characters. Please run the database migration.
• USERNAME_FIELD and REQUIRED_FIELDS now supports ForeignKeys.
• The default iteration count for the PBKDF2 password hasher has been increased by 33%. This backwards compatible change will not affect users who have subclassed django.contrib.auth.hashers.PBKDF2PasswordHasher to change the default value.

django.contrib.gis

• A new GeoJSON serializer is now available.
• It is now allowed to include a subquery as a geographic lookup argument, for example City.objects.filter(point__within=Country.objects.filter(continent='Africa').values('mpoly')).
• The SpatiaLite backend now supports Collect and Extent aggregates when the database version is 3.0 or later.
• The PostGIS 2 CREATE EXTENSION postgis and the SpatiaLite SELECT InitSpatialMetaData initialization commands are now automatically run by migrate.
• The GDAL interface now supports retrieving properties of raster (image) data file.
• Compatibility shims for SpatialRefSys and GeometryColumns changed in Django 1.2 have been removed.
• All GDAL-related exceptions are now raised with GDALException. The former OGRException has been kept for backwards compatibility but should not be used any longer.

django.contrib.sessions

• Session cookie is now deleted after flush() is called.

django.contrib.sitemaps

• The new Sitemap.i18n attribute allows you to generate a sitemap based on the LANGUAGES setting.

django.contrib.sites

• get_current_site() will now lookup the current site based on request.get_host() if the SITE_ID setting is not defined.
• The default Site created when running migrate now respects the SITE_ID setting (instead of always using pk=1).

Cache

• The incr() method of the django.core.cache.backends.locmem.LocMemCache backend is now thread-safe.

Cryptography

• The max_age parameter of the django.core.signing.TimestampSigner.unsign() method now also accepts a datetime.timedelta object.

Database backends

• The MySQL backend no longer strips microseconds from datetime values as MySQL 5.6.4 and up supports fractional seconds depending on the declaration of the datetime field (when DATETIME includes fractional precision greater than 0). New datetime database columns created with Django 1.8 and MySQL 5.6.4 and up will support microseconds. See the MySQL database notes for more details.
• The MySQL backend no longer creates explicit indexes for foreign keys when using the InnoDB storage engine, as MySQL already creates them automatically.
• The Oracle backend no longer defines the connection_persists_old_columns feature as True. Instead, Oracle will now include a cache busting clause when getting the description of a table.

Email

• Email backends now support the context manager protocol for opening and closing connections.
• The SMTP email backend now supports keyfile and certfile authentication with the EMAIL_SSL_CERTFILE and EMAIL_SSL_KEYFILE settings.
• The SMTP EmailBackend now supports setting the timeout parameter with the EMAIL_TIMEOUT setting.
• EmailMessage and EmailMultiAlternatives now support the reply_to parameter.

File Storage

• Storage.get_available_name() and Storage.save() now take a max_length argument to implement storage-level maximum filename length constraints. Filenames exceeding this argument will get truncated. This prevents a database error when appending a unique suffix to a long filename that already exists on the storage. See the deprecation note about adding this argument to your custom storage classes.

Forms

• Form widgets now render attributes with a value of True or False as HTML5 boolean attributes.
• The new has_error() method allows checking if a specific error has happened.
• If required_css_class is defined on a form, then the <label> tags for required fields will have this class present in its attributes.
• The rendering of non-field errors in unordered lists (<ul>) now includes nonfield in its list of classes to distinguish them from field-specific errors.
• Field now accepts a label_suffix argument, which will override the form’s label_suffix. This enables customizing the suffix on a per-field basis — previously it wasn’t possible to override a form’s label_suffix while using shortcuts such as {{ form.as_p }} in templates.
• SelectDateWidget now accepts an empty_label argument, which will override the top list choice label when DateField is not required.
• After an ImageField has been cleaned and validated, the UploadedFile object will have an additional image attribute containing the Pillow Image instance used to check if the file was a valid image. It will also update UploadedFile.content_type with the image’s content type as determined by Pillow.
• You can now pass a callable that returns an iterable of choices when instantiating a ChoiceField.

Generic Views

• Generic views that use MultipleObjectMixin may now specify the ordering applied to the queryset by setting ordering or overriding get_ordering().
• The new SingleObjectMixin.query_pk_and_slug attribute allows changing the behavior of get_object() so that it’ll perform its lookup using both the primary key and the slug.
• The get_form() method doesn’t require a form_class to be provided anymore. If not provided form_class defaults to get_form_class().
• Placeholders in ModelFormMixin.success_url now support the Python str.format() syntax. The legacy %(<foo>)s syntax is still supported but will be removed in Django 1.10.

Internationalization

• FORMAT_MODULE_PATH can now be a list of strings representing module paths. This allows importing several format modules from different reusable apps. It also allows overriding those custom formats in your main Django project.

Logging

• The django.utils.log.AdminEmailHandler class now has a send_mail() method to make it more subclass friendly.

Management Commands

• Database connections are now always closed after a management command called from the command line has finished doing its job.
• Commands from alternate package formats like eggs are now also discovered.
• The new dumpdata —output option allows specifying a file to which the serialized data is written.
• The new makemessages —exclude and compilemessages —exclude options allow excluding specific locales from processing.
• compilemessages now has a --use-fuzzy or -f option which includes fuzzy translations into compiled files.
• The loaddata —ignorenonexistent option now ignores data for models that no longer exist.
• runserver now uses daemon threads for faster reloading.
• inspectdb now outputs Meta.unique_together. It is also able to introspect AutoField for MySQL and PostgreSQL databases.
• When calling management commands with options using call_command(), the option name can match the command line option name (without the initial dashes) or the final option destination variable name, but in either case, the resulting option received by the command is now always the dest name specified in the command option definition (as long as the command uses the argparse module).
• The dbshell command now supports MySQL’s optional SSL certificate authority setting (--ssl-ca).
• The new makemigrations —name allows giving the migration(s) a custom name instead of a generated one.
• The loaddata command now prevents repeated fixture loading. If FIXTURE_DIRS contains duplicates or a default fixture directory path (app_name/fixtures), an exception is raised.
• The new makemigrations --exit option allows exiting with an error code if no migrations are created.
• The new showmigrations command allows listing all migrations and their dependencies in a project.

