Django 1.7 release notes

September 2, 2014

Welcome to Django 1.7!

These release notes cover the new features, as well as some backwards incompatible changes you'll want to be aware of when upgrading from Django 1.6 or older versions. We've begun the deprecation process for some features, and some features have reached the end of their deprecation process and have been removed.

Python compatibility

Django 1.7 requires Python 2.7, 3.2, 3.3, or 3.4. We highly recommend and only officially support the latest release of each series.

The Django 1.6 series is the last to support Python 2.6. Django 1.7 is the first release to support Python 3.4.

This change should affect only a small number of Django users, as most operating-system vendors today are shipping Python 2.7 or newer as their default version. If you're still using Python 2.6, however, you'll need to stick to Django 1.6 until you can upgrade your Python version. Per our support policy, Django 1.6 will continue to receive security support until the release of Django 1.8.

What's new in Django 1.7

Schema migrations

Django now has built-in support for schema migrations. It allows models to be updated, changed, and deleted by creating migration files that represent the model changes and which can be run on any development, staging or production database.

Migrations are covered in their own documentation, but a few of the key features are:

  • syncdb has been deprecated and replaced by migrate. Don't worry - calls to syncdb will still work as before.

  • A new makemigrations command provides an easy way to autodetect changes to your models and make migrations for them.

    django.db.models.signals.pre_syncdb and django.db.models.signals.post_syncdb have been deprecated, to be replaced by pre_migrate and post_migrate respectively. These new signals have slightly different arguments. Check the documentation for details.

  • The allow_syncdb method on database routers is now called allow_migrate, but still performs the same function. Routers with allow_syncdb methods will still work, but that method name is deprecated and you should change it as soon as possible (nothing more than renaming is required).

  • initial_data fixtures are no longer loaded for apps with migrations; if you want to load initial data for an app, we suggest you create a migration for your application and define a RunPython or RunSQL operation in the operations section of the migration.

  • Test rollback behavior is different for apps with migrations; in particular, Django will no longer emulate rollbacks on non-transactional databases or inside TransactionTestCase unless specifically requested.

  • It is not advised to have apps without migrations depend on (have a ForeignKey or ManyToManyField to) apps with migrations.

App-loading refactor

Historically, Django applications were tightly linked to models. A singleton known as the "app cache" dealt with both installed applications and models. The models module was used as an identifier for applications in many APIs.

As the concept of Django applications matured, this code showed some shortcomings. It has been refactored into an "app registry" where models modules no longer have a central role and where it's possible to attach configuration data to applications.

Improvements thus far include:

  • Applications can run code at startup, before Django does anything else, with the ready() method of their configuration.
  • Application labels are assigned correctly to models even when they're defined outside of models.py. You don't have to set app_label explicitly any more.
  • It is possible to omit models.py entirely if an application doesn't have any models.
  • Applications can be relabeled with the label attribute of application configurations, to work around label conflicts.
  • The name of applications can be customized in the admin with the verbose_name of application configurations.
  • The admin automatically calls autodiscover() when Django starts. You can consequently remove this line from your URLconf.
  • Django imports all application configurations and models as soon as it starts, through a deterministic and straightforward process. This should make it easier to diagnose import issues such as import loops.

New method on Field subclasses

To help power both schema migrations and to enable easier addition of composite keys in future releases of Django, the Field API now has a new required method: deconstruct().

This method takes no arguments, and returns a tuple of four items:

  • name: The field's attribute name on its parent model, or None if it is not part of a model
  • path: A dotted, Python path to the class of this field, including the class name.
  • args: Positional arguments, as a list
  • kwargs: Keyword arguments, as a dict

These four values allow any field to be serialized into a file, as well as allowing the field to be copied safely, both essential parts of these new features.

This change should not affect you unless you write custom Field subclasses; if you do, you may need to reimplement the deconstruct() method if your subclass changes the method signature of __init__ in any way. If your field just inherits from a built-in Django field and doesn't override __init__, no changes are necessary.

If you do need to override deconstruct(), a good place to start is the built-in Django fields (django/db/models/fields/__init__.py) as several fields, including DecimalField and DateField, override it and show how to call the method on the superclass and simply add or remove extra arguments.

This also means that all arguments to fields must themselves be serializable; to see what we consider serializable, and to find out how to make your own classes serializable, read the migration serialization documentation.

Calling custom QuerySet methods from the Manager

Historically, the recommended way to make reusable model queries was to create methods on a custom Manager class. The problem with this approach was that after the first method call, you'd get back a QuerySet instance and couldn't call additional custom manager methods.

Though not documented, it was common to work around this issue by creating a custom QuerySet so that custom methods could be chained; but the solution had a number of drawbacks:

  • The custom QuerySet and its custom methods were lost after the first call to values() or values_list().
  • Writing a custom Manager was still necessary to return the custom QuerySet class and all methods that were desired on the Manager had to be proxied to the QuerySet. The whole process went against the DRY principle.

The QuerySet.as_manager() class method can now directly create Manager with QuerySet methods:

class FoodQuerySet(models.QuerySet):
    def pizzas(self):
        return self.filter(kind='pizza')

    def vegetarian(self):
        return self.filter(vegetarian=True)

class Food(models.Model):
    kind = models.CharField(max_length=50)
    vegetarian = models.BooleanField(default=False)
    objects = FoodQuerySet.as_manager()

Food.objects.pizzas().vegetarian()

Using a custom manager when traversing reverse relations

It is now possible to specify a custom manager when traversing a reverse relationship:

class Blog(models.Model):
    pass

class Entry(models.Model):
    blog = models.ForeignKey(Blog)

    objects = models.Manager()  # Default Manager
    entries = EntryManager()    # Custom Manager

b = Blog.objects.get(id=1)
b.entry_set(manager='entries').all()

New system check framework

We've added a new System check framework for detecting common problems (like invalid models) and providing hints for resolving those problems. The framework is extensible so you can add your own checks for your own apps and libraries.

