1.5.2, 1.4.6, and 1.6 beta 2 were released to address two cross-site scripting (XSS) bugs found in Django. The release notes state that, "While these issues present limited risk and may not affect all Django users, we encourage all users to evaluate their own risk and upgrade when possible." Unrelated, Django also issued a security advisory addressing the BREACH attack. Although not limited to Django, it's nice to know the core team is looking out for you.
The long-awaited announcement of the DjangoCon speakers is finally upon us. Looks like there's some great talks lined up for next month's conference in Chicago and a couple of us from Lincoln Loop even managed to sneak talks in ( 1 , 2 ).
Andrew Godwin's latest on his Kickstarter-funded effort to roll database migrations into Django core. He's putting the finishing touches on it and has a
open and close to being merge-ready. Look for the new
Links of Interest
Brandon Konkle and Kenneth Love are on a role with the new podcast. In the last couple weeks they've hosted Tom Christie (Django REST Framework) and Daniel Lindsley (Haystack and Tastypie) as guests on the show.
Here's a fun one. This post explores how to build a Django-based shop that you can drive traffic to via QR Codes or NFC in a virtual poster store ( watch this video if you aren't familiar).
An excellent post by Tobias McNulty of Caktus Group on how to migrate a legacy project to Django 1.5's custom user model. It goes through potential pitfalls to consider (do your 3rd party apps support it?) and details the exact steps necessary to move the data over.
I usually don't link to slide decks, but this set from core developer, Julien Phalip, is great. Get ready for the imminent release of 1.6 by boning up on some of the new features you'll find under the hood.
Django's baked-in CSRF tokens are great for securing your site, but often become a stumbling block when you are looking to post data outside of a traditional web form. This post details how to patch both Backbone.js' sync method and jQuery's ajax plumbing using Require.js, allowing you to globally take advantage of Django's CSRF protection.
Another Backbone/Django post. This one not only covers CSRF protection, but also setting up client-side templates, API frameworks, and some ideas on how to take it a step further to make it "real-time".
A clever setup that allows the author, Abhinay Omkar, to push new content to his site over Dropbox. By saving images or Markdown files to a specific Dropbox folder, they will be picked up by his server and immediately visible on his public site.
How to setup an Ubuntu server then build and host a basic "Hello World" Django application on the Windows Azure hosting platform.
This post is loaded with best practices and examples of how to test your Django applications. It hits everything from unit tests to Selenium to coverage.
The time will come in every professional developers career where it is time to take over somebody else's legacy code. In this post, you'll get some tips on how to get started and how to assess the health of the code you're taking over.
There are lots of services out there that will parse email and send them to your app, but what if you want to roll your own? Here's a simple way to bounce emails from a Postfix mailserver into your Django app.
New & Updated Packages