Django Security Fixes, Python Releases, and New Tools

        March 6, 2026

Django Security Fixes, Python Releases, and New Tools
Wagtail GSOC, DjangoNaut, Session 6 Team Introductions, PyTV talks, and more.

        News
Django security releases issued: 6.0.3, 5.2.12, and 4.2.29
Django 6.0.3, 5.2.12, and 4.2.29 were released to fix two security issues: URLField DoS on Windows and file permission race conditions.
Releases
Python 3.12.13, 3.11.15 and 3.10.20 are now available!
Python 3.12.13, 3.11.15, and 3.10.20 fix security and denial-of-service vulnerabilities in email, HTTP cookies, WSGI headers, XML parsing, and SSL.
Python Software Foundation
PEP 827 – Type Manipulation
PEP 827 proposes extensive type-level introspection and construction APIs in typing to enable computed types for ORMs, dataclass-style transforms, and decorator typing.
The Python Insider Blog Has Moved!
Python Insider moved to a Git backed Markdown workflow with a static Astro site, GitHub Actions, and RSS, simplifying contributions and versioned posts.
Djangonaut Space News
2026 Session 6 Team Introductions! 
Djangonaut Space introduces the six teams for its sixth session, pairing volunteers and new contributors to collaborate on projects ranging from Django core and accessibility improvements to django CMS, BeeWare, and deployment tools.
Wagtail CMS News
Our projects for Google Summer of Code 2026
Wagtail will mentor GSoC 2026 projects, including bakerydemo redesign, starter kit overhaul, and multilingual improvements to core and wagtail-localize for CMS contributors.
Our roadmap for the next 6 months
Wagtail roadmap targets UX and editor improvements, Django modelsearch enhancements, customizable page models, SEO and AI content checks, autosave polish, and LTS stability.
Updates to Django
Today, "Updates to Django" is presented by Johanan from Djangonaut Space! 🚀
Last week we had 23 pull requests merged into Django by 17 different contributors - including 6 first-time contributors! Congratulations to Pierre Sassoulas, Abhimanyu Singh Negi, Sam.An, Anurag Verma, Zac Iloka and Elias Hernandis for having their first commits merged into Django - welcome on board! 
This week's Django highlights:

Removed empty exc_info from log_task_finished signal handler.(#36951) 

Renamed permissions upon model renaming in migrations. (#27489) This ticket was created 9 years ago . Thanks to everyone who worked on this 🎉 

Improved the accessibility of admin form label(#34643).

Sponsored Link 1
Sponsor Django News
Reach 4,300+ highly-engaged and experienced Django developers.
Articles
Making Django unique constraints case-insensitive (with no downtime)
Fix Django’s case-sensitive unique constraint pitfalls by cleaning duplicates, adding Lower() constraints, and safely migrating with PostgreSQL CONCURRENTLY to avoid downtime.
Row Locks With Joins Can Produce Surprising Results in PostgreSQL
A subtle PostgreSQL concurrency edge case shows how SELECT ... FOR UPDATE with joins can unexpectedly return missing or partial results under Read Committed isolation, and explores safer query patterns to avoid it.
Pytest parameter functions
Use helper functions that return pytest.param to preprocess multiline strings or file contents, and assign concise IDs to make parametrized pytest test cases clearer.
I Checked 5 Security Skills for Claude Code. Only One Is Worth Installing
A deep dive into five Claude Code security review skills reveals that most are shallow checklists prone to false positives, while Sentry’s standout skill delivers a context-aware methodology that actually finds real vulnerabilities.
State of WASI support for CPython: March 2026
PEP 816 locks WASI and WASI SDK versions for CPython 3.15, enabling stable build targets while work continues on packaging, deps, and socket support.
Videos
Python Unplugged on PyTV – Free Online Python Conference livestream available
The first PyTV, a global online Python conference, occurred as a livestream on Wednesday. Django speakers included Sarah Boyce, Sheena O'Connell, Carlton Gibson, Mark Smith, Paul Everitt, and others. Time stamps in the description!
Django Job Board
The Python Software Foundation is hiring an Infrastructure Engineer to help maintain the systems that power Python’s infrastructure.
TurnTable is seeking a Lead Backend Engineer to build and scale backend systems for its music collaboration platform.
Projects
Django (anti)patterns
Django Antipatterns is a community-maintained reference that highlights common mistakes in Django projects and explains better patterns developers can use instead. 
yassi/dj-control-room
The control room for your Django app. 
trottomv/django-never-cache
A lightweight Django package to simplify Cache-Control configuration for sensitive views.
Sponsorship
🚀 Reach 4,300+ Django Developers Every Week
Want to reach developers who actually read what they subscribe to?
Django News lands in the inboxes of 4,300+ Django and Python developers every week. With a 52% open rate and 15% click rate, sponsors get their message in front of builders who actively use Django.
Promote your product, service, event, job, or open source project to a highly engaged developer audience while supporting the newsletter.
👉 Explore sponsorship options: https://django-news.com/sponsorship

Django News is not associated with the Django Software Foundation.
Django is a registered trademark of the Django Software Foundation.

                                Don't miss what's next. Subscribe to Django News Newsletter:

            Email address (required)