To perform system checks, you use the check management command. This command replaces the older validate management command.

Admin shortcuts support time zones

The "today" and "now" shortcuts next to date and time input widgets in the admin are now operating in the current time zone. Previously, they used the browser time zone, which could result in saving the wrong value when it didn't match the current time zone on the server.

In addition, the widgets now display a help message when the browser and server time zone are different, to clarify how the value inserted in the field will be interpreted.

Using database cursors as context managers

Prior to Python 2.7, database cursors could be used as a context manager. The specific backend's cursor defined the behavior of the context manager. The behavior of magic method lookups was changed with Python 2.7 and cursors were no longer usable as context managers.

Django 1.7 allows a cursor to be used as a context manager. That is, the following can be used:

with connection.cursor() as c:
    c.execute(...)

instead of:

c = connection.cursor()
try:
    c.execute(...)
finally:
    c.close()

Custom lookups

It is now possible to write custom lookups and transforms for the ORM. Custom lookups work just like Django's built-in lookups (e.g. lte, icontains) while transforms are a new concept.

The django.db.models.Lookup class provides a way to add lookup operators for model fields. As an example it is possible to add day_lte operator for DateFields.

The django.db.models.Transform class allows transformations of database values prior to the final lookup. For example it is possible to write a year transform that extracts year from the field's value. Transforms allow for chaining. After the year transform has been added to DateField it is possible to filter on the transformed value, for example qs.filter(author__birthdate__year__lte=1981).

For more information about both custom lookups and transforms refer to the custom lookups documentation.

Improvements to Form error handling

Form.add_error()

Previously there were two main patterns for handling errors in forms:

  • Raising a ValidationError from within certain functions (e.g. Field.clean(), Form.clean_<fieldname>(), or Form.clean() for non-field errors.)
  • Fiddling with Form._errors when targeting a specific field in Form.clean() or adding errors from outside of a "clean" method (e.g. directly from a view).

Using the former pattern was straightforward since the form can guess from the context (i.e. which method raised the exception) where the errors belong and automatically process them. This remains the canonical way of adding errors when possible. However the latter was fiddly and error-prone, since the burden of handling edge cases fell on the user.

The new add_error() method allows adding errors to specific form fields from anywhere without having to worry about the details such as creating instances of django.forms.utils.ErrorList or dealing with Form.cleaned_data. This new API replaces manipulating Form._errors which now becomes a private API.

See Cleaning and validating fields that depend on each other for an example using Form.add_error().

Error metadata

The ValidationError constructor accepts metadata such as error code or params which are then available for interpolating into the error message (see Raising ValidationError for more details); however, before Django 1.7 those metadata were discarded as soon as the errors were added to Form.errors.

Form.errors and django.forms.utils.ErrorList now store the ValidationError instances so these metadata can be retrieved at any time through the new Form.errors.as_data method.

The retrieved ValidationError instances can then be identified thanks to their error code which enables things like rewriting the error's message or writing custom logic in a view when a given error is present. It can also be used to serialize the errors in a custom format such as XML.

The new Form.errors.as_json() method is a convenience method which returns error messages along with error codes serialized as JSON. as_json() uses as_data() and gives an idea of how the new system could be extended.

Error containers and backward compatibility

Heavy changes to the various error containers were necessary in order to support the features above, specifically Form.errors, django.forms.utils.ErrorList, and the internal storages of ValidationError. These containers which used to store error strings now store ValidationError instances and public APIs have been adapted to make this as transparent as possible, but if you've been using private APIs, some of the changes are backwards incompatible; see ValidationError constructor and internal storage for more details.

Minor features

django.contrib.admin

django.contrib.auth

django.contrib.formtools

  • Calls to WizardView.done() now include a form_dict to allow easier access to forms by their step name.

django.contrib.gis

  • The default OpenLayers library version included in widgets has been updated from 2.11 to 2.13.
  • Prepared geometries now also support the crosses, disjoint, overlaps, touches and within predicates, if GEOS 3.3 or later is installed.

django.contrib.messages

django.contrib.redirects

django.contrib.sessions

  • The "django.contrib.sessions.backends.cached_db" session backend now respects SESSION_CACHE_ALIAS. In previous versions, it always used the default cache.

django.contrib.sitemaps

django.contrib.sites

django.contrib.staticfiles

django.contrib.syndication

  • The Atom1Feed syndication feed's updated element now utilizes updateddate instead of pubdate, allowing the published element to be included in the feed (which relies on pubdate).

Cache

  • Access to caches configured in CACHES is now available via django.core.cache.caches. This dict-like object provides a different instance per thread. It supersedes django.core.cache.get_cache() which is now deprecated.
  • If you instantiate cache backends directly, be aware that they aren't thread-safe any more, as django.core.cache.caches now yields different instances per thread.
  • Defining the TIMEOUT argument of the CACHES setting as None will set the cache keys as "non-expiring" by default. Previously, it was only possible to pass timeout=None to the cache backend's set() method.

Cross Site Request Forgery

  • The CSRF_COOKIE_AGE setting facilitates the use of session-based CSRF cookies.

Email

  • send_mail() now accepts an html_message parameter for sending a multipart text/plain and text/html email.
  • The SMTP EmailBackend now accepts a timeout parameter.

File Storage

  • File locking on Windows previously depended on the PyWin32 package; if it wasn't installed, file locking failed silently. That dependency has been removed, and file locking is now implemented natively on both Windows and Unix.

File Uploads

  • The new UploadedFile.content_type_extra attribute contains extra parameters passed to the content-type header on a file upload.
  • The new FILE_UPLOAD_DIRECTORY_PERMISSIONS setting controls the file system permissions of directories created during file upload, like FILE_UPLOAD_PERMISSIONS does for the files themselves.
  • The FileField.upload_to attribute is now optional. If it is omitted or given None or an empty string, a subdirectory won't be used for storing the uploaded files.
  • Uploaded files are now explicitly closed before the response is delivered to the client. Partially uploaded files are also closed as long as they are named file in the upload handler.
  • Storage.get_available_name() now appends an underscore plus a random 7 character alphanumeric string (e.g. "_x3a1gho"), rather than iterating through an underscore followed by a number (e.g. "_1", "_2", etc.) to prevent a denial-of-service attack. This change was also made in the 1.6.6, 1.5.9, and 1.4.14 security releases.

