December 2, 2019
Welcome to Django 3.0!
These release notes cover the new features, as well as some backwards incompatible changes you’ll want to be aware of when upgrading from Django 2.2 or earlier. We’ve dropped some features that have reached the end of their deprecation cycle, and we’ve begun the deprecation process for some features.
See the Upgrading Django to a newer version guide if you’re updating an existing project.
Django 3.0 supports Python 3.6, 3.7, 3.8, and 3.9 (as of 3.0.11). We highly recommend and only officially support the latest release of each series.
The Django 2.2.x series is the last to support Python 3.5.
Following the release of Django 3.0, we suggest that third-party app authors
drop support for all versions of Django prior to 2.2. At that time, you should
be able to run your package’s tests using python -Wd
so that deprecation
warnings appear. After making the deprecation warning fixes, your app should be
compatible with Django 3.0.
Django now officially supports MariaDB 10.1 and higher. See MariaDB notes for more details.
Django 3.0 begins our journey to making Django fully async-capable by providing support for running as an ASGI application.
This is in addition to our existing WSGI support. Django intends to support both for the foreseeable future. Async features will only be available to applications that run under ASGI, however.
At this stage async support only applies to the outer ASGI application. Internally everything remains synchronous. Asynchronous middleware, views, etc. are not yet supported. You can, however, use ASGI middleware around Django’s application, allowing you to combine Django with other ASGI frameworks.
There is no need to switch your applications over unless you want to start experimenting with asynchronous code, but we have documentation on deploying with ASGI if you want to learn more.
Note that as a side-effect of this change, Django is now aware of asynchronous
event loops and will block you calling code marked as “async unsafe” - such as
ORM operations - from an asynchronous context. If you were using Django from
async code before, this may trigger if you were doing it incorrectly. If you
see a SynchronousOnlyOperation
error, then closely examine your code and
move any database operations to be in a synchronous child thread.
The new ExclusionConstraint
class
enable adding exclusion constraints on PostgreSQL. Constraints are added to
models using the
Meta.constraints
option.
Expressions that output BooleanField
may now be
used directly in QuerySet
filters, without having to first annotate and
then filter against the annotation.
Custom enumeration types TextChoices
, IntegerChoices
, and Choices
are now available as a way to define Field.choices
. TextChoices
and IntegerChoices
types are provided for text and integer fields. The
Choices
class allows defining a compatible enumeration for other concrete
data types. These custom enumeration types support human-readable labels that
can be translated and accessed via a property on the enumeration or its
members. See Enumeration types for more
details and examples.
django.contrib.admin
¶admin_order_field
attribute on properties in
ModelAdmin.list_display
.ModelAdmin.get_inlines()
method allows specifying the
inlines based on the request or model instance.django.contrib.auth
¶reset_url_token
attribute in
PasswordResetConfirmView
allows
specifying a token parameter displayed as a component of password reset
URLs.BaseBackend
class to ease
customization of authentication backends.get_user_permissions()
method
to mirror the existing
get_group_permissions()
method.autocomplete
attribute to widgets of username, email, and
password fields in django.contrib.auth.forms
for better interaction
with browser password managers.createsuperuser
now falls back to environment variables for
password and required fields, when a corresponding command line argument
isn’t provided in non-interactive mode.REQUIRED_FIELDS
now supports
ManyToManyField
s.UserManager.with_perm()
method returns users that have the
specified permission.django.contrib.gis
¶GeometryDistance
function, supported on PostGIS.furlong
unit in
Distance
.GEOIP_PATH
setting now supports pathlib.Path
.GeoIP2
class now accepts
pathlib.Path
path
.django.contrib.postgres
¶RangeOperators
helps to
avoid typos in SQL operators that can be used together with
RangeField
.RangeBoundary
expression
represents the range boundaries.AddIndexConcurrently
and RemoveIndexConcurrently
classes allow creating and dropping indexes CONCURRENTLY
on PostgreSQL.django.contrib.sessions
¶get_session_cookie_age()
method allows dynamically specifying the session cookie age.django.contrib.syndication
¶language
class attribute to the
django.contrib.syndication.views.Feed
to customize a feed language.
