Django 1.8.3 release notes

    Django 1.8.3 fixes several security issues and bugs in 1.8.2.

    Also, was renamed to RemovedInDjango110Warning as the version roadmap was revised to 1.9, 1.10, 1.11 (LTS), 2.0 (drops Python 2 support). For backwards compatibility, RemovedInDjango20Warning remains as an importable alias.

    The built-in session backends now create a session record only if the session is actually modified; empty session records are not created. Thus this potential DoS is now only possible if the site chooses to expose a session-modifying view to anonymous users.

    As each built-in session backend was fixed separately (rather than a fix in the core sessions framework), maintainers of third-party session backends should check whether the same vulnerability is present in their backend and correct it if so.

    , validate_slug(), and are also affected, however, as of Django 1.6 the GenericIPAddresseField, IPAddressField, SlugField, and URLField form fields which use these validators all strip the input, so the possibility of newlines entering your data only exists if you are using these validators outside of the form fields.

    The undocumented, internally unused validate_integer() function is now stricter as it validates using a regular expression instead of simply casting the value using int() and checking if an exception was raised.

    • Fixed BaseRangeField.prepare_value() to use each base_field’s prepare_value() method (#24841).
    • Fixed crash during if a migrations module either is missing __init__.py or is a file (#24848).
    • Fixed QuerySet.exists() returning incorrect results after annotation with Count() ().
    • Corrected HStoreField.has_changed() (#24844).
    • Reverted an optimization to the CSRF template context processor which caused a regression ().
    • Fixed a regression which caused template context processors to overwrite variables set on a RequestContext after it’s created (#24847).
    • Fixed a crash when using a reverse one-to-one relation in ModelAdmin.list_display ().
    • Fixed quoting of SQL when renaming a field to AutoField in PostgreSQL (#24892).
    • Fixed lack of unique constraint when changing a field from primary_key=True to unique=True ().
    • Fixed queryset pickling when using prefetch_related() after deleting objects (#24831).
    • Allowed using choices longer than 1 day with ().
    • Fixed a crash when loading squashed migrations from two apps with a dependency between them, where the dependent app’s replaced migrations are partially applied (#24895).
    • Fixed recording of applied status for squashed (replacement) migrations ().
    • Fixed queryset annotations when using Case expressions with exclude() (#24833).
    • Corrected join promotion for multiple Case expressions. Annotating a query with multiple Case expressions could unexpectedly filter out results ().
    • Fixed usage of transforms in subqueries (#24744).
    • Provided better backwards compatibility for the verbosity argument in optparse management commands by casting it to an integer ().
    • Fixed prefetch_related() on databases other than PostgreSQL for models using UUID primary keys (#24912).
    • Fixed removing unique_together constraints on MySQL ().
    • Fixed crash when uploading images with MIME types that Pillow doesn’t detect, such as bitmap, in forms.ImageField (#24948).
    • Fixed a regression when deleting a model through the admin that has a GenericRelation with a related_query_name ().
    • Reallowed non-ASCII values for ForeignKey.related_name on Python 3 by fixing the false positive system check (#25016).
    • Fixed inline forms that use a parent object that has a UUIDField primary key and a child object that has an AutoField primary key ().
    • Fixed a regression in the unordered_list template filter on certain inputs (#25031).
    • Fixed a regression in URLValidator that invalidated Punycode TLDs ().
    • Improved runserver polling (#23882).