Forms

  • The <label> and <input> tags rendered by RadioSelect and CheckboxSelectMultiple when looping over the radio buttons or checkboxes now include for and id attributes, respectively. Each radio button or checkbox includes an id_for_label attribute to output the element's ID.
  • The <textarea> tags rendered by Textarea now include a maxlength attribute if the TextField model field has a max_length.
  • Field.choices now allows you to customize the "empty choice" label by including a tuple with an empty string or None for the key and the custom label as the value. The default blank option "----------" will be omitted in this case.
  • MultiValueField allows optional subfields by setting the require_all_fields argument to False. The required attribute for each individual field will be respected, and a new incomplete validation error will be raised when any required fields are empty.
  • The clean() method on a form no longer needs to return self.cleaned_data. If it does return a changed dictionary then that will still be used.
  • After a temporary regression in Django 1.6, it's now possible again to make TypedChoiceField coerce method return an arbitrary value.
  • SelectDateWidget.months can be used to customize the wording of the months displayed in the select widget.
  • The min_num and validate_min parameters were added to formset_factory() to allow validating a minimum number of submitted forms.
  • The metaclasses used by Form and ModelForm have been reworked to support more inheritance scenarios. The previous limitation that prevented inheriting from both Form and ModelForm simultaneously have been removed as long as ModelForm appears first in the MRO.
  • It's now possible to remove a field from a Form when subclassing by setting the name to None.
  • It's now possible to customize the error messages for ModelForm’s unique, unique_for_date, and unique_together constraints. In order to support unique_together or any other NON_FIELD_ERROR, ModelForm now looks for the NON_FIELD_ERROR key in the error_messages dictionary of the ModelForm’s inner Meta class. See considerations regarding model's error_messages for more details.

Internationalization

  • The django.middleware.locale.LocaleMiddleware.response_redirect_class attribute allows you to customize the redirects issued by the middleware.
  • The LocaleMiddleware now stores the user's selected language with the session key _language. This should only be accessed using the LANGUAGE_SESSION_KEY constant. Previously it was stored with the key django_language and the LANGUAGE_SESSION_KEY constant did not exist, but keys reserved for Django should start with an underscore. For backwards compatibility django_language is still read from in 1.7. Sessions will be migrated to the new key as they are written.
  • The blocktrans tag now supports a trimmed option. This option will remove newline characters from the beginning and the end of the content of the {% blocktrans %} tag, replace any whitespace at the beginning and end of a line and merge all lines into one using a space character to separate them. This is quite useful for indenting the content of a {% blocktrans %} tag without having the indentation characters end up in the corresponding entry in the PO file, which makes the translation process easier.
  • When you run makemessages from the root directory of your project, any extracted strings will now be automatically distributed to the proper app or project message file. See Localization: how to create language files for details.
  • The makemessages command now always adds the --previous command line flag to the msgmerge command, keeping previously translated strings in po files for fuzzy strings.
  • The following settings to adjust the language cookie options were introduced: LANGUAGE_COOKIE_AGE, LANGUAGE_COOKIE_DOMAIN and LANGUAGE_COOKIE_PATH.
  • Added Format localization for Esperanto.

Management Commands

  • The new --no-color option for django-admin disables the colorization of management command output.

  • The new dumpdata --natural-foreign and dumpdata --natural-primary options, and the new use_natural_foreign_keys and use_natural_primary_keys arguments for serializers.serialize(), allow the use of natural primary keys when serializing.

  • It is no longer necessary to provide the cache table name or the --database option for the createcachetable command. Django takes this information from your settings file. If you have configured multiple caches or multiple databases, all cache tables are created.

  • The runserver command received several improvements:

    • On Linux systems, if pyinotify is installed, the development server will reload immediately when a file is changed. Previously, it polled the filesystem for changes every second. That caused a small delay before reloads and reduced battery life on laptops.
    • In addition, the development server automatically reloads when a translation file is updated, i.e. after running compilemessages.
    • All HTTP requests are logged to the console, including requests for static files or favicon.ico that used to be filtered out.
  • Management commands can now produce syntax colored output under Windows if the ANSICON third-party tool is installed and active.

  • collectstatic command with symlink option is now supported on Windows NT 6 (Windows Vista and newer).

  • Initial SQL data now works better if the sqlparse Python library is installed.

    Note that it's deprecated in favor of the RunSQL operation of migrations, which benefits from the improved behavior.

Models

  • The QuerySet.update_or_create() method was added.
  • The new default_permissions model Meta option allows you to customize (or disable) creation of the default add, change, and delete permissions.
  • Explicit OneToOneField for Multi-table inheritance are now discovered in abstract classes.
  • It is now possible to avoid creating a backward relation for OneToOneField by setting its related_name to '+' or ending it with '+'.
  • F expressions support the power operator (**).
  • The remove() and clear() methods of the related managers created by ForeignKey and GenericForeignKey now accept the bulk keyword argument to control whether or not to perform operations in bulk (i.e. using QuerySet.update()). Defaults to True.
  • It is now possible to use None as a query value for the iexact lookup.
  • It is now possible to pass a callable as value for the attribute limit_choices_to when defining a ForeignKey or ManyToManyField.
  • Calling only() and defer() on the result of QuerySet.values() now raises an error (before that, it would either result in a database error or incorrect data).
  • You can use a single list for index_together (rather than a list of lists) when specifying a single set of fields.
  • Custom intermediate models having more than one foreign key to any of the models participating in a many-to-many relationship are now permitted, provided you explicitly specify which foreign keys should be used by setting the new ManyToManyField.through_fields argument.
  • Assigning a model instance to a non-relation field will now throw an error. Previously this used to work if the field accepted integers as input as it took the primary key.
  • Integer fields are now validated against database backend specific min and max values based on their internal_type. Previously model field validation didn't prevent values out of their associated column data type range from being saved resulting in an integrity error.
  • It is now possible to explicitly order_by() a relation _id field by using its attribute name.

