Django 3.0 リリースノート¶
2019年12月2日
Django 3.0 へようこそ!
このリリースノートは 新機能 の内容のみならず、Django 2.2 以前からアップグレードするときに気をつけなければならない、いくつかの 後方互換性のない変更 を含んでいます。機能廃止サイクルを迎えた 機能を削除 したり、 いくつかの機能を廃止サイクルに移行した りしています。
既存のプロジェクトをアップデートするときは、 Django の新しいバージョンへの更新 ガイドに従ってください。
Python バージョン間の互換性¶
Django 3.0 supports Python 3.6, 3.7, 3.8, and 3.9 (as of 3.0.11). We highly recommend and only officially support the latest release of each series.
The Django 2.2.x series is the last to support Python 3.5.
古いバージョンの Django をサポートするサードパーティのライブラリ¶
Django 3.0 リリース後は、サードパーティアプリの開発者は 2.2 より前のバージョンの Django のサポートを終了することを推奨します。このとき、python -Wd
を使ったパッケージテストを実行して、廃止予定 (deprecation) の警告を出力できます。廃止予定の警告が出ないように修正すれば、アプリケーションは Django 3.0 と互換性のある状態になっているはずです。
Django 3.0 で新しくなったこと¶
MariaDB のサポート¶
Django は新たに公式に MariaDB 10.1 以上をサポートするようになりました。詳しくは、 MariaDB ノート を参照してください。
ASGI のサポート¶
Django 3.0 から、ASGI アプリケーションとして実行できるようにすることによって、私たちは Django を完全な非同期処理が可能なフレームワークに作り変える旅を始めます。
This is in addition to our existing WSGI support. Django intends to support both for the foreseeable future. Async features will only be available to applications that run under ASGI, however.
At this stage async support only applies to the outer ASGI application. Internally everything remains synchronous. Asynchronous middleware, views, etc. are not yet supported. You can, however, use ASGI middleware around Django's application, allowing you to combine Django with other ASGI frameworks.
There is no need to switch your applications over unless you want to start experimenting with asynchronous code, but we have documentation on deploying with ASGI if you want to learn more.
Note that as a side-effect of this change, Django is now aware of asynchronous
event loops and will block you calling code marked as "async unsafe" - such as
ORM operations - from an asynchronous context. If you were using Django from
async code before, this may trigger if you were doing it incorrectly. If you
see a SynchronousOnlyOperation
error, then closely examine your code and
move any database operations to be in a synchronous child thread.
PostgreSQL における排他制約 (Exclusion constraints)¶
新しい ExclusionConstraint
クラスでは、PostgreSQL への排他制約 (exclusion constraints) の追加を有効になります。制約は Meta.constraints
オプションを用いてモデルに追加されます。
Filter expressions¶
Expressions that output BooleanField
may now be
used directly in QuerySet
filters, without having to first annotate and
then filter against the annotation.
Enumerations for model field choices¶
Custom enumeration types TextChoices
, IntegerChoices
, and Choices
are now available as a way to define Field.choices
. TextChoices
and IntegerChoices
types are provided for text and integer fields. The
Choices
class allows defining a compatible enumeration for other concrete
data types. These custom enumeration types support human-readable labels that
can be translated and accessed via a property on the enumeration or its
members. See Enumeration types for more
details and examples.
マイナーな機能¶
django.contrib.admin
¶
- Added support for the
admin_order_field
attribute on properties inModelAdmin.list_display
. - The new
ModelAdmin.get_inlines()
method allows specifying the inlines based on the request or model instance. - Select2 ライブラリのバージョンが 4.0.3 から 4.0.7 にアップグレードされました。
- jQuery のバージョンが 3.3.1 から 3.4.1 にアップグレードされました。
django.contrib.auth
¶
- The new
reset_url_token
attribute inPasswordResetConfirmView
allows specifying a token parameter displayed as a component of password reset URLs. - Added
BaseBackend
class to ease customization of authentication backends. - Added
get_user_permissions()
method to mirror the existingget_group_permissions()
method. - Added HTML
autocomplete
attribute to widgets of username, email, and password fields indjango.contrib.auth.forms
for better interaction with browser password managers. createsuperuser
now falls back to environment variables for password and required fields, when a corresponding command line argument isn't provided in non-interactive mode.REQUIRED_FIELDS
now supportsManyToManyField
s.- The new
UserManager.with_perm()
method returns users that have the specified permission. - The default iteration count for the PBKDF2 password hasher is increased from 150,000 to 180,000.