The default value is get_language()
instead
of LANGUAGE_CODE
.add_never_cache_headers()
and
never_cache()
now add the private
directive to Cache-Control
headers.Storage.get_alternative_name()
method allows customizing the
algorithm for generating filenames if a file with the uploaded name already
exists.can_order
by setting the
ordering_widget
attribute or
overriding get_ordering_widget()
.LANGUAGE_COOKIE_HTTPONLY
,
LANGUAGE_COOKIE_SAMESITE
, and LANGUAGE_COOKIE_SECURE
settings to set the HttpOnly
, SameSite
, and Secure
flags on
language cookies. The default values of these settings preserve the previous
behavior.reporter_class
parameter of
AdminEmailHandler
allows providing an
django.views.debug.ExceptionReporter
subclass to customize the traceback
text sent to site ADMINS
when DEBUG
is False
.compilemessages --ignore
option allows ignoring specific
directories when searching for .po
files to compile.showmigrations --list
now shows the applied datetimes when
--verbosity
is 2 and above.dbshell
now supports client-side TLS certificates.inspectdb
now introspects OneToOneField
when a foreign key has a unique or primary key constraint.--skip-checks
option skips running system checks prior to
running the command.startapp --template
and startproject --template
options now support templates stored in XZ archives (.tar.xz
, .txz
)
and LZMA archives (.tar.lzma
, .tlz
).Added hash database functions MD5
,
SHA1
,
SHA224
,
SHA256
,
SHA384
, and
SHA512
.
Added the Sign
database function.
The new is_dst
parameter of the
Trunc
database functions determines the
treatment of nonexistent and ambiguous datetimes.
connection.queries
now shows COPY … TO
statements on PostgreSQL.
FilePathField
now accepts a callable for path
.
Allowed symmetrical intermediate table for self-referential
ManyToManyField
.
The name
attributes of CheckConstraint
,
UniqueConstraint
, and
Index
now support app label and class
interpolation using the '%(app_label)s'
and '%(class)s'
placeholders.
The new Field.descriptor_class
attribute allows model fields to
customize the get and set behavior by overriding their
descriptors.
Added SmallAutoField
which acts much like an
AutoField
except that it only allows values under
a certain (database-dependent) limit. Values from 1
to 32767
are safe
in all databases supported by Django.
AutoField
,
BigAutoField
, and
SmallAutoField
now inherit from
IntegerField
, BigIntegerField
and SmallIntegerField
respectively.
System checks and validators are now also properly inherited.
FileField.upload_to
now supports pathlib.Path
.
CheckConstraint
is now supported on MySQL 8.0.16+.
The new allows_group_by_selected_pks_on_model()
method of
django.db.backends.base.BaseDatabaseFeatures
allows optimization of
GROUP BY
clauses to require only the selected models’ primary keys. By
default, it’s supported only for managed models on PostgreSQL.
To enable the GROUP BY
primary key-only optimization for unmanaged
models, you have to subclass the PostgreSQL database engine, overriding the
features class allows_group_by_selected_pks_on_model()
method as you
require. See Subclassing the built-in database backends for an example.
HttpResponse
to be initialized with
memoryview
content.HttpRequest.headers
now
allows lookups using underscores (e.g. user_agent
) in place of hyphens.X_FRAME_OPTIONS
now defaults to 'DENY'
. In older versions, the
X_FRAME_OPTIONS
setting defaults to 'SAMEORIGIN'
. If your site
uses frames of itself, you will need to explicitly set X_FRAME_OPTIONS =
'SAMEORIGIN'
for them to continue working.SECURE_CONTENT_TYPE_NOSNIFF
now defaults to True
. With this
enabled, SecurityMiddleware
sets the
X-Content-Type-Options: nosniff header on all responses that do not already
have it.SecurityMiddleware
can now send the
Referrer-Policy header.Client
argument
raise_request_exception
allows controlling whether or not exceptions
raised during the request should also be raised in the test. The value
defaults to True
for backwards compatibility. If it is False
and an
exception occurs, the test client will return a 500 response with the
attribute exc_info
, a tuple providing
information of the exception that occurred.test -k
option.assertHTMLEqual()
, now treats text, character
references, and entity references that refer to the same character as
equivalent.--headless
option to enable this mode.--start-at
and --start-after
options
to run tests starting from a specific top-level module.--pdb
option to spawn a debugger at
each error or failure.Model.save()
when providing a default for the primary key¶Model.save()
no longer attempts to find a row when saving a new
Model
instance and a default value for the primary key is provided, and
always performs a single INSERT
query. In older Django versions,
Model.save()
performed either an INSERT
or an UPDATE
based on
whether or not the row exists.