Signals

  • The enter argument was added to the setting_changed signal.
  • The model signals can be now be connected to using a str of the 'app_label.ModelName' form – just like related fields – to lazily reference their senders.

Templates

  • The Context.push() method now returns a context manager which automatically calls pop() upon exiting the with statement. Additionally, push() now accepts parameters that are passed to the dict constructor used to build the new context level.
  • The new Context.flatten() method returns a Context's stack as one flat dictionary.
  • Context objects can now be compared for equality (internally, this uses Context.flatten() so the internal structure of each Context's stack doesn't matter as long as their flattened version is identical).
  • The widthratio template tag now accepts an "as" parameter to capture the result in a variable.
  • The include template tag will now also accept anything with a render() method (such as a Template) as an argument. String arguments will be looked up using get_template() as always.
  • It is now possible to include templates recursively.
  • Template objects now have an origin attribute set when TEMPLATE_DEBUG is True. This allows template origins to be inspected and logged outside of the django.template infrastructure.
  • TypeError exceptions are no longer silenced when raised during the rendering of a template.
  • The following functions now accept a dirs parameter which is a list or tuple to override TEMPLATE_DIRS:
  • The time filter now accepts timezone-related format specifiers 'e', 'O' , 'T' and 'Z' and is able to digest time-zone-aware datetime instances performing the expected rendering.
  • The cache tag will now try to use the cache called "template_fragments" if it exists and fall back to using the default cache otherwise. It also now accepts an optional using keyword argument to control which cache it uses.
  • The new truncatechars_html filter truncates a string to be no longer than the specified number of characters, taking HTML into account.

Requests and Responses

Tests

  • DiscoverRunner has two new attributes, test_suite and test_runner, which facilitate overriding the way tests are collected and run.
  • The fetch_redirect_response argument was added to assertRedirects(). Since the test client can't fetch externals URLs, this allows you to use assertRedirects with redirects that aren't part of your Django app.
  • Correct handling of scheme when making comparisons in assertRedirects().
  • The secure argument was added to all the request methods of Client. If True, the request will be made through HTTPS.
  • assertNumQueries() now prints out the list of executed queries if the assertion fails.
  • The WSGIRequest instance generated by the test handler is now attached to the django.test.Response.wsgi_request attribute.
  • The database settings for testing have been collected into a dictionary named TEST.

Utilities

  • Improved strip_tags() accuracy (but it still cannot guarantee an HTML-safe result, as stated in the documentation).

Validators

  • RegexValidator now accepts the optional flags and Boolean inverse_match arguments. The inverse_match attribute determines if the ValidationError should be raised when the regular expression pattern matches (True) or does not match (False, by default) the provided value. The flags attribute sets the flags used when compiling a regular expression string.
  • URLValidator now accepts an optional schemes argument which allows customization of the accepted URI schemes (instead of the defaults http(s) and ftp(s)).
  • validate_email() now accepts addresses with IPv6 literals, like example@[2001:db8::1], as specified in RFC 5321.

Backwards incompatible changes in 1.7

警告

In addition to the changes outlined in this section, be sure to review the deprecation plan for any features that have been removed. If you haven't updated your code within the deprecation timeline for a given feature, its removal may appear as a backwards incompatible change.

allow_syncdb / allow_migrate

While Django will still look at allow_syncdb methods even though they should be renamed to allow_migrate, there is a subtle difference in which models get passed to these methods.

For apps with migrations, allow_migrate will now get passed historical models, which are special versioned models without custom attributes, methods or managers. Make sure your allow_migrate methods are only referring to fields or other items in model._meta.

initial_data

Apps with migrations will not load initial_data fixtures when they have finished migrating. Apps without migrations will continue to load these fixtures during the phase of migrate which emulates the old syncdb behavior, but any new apps will not have this support.

Instead, you are encouraged to load initial data in migrations if you need it (using the RunPython operation and your model classes); this has the added advantage that your initial data will not need updating every time you change the schema.

Additionally, like the rest of Django's old syncdb code, initial_data has been started down the deprecation path and will be removed in Django 1.9.

deconstruct() and serializability

Django now requires all Field classes and all of their constructor arguments to be serializable. If you modify the constructor signature in your custom Field in any way, you'll need to implement a deconstruct() method; we've expanded the custom field documentation with instructions on implementing this method.

The requirement for all field arguments to be serializable means that any custom class instances being passed into Field constructors - things like custom Storage subclasses, for instance - need to have a deconstruct method defined on them as well, though Django provides a handy class decorator that will work for most applications.

App-loading changes

Start-up sequence

Django 1.7 loads application configurations and models as soon as it starts. While this behavior is more straightforward and is believed to be more robust, regressions cannot be ruled out. See Troubleshooting for solutions to some problems you may encounter.

Standalone scripts

If you're using Django in a plain Python script — rather than a management command — and you rely on the DJANGO_SETTINGS_MODULE environment variable, you must now explicitly initialize Django at the beginning of your script with:

>>> import django
>>> django.setup()

Otherwise, you will hit an AppRegistryNotReady exception.

WSGI scripts

Until Django 1.3, the recommended way to create a WSGI application was:

import django.core.handlers.wsgi
application = django.core.handlers.wsgi.WSGIHandler()

In Django 1.4, support for WSGI was improved and the API changed to:

from django.core.wsgi import get_wsgi_application
application = get_wsgi_application()

If you're still using the former style in your WSGI script, you need to upgrade to the latter, or you will hit an AppRegistryNotReady exception.

App registry consistency

It is no longer possible to have multiple installed applications with the same label. In previous versions of Django, this didn't always work correctly, but didn't crash outright either.