django.contrib.gis
¶
- Allowed MySQL spatial lookup functions to operate on real geometries. Previous support was limited to bounding boxes.
- Added the
GeometryDistance
function, supported on PostGIS. - Added support for the
furlong
unit inDistance
. - The
GEOIP_PATH
setting now supportspathlib.Path
. - The
GeoIP2
class now acceptspathlib.Path
path
.
django.contrib.postgres
¶
- The new
RangeOperators
helps to avoid typos in SQL operators that can be used together withRangeField
. - The new
RangeBoundary
expression represents the range boundaries. - The new
AddIndexConcurrently
andRemoveIndexConcurrently
classes allow creating and dropping indexesCONCURRENTLY
on PostgreSQL.
django.contrib.sessions
¶
- The new
get_session_cookie_age()
method allows dynamically specifying the session cookie age.
django.contrib.syndication
¶
- Added the
language
class attribute to thedjango.contrib.syndication.views.Feed
to customize a feed language. The default value isget_language()
instead ofLANGUAGE_CODE
.
キャッシュ¶
add_never_cache_headers()
andnever_cache()
now add theprivate
directive toCache-Control
headers.
ファイルストレージ¶
- The new
Storage.get_alternative_name()
method allows customizing the algorithm for generating filenames if a file with the uploaded name already exists.
フォーム¶
- Formsets may control the widget used when ordering forms via
can_order
by setting theordering_widget
attribute or overridingget_ordering_widget()
.
国際化 (internationalization)¶
- Added the
LANGUAGE_COOKIE_HTTPONLY
,LANGUAGE_COOKIE_SAMESITE
, andLANGUAGE_COOKIE_SECURE
settings to set theHttpOnly
,SameSite
, andSecure
flags on language cookies. The default values of these settings preserve the previous behavior. - Added support and translations for the Uzbek language.
ロギング¶
- The new
reporter_class
parameter ofAdminEmailHandler
allows providing andjango.views.debug.ExceptionReporter
subclass to customize the traceback text sent to siteADMINS
whenDEBUG
isFalse
.
管理コマンド¶
- The new
compilemessages --ignore
option allows ignoring specific directories when searching for.po
files to compile. showmigrations --list
now shows the applied datetimes when--verbosity
is 2 and above.- On PostgreSQL,
dbshell
now supports client-side TLS certificates. inspectdb
now introspectsOneToOneField
when a foreign key has a unique or primary key constraint.- The new
--skip-checks
option skips running system checks prior to running the command. - The
startapp --template
andstartproject --template
options now support templates stored in XZ archives (.tar.xz
,.txz
) and LZMA archives (.tar.lzma
,.tlz
).
モデル¶
Added hash database functions
MD5
,SHA1
,SHA224
,SHA256
,SHA384
, andSHA512
.Added the
Sign
database function.The new
is_dst
parameter of theTrunc
database functions determines the treatment of nonexistent and ambiguous datetimes.connection.queries
now showsCOPY … TO
statements on PostgreSQL.FilePathField
now accepts a callable forpath
.Allowed symmetrical intermediate table for self-referential
ManyToManyField
.The
name
attributes ofCheckConstraint
,UniqueConstraint
, andIndex
now support app label and class interpolation using the'%(app_label)s'
and'%(class)s'
placeholders.The new
Field.descriptor_class
attribute allows model fields to customize the get and set behavior by overriding their descriptors.Added
SmallAutoField
which acts much like anAutoField
except that it only allows values under a certain (database-dependent) limit. Values from1
to32767
are safe in all databases supported by Django.AutoField
,BigAutoField
, andSmallAutoField
now inherit fromIntegerField
,BigIntegerField
andSmallIntegerField
respectively. System checks and validators are now also properly inherited.FileField.upload_to
now supportspathlib.Path
.CheckConstraint
is now supported on MySQL 8.0.16+.The new
allows_group_by_selected_pks_on_model()
method ofdjango.db.backends.base.BaseDatabaseFeatures
allows optimization ofGROUP BY
clauses to require only the selected models' primary keys. By default, it's supported only for managed models on PostgreSQL.To enable the
GROUP BY
primary key-only optimization for unmanaged models, you have to subclass the PostgreSQL database engine, overriding the features classallows_group_by_selected_pks_on_model()
method as you require. See Subclassing the built-in database backends for an example.