Middleware

• The CommonMiddleware.response_redirect_class attribute allows you to customize the redirects issued by the middleware.
• A debug message will be logged to the django.request logger when a middleware raises a MiddlewareNotUsed exception in DEBUG mode.

Migrations

• The RunSQL operation can now handle parameters passed to the SQL statements.
• It is now possible to have migrations (most probably data migrations) for applications without models.
• Migrations can now serialize model managers as part of the model state.
• A generic mechanism to handle the deprecation of model fields was added.
• The RunPython.noop() and RunSQL.noop class method/attribute were added to ease in making RunPython and RunSQL operations reversible.
• The migration operations RunPython and RunSQL now call the allow_migrate() method of database routers. The router can use the newly introduced app_label and hints arguments to make a routing decision. To take advantage of this feature you need to update the router to the new allow_migrate signature, see the deprecation section for more details.

Models

• Django now logs at most 9000 queries in connections.queries, in order to prevent excessive memory usage in long-running processes in debug mode.
• There is now a model Meta option to define a default related name for all relational fields of a model.
• Pickling models and querysets across different versions of Django isn’t officially supported (it may work, but there’s no guarantee). An extra variable that specifies the current Django version is now added to the pickled state of models and querysets, and Django raises a RuntimeWarning when these objects are unpickled in a different version than the one in which they were pickled.
• Added Model.from_db() which Django uses whenever objects are loaded using the ORM. The method allows customizing model loading behavior.
• extra(select={...}) now allows you to escape a literal %s sequence using %%s.
• Custom Lookups can now be registered using a decorator pattern.
• The new Transform.bilateral attribute allows creating bilateral transformations. These transformations are applied to both lhs and rhs when used in a lookup expression, providing opportunities for more sophisticated lookups.
• SQL special characters (, %, _) are now escaped properly when a pattern lookup (e.g. contains, startswith, etc.) is used with an F() expression as the right-hand side. In those cases, the escaping is performed by the database, which can lead to somewhat complex queries involving nested REPLACE function calls.
• You can now refresh model instances by using Model.refresh_from_db().
• You can now get the set of deferred fields for a model using Model.get_deferred_fields().
• Model field default’s are now used when primary key field’s are set to None.

Signals

• Exceptions from the (receiver, exception) tuples returned by Signal.send_robust() now have their traceback attached as a __traceback__ attribute.
• The environ argument, which contains the WSGI environment structure from the request, was added to the request_started signal.
• You can now import the setting_changed() signal from django.core.signals to avoid loading django.test in non-test situations. Django no longer does so itself.

System Check Framework

• register can now be used as a function.

Templates

• urlize now supports domain-only links that include characters after the top-level domain (e.g. djangoproject.com/ and djangoproject.com/download/).
• urlize doesn’t treat exclamation marks at the end of a domain or its query string as part of the URL (the URL in e.g. 'djangoproject.com! is djangoproject.com)
• Added a locmem.Loader class that loads Django templates from a Python dictionary.
• The now tag can now store its output in a context variable with the usual syntax: {% now 'j n Y' as varname %}.

Requests and Responses

• WSGIRequest now respects paths starting with //.
• The HttpRequest.build_absolute_uri() method now handles paths starting with // correctly.
• If DEBUG is True and a request raises a SuspiciousOperation, the response will be rendered with a detailed error page.
• The query_string argument of QueryDict is now optional, defaulting to None, so a blank QueryDict can now be instantiated with QueryDict() instead of QueryDict(None) or QueryDict('').
• The GET and POST attributes of an HttpRequest object are now QueryDicts rather than dictionaries, and the FILES attribute is now a MultiValueDict. This brings this class into line with the documentation and with WSGIRequest.
• The HttpResponse.charset attribute was added.
• WSGIRequestHandler now follows RFC in converting URI to IRI, using uri_to_iri().
• The HttpRequest.get_full_path() method now escapes unsafe characters from the path portion of a Uniform Resource Identifier (URI) properly.
• HttpResponse now implements a few additional methods like getvalue() so that instances can be used as stream objects.
• The new HttpResponse.setdefault() method allows setting a header unless it has already been set.
• You can use the new FileResponse to stream files.
• The condition() decorator for conditional view processing now supports the If-unmodified-since header.

Tests

• The RequestFactory.trace() and Client.trace() methods were implemented, allowing you to create TRACE requests in your tests.
• The count argument was added to assertTemplateUsed(). This allows you to assert that a template was rendered a specific number of times.
• The new assertJSONNotEqual() assertion allows you to test that two JSON fragments are not equal.
• Added options to the test command to preserve the test database (--keepdb), to run the test cases in reverse order (--reverse), and to enable SQL logging for failing tests (--debug-sql).
• Added the resolver_match attribute to test client responses.
• Added several settings that allow customization of test tablespace parameters for Oracle: DATAFILE, DATAFILE_TMP, DATAFILE_MAXSIZE and DATAFILE_TMP_MAXSIZE.
• The override_settings() decorator can now affect the master router in DATABASE_ROUTERS.
• Added test client support for file uploads with file-like objects.
• A shared cache is now used when testing with an SQLite in-memory database when using Python 3.4+ and SQLite 3.7.13+. This allows sharing the database between threads.

