Psycopg 3 support¶

Django now supports psycopg version 3.1.8 or higher. To update your code, install the psycopg library, you don’t need to change the ENGINE as django.db.backends.postgresql supports both libraries.

Support for psycopg2 is likely to be deprecated and removed at some point in the future.

Be aware that psycopg 3 introduces some breaking changes over psycopg2. As a consequence, you may need to make some changes to account for differences from psycopg2.

Comments on columns and tables¶

The new Field.db_comment and Meta.db_table_comment options allow creating comments on columns and tables, respectively. For example:

from django.db import models


class Question(models.Model):
    text = models.TextField(db_comment="Poll question")
    pub_date = models.DateTimeField(
        db_comment="Date and time when the question was published",
    )

    class Meta:
        db_table_comment = "Poll questions"


class Answer(models.Model):
    question = models.ForeignKey(
        Question,
        on_delete=models.CASCADE,
        db_comment="Reference to a question",
    )
    answer = models.TextField(db_comment="Question answer")

    class Meta:
        db_table_comment = "Question answers"

Also, the new AlterModelTableComment operation allows changing table comments defined in the Meta.db_table_comment.

Mitigation for the BREACH attack¶

GZipMiddleware now includes a mitigation for the BREACH attack. It will add up to 100 random bytes to gzip responses to make BREACH attacks harder. Read more about the mitigation technique in the Heal The Breach (HTB) paper.

In-memory file storage¶

The new django.core.files.storage.InMemoryStorage class provides a non-persistent storage useful for speeding up tests by avoiding disk access.

Custom file storages¶

The new STORAGES setting allows configuring multiple custom file storage backends. It also controls storage engines for managing files (the "default" key) and static files (the "staticfiles" key).

The old DEFAULT_FILE_STORAGE and STATICFILES_STORAGE settings are deprecated as of this release.

Minor features¶

Database backend API¶

This section describes changes that may be needed in third-party database backends.

• DatabaseFeatures.allows_group_by_pk is removed as it only remained to accommodate a MySQL extension that has been supplanted by proper functional dependency detection in MySQL 5.7.15. Note that DatabaseFeatures.allows_group_by_selected_pks is still supported and should be enabled if your backend supports functional dependency detection in GROUP BY clauses as specified by the SQL:1999 standard.

• inspectdb now uses display_size from DatabaseIntrospection.get_table_description() rather than internal_size for CharField.

Dropped support for MariaDB 10.3¶

Upstream support for MariaDB 10.3 ends in May 2023. Django 4.2 supports MariaDB 10.4 and higher.

Dropped support for MySQL 5.7¶

Upstream support for MySQL 5.7 ends in October 2023. Django 4.2 supports MySQL 8 and higher.

Dropped support for PostgreSQL 11¶

Upstream support for PostgreSQL 11 ends in November 2023. Django 4.2 supports PostgreSQL 12 and higher.

Setting update_fields in Model.save() may now be required¶

In order to avoid updating unnecessary columns, QuerySet.update_or_create() now passes update_fields to the Model.save() calls. As a consequence, any fields modified in the custom save() methods should be added to the update_fields keyword argument before calling super(). See Overriding predefined model methods for more details.

Dropped support for raw aggregations on MySQL¶

MySQL 8+ allows functional dependencies on GROUP BY columns, so the pre-Django 4.2 workaround of grouping by primary keys of the main table is removed. As a consequence, using RawSQL() aggregations is no longer supported on MySQL as there is no way to determine if such aggregations are needed or valid in the GROUP BY clause. Use Aggregation functions instead.

Miscellaneous¶

• The undocumented django.http.multipartparser.parse_header() function is removed. Use django.utils.http.parse_header_parameters() instead.

• {% blocktranslate asvar … %} result is now marked as safe for (HTML) output purposes.

• The autofocus HTML attribute in the admin search box is removed as it can be confusing for screen readers.

• The makemigrations --check option no longer creates missing migration files.

• The alias argument for Expression.get_group_by_cols() is removed.

• The minimum supported version of sqlparse is increased from 0.2.2 to 0.3.1.

• The undocumented negated parameter of the Exists expression is removed.

• The is_summary argument of the undocumented Query.add_annotation() method is removed.

• The minimum supported version of SQLite is increased from 3.9.0 to 3.21.0.

• The minimum supported version of asgiref is increased from 3.5.2 to 3.6.0.

• UserCreationForm now rejects usernames that differ only in case. If you need the previous behavior, use BaseUserCreationForm instead.