Request と Response¶
- Allowed
HttpResponse
to be initialized withmemoryview
content. - For use in, for example, Django templates,
HttpRequest.headers
now allows lookups using underscores (e.g.user_agent
) in place of hyphens.
セキュリティ¶
X_FRAME_OPTIONS
now defaults to'DENY'
. In older versions, theX_FRAME_OPTIONS
setting defaults to'SAMEORIGIN'
. If your site uses frames of itself, you will need to explicitly setX_FRAME_OPTIONS = 'SAMEORIGIN'
for them to continue working.SECURE_CONTENT_TYPE_NOSNIFF
がデフォルトでTrue
になりました。この設定を有効にすることにより、SecurityMiddleware
が X-Content-Type-Options: nosniff ヘッダを付与されていなかった全レスポンスにこのヘッダを付与することになります。SecurityMiddleware
can now send the Referrer-Policy header.
テスト¶
- The new test
Client
argumentraise_request_exception
allows controlling whether or not exceptions raised during the request should also be raised in the test. The value defaults toTrue
for backwards compatibility. If it isFalse
and an exception occurs, the test client will return a 500 response with the attributeexc_info
, a tuple providing information of the exception that occurred. - Tests and test cases to run can be selected by test name pattern using the
new
test -k
option. - HTML comparison, as used by
assertHTMLEqual()
, now treats text, character references, and entity references that refer to the same character as equivalent. - Django test runner now supports headless mode for selenium tests on supported
browsers. Add the
--headless
option to enable this mode. - Django test runner now supports
--start-at
and--start-after
options to run tests starting from a specific top-level module. - Django test runner now supports a
--pdb
option to spawn a debugger at each error or failure.
3.0 における後方互換性のない変更¶
Model.save()
when providing a default for the primary key¶
Model.save()
no longer attempts to find a row when saving a new
Model
instance and a default value for the primary key is provided, and
always performs a single INSERT
query. In older Django versions,
Model.save()
performed either an INSERT
or an UPDATE
based on
whether or not the row exists.
This makes calling Model.save()
while providing a default primary key value
equivalent to passing force_insert=True to
model's save()
. Attempts to use a new Model
instance to update an
existing row will result in an IntegrityError
.