Validators

• URLValidator now supports IPv6 addresses, Unicode domains, and URLs containing authentication data.

Backwards incompatible changes in 1.8

Warning

In addition to the changes outlined in this section, be sure to review the deprecation plan for any features that have been removed. If you haven’t updated your code within the deprecation timeline for a given feature, its removal may appear as a backwards incompatible change.

Related object operations are run in a transaction

Some operations on related objects such as add() or direct assignment ran multiple data modifying queries without wrapping them in transactions. To reduce the risk of data corruption, all data modifying methods that affect multiple related objects (i.e. add(), remove(), clear(), and direct assignment) now perform their data modifying queries from within a transaction, provided your database supports transactions.

This has one backwards incompatible side effect, signal handlers triggered from these methods are now executed within the method’s transaction and any exception in a signal handler will prevent the whole operation.

Assigning unsaved objects to relations raises an error

Note

To more easily allow in-memory usage of models, this change was reverted in Django 1.8.4 and replaced with a check during model.save(). For example:

>>> book = Book.objects.create(name="Django")
>>> book.author = Author(name="John")
>>> book.save()
Traceback (most recent call last):
...
ValueError: save() prohibited to prevent data loss due to unsaved related object 'author'.

A similar check on assignment to reverse one-to-one relations was removed in Django 1.8.5.

Assigning unsaved objects to a ForeignKey, GenericForeignKey, and OneToOneField now raises a ValueError.

Previously, the assignment of an unsaved object would be silently ignored. For example:

>>> book = Book.objects.create(name="Django")
>>> book.author = Author(name="John")
>>> book.author.save()
>>> book.save()
>>> Book.objects.get(name="Django")
>>> book.author
>>>

Now, an error will be raised to prevent data loss:

>>> book.author = Author(name="john")
Traceback (most recent call last):
...
ValueError: Cannot assign "<Author: John>": "Author" instance isn't saved in the database.

If you require allowing the assignment of unsaved instances (the old behavior) and aren’t concerned about the data loss possibility (e.g. you never save the objects to the database), you can disable this check by using the ForeignKey.allow_unsaved_instance_assignment attribute. (This attribute was removed in 1.8.4 as it’s no longer relevant.)

Management commands that only accept positional arguments

If you have written a custom management command that only accepts positional arguments and you didn’t specify the args command variable, you might get an error like Error: unrecognized arguments: ..., as variable parsing is now based on argparse which doesn’t implicitly accept positional arguments. You can make your command backwards compatible by simply setting the args class variable. However, if you don’t have to keep compatibility with older Django versions, it’s better to implement the new add_arguments() method as described in How to create custom django-admin commands.

Custom test management command arguments through test runner

The method to add custom arguments to the test management command through the test runner has changed. Previously, you could provide an option_list class variable on the test runner to add more arguments (à la optparse). Now to implement the same behavior, you have to create an add_arguments(cls, parser) class method on the test runner and call parser.add_argument to add any custom arguments, as parser is now an argparse.ArgumentParser instance.

Model check ensures auto-generated column names are within limits specified by database

A field name that’s longer than the column name length supported by a database can create problems. For example, with MySQL you’ll get an exception trying to create the column, and with PostgreSQL the column name is truncated by the database (you may see a warning in the PostgreSQL logs).

A model check has been introduced to better alert users to this scenario before the actual creation of database tables.

If you have an existing model where this check seems to be a false positive, for example on PostgreSQL where the name was already being truncated, simply use db_column to specify the name that’s being used.

The check also applies to the columns generated in an implicit ManyToManyField.through model. If you run into an issue there, use through to create an explicit model and then specify db_column on its column(s) as needed.

Query relation lookups now check object types

Querying for model lookups now checks if the object passed is of correct type and raises a ValueError if not. Previously, Django didn’t care if the object was of correct type; it just used the object’s related field attribute (e.g. id) for the lookup. Now, an error is raised to prevent incorrect lookups:

>>> book = Book.objects.create(name="Django")
>>> book = Book.objects.filter(author=book)
Traceback (most recent call last):
...
ValueError: Cannot query "<Book: Django>": Must be "Author" instance.

select_related() now checks given fields

select_related() now validates that the given fields actually exist. Previously, nonexistent fields were silently ignored. Now, an error is raised:

>>> book = Book.objects.select_related("nonexistent_field")
Traceback (most recent call last):
...
FieldError: Invalid field name(s) given in select_related: 'nonexistent_field'

The validation also makes sure that the given field is relational:

>>> book = Book.objects.select_related("name")
Traceback (most recent call last):
...
FieldError: Non-relational field given in select_related: 'name'

Default EmailField.max_length increased to 254

The old default 75 character max_length was not capable of storing all possible RFC3696/5321-compliant email addresses. In order to store all possible valid email addresses, the max_length has been increased to 254 characters. You will need to generate and apply database migrations for your affected models (or add max_length=75 if you wish to keep the length on your current fields). A migration for django.contrib.auth.models.User.email is included.

Support for PostgreSQL versions older than 9.0

The end of upstream support periods was reached in July 2014 for PostgreSQL 8.4. As a consequence, Django 1.8 sets 9.0 as the minimum PostgreSQL version it officially supports.

This also includes dropping support for PostGIS 1.3 and 1.4 as these versions are not supported on versions of PostgreSQL later than 8.4.

Django also now requires the use of Psycopg2 version 2.4.5 or higher (or 2.5+ if you want to use django.contrib.postgres).