If you have two apps with the same label, you should create an AppConfig for one of them and override its label there. You should then adjust your code wherever it references this application or its models with the old label.

It isn't possible to import the same model twice through different paths any more. As of Django 1.6, this may happen only if you're manually putting a directory and a subdirectory on PYTHONPATH. Refer to the section on the new project layout in the 1.4 release notes for migration instructions.

You should make sure that:

  • All models are defined in applications that are listed in INSTALLED_APPS or have an explicit app_label.
  • Models aren't imported as a side-effect of loading their application. Specifically, you shouldn't import models in the root module of an application nor in the module that define its configuration class.

Django will enforce these requirements as of version 1.9, after a deprecation period.

Subclassing AppCommand

Subclasses of AppCommand must now implement a handle_app_config() method instead of handle_app(). This method receives an AppConfig instance instead of a models module.

Introspecting applications

Since INSTALLED_APPS now supports application configuration classes in addition to application modules, you should review code that accesses this setting directly and use the app registry (django.apps.apps) instead.

The app registry has preserved some features of the old app cache. Even though the app cache was a private API, obsolete methods and arguments will be removed through a standard deprecation path, with the exception of the following changes that take effect immediately:

  • get_model raises LookupError instead of returning None when no model is found.
  • The only_installed argument of get_model and get_models no longer exists, nor does the seed_cache argument of get_model.

Management commands and order of INSTALLED_APPS

When several applications provide management commands with the same name, Django loads the command from the application that comes first in INSTALLED_APPS. Previous versions loaded the command from the application that came last.

This brings discovery of management commands in line with other parts of Django that rely on the order of INSTALLED_APPS, such as static files, templates, and translations.

ValidationError constructor and internal storage

The behavior of the ValidationError constructor has changed when it receives a container of errors as an argument (e.g. a list or an ErrorList):

  • It converts any strings it finds to instances of ValidationError before adding them to its internal storage.
  • It doesn't store the given container but rather copies its content to its own internal storage; previously the container itself was added to the ValidationError instance and used as internal storage.

This means that if you access the ValidationError internal storages, such as error_list; error_dict; or the return value of update_error_dict() you may find instances of ValidationError where you would have previously found strings.

Also if you directly assigned the return value of update_error_dict() to Form._errors you may inadvertently add list instances where ErrorList instances are expected. This is a problem because unlike a simple list, an ErrorList knows how to handle instances of ValidationError.

Most use-cases that warranted using these private APIs are now covered by the newly introduced Form.add_error() method:

# Old pattern:
try:
    # ...
except ValidationError as e:
    self._errors = e.update_error_dict(self._errors)

# New pattern:
try:
    # ...
except ValidationError as e:
    self.add_error(None, e)

If you need both Django <= 1.6 and 1.7 compatibility you can't use Form.add_error() since it wasn't available before Django 1.7, but you can use the following workaround to convert any list into ErrorList:

try:
    # ...
except ValidationError as e:
    self._errors = e.update_error_dict(self._errors)

# Additional code to ensure ``ErrorDict`` is exclusively
# composed of ``ErrorList`` instances.
for field, error_list in self._errors.items():
    if not isinstance(error_list, self.error_class):
        self._errors[field] = self.error_class(error_list)

Behavior of LocMemCache regarding pickle errors

An inconsistency existed in previous versions of Django regarding how pickle errors are handled by different cache backends. django.core.cache.backends.locmem.LocMemCache used to fail silently when such an error occurs, which is inconsistent with other backends and leads to cache-specific errors. This has been fixed in Django 1.7, see #21200 for more details.

Cache keys are now generated from the request's absolute URL

Previous versions of Django generated cache keys using a request's path and query string but not the scheme or host. If a Django application was serving multiple subdomains or domains, cache keys could collide. In Django 1.7, cache keys vary by the absolute URL of the request including scheme, host, path, and query string. For example, the URL portion of a cache key is now generated from https://www.example.com/path/to/?key=val rather than /path/to/?key=val. The cache keys generated by Django 1.7 will be different from the keys generated by older versions of Django. After upgrading to Django 1.7, the first request to any previously cached URL will be a cache miss.

Passing None to Manager.db_manager()

In previous versions of Django, it was possible to use db_manager(using=None) on a model manager instance to obtain a manager instance using default routing behavior, overriding any manually specified database routing. In Django 1.7, a value of None passed to db_manager will produce a router that retains any manually assigned database routing -- the manager will not be reset. This was necessary to resolve an inconsistency in the way routing information cascaded over joins. See #13724 for more details.

pytz may be required

If your project handles datetimes before 1970 or after 2037 and Django raises a ValueError when encountering them, you will have to install pytz. You may be affected by this problem if you use Django's time zone-related date formats or django.contrib.syndication.

Admin login redirection strategy

Historically, the Django admin site passed the request from an unauthorized or unauthenticated user directly to the login view, without HTTP redirection. In Django 1.7, this behavior changed to conform to a more traditional workflow where any unauthorized request to an admin page will be redirected (by HTTP status code 302) to the login page, with the next parameter set to the referring path. The user will be redirected there after a successful login.

Note also that the admin login form has been updated to not contain the this_is_the_login_form field (now unused) and the ValidationError code has been set to the more regular invalid_login key.

select_for_update() requires a transaction

Historically, queries that use select_for_update() could be executed in autocommit mode, outside of a transaction. Before Django 1.6, Django's automatic transactions mode allowed this to be used to lock records until the next write operation. Django 1.6 introduced database-level autocommit; since then, execution in such a context voids the effect of select_for_update(). It is, therefore, assumed now to be an error and raises an exception.

This change was made because such errors can be caused by including an app which expects global transactions (e.g. ATOMIC_REQUESTS set to True), or Django's old autocommit behavior, in a project which runs without them; and further, such errors may manifest as data-corruption bugs. It was also made in Django 1.6.3.

This change may cause test failures if you use select_for_update() in a test class which is a subclass of TransactionTestCase rather than TestCase.