This makes calling Model.save()
while providing a default primary key value
equivalent to passing force_insert=True to
model’s save()
. Attempts to use a new Model
instance to update an
existing row will result in an IntegrityError
.
In order to update an existing model for a specific primary key value, use the
update_or_create()
method or
QuerySet.filter(pk=…).update(…)
instead. For example:
>>> MyModel.objects.update_or_create(pk=existing_pk, defaults={'name': 'new name'})
>>> MyModel.objects.filter(pk=existing_pk).update(name='new name')
This section describes changes that may be needed in third-party database backends.
DatabaseIntrospection.get_geometry_type()
is now
the row description instead of the column name.DatabaseIntrospection.get_field_type()
may no longer return tuples.SchemaEditor.sql_create_column_inline_fk
with the appropriate
SQL; otherwise, set DatabaseFeatures.can_create_inline_fk = False
.DatabaseFeatures.can_return_id_from_insert
and
can_return_ids_from_bulk_insert
are renamed to
can_return_columns_from_insert
and can_return_rows_from_bulk_insert
.datetime.timezone
formats when created
using datetime.timedelta
instances (e.g.
timezone(timedelta(hours=5))
, which would output 'UTC+05:00'
).
Third-party backends should handle this format when preparing
DateTimeField
in datetime_cast_date_sql()
,
datetime_extract_sql()
, etc.AutoField
, BigAutoField
, and SmallAutoField
are added
to DatabaseOperations.integer_field_ranges
to support the integer range
validators on these field types. Third-party backends may need to customize
the default entries.DatabaseOperations.fetch_returned_insert_id()
is replaced by
fetch_returned_insert_columns()
which returns a list of values returned
by the INSERT … RETURNING
statement, instead of a single value.DatabaseOperations.return_insert_id()
is replaced by
return_insert_columns()
that accepts a fields
argument, which is an iterable of fields to be returned after insert. Usually
this is only the auto-generated primary key.django.contrib.admin
¶django.contrib.gis
¶Upstream support for PostgreSQL 9.4 ends in December 2019. Django 3.0 supports PostgreSQL 9.5 and higher.
Upstream support for Oracle 12.1 ends in July 2021. Django 2.2 will be supported until April 2022. Django 3.0 officially supports Oracle 12.2 and 18c.
While Python 2 support was removed in Django 2.0, some private APIs weren’t removed from Django so that third party apps could continue using them until the Python 2 end-of-life.
Since we expect apps to drop Python 2 compatibility when adding support for Django 3.0, we’re removing these APIs at this time.
django.test.utils.str_prefix()
- Strings don’t have ‘u’ prefixes in
Python 3.django.test.utils.patch_logger()
- Use
unittest.TestCase.assertLogs()
instead.django.utils.lru_cache.lru_cache()
- Alias of
functools.lru_cache()
.django.utils.decorators.available_attrs()
- This function returns
functools.WRAPPER_ASSIGNMENTS
.django.utils.decorators.ContextDecorator
- Alias of
contextlib.ContextDecorator
.django.utils._os.abspathu()
- Alias of os.path.abspath()
.django.utils._os.upath()
and npath()
- These functions do nothing on
Python 3.django.utils.six
- Remove usage of this vendored library or switch to
six.django.utils.encoding.python_2_unicode_compatible()
- Alias of
six.python_2_unicode_compatible()
.django.utils.functional.curry()
- Use functools.partial()
or
functools.partialmethod
. See
5b1c389603a353625ae1603ba345147356336afb.django.utils.safestring.SafeBytes
- Unused since Django 2.0.FILE_UPLOAD_PERMISSIONS
setting¶In older versions, the FILE_UPLOAD_PERMISSIONS
setting defaults to
None
. With the default FILE_UPLOAD_HANDLERS
, this results in
uploaded files having different permissions depending on their size and which
upload handler is used.