Support for MySQL versions older than 5.5

The end of upstream support periods was reached in January 2012 for MySQL 5.0 and December 2013 for MySQL 5.1. As a consequence, Django 1.8 sets 5.5 as the minimum MySQL version it officially supports.

Support for Oracle versions older than 11.1

The end of upstream support periods was reached in July 2010 for Oracle 9.2, January 2012 for Oracle 10.1, and July 2013 for Oracle 10.2. As a consequence, Django 1.8 sets 11.1 as the minimum Oracle version it officially supports.

Specific privileges used instead of roles for tests on Oracle

Earlier versions of Django granted the CONNECT and RESOURCE roles to the test user on Oracle. These roles have been deprecated, so Django 1.8 uses the specific underlying privileges instead. This changes the privileges required of the main user for running tests (unless the project is configured to avoid creating a test user). The exact privileges required now are detailed in Oracle notes.

AbstractUser.last_login allows null values

The AbstractUser.last_login field now allows null values. Previously, it defaulted to the time when the user was created which was misleading if the user never logged in. If you are using the default user (django.contrib.auth.models.User), run the database migration included in contrib.auth.

If you are using a custom user model that inherits from AbstractUser, you’ll need to run makemigrations and generate a migration for your app that contains that model. Also, if wish to set last_login to NULL for users who haven’t logged in, you can run this query:

from django.db import models
from django.contrib.auth import get_user_model
from django.contrib.auth.models import AbstractBaseUser
UserModel = get_user_model()
if issubclass(UserModel, AbstractBaseUser):
    UserModel._default_manager.filter(last_login=models.F("date_joined")).update(
        last_login=None
    )

django.contrib.gis

• Support for GEOS 3.1 and GDAL 1.6 has been dropped.
• Support for SpatiaLite < 2.4 has been dropped.
• GIS-specific lookups have been refactored to use the django.db.models.Lookup API.
• The default str representation of GEOSGeometry objects has been changed from WKT to EWKT format (including the SRID). As this representation is used in the serialization framework, that means that dumpdata output will now contain the SRID value of geometry objects.

Priority of context processors for TemplateResponse brought in line with render

The TemplateResponse constructor is designed to be a drop-in replacement for the render() function. However, it had a slight incompatibility, in that for TemplateResponse, context data from the passed in context dictionary could be shadowed by context data returned from context processors, whereas for render it was the other way around. This was a bug, and the behavior of render is more appropriate, since it allows the globally defined context processors to be overridden locally in the view. If you were relying on the fact context data in a TemplateResponse could be overridden using a context processor, you will need to change your code.

Overriding setUpClass / tearDownClass in test cases

The decorators override_settings() and modify_settings() now act at the class level when used as class decorators. As a consequence, when overriding setUpClass() or tearDownClass(), the super implementation should always be called.

Removal of django.contrib.formtools

The formtools contrib app has been moved to a separate package and the relevant documentation pages have been updated or removed.

The new package is available on GitHub and on PyPI.

Database connection reloading between tests

Django previously closed database connections between each test within a TestCase. This is no longer the case as Django now wraps the whole TestCase within a transaction. If some of your tests relied on the old behavior, you should have them inherit from TransactionTestCase instead.

Cleanup of the django.template namespace

If you’ve been relying on private APIs exposed in the django.template module, you may have to import them from django.template.base instead.

Also private APIs django.template.base.compile_string(), django.template.loader.find_template(), and django.template.loader.get_template_from_string() were removed.

model attribute on private model relations

In earlier versions of Django, on a model with a reverse foreign key relationship (for example), model._meta.get_all_related_objects() returned the relationship as a django.db.models.related.RelatedObject with the model attribute set to the source of the relationship. Now, this method returns the relationship as django.db.models.fields.related.ManyToOneRel (private API RelatedObject has been removed), and the model attribute is set to the target of the relationship instead of the source. The source model is accessible on the related_model attribute instead.

Consider this example from the tutorial in Django 1.8:

>>> p = Poll.objects.get(pk=1)
>>> p._meta.get_all_related_objects()
[<ManyToOneRel: polls.choice>]
>>> p._meta.get_all_related_objects()[0].model
<class 'polls.models.Poll'>
>>> p._meta.get_all_related_objects()[0].related_model
<class 'polls.models.Choice'>

and compare it to the behavior on older versions:

>>> p._meta.get_all_related_objects()
[<RelatedObject: polls:choice related to poll>]
>>> p._meta.get_all_related_objects()[0].model
<class 'polls.models.Choice'>

To access the source model, you can use a pattern like this to write code that will work with both Django 1.8 and older versions:

for relation in opts.get_all_related_objects():
    to_model = getattr(relation, "related_model", relation.model)

Also note that get_all_related_objects() is deprecated in 1.8.

Database backend API

The following changes to the database backend API are documented to assist those writing third-party backends in updating their code:

• BaseDatabaseXXX classes have been moved to django.db.backends.base. Please import them from the new locations:

  from django.db.backends.base.base import BaseDatabaseWrapper
  from django.db.backends.base.client import BaseDatabaseClient
  from django.db.backends.base.creation import BaseDatabaseCreation
  from django.db.backends.base.features import BaseDatabaseFeatures
  from django.db.backends.base.introspection import BaseDatabaseIntrospection
  from django.db.backends.base.introspection import FieldInfo, TableInfo
  from django.db.backends.base.operations import BaseDatabaseOperations
  from django.db.backends.base.schema import BaseDatabaseSchemaEditor
  from django.db.backends.base.validation import BaseDatabaseValidation

• The data_types, data_types_suffix, and data_type_check_constraints attributes have moved from the DatabaseCreation class to DatabaseWrapper.

