News

Incident Report: LiteLLM/Telnyx supply-chain attacks, with guidance

A recent supply chain attack on popular PyPI packages exposed how quickly malware can spread through unpinned dependencies—and why practices like dependency locking and cooldowns are now essential for Python developers.

The PyCon US 2026 schedule is live 🌴🐍 plus security updates, community programs & more

PyCon US 2026 heads to Long Beach with its schedule now live, alongside major Python ecosystem updates spanning security improvements, new community programs, and ongoing PSF initiatives.

Django Software Foundation

DSF Board Meeting Minutes, March 12, 2026

DSF approved trademark renewal plans, advanced a long-awaited Code of Conduct update, and continued shaping community governance and outreach efforts.

Wagtail CMS News

How to Generate SEO Descriptions for Your Entire Wagtail Site at Once ⚡

Use Wagtail AI’s built-in LLM pipeline to bulk-generate SEO meta descriptions across your entire site in minutes with a simple Django management command.

How to Show a Waitlist Until Your Wagtail Site Is Ready

A clever Django and Wagtail pattern for launching with a waitlist while selectively granting preview access using secure cookies and a simple passphrase gate.

Build Dynamic Campaign Landing Pages in Wagtail

Use a single Wagtail page with dynamic routing, built-in A/B testing, and campaign slug tracking to replace dozens of duplicate landing pages with one flexible, data-driven solution.

Updates to Django

Today, "Updates to Django" is presented by Hwayoung from Djangonaut Space! 🚀

Last week we had 11 pull requests merged into Django by 9 different contributors - including 4 first-time contributors! Congratulations to Georgios Verigakis, David Ansa, Vinay Datta and Sebastian Skonieczny for having their first commits merged into Django - welcome on board!

Documentation was added to clarify how database routers handle related-object access. It explains that Django uses instance._state.db by default for related lookups and provides guidance on using the instance hint in db_for_read() to maintain routing consistency in multi-database configurations. (#29762)

Sponsored Link 1

The deployment service for developers and teams.

Articles

The Story of Python's Lazy Imports: Why It Took Three Years and Two Attempts

From PEP 690's rejection to PEP 810's unanimous acceptance — how Python finally got explicit lazy imports after three years of real-world production evidence and a fundamental design inversion

Tombi, pre-commit, prek and uv.lock

A subtle tooling mismatch reveals how a recent update made uv.lock suddenly count as TOML, causing pre-commit to reformat it unexpectedly across environments.

Claude Pitfalls: Database Indexes

A smart migration tweak reveals how AI code reviews can both catch real production risks and miss critical context, proving that combining multiple agents leads to better Django performance decisions.

Loopwerk: Building modern Django apps with Alpine AJAX, revisited

After ditching template partials and full-page AJAX hacks, this deep dive shows how splitting Django views and using template includes leads to simpler code, better performance, and a more maintainable Alpine-powered stack.

Djangonaut diaries, week 4: Eliminating a Redundant Index in Django's ORM

A deep dive into a subtle Django ORM inefficiency shows how removing a redundant many-to-many index improves database performance and highlights the real-world journey from bug report to merged PR.

SHA Pinning Is Not Enough

SHA pinning isn’t a silver bullet—this deep dive shows how attackers can still slip malicious code into GitHub Actions by pointing to trusted-looking but rogue commits.

A primer on Django project structure ¤ 101% objective - always!

AI is rapidly rewriting the world’s software, but without scalable verification like formal proofs, we risk deploying fast, flawed, and fundamentally untrusted code at global scale.

When AI Writes the World's Software, Who Verifies It?

AI is rapidly rewriting the world’s software, but without scalable verification like formal proofs, we risk shipping faster code that no one truly understands or can trust.

So OpenAI is acquiring Astral

OpenAI’s acquisition of Astral raises real concerns about the future of uv, but for now, it’s still one of the fastest and most practical Python tooling choices worth sticking with.

Events

DjangoCon Europe is soon!

April 15-19 in Athens, Greece. Get a ticket if you're able to attend. Keynote speakers, workshops, and all talks available online.

PyCon US May 13-19 in Long Beach, CA

Tickets are available for this annual event now in beautiful Long Beach, California.

DjangoCon US Early Bird Tickets Now Available

Don't hesitate! If you can, join for five days of talks, workshops, and sprints once again in Chicago this August 24-28.

Videos

Boost Your GitHub DX

A lively chat with Adam Johnson on leveling up your GitHub workflow, from practical DX tips to cutting-edge Python tooling like ICU bindings.

Django Job Board

Two fresh Python roles this week: one focused on open data impact, the other on client-facing architecture with a leading developer tools company.

Python Developer at Open Data Services 🆕

Solutions Architect - Python (Client-facing) at JetBrains

Django Forum

Django sprint at Pycon DE? - Events

A call is out for someone to lead a Django sprint at PyCon DE 2026, with contributors already eager to join and help onboard newcomers.

Projects

freelawproject/django-s3-express-cache

A high-speed, low latency cache that uses S3 Express to store many objects cheaply and efficiently

kjnez/django-rclone

Django database and media backup management commands, powered by rclone.