Contrib middleware removed from default MIDDLEWARE_CLASSES

The app-loading refactor deprecated using models from apps which are not part of the INSTALLED_APPS setting. This exposed an incompatibility between the default INSTALLED_APPS and MIDDLEWARE_CLASSES in the global defaults (django.conf.global_settings). To bring these settings in sync and prevent deprecation warnings when doing things like testing reusable apps with minimal settings, SessionMiddleware, AuthenticationMiddleware, and MessageMiddleware were removed from the defaults. These classes will still be included in the default settings generated by startproject. Most projects will not be affected by this change but if you were not previously declaring the MIDDLEWARE_CLASSES in your project settings and relying on the global default you should ensure that the new defaults are in line with your project's needs. You should also check for any code that accesses django.conf.global_settings.MIDDLEWARE_CLASSES directly.

Miscellaneous

  • The django.core.files.uploadhandler.FileUploadHandler.new_file() method is now passed an additional content_type_extra parameter. If you have a custom FileUploadHandler that implements new_file(), be sure it accepts this new parameter.

  • ModelFormSets no longer delete instances when save(commit=False) is called. See can_delete for instructions on how to manually delete objects from deleted forms.

  • Loading empty fixtures emits a RuntimeWarning rather than raising CommandError.

  • django.contrib.staticfiles.views.serve() will now raise an Http404 exception instead of ImproperlyConfigured when DEBUG is False. This change removes the need to conditionally add the view to your root URLconf, which in turn makes it safe to reverse by name. It also removes the ability for visitors to generate spurious HTTP 500 errors by requesting static files that don't exist or haven't been collected yet.

  • The django.db.models.Model.__eq__() method is now defined in a way where instances of a proxy model and its base model are considered equal when primary keys match. Previously only instances of exact same class were considered equal on primary key match.

  • The django.db.models.Model.__eq__() method has changed such that two Model instances without primary key values won't be considered equal (unless they are the same instance).

  • The django.db.models.Model.__hash__() method will now raise TypeError when called on an instance without a primary key value. This is done to avoid mutable __hash__ values in containers.

  • AutoField columns in SQLite databases will now be created using the AUTOINCREMENT option, which guarantees monotonic increments. This will cause primary key numbering behavior to change on SQLite, becoming consistent with most other SQL databases. This will only apply to newly created tables. If you have a database created with an older version of Django, you will need to migrate it to take advantage of this feature. For example, you could do the following:

    1. Use dumpdata to save your data.
    2. Rename the existing database file (keep it as a backup).
    3. Run migrate to create the updated schema.
    4. Use loaddata to import the fixtures you exported in (1).
  • django.contrib.auth.models.AbstractUser no longer defines a get_absolute_url() method. The old definition returned "/users/%s/" % urlquote(self.username) which was arbitrary since applications may or may not define such a url in urlpatterns. Define a get_absolute_url() method on your own custom user object or use ABSOLUTE_URL_OVERRIDES if you want a URL for your user.

  • The static asset-serving functionality of the django.test.LiveServerTestCase class has been simplified: Now it's only able to serve content already present in STATIC_ROOT when tests are run. The ability to transparently serve all the static assets (similarly to what one gets with DEBUG = True at development-time) has been moved to a new class that lives in the staticfiles application (the one actually in charge of such feature): django.contrib.staticfiles.testing.StaticLiveServerTestCase. In other words, LiveServerTestCase itself is less powerful but at the same time has less magic.

    Rationale behind this is removal of dependency of non-contrib code on contrib applications.

  • The old cache URI syntax (e.g. "locmem://") is no longer supported. It still worked, even though it was not documented or officially supported. If you're still using it, please update to the current CACHES syntax.

  • The default ordering of Form fields in case of inheritance has changed to follow normal Python MRO. Fields are now discovered by iterating through the MRO in reverse with the topmost class coming last. This only affects you if you relied on the default field ordering while having fields defined on both the current class and on a parent Form.

  • The required argument of SelectDateWidget has been removed. This widget now respects the form field's is_required attribute like other widgets.

  • Widget.is_hidden is now a read-only property, getting its value by introspecting the presence of input_type == 'hidden'.

  • select_related() now chains in the same way as other similar calls like prefetch_related. That is, select_related('foo', 'bar') is equivalent to select_related('foo').select_related('bar'). Previously the latter would have been equivalent to select_related('bar').

  • GeoDjango dropped support for GEOS < 3.1.

  • The init_connection_state method of database backends now executes in autocommit mode (unless you set AUTOCOMMIT to False). If you maintain a custom database backend, you should check that method.

  • The django.db.backends.BaseDatabaseFeatures.allows_primary_key_0 attribute has been renamed to allows_auto_pk_0 to better describe it. It's True for all database backends included with Django except MySQL which does allow primary keys with value 0. It only forbids autoincrement primary keys with value 0.

  • Shadowing model fields defined in a parent model has been forbidden as this creates ambiguity in the expected model behavior. In addition, clashing fields in the model inheritance hierarchy result in a system check error. For example, if you use multi-inheritance, you need to define custom primary key fields on parent models, otherwise the default id fields will clash. See Multiple inheritance for details.

  • django.utils.translation.parse_accept_lang_header() now returns lowercase locales, instead of the case as it was provided. As locales should be treated case-insensitive this allows us to speed up locale detection.

  • django.utils.translation.get_language_from_path() and django.utils.translation.trans_real.get_supported_language_variant() now no longer have a supported argument.

  • The shortcut view in django.contrib.contenttypes.views now supports protocol-relative URLs (e.g. //example.com).

  • GenericRelation now supports an optional related_query_name argument. Setting related_query_name adds a relation from the related object back to the content type for filtering, ordering and other query operations.

  • When running tests on PostgreSQL, the USER will need read access to the built-in postgres database. This is in lieu of the previous behavior of connecting to the actual non-test database.

  • As part of the System check framework, fields, models, and model managers all implement a check() method that is registered with the check framework. If you have an existing method called check() on one of these objects, you will need to rename it.