• The SQLCompiler.as_sql() method now takes a subquery parameter (#24164).

• The BaseDatabaseOperations.date_interval_sql() method now only takes a timedelta parameter.

django.contrib.admin

• AdminSite no longer takes an app_name argument and its app_name attribute has been removed. The application name is always admin (as opposed to the instance name which you can still customize using AdminSite(name="...").
• The ModelAdmin.get_object() method (private API) now takes a third argument named from_field in order to specify which field should match the provided object_id.
• The ModelAdmin.response_delete() method now takes a second argument named obj_id which is the serialized identifier used to retrieve the object before deletion.

Default autoescaping of functions in django.template.defaultfilters

In order to make built-in template filters that output HTML “safe by default” when calling them in Python code, the following functions in django.template.defaultfilters have been changed to automatically escape their input value:

• join
• linebreaksbr
• linebreaks_filter
• linenumbers
• unordered_list
• urlize
• urlizetrunc

You can revert to the old behavior by specifying autoescape=False if you are passing trusted content. This change doesn’t have any effect when using the corresponding filters in templates.

Miscellaneous

• connections.queries is now a read-only attribute.

• Database connections are considered equal only if they’re the same object. They aren’t hashable any more.

• GZipMiddleware used to disable compression for some content types when the request is from Internet Explorer, in order to work around a bug in IE6 and earlier. This behavior could affect performance on IE7 and later. It was removed.

• URLField.to_python no longer adds a trailing slash to pathless URLs.

• The length template filter now returns 0 for an undefined variable, rather than an empty string.

• ForeignKey.default_error_message['invalid'] has been changed from '%(model)s instance with pk %(pk)r does not exist.' to '%(model)s instance with %(field)s %(value)r does not exist.' If you are using this message in your own code, please update the list of interpolated parameters. Internally, Django will continue to provide the pk parameter in params for backwards compatibility.

• UserCreationForm.error_messages['duplicate_username'] is no longer used. If you wish to customize that error message, override it on the form using the 'unique' key in Meta.error_messages['username'] or, if you have a custom form field for 'username', using the 'unique' key in its error_messages argument.

• The block usertools in the base.html template of django.contrib.admin now requires the has_permission context variable to be set. If you have any custom admin views that use this template, update them to pass AdminSite.has_permission() as this new variable’s value or simply include AdminSite.each_context(request) in the context.

• Internal changes were made to the ClearableFileInput widget to allow more customization. The undocumented url_markup_template attribute was removed in favor of template_with_initial.

• For consistency with other major vendors, the en_GB locale now has Monday as the first day of the week.

• Seconds have been removed from any locales that had them in TIME_FORMAT, DATETIME_FORMAT, or SHORT_DATETIME_FORMAT.

• The default max size of the Oracle test tablespace has increased from 300M (or 200M, before 1.7.2) to 500M.

• reverse() and reverse_lazy() now return Unicode strings instead of bytestrings.

• The CacheClass shim has been removed from all cache backends. These aliases were provided for backwards compatibility with Django 1.3. If you are still using them, please update your project to use the real class name found in the BACKEND key of the CACHES setting.

• By default, call_command() now always skips the check framework (unless you pass it skip_checks=False).

• When iterating over lines, File now uses universal newlines. The following are recognized as ending a line: the Unix end-of-line convention '\n', the Windows convention '\r\n', and the old Macintosh convention '\r'.

• The Memcached cache backends MemcachedCache and PyLibMCCache will delete a key if set() fails. This is necessary to ensure the cache_db session store always fetches the most current session data.

• Private APIs override_template_loaders and override_with_test_loader in django.test.utils were removed. Override TEMPLATES with override_settings instead.

• Warnings from the MySQL database backend are no longer converted to exceptions when DEBUG is True.

• HttpRequest now has a simplified repr (e.g. <WSGIRequest: GET '/somepath/'>). This won’t change the behavior of the SafeExceptionReporterFilter class.

• Class-based views that use ModelFormMixin will raise an ImproperlyConfigured exception when both the fields and form_class attributes are specified. Previously, fields was silently ignored.

• When following redirects, the test client now raises RedirectCycleError if it detects a loop or hits a maximum redirect limit (rather than passing silently).

• Translatable strings set as the default parameter of the field are cast to concrete strings later, so the return type of Field.get_default() is different in some cases. There is no change to default values which are the result of a callable.

• GenericIPAddressField.empty_strings_allowed is now False. Database backends that interpret empty strings as null (only Oracle among the backends that Django includes) will no longer convert null values back to an empty string. This is consistent with other backends.

• When the BaseCommand.leave_locale_alone attribute is False, translations are now deactivated instead of forcing the “en-us” locale. In the case your models contained non-English strings and you counted on English translations to be activated in management commands, this will not happen any longer. It might be that new database migrations are generated (once) after migrating to 1.8.

• django.utils.translation.get_language() now returns None instead of LANGUAGE_CODE when translations are temporarily deactivated.

• When a translation doesn’t exist for a specific literal, the fallback is now taken from the LANGUAGE_CODE language (instead of from the untranslated msgid message).

• The name field of django.contrib.contenttypes.models.ContentType has been removed by a migration and replaced by a property. That means it’s not possible to query or filter a ContentType by this field any longer.

  Be careful if you upgrade to Django 1.8 and skip Django 1.7. If you run manage.py migrate --fake, this migration will be skipped and you’ll see a RuntimeError: Error creating new content types. exception because the name column won’t be dropped from the database. Use manage.py migrate --fake-initial to fake only the initial migration instead.