In order to update an existing model for a specific primary key value, use the
update_or_create()
method or
QuerySet.filter(pk=…).update(…)
instead. For example:
>>> MyModel.objects.update_or_create(pk=existing_pk, defaults={"name": "new name"})
>>> MyModel.objects.filter(pk=existing_pk).update(name="new name")
データベースバックエンド API¶
このセクションでは、サードパーティのデータベースバックエンドで必要になる可能性のある変更について説明します。
- The second argument of
DatabaseIntrospection.get_geometry_type()
is now the row description instead of the column name. DatabaseIntrospection.get_field_type()
may no longer return tuples.- If the database can create foreign keys in the same SQL statement that adds a
field, add
SchemaEditor.sql_create_column_inline_fk
with the appropriate SQL; otherwise, setDatabaseFeatures.can_create_inline_fk = False
. DatabaseFeatures.can_return_id_from_insert
andcan_return_ids_from_bulk_insert
are renamed tocan_return_columns_from_insert
andcan_return_rows_from_bulk_insert
.- Database functions now handle
datetime.timezone
formats when created usingdatetime.timedelta
instances (e.g.timezone(timedelta(hours=5))
, which would output'UTC+05:00'
). Third-party backends should handle this format when preparingDateTimeField
indatetime_cast_date_sql()
,datetime_extract_sql()
, etc. - Entries for
AutoField
,BigAutoField
, andSmallAutoField
are added toDatabaseOperations.integer_field_ranges
to support the integer range validators on these field types. Third-party backends may need to customize the default entries. DatabaseOperations.fetch_returned_insert_id()
is replaced byfetch_returned_insert_columns()
which returns a list of values returned by theINSERT … RETURNING
statement, instead of a single value.DatabaseOperations.return_insert_id()
is replaced byreturn_insert_columns()
that accepts afields
argument, which is an iterable of fields to be returned after insert. Usually this is only the auto-generated primary key.
django.contrib.admin
¶
- Admin's model history change messages now prefers more readable field labels instead of field names.
django.contrib.gis
¶
- Support for PostGIS 2.1 is removed.
- Support for SpatiaLite 4.1 and 4.2 is removed.
- Support for GDAL 1.11 and GEOS 3.4 is removed.
Dropped support for PostgreSQL 9.4¶
2019年12月に PostgreSQL 9.4 に対する upstream のサポートが終了しました。これに伴い、Django 3.0 からは PostgreSQL 9.5 以降のみをサポートします。
Dropped support for Oracle 12.1¶
Oracle 12.1 の upstream のサポートが2021年7月に終了します。Django2.2 は2022年4月までサポートされます。Django 3.0 は、公式には Oracle 12.1 と 18c をサポートします。
Removed private Python 2 compatibility APIs¶
While Python 2 support was removed in Django 2.0, some private APIs weren't removed from Django so that third party apps could continue using them until the Python 2 end-of-life.
Django アプリが Django 3.0 をサポートに加える時点で、アプリの Python 2 との後方互換性が失われると考えられます。そのため、これらの API はこの時点で削除されます。
django.test.utils.str_prefix()
- Strings don't have 'u' prefixes in Python 3.django.test.utils.patch_logger()
- Useunittest.TestCase.assertLogs()
instead.django.utils.lru_cache.lru_cache()
- Alias offunctools.lru_cache()
.django.utils.decorators.available_attrs()
- This function returnsfunctools.WRAPPER_ASSIGNMENTS
.django.utils.decorators.ContextDecorator
- Alias ofcontextlib.ContextDecorator
.django.utils._os.abspathu()
- Alias ofos.path.abspath()
.django.utils._os.upath()
andnpath()
- These functions do nothing on Python 3.django.utils.six
- Remove usage of this vendored library or switch to six.django.utils.encoding.python_2_unicode_compatible()
- Alias ofsix.python_2_unicode_compatible()
.django.utils.functional.curry()
- Usefunctools.partial()
orfunctools.partialmethod
. See 5b1c389603a353625ae1603ba345147356336afb.django.utils.safestring.SafeBytes
- Unused since Django 2.0.
New default value for the FILE_UPLOAD_PERMISSIONS
setting¶
In older versions, the FILE_UPLOAD_PERMISSIONS
setting defaults to
None
. With the default FILE_UPLOAD_HANDLERS
, this results in
uploaded files having different permissions depending on their size and which
upload handler is used.
FILE_UPLOAD_PERMISSIONS
now defaults to 0o644
to avoid this
inconsistency.
New default values for security settings¶
To make Django projects more secure by default, some security settings now have more secure default values:
X_FRAME_OPTIONS
now defaults to'DENY'
.SECURE_CONTENT_TYPE_NOSNIFF
now defaults toTrue
.
