Django 2.1.4 fixes several bugs in 2.1.3.
Bugfixes:
Corrected the default password list that CommonPasswordValidator uses by lowercasing all passwords to match the format expected by the validator.
Prevented repetitive calls to geos_version_tuple() in the WKBWriter class in an attempt to fix a random crash involving LooseVersion.
Fixed keep-alive support in runserver after it was disabled to fix another issue in Django 2.0.
Fixed admin view-only change form crash when using ModelAdmin.prepopulated_fields.
Django 2.1.3
Bugfixes:
Fixed a regression in Django 2.0 where combining Q objects with __in lookups and lists crashed
Fixed a regression in Django 1.11 where django-admin shell may hang on startup
Fixed a regression in Django 2.0 where test databases aren’t reused with manage.py test --keepdb on MySQL
Fixed a regression where cached foreign keys that use to_field were incorrectly cleared in Model.save()
Fixed a regression in Django 2.0 where FileSystemStorage crashes with FileExistsError if concurrent saves try to create the same directory
Django 2.1.2:
CVE-2018-16984: Password hash disclosure to “view only” admin users
Fixed a regression where nonexistent joins in F() no longer raised FieldError
Fixed a regression where files starting with a tilde or underscore weren’t ignored by the migrations loader
Made migrations detect changes to Meta.default_related_name
Added compatibility for cx_Oracle 7
Fixed a regression in Django 2.0 where unique index names weren’t quoted
Fixed a regression where sliced queries with multiple columns with the same name crashed on Oracle 12.1
Fixed a crash when a user with the view (but not change) permission made a POST request to an admin user change form
2.1:
Model “view” permission
django.contrib.admin
ModelAdmin.search_fields now accepts any lookup such as field__exact.
jQuery is upgraded from version 2.2.3 to 3.3.1.
The new ModelAdmin.delete_queryset() method allows customizing the deletion process of the “delete selected objects” action.
You can now override the default admin site.
The new ModelAdmin.sortable_by attribute and ModelAdmin.get_sortable_by() method allow limiting the columns that can be sorted in the change list page.
The admin_order_field attribute for elements in ModelAdmin.list_display may now be a query expression.
The new ModelAdmin.get_deleted_objects() method allows customizing the deletion process of the delete view and the “delete selected” action.
The actions.html, change_list_results.html, date_hierarchy.html, pagination.html, prepopulated_fields_js.html, search_form.html, and submit_line.html templates can now be overridden per app or per model (besides overridden globally).
The admin change list and change form object tools can now be overridden per app, per model, or globally with change_list_object_tools.html and change_form_object_tools.html templates.
InlineModelAdmin.has_add_permission() is now passed the parent object as the second positional argument, obj.
Admin actions may now specify permissions to limit their availability to certain users.
django.contrib.auth
createsuperuser now gives a prompt to allow bypassing the AUTH_PASSWORD_VALIDATORS checks.
UserCreationForm and UserChangeForm no longer need to be rewritten for a custom user model.
django.contrib.gis
The new GEOSGeometry.buffer_with_style() method is a version of buffer() that allows customizing the style of the buffer.
OpenLayersWidget is now based on OpenLayers 4.6.5 (previously 3.20.1).
django.contrib.sessions
Added the SESSION_COOKIE_SAMESITE setting to set the SameSite cookie flag on session cookies.
Cache
The local-memory cache backend now uses a least-recently-used (LRU) culling strategy rather than a pseudo-random one.
The new touch() method of the low-level cache API updates the timeout of cache keys.
CSRF
Added the CSRF_COOKIE_SAMESITE setting to set the SameSite cookie flag on CSRF cookies.
Forms
The widget for ImageField now renders with the HTML attribute accept="image/*".
Internationalization
Added the get_supported_language_variant() function.
Untranslated strings for territorial language variants now use the translations of the generic language. For example, untranslated pt_BR strings use pt translations.
Management Commands
The new inspectdb --include-views option allows creating models for database views.
The BaseCommand class now uses a custom help formatter so that the standard options like --verbosity or --settings appear last in the help output, giving a more prominent position to subclassed command’s options.
Migrations
Added support for serialization of functools.partialmethod objects.
To support frozen environments, migrations may be loaded from .pyc files.
Models
Models can now use __init_subclass__() from PEP 487.
A BinaryField may now be set to editable=True if you wish to include it in model forms.
A number of new text database functions are added: Chr, Left, LPad, LTrim, Ord, Repeat, Replace, Right, RPad, RTrim, and Trim.
The new TruncWeek function truncates DateField and DateTimeField to the Monday of a week.
Query expressions can now be negated using a minus sign.
QuerySet.order_by() and distinct(*fields) now support using field transforms.
BooleanField can now be null=True. This is encouraged instead of NullBooleanField, which will likely be deprecated in the future.
The new QuerySet.explain() method displays the database’s execution plan of a queryset’s query.
QuerySet.raw() now supports prefetch_related().
Requests and Responses
Added HttpRequest.get_full_path_info().
Added the samesite argument to HttpResponse.set_cookie() to allow setting the SameSite cookie flag.
The new as_attachment argument for FileResponse sets the Content-Disposition header to make the browser ask if the user wants to download the file. FileResponse also tries to set the Content-Type and Content-Length headers where appropriate.
Templates
The new json_script filter safely outputs a Python object as JSON, wrapped in a <script> tag, ready for use with JavaScript.
Django is a high-level Python Web framework that encourages rapid development
and clean, pragmatic design. Django was designed to make common Web-development
tasks fast and easy.