• The new migrate —fake-initial option allows faking initial migrations. In 1.7, initial migrations were always automatically faked if all tables created in an initial migration already existed.

• An app without migrations with a ForeignKey to an app with migrations may now result in a foreign key constraint error when migrating the database or running tests. In Django 1.7, this could fail silently and result in a missing constraint. To resolve the error, add migrations to the app without them.

Features deprecated in 1.8

Selected methods in django.db.models.options.Options

As part of the formalization of the Model._meta API (from the django.db.models.options.Options class), a number of methods have been deprecated and will be removed in Django 1.10:

• get_all_field_names()
• get_all_related_objects()
• get_all_related_objects_with_model()
• get_all_related_many_to_many_objects()
• get_all_related_m2m_objects_with_model()
• get_concrete_fields_with_model()
• get_field_by_name()
• get_fields_with_model()
• get_m2m_with_model()

Loading cycle and firstof template tags from future library

Django 1.6 introduced {% load cycle from future %} and {% load firstof from future %} syntax for forward compatibility of the cycle and firstof template tags. This syntax is now deprecated and will be removed in Django 1.10. You can simply remove the {% load ... from future %} tags.

django.conf.urls.patterns()

In the olden days of Django, it was encouraged to reference views as strings in urlpatterns:

urlpatterns = patterns(
    "",
    url("^$", "myapp.views.myview"),
)

and Django would magically import myapp.views.myview internally and turn the string into a real function reference. In order to reduce repetition when referencing many views from the same module, the patterns() function takes a required initial prefix argument which is prepended to all views-as-strings in that set of urlpatterns:

urlpatterns = patterns(
    "myapp.views",
    url("^$", "myview"),
    url("^other/$", "otherview"),
)

In the modern era, we have updated the tutorial to instead recommend importing your views module and referencing your view functions (or classes) directly. This has a number of advantages, all deriving from the fact that we are using normal Python in place of “Django String Magic”: the errors when you mistype a view name are less obscure, IDEs can help with autocompletion of view names, etc.

So these days, the above use of the prefix arg is much more likely to be written (and is better written) as:

from myapp import views
urlpatterns = patterns(
    "",
    url("^$", views.myview),
    url("^other/$", views.otherview),
)

Thus patterns() serves little purpose and is a burden when teaching new users (answering the newbie’s question “why do I need this empty string as the first argument to patterns()?”). For these reasons, we are deprecating it. Updating your code is as simple as ensuring that urlpatterns is a list of django.conf.urls.url() instances. For example:

from django.conf.urls import url
from myapp import views
urlpatterns = [
    url("^$", views.myview),
    url("^other/$", views.otherview),
]

Passing a string as view to django.conf.urls.url()

Related to the previous item, referencing views as strings in the url() function is deprecated. Pass the callable view as described in the previous section instead.

Template-related settings

As a consequence of the multiple template engines refactor, several settings are deprecated in favor of TEMPLATES:

• ALLOWED_INCLUDE_ROOTS
• TEMPLATE_CONTEXT_PROCESSORS
• TEMPLATE_DEBUG
• TEMPLATE_DIRS
• TEMPLATE_LOADERS
• TEMPLATE_STRING_IF_INVALID

django.core.context_processors

Built-in template context processors have been moved to django.template.context_processors.

django.test.SimpleTestCase.urls

The attribute SimpleTestCase.urls for specifying URLconf configuration in tests has been deprecated and will be removed in Django 1.10. Use @override_settings(ROOT_URLCONF=…) instead.

prefix argument to i18n_patterns()

Related to the previous item, the prefix argument to django.conf.urls.i18n.i18n_patterns() has been deprecated. Simply pass a list of django.conf.urls.url() instances instead.

Using an incorrect count of unpacked values in the for template tag

Using an incorrect count of unpacked values in for tag will raise an exception rather than fail silently in Django 1.10.

Passing a dotted path to reverse() and url

Reversing URLs by Python path is an expensive operation as it causes the path being reversed to be imported. This behavior has also resulted in a security issue. Use named URL patterns for reversing instead.

If you are using django.contrib.sitemaps, add the name argument to the url that references django.contrib.sitemaps.views.sitemap():

from django.contrib.sitemaps.views import sitemap
url(
    r"^sitemap\.xml$",
    sitemap,
    {"sitemaps": sitemaps},
    name="django.contrib.sitemaps.views.sitemap",
)

to ensure compatibility when reversing by Python path is removed in Django 1.10.

Similarly for GIS sitemaps, add name='django.contrib.gis.sitemaps.views.kml' or name='django.contrib.gis.sitemaps.views.kmz'.

If you are using a Python path for the LOGIN_URL or LOGIN_REDIRECT_URL setting, use the name of the url() instead.

Aggregate methods and modules

The django.db.models.sql.aggregates and django.contrib.gis.db.models.sql.aggregates modules (both private API), have been deprecated as django.db.models.aggregates and django.contrib.gis.db.models.aggregates are now also responsible for SQL generation. The old modules will be removed in Django 1.10.

If you were using the old modules, see Query Expressions for instructions on rewriting custom aggregates using the new stable API.

The following methods and properties of django.db.models.sql.query.Query have also been deprecated and the backwards compatibility shims will be removed in Django 1.10:

• Query.aggregates, replaced by annotations.
• Query.aggregate_select, replaced by annotation_select.
• Query.add_aggregate(), replaced by add_annotation().
• Query.set_aggregate_mask(), replaced by set_annotation_mask().
• Query.append_aggregate_mask(), replaced by append_annotation_mask().