これらの変更の詳細については、What's New Security section を見てください。
その他¶
ContentType.__str__()
now includes the model'sapp_label
to disambiguate models with the same name in different apps.- Because accessing the language in the session rather than in the cookie is
deprecated,
LocaleMiddleware
no longer looks for the user's language in the session anddjango.contrib.auth.logout()
no longer preserves the session's language after logout. django.utils.html.escape()
now useshtml.escape()
to escape HTML. This converts'
to'
instead of the previous equivalent decimal code'
.- The
django-admin test -k
option now works as theunittest -k
option rather than as a shortcut for--keepdb
. - Support for
pywatchman
< 1.2.0 is removed. urlencode()
now encodes iterable values as they are whendoseq=False
, rather than iterating them, bringing it into line with the standard libraryurllib.parse.urlencode()
function.intword
template filter now translates1.0
as a singular phrase and all other numeric values as plural. This may be incorrect for some languages.- Assigning a value to a model's
ForeignKey
orOneToOneField
'_id'
attribute now unsets the corresponding field. Accessing the field afterward will result in a query. patch_vary_headers()
now handles an asterisk'*'
according to RFC 7231#section-7.1.4, i.e. if a list of header field names contains an asterisk, then theVary
header will consist of a single asterisk'*'
.- On MySQL 8.0.16+,
PositiveIntegerField
andPositiveSmallIntegerField
now include a check constraint to prevent negative values in the database. alias=None
is added to the signature ofExpression.get_group_by_cols()
.RegexPattern
, used byre_path()
, no longer returns keyword arguments withNone
values to be passed to the view for the optional named groups that are missing.
3.0 で非推奨になった機能¶
django.utils.encoding.force_text()
and smart_text()
¶
The smart_text()
and force_text()
aliases (since Django 2.0) of
smart_str()
and force_str()
are deprecated. Ignore this deprecation if
your code supports Python 2 as the behavior of smart_str()
and
force_str()
is different there.
その他¶
django.utils.http.urlquote()
,urlquote_plus()
,urlunquote()
, andurlunquote_plus()
are deprecated in favor of the functions that they're aliases for:urllib.parse.quote()
,quote_plus()
,unquote()
, andunquote_plus()
.django.utils.translation.ugettext()
,ugettext_lazy()
,ugettext_noop()
,ungettext()
, andungettext_lazy()
are deprecated in favor of the functions that they're aliases for:django.utils.translation.gettext()
,gettext_lazy()
,gettext_noop()
,ngettext()
, andngettext_lazy()
.- To limit creation of sessions and hence favor some caching strategies,
django.views.i18n.set_language()
will stop setting the user's language in the session in Django 4.0. Since Django 2.1, the language is always stored in theLANGUAGE_COOKIE_NAME
cookie. django.utils.text.unescape_entities()
is deprecated in favor ofhtml.unescape()
. Note that unlikeunescape_entities()
,html.unescape()
evaluates lazy strings immediately.- To avoid possible confusion as to effective scope, the private internal
utility
is_safe_url()
is renamed tourl_has_allowed_host_and_scheme()
. That a URL has an allowed host and scheme doesn't in general imply that it's "safe". It may still be quoted incorrectly, for example. Ensure to also useiri_to_uri()
on the path component of untrusted URLs.
3.0 で削除された機能¶
以下の機能は、非推奨サイクルの終わりに達したため、Django 3.0 で削除されます。
See Features deprecated in 2.0 for details on these changes, including how to remove usage of these features.
- The
django.db.backends.postgresql_psycopg2
module is removed. django.shortcuts.render_to_response()
is removed.- The
DEFAULT_CONTENT_TYPE
setting is removed. HttpRequest.xreadlines()
is removed.- Support for the
context
argument ofField.from_db_value()
andExpression.convert_value()
is removed. - The
field_name
keyword argument ofQuerySet.earliest()
andlatest()
is removed.
See 2.1 で非推奨になった機能 for details on these changes, including how to remove usage of these features.
- The
ForceRHR
GIS function is removed. django.utils.http.cookie_date()
is removed.- The
staticfiles
andadmin_static
template tag libraries are removed. django.contrib.staticfiles.templatetags.staticfiles.static()
is removed.