FILE_UPLOAD_PERMISSIONS
now defaults to 0o644
to avoid this
inconsistency.
To make Django projects more secure by default, some security settings now have more secure default values:
X_FRAME_OPTIONS
now defaults to 'DENY'
.SECURE_CONTENT_TYPE_NOSNIFF
now defaults to True
.See the What’s New Security section above for more details on these changes.
ContentType.__str__()
now includes the model’s app_label
to
disambiguate models with the same name in different apps.LocaleMiddleware
no longer looks for the user’s language in
the session and django.contrib.auth.logout()
no longer preserves the
session’s language after logout.django.utils.html.escape()
now uses html.escape()
to escape HTML.
This converts '
to '
instead of the previous equivalent decimal
code '
.django-admin test -k
option now works as the unittest
-k
option rather than as a shortcut for --keepdb
.pywatchman
< 1.2.0 is removed.urlencode()
now encodes iterable values as they are
when doseq=False
, rather than iterating them, bringing it into line with
the standard library urllib.parse.urlencode()
function.intword
template filter now translates 1.0
as a singular phrase and
all other numeric values as plural. This may be incorrect for some languages.ForeignKey
or
OneToOneField
'_id'
attribute now unsets the
corresponding field. Accessing the field afterwards will result in a query.patch_vary_headers()
now handles an asterisk
'*'
according to RFC 7231#section-7.1.4, i.e. if a list of header
field names contains an asterisk, then the Vary
header will consist of a
single asterisk '*'
.PositiveIntegerField
and PositiveSmallIntegerField
now include a check constraint to prevent negative values in the database.alias=None
is added to the signature of
Expression.get_group_by_cols()
.RegexPattern
, used by re_path()
, no longer returns
keyword arguments with None
values to be passed to the view for the
optional named groups that are missing.django.utils.encoding.force_text()
and smart_text()
¶The smart_text()
and force_text()
aliases (since Django 2.0) of
smart_str()
and force_str()
are deprecated. Ignore this deprecation if
your code supports Python 2 as the behavior of smart_str()
and
force_str()
is different there.
django.utils.http.urlquote()
, urlquote_plus()
, urlunquote()
, and
urlunquote_plus()
are deprecated in favor of the functions that they’re
aliases for: urllib.parse.quote()
, quote_plus()
,
unquote()
, and unquote_plus()
.django.utils.translation.ugettext()
, ugettext_lazy()
,
ugettext_noop()
, ungettext()
, and ungettext_lazy()
are deprecated
in favor of the functions that they’re aliases for:
django.utils.translation.gettext()
,
gettext_lazy()
,
gettext_noop()
,
ngettext()
, and
ngettext_lazy()
.django.views.i18n.set_language()
will stop setting the user’s language
in the session in Django 4.0. Since Django 2.1, the language is always stored
in the LANGUAGE_COOKIE_NAME
cookie.django.utils.text.unescape_entities()
is deprecated in favor of
html.unescape()
. Note that unlike unescape_entities()
,
html.unescape()
evaluates lazy strings immediately.is_safe_url()
is renamed to
url_has_allowed_host_and_scheme()
. That a URL has an allowed host and
scheme doesn’t in general imply that it’s “safe”. It may still be quoted
incorrectly, for example. Ensure to also use
iri_to_uri()
on the path component of untrusted
URLs.These features have reached the end of their deprecation cycle and are removed in Django 3.0.
See Features deprecated in 2.0 for details on these changes, including how to remove usage of these features.
django.db.backends.postgresql_psycopg2
module is removed.django.shortcuts.render_to_response()
is removed.DEFAULT_CONTENT_TYPE
setting is removed.HttpRequest.xreadlines()
is removed.context
argument of Field.from_db_value()
and
Expression.convert_value()
is removed.field_name
keyword argument of QuerySet.earliest()
and
latest()
is removed.See Features deprecated in 2.1 for details on these changes, including how to remove usage of these features.
ForceRHR
GIS function is removed.django.utils.http.cookie_date()
is removed.staticfiles
and admin_static
template tag libraries are removed.django.contrib.staticfiles.templatetags.staticfiles.static()
is removed.Jul 28, 2023