Extending management command arguments through Command.option_list

Management commands now use argparse instead of optparse to parse command-line arguments passed to commands. This also means that the way to add custom arguments to commands has changed: instead of extending the option_list class list, you should now override the add_arguments() method and add arguments through argparse.add_argument(). See this example for more details.

django.core.management.NoArgsCommand

The class NoArgsCommand is now deprecated and will be removed in Django 1.10. Use BaseCommand instead, which takes no arguments by default.

Listing all migrations in a project

The --list option of the migrate management command is deprecated and will be removed in Django 1.10. Use showmigrations instead.

cache_choices option of ModelChoiceField and ModelMultipleChoiceField

ModelChoiceField and ModelMultipleChoiceField took an undocumented, untested option cache_choices. This cached querysets between multiple renderings of the same Form object. This option is subject to an accelerated deprecation and will be removed in Django 1.9.

django.template.resolve_variable()

The function has been informally marked as “Deprecated” for some time. Replace resolve_variable(path, context) with django.template.Variable(path).resolve(context).

django.contrib.webdesign

It provided the lorem template tag which is now included in the built-in tags. Simply remove 'django.contrib.webdesign' from INSTALLED_APPS and {% load webdesign %} from your templates.

error_message argument to django.forms.RegexField

It provided backwards compatibility for pre-1.0 code, but its functionality is redundant. Use Field.error_messages['invalid'] instead.

Old unordered_list syntax

An older (pre-1.0), more restrictive and verbose input format for the unordered_list template filter has been deprecated:

["States", [["Kansas", [["Lawrence", []], ["Topeka", []]]], ["Illinois", []]]]

Using the new syntax, this becomes:

["States", ["Kansas", ["Lawrence", "Topeka"], "Illinois"]]

django.forms.Field._has_changed()

Rename this method to has_changed() by removing the leading underscore. The old name will still work until Django 1.10.

django.utils.html.remove_tags() and removetags template filter

django.utils.html.remove_tags() as well as the template filter removetags have been deprecated as they cannot guarantee safe output. Their existence is likely to lead to their use in security-sensitive contexts where they are not actually safe.

The unused and undocumented django.utils.html.strip_entities() function has also been deprecated.

is_admin_site argument to django.contrib.auth.views.password_reset()

It’s a legacy option that should no longer be necessary.

SubfieldBase

django.db.models.fields.subclassing.SubfieldBase has been deprecated and will be removed in Django 1.10. Historically, it was used to handle fields where type conversion was needed when loading from the database, but it was not used in .values() calls or in aggregates. It has been replaced with from_db_value().

The new approach doesn’t call the to_python() method on assignment as was the case with SubfieldBase. If you need that behavior, reimplement the Creator class from Django’s source code in your project.

django.utils.checksums

The django.utils.checksums module has been deprecated and will be removed in Django 1.10. The functionality it provided (validating checksum using the Luhn algorithm) was undocumented and not used in Django. The module has been moved to the django-localflavor package (version 1.1+).

InlineAdminForm.original_content_type_id

The original_content_type_id attribute on InlineAdminForm has been deprecated and will be removed in Django 1.10. Historically, it was used to construct the “view on site” URL. This URL is now accessible using the absolute_url attribute of the form.

django.views.generic.edit.FormMixin.get_form()’s form_class argument

FormMixin subclasses that override the get_form() method should make sure to provide a default value for the form_class argument since it’s now optional.

Rendering templates loaded by get_template() with a Context

The return type of get_template() has changed in Django 1.8: instead of a django.template.Template, it returns a Template instance whose exact type depends on which backend loaded it.

Both classes provide a render() method, however, the former takes a django.template.Context as an argument while the latter expects a dict. This change is enforced through a deprecation path for Django templates.

All this also applies to select_template().

Template and Context classes in template responses

Some methods of SimpleTemplateResponse and TemplateResponse accepted django.template.Context and django.template.Template objects as arguments. They should now receive dict and backend-dependent template objects respectively.

This also applies to the return types if you have subclassed either template response class.

Check the template response API documentation for details.

current_app argument of template-related APIs

The following functions and classes will no longer accept a current_app parameter to set an URL namespace in Django 1.10:

• django.shortcuts.render()
• django.template.Context()
• django.template.RequestContext()
• django.template.response.TemplateResponse()

Set request.current_app instead, where request is the first argument to these functions or classes. If you’re using a plain Context, use a RequestContext instead.

dictionary and context_instance arguments of rendering functions

The following functions will no longer accept the dictionary and context_instance parameters in Django 1.10:

• django.shortcuts.render()
• django.shortcuts.render_to_response()
• django.template.loader.render_to_string()

Use the context parameter instead. When dictionary is passed as a positional argument, which is the most common idiom, no changes are needed.

If you’re passing a Context in context_instance, pass a dict in the context parameter instead. If you’re passing a RequestContext, pass the request separately in the request parameter.

dirs argument of template-finding functions

The following functions will no longer accept a dirs parameter to override TEMPLATE_DIRS in Django 1.10:

• django.template.loader.get_template()
• django.template.loader.select_template()
• django.shortcuts.render()
• django.shortcuts.render_to_response()

The parameter didn’t work consistently across different template loaders and didn’t work for included templates.

django.template.loader.BaseLoader

django.template.loader.BaseLoader was renamed to django.template.loaders.base.Loader. If you’ve written a custom template loader that inherits BaseLoader, you must inherit Loader instead.

django.test.utils.TestTemplateLoader

Private API django.test.utils.TestTemplateLoader is deprecated in favor of django.template.loaders.locmem.Loader and will be removed in Django 1.9.