• The minimum supported version of mysqlclient is increased from 1.4.0 to 1.4.3.

• The minimum supported version of argon2-cffi is increased from 19.1.0 to 19.2.0.

• The minimum supported version of Pillow is increased from 6.2.0 to 6.2.1.

• The minimum supported version of jinja2 is increased from 2.9.2 to 2.11.0.

• The minimum supported version of redis-py is increased from 3.0.0 to 3.4.0.

• Manually instantiated WSGIRequest objects must be provided a file-like object for wsgi.input. Previously, Django was more lax than the expected behavior as specified by the WSGI specification.

• Support for PROJ < 5 is removed.

• EmailBackend now verifies a hostname and certificates. If you need the previous behavior that is less restrictive and not recommended, subclass EmailBackend and override the ssl_context property.

index_together option is deprecated in favor of indexes¶

The Meta.index_together option is deprecated in favor of the indexes option.

Migrating existing index_together should be handled as a migration. For example:

class Author(models.Model):
    rank = models.IntegerField()
    name = models.CharField(max_length=30)

    class Meta:
        index_together = [["rank", "name"]]

Should become:

class Author(models.Model):
    rank = models.IntegerField()
    name = models.CharField(max_length=30)

    class Meta:
        indexes = [models.Index(fields=["rank", "name"])]

Running the makemigrations command will generate a migration containing a RenameIndex operation which will rename the existing index. Next, consider squashing migrations to remove index_together from historical migrations.

The AlterIndexTogether migration operation is now officially supported only for pre-Django 4.2 migration files. For backward compatibility reasons, it’s still part of the public API, and there’s no plan to deprecate or remove it, but it should not be used for new migrations. Use AddIndex and RemoveIndex operations instead.

Passing encoded JSON string literals to JSONField is deprecated¶

JSONField and its associated lookups and aggregates used to allow passing JSON encoded string literals which caused ambiguity on whether string literals were already encoded from database backend’s perspective.

During the deprecation period string literals will be attempted to be JSON decoded and a warning will be emitted on success that points at passing non-encoded forms instead.

Code that used to pass JSON encoded string literals:

Document.objects.bulk_create(
    Document(data=Value("null")),
    Document(data=Value("[]")),
    Document(data=Value('"foo-bar"')),
)
Document.objects.annotate(
    JSONBAgg("field", default=Value("[]")),
)

Should become:

Document.objects.bulk_create(
    Document(data=Value(None, JSONField())),
    Document(data=[]),
    Document(data="foo-bar"),
)
Document.objects.annotate(
    JSONBAgg("field", default=[]),
)

From Django 5.1+ string literals will be implicitly interpreted as JSON string literals.

Miscellaneous¶

• The BaseUserManager.make_random_password() method is deprecated. See recipes and best practices for using Python’s secrets module to generate passwords.

• The length_is template filter is deprecated in favor of length and the == operator within an {% if %} tag. For example

  {% if value|length == 4 %}…{% endif %}
  {% if value|length == 4 %}True{% else %}False{% endif %}
  

  instead of:

  {% if value|length_is:4 %}…{% endif %}
  {{ value|length_is:4 }}
  

• django.contrib.auth.hashers.SHA1PasswordHasher, django.contrib.auth.hashers.UnsaltedSHA1PasswordHasher, and django.contrib.auth.hashers.UnsaltedMD5PasswordHasher are deprecated.

• django.contrib.postgres.fields.CICharField is deprecated in favor of CharField(db_collation="…") with a case-insensitive non-deterministic collation.

• django.contrib.postgres.fields.CIEmailField is deprecated in favor of EmailField(db_collation="…") with a case-insensitive non-deterministic collation.

• django.contrib.postgres.fields.CITextField is deprecated in favor of TextField(db_collation="…") with a case-insensitive non-deterministic collation.

• django.contrib.postgres.fields.CIText mixin is deprecated.

• The map_height and map_width attributes of BaseGeometryWidget are deprecated, use CSS to size map widgets instead.

• SimpleTestCase.assertFormsetError() is deprecated in favor of assertFormSetError().

• TransactionTestCase.assertQuerysetEqual() is deprecated in favor of assertQuerySetEqual().

• Passing positional arguments to Signer and TimestampSigner is deprecated in favor of keyword-only arguments.

• The DEFAULT_FILE_STORAGE setting is deprecated in favor of STORAGES["default"].

• The STATICFILES_STORAGE setting is deprecated in favor of STORAGES["staticfiles"].

• The django.core.files.storage.get_storage_class() function is deprecated.