  • As noted above in the "Cache" section of "Minor Features", defining the TIMEOUT argument of the CACHES setting as None will set the cache keys as "non-expiring". Previously, with the memcache backend, a TIMEOUT of 0 would set non-expiring keys, but this was inconsistent with the set-and-expire (i.e. no caching) behavior of set("key", "value", timeout=0). If you want non-expiring keys, please update your settings to use None instead of 0 as the latter now designates set-and-expire in the settings as well.

  • The sql* management commands now respect the allow_migrate() method of DATABASE_ROUTERS. If you have models synced to non-default databases, use the --database flag to get SQL for those models (previously they would always be included in the output).

  • Decoding the query string from URLs now falls back to the ISO-8859-1 encoding when the input is not valid UTF-8.

  • With the addition of the django.contrib.auth.middleware.SessionAuthenticationMiddleware to the default project template (pre-1.7.2 only), a database must be created before accessing a page using runserver.

  • The addition of the schemes argument to URLValidator will appear as a backwards-incompatible change if you were previously using a custom regular expression to validate schemes. Any scheme not listed in schemes will fail validation, even if the regular expression matches the given URL.

Features deprecated in 1.7

django.core.cache.get_cache

django.core.cache.get_cache has been supplanted by django.core.cache.caches.

django.utils.dictconfig/django.utils.importlib

django.utils.dictconfig and django.utils.importlib were copies of respectively logging.config and importlib provided for Python versions prior to 2.7. They have been deprecated.

django.utils.module_loading.import_by_path

The current django.utils.module_loading.import_by_path function catches AttributeError, ImportError, and ValueError exceptions, and re-raises ImproperlyConfigured. Such exception masking makes it needlessly hard to diagnose circular import problems, because it makes it look like the problem comes from inside Django. It has been deprecated in favor of import_string().

django.utils.tzinfo

django.utils.tzinfo provided two tzinfo subclasses, LocalTimezone and FixedOffset. They've been deprecated in favor of more correct alternatives provided by django.utils.timezone, django.utils.timezone.get_default_timezone() and django.utils.timezone.get_fixed_timezone().

django.utils.unittest

django.utils.unittest provided uniform access to the unittest2 library on all Python versions. Since unittest2 became the standard library's unittest module in Python 2.7, and Django 1.7 drops support for older Python versions, this module isn't useful anymore. It has been deprecated. Use unittest instead.

django.utils.datastructures.SortedDict

As OrderedDict was added to the standard library in Python 2.7, SortedDict is no longer needed and has been deprecated.

The two additional, deprecated methods provided by SortedDict (insert() and value_for_index()) have been removed. If you relied on these methods to alter structures like form fields, you should now treat these OrderedDicts as immutable objects and override them to change their content.

For example, you might want to override MyFormClass.base_fields (although this attribute isn't considered a public API) to change the ordering of fields for all MyFormClass instances; or similarly, you could override self.fields from inside MyFormClass.__init__(), to change the fields for a particular form instance. For example (from Django itself):

PasswordChangeForm.base_fields = OrderedDict(
    (k, PasswordChangeForm.base_fields[k])
    for k in ['old_password', 'new_password1', 'new_password2']
)

Custom SQL location for models package

Previously, if models were organized in a package (myapp/models/) rather than simply myapp/models.py, Django would look for initial SQL data in myapp/models/sql/. This bug has been fixed so that Django will search myapp/sql/ as documented. After this issue was fixed, migrations were added which deprecates initial SQL data. Thus, while this change still exists, the deprecation is irrelevant as the entire feature will be removed in Django 1.9.

Reorganization of django.contrib.sites

django.contrib.sites provides reduced functionality when it isn't in INSTALLED_APPS. The app-loading refactor adds some constraints in that situation. As a consequence, two objects were moved, and the old locations are deprecated:

declared_fieldsets attribute on ModelAdmin

ModelAdmin.declared_fieldsets has been deprecated. Despite being a private API, it will go through a regular deprecation path. This attribute was mostly used by methods that bypassed ModelAdmin.get_fieldsets() but this was considered a bug and has been addressed.

Reorganization of django.contrib.contenttypes

Since django.contrib.contenttypes.generic defined both admin and model related objects, an import of this module could trigger unexpected side effects. As a consequence, its contents were split into contenttypes submodules and the django.contrib.contenttypes.generic module is deprecated:

syncdb

The syncdb command has been deprecated in favor of the new migrate command. migrate takes the same arguments as syncdb used to plus a few more, so it's safe to just change the name you're calling and nothing else.

util modules renamed to utils

The following instances of util.py in the Django codebase have been renamed to utils.py in an effort to unify all util and utils references:

  • django.contrib.admin.util
  • django.contrib.gis.db.backends.util
  • django.db.backends.util
  • django.forms.util

get_formsets method on ModelAdmin

ModelAdmin.get_formsets has been deprecated in favor of the new get_formsets_with_inlines(), in order to better handle the case of selectively showing inlines on a ModelAdmin.

IPAddressField

The django.db.models.IPAddressField and django.forms.IPAddressField fields have been deprecated in favor of django.db.models.GenericIPAddressField and django.forms.GenericIPAddressField.

BaseMemcachedCache._get_memcache_timeout method

The BaseMemcachedCache._get_memcache_timeout() method has been renamed to get_backend_timeout(). Despite being a private API, it will go through the normal deprecation.

Natural key serialization options

The --natural and -n options for dumpdata have been deprecated. Use dumpdata --natural-foreign instead.

Similarly, the use_natural_keys argument for serializers.serialize() has been deprecated. Use use_natural_foreign_keys instead.

Merging of POST and GET arguments into WSGIRequest.REQUEST

It was already strongly suggested that you use GET and POST instead of REQUEST, because the former are more explicit. The property REQUEST is deprecated and will be removed in Django 1.9.

django.utils.datastructures.MergeDict class

MergeDict exists primarily to support merging POST and GET arguments into a REQUEST property on WSGIRequest. To merge dictionaries, use dict.update() instead. The class MergeDict is deprecated and will be removed in Django 1.9.