Support for the max_length argument on custom Storage classes

Storage subclasses should add max_length=None as a parameter to get_available_name() and/or save() if they override either method. Support for storages that do not accept this argument will be removed in Django 1.10.

qn replaced by compiler

In previous Django versions, various internal ORM methods (mostly as_sql methods) accepted a qn (for “quote name”) argument, which was a reference to a function that quoted identifiers for sending to the database. In Django 1.8, that argument has been renamed to compiler and is now a full SQLCompiler instance. For backwards-compatibility, calling a SQLCompiler instance performs the same name-quoting that the qn function used to. However, this backwards-compatibility shim is immediately deprecated: you should rename your qn arguments to compiler, and call compiler.quote_name_unless_alias(...) where you previously called qn(...).

Default value of RedirectView.permanent

The default value of the RedirectView.permanent attribute will change from True to False in Django 1.9.

Using AuthenticationMiddleware without SessionAuthenticationMiddleware

django.contrib.auth.middleware.SessionAuthenticationMiddleware was added in Django 1.7. In Django 1.7.2, its functionality was moved to auth.get_user() and, for backwards compatibility, enabled only if 'django.contrib.auth.middleware.SessionAuthenticationMiddleware' appears in MIDDLEWARE_CLASSES.

In Django 1.10, session verification will be enabled regardless of whether or not SessionAuthenticationMiddleware is enabled (at which point SessionAuthenticationMiddleware will have no significance). You can add it to your MIDDLEWARE_CLASSES sometime before then to opt-in. Please read the upgrade considerations first.

django.contrib.sitemaps.FlatPageSitemap

django.contrib.sitemaps.FlatPageSitemap has moved to django.contrib.flatpages.sitemaps.FlatPageSitemap. The old import location is deprecated and will be removed in Django 1.9.

Model Field.related

Private attribute django.db.models.Field.related is deprecated in favor of Field.rel. The latter is an instance of django.db.models.fields.related.ForeignObjectRel which replaces django.db.models.related.RelatedObject. The django.db.models.related module has been removed and the Field.related attribute will be removed in Django 1.10.

ssi template tag

The ssi template tag allows files to be included in a template by absolute path. This is of limited use in most deployment situations, and the include tag often makes more sense. This tag is now deprecated and will be removed in Django 1.10.

= as comparison operator in if template tag

Using a single equals sign with the {% if %} template tag for equality testing was undocumented and untested. It’s now deprecated in favor of ==.

%(<foo>)s syntax in ModelFormMixin.success_url

The legacy %(<foo>)s syntax in ModelFormMixin.success_url is deprecated and will be removed in Django 1.10.

GeoQuerySet aggregate methods

The collect(), extent(), extent3d(), make_line(), and unionagg() aggregate methods are deprecated and should be replaced by their function-based aggregate equivalents (Collect, Extent, Extent3D, MakeLine, and Union).

Signature of the allow_migrate router method

The signature of the allow_migrate() method of database routers has changed from allow_migrate(db, model) to allow_migrate(db, app_label, model_name=None, **hints).

When model_name is set, the value that was previously given through the model positional argument may now be found inside the hints dictionary under the key 'model'.

After switching to the new signature the router will also be called by the RunPython and RunSQL operations.

Features removed in 1.8

These features have reached the end of their deprecation cycle and are removed in Django 1.8. See Features deprecated in 1.6 for details, including how to remove usage of these features.

• django.contrib.comments is removed.
• The following transaction management APIs are removed:
  • TransactionMiddleware
  • the decorators and context managers autocommit, commit_on_success, and commit_manually, defined in django.db.transaction
  • the functions commit_unless_managed and rollback_unless_managed, also defined in django.db.transaction
  • the TRANSACTIONS_MANAGED setting
• The cycle and firstof template tags auto-escape their arguments.
• The SEND_BROKEN_LINK_EMAILS setting is removed.
• django.middleware.doc.XViewMiddleware is removed.
• The Model._meta.module_name alias is removed.
• The backward compatible shims introduced to rename get_query_set and similar queryset methods are removed. This affects the following classes: BaseModelAdmin, ChangeList, BaseCommentNode, GenericForeignKey, Manager, SingleRelatedObjectDescriptor and ReverseSingleRelatedObjectDescriptor.
• The backward compatible shims introduced to rename the attributes ChangeList.root_query_set and ChangeList.query_set are removed.
• django.views.defaults.shortcut and django.conf.urls.shortcut are removed.
• Support for the Python Imaging Library (PIL) module is removed.
• The following private APIs are removed:
  • django.db.backend
  • django.db.close_connection()
  • django.db.backends.creation.BaseDatabaseCreation.set_autocommit()
  • django.db.transaction.is_managed()
  • django.db.transaction.managed()
• django.forms.widgets.RadioInput is removed.
• The module django.test.simple and the class django.test.simple.DjangoTestSuiteRunner are removed.
• The module django.test._doctest is removed.
• The CACHE_MIDDLEWARE_ANONYMOUS_ONLY setting is removed. This change affects both django.middleware.cache.CacheMiddleware and django.middleware.cache.UpdateCacheMiddleware despite the lack of a deprecation warning in the latter class.
• Usage of the hard-coded Hold down “Control”, or “Command” on a Mac, to select more than one. string to override or append to user-provided help_text in forms for ManyToMany model fields is not performed by Django anymore either at the model or forms layer.
• The Model._meta.get_(add|change|delete)_permission methods are removed.
• The session key django_language is no longer read for backwards compatibility.
• Geographic Sitemaps are removed (django.contrib.gis.sitemaps.views.index and django.contrib.gis.sitemaps.views.sitemap).
• django.utils.html.fix_ampersands, the fix_ampersands template filter, and django.utils.html.clean_html are removed.