Language codes zh-cn, zh-tw and fy-nl

The currently used language codes for Simplified Chinese zh-cn, Traditional Chinese zh-tw and (Western) Frysian fy-nl are deprecated and should be replaced by the language codes zh-hans, zh-hant and fy respectively. If you use these language codes, you should rename the locale directories and update your settings to reflect these changes. The deprecated language codes will be removed in Django 1.9.

django.utils.functional.memoize function

The function memoize is deprecated and should be replaced by the functools.lru_cache decorator (available from Python 3.2 onwards).

Django ships a backport of this decorator for older Python versions and it's available at django.utils.lru_cache.lru_cache. The deprecated function will be removed in Django 1.9.

Geo Sitemaps

Google has retired support for the Geo Sitemaps format. Hence Django support for Geo Sitemaps is deprecated and will be removed in Django 1.8.

Passing callable arguments to queryset methods

Callable arguments for querysets were an undocumented feature that was unreliable. It's been deprecated and will be removed in Django 1.9.

Callable arguments were evaluated when a queryset was constructed rather than when it was evaluated, thus this feature didn't offer any benefit compared to evaluating arguments before passing them to queryset and created confusion that the arguments may have been evaluated at query time.

ADMIN_FOR setting

The ADMIN_FOR feature, part of the admindocs, has been removed. You can remove the setting from your configuration at your convenience.

SplitDateTimeWidget with DateTimeField

SplitDateTimeWidget support in DateTimeField is deprecated, use SplitDateTimeWidget with SplitDateTimeField instead.

validate

The validate management command is deprecated in favor of the check command.

django.core.management.BaseCommand

requires_model_validation is deprecated in favor of a new requires_system_checks flag. If the latter flag is missing, then the value of the former flag is used. Defining both requires_system_checks and requires_model_validation results in an error.

The check() method has replaced the old validate() method.

ModelAdmin validators

The ModelAdmin.validator_class and default_validator_class attributes are deprecated in favor of the new checks_class attribute.

The ModelAdmin.validate() method is deprecated in favor of ModelAdmin.check().

The django.contrib.admin.validation module is deprecated.

django.db.backends.DatabaseValidation.validate_field

This method is deprecated in favor of a new check_field method. The functionality required by check_field() is the same as that provided by validate_field(), but the output format is different. Third-party database backends needing this functionality should provide an implementation of check_field().

Loading ssi and url template tags from future library

Django 1.3 introduced {% load ssi from future %} and {% load url from future %} syntax for forward compatibility of the ssi and url template tags. This syntax is now deprecated and will be removed in Django 1.9. You can simply remove the {% load ... from future %} tags.

django.utils.text.javascript_quote

javascript_quote() was an undocumented function present in django.utils.text. It was used internally in the javascript_catalog() view whose implementation was changed to make use of json.dumps() instead. If you were relying on this function to provide safe output from untrusted strings, you should use django.utils.html.escapejs or the escapejs template filter. If all you need is to generate valid JavaScript strings, you can simply use json.dumps().

fix_ampersands utils method and template filter

The django.utils.html.fix_ampersands method and the fix_ampersands template filter are deprecated, as the escaping of ampersands is already taken care of by Django's standard HTML escaping features. Combining this with fix_ampersands would either result in double escaping, or, if the output is assumed to be safe, a risk of introducing XSS vulnerabilities. Along with fix_ampersands, django.utils.html.clean_html is deprecated, an undocumented function that calls fix_ampersands. As this is an accelerated deprecation, fix_ampersands and clean_html will be removed in Django 1.8.

Reorganization of database test settings

All database settings with a TEST_ prefix have been deprecated in favor of entries in a TEST dictionary in the database settings. The old settings will be supported until Django 1.9. For backwards compatibility with older versions of Django, you can define both versions of the settings as long as they match.

FastCGI support

FastCGI support via the runfcgi management command will be removed in Django 1.9. Please deploy your project using WSGI.

Moved objects in contrib.sites

Following the app-loading refactor, two objects in django.contrib.sites.models needed to be moved because they must be available without importing django.contrib.sites.models when django.contrib.sites isn't installed. Import RequestSite from django.contrib.sites.requests and get_current_site() from django.contrib.sites.shortcuts. The old import locations will work until Django 1.9.

django.forms.forms.get_declared_fields()

Django no longer uses this functional internally. Even though it's a private API, it'll go through the normal deprecation cycle.

Private Query Lookup APIs

Private APIs django.db.models.sql.where.WhereNode.make_atom() and django.db.models.sql.where.Constraint are deprecated in favor of the new custom lookups API.

Features removed in 1.7

These features have reached the end of their deprecation cycle and are removed in Django 1.7. See Features deprecated in 1.5 for details, including how to remove usage of these features.

  • django.utils.simplejson is removed.
  • django.utils.itercompat.product is removed.
  • INSTALLED_APPS and TEMPLATE_DIRS are no longer corrected from a plain string into a tuple.
  • HttpResponse, SimpleTemplateResponse, TemplateResponse, render_to_response(), index(), and sitemap() no longer take a mimetype argument
  • HttpResponse immediately consumes its content if it's an iterator.
  • The AUTH_PROFILE_MODULE setting, and the get_profile() method on the User model are removed.
  • The cleanup management command is removed.
  • The daily_cleanup.py script is removed.
  • select_related() no longer has a depth keyword argument.
  • The get_warnings_state()/restore_warnings_state() functions from django.test.utils and the save_warnings_state()/ restore_warnings_state() django.test.*TestCase are removed.
  • The check_for_test_cookie method in AuthenticationForm is removed.
  • The version of django.contrib.auth.views.password_reset_confirm() that supports base36 encoded user IDs (django.contrib.auth.views.password_reset_confirm_uidb36) is removed.
  • The django.utils.encoding.StrAndUnicode mix-in is removed.