Hello Django community, The Steering Council is excited to share our proposed new technical governance and ask for your feedback. Last year we suspended the formal voting process of the Steering Council. The updates we’re proposing would bring how we’ve been operating into alignment with the written governance. From the motivation section: This is a revisitation of Django's technical governance in which a simplification and reduction was made to make it more approachable to more people. The goals of these changes are the following: Make it easier to enact our governance. Make it easier for others to understand our governance. Make the governance more flexible, allowing more action with less procedure. You can read DEP 0019 here. Adoption plan The goal is to have this governance accepted and in place by 2026-07-01. Our timeline is as follows, but may change depending on feedback. 2026-04-16: Announce new technical governance, solicit feedback 2026-05-07: Merge in minor feedback changes 2026-05-28: Resolve major feedback concerns 2026-06-11: Steering Council and DSF Board vote on and approve DEP What we need from you We would like to know if we are achieving our goals with this document. For example, do you feel that this makes our governance easier to understand, do you feel like you have a better understanding of who is eligible to run for the Steering Council, is it clear how Django operates from a process perspective? Beyond that, if you have other feedback around the changes, please share it. This has gone through a high degree of review from the Steering Council and Board over the past 5 months, but that doesn’t mean there aren't areas where it can be improved. Anyone can participate in this process on the Forum thread here.

For another year, we are thrilled to partner with our friends at JetBrains on the annual "Buy PyCharm, Support Django" campaign. This is the first of two fundraisers we're running with JetBrains this year, and it's one of the most impactful ways the community can support the Django Software Foundation. "JetBrains is a cornerstone in the Django community, consistently helping us understand our evolving landscape. Their annual survey provides invaluable insights into the community's needs, trends, and tools, ensuring we stay on the pulse of what matters most." Jeff Triplett, President, Django Software Foundation Your support of this campaign helps fund key initiatives such as: Django Fellows: Ensuring the rapid development and maintenance of Django. Djangonaut Space: Onboarding new contributors to the Django project. Django Girls: Making the Django community accessible to programming beginners around the world. International events and conferences: Supporting DjangoCons, one-day events, meetups, and other community gatherings around the world. How the campaign works From today to May 1, when you purchase PyCharm at a 30% discount through our special campaign link, JetBrains will donate an equal amount to the Django Software Foundation. You get a professional IDE that's trusted by Django developers worldwide, and the DSF receives a matched contribution. Get 30% off PyCharm, Support Django Thank you, JetBrains Beyond this campaign, JetBrains contributes to the Django ecosystem in ways that are easy to overlook but hard to overstate. Their Django Developers Survey, State of Django report, and broader Python Developers Survey give the entire community a clearer picture of where Django and Python are heading each year. "JetBrains is one of our most generous fundraising partners year after year, helping us sustain and grow the Django ecosystem. We deeply appreciate their commitment, leadership, and collaboration." Thank you to JetBrains for another year of partnership, and thank you to everyone who participates in this campaign. Together, we can ensure the continued success and growth of the framework we all rely on. Other ways to donate If you would like to donate in another way, especially if you are already a PyCharm customer, here are other ways to donate to the DSF: On our website via credit card Via GitHub Sponsors Benevity Workplace Giving Program - If your employer participates, you can make donations to the DSF via payroll deduction. For those able to make a larger donation as corporate sponsors ($2000+), check out our corporate sponsors form

We’re excited to announce that Django has officially adopted Contributor Covenant 3 as our new Code of Conduct! This milestone represents the completion of a careful, community-driven process that began earlier this year. What We’ve Accomplished Back in February, we announced our plan to adopt Contributor Covenant 3 through a transparent, multi-step process. Today, we’re proud to share that we’ve completed all three steps: Step 1 (Completed February 2026): Established a community-driven process for proposing and reviewing changes to our Code of Conduct. Step 2 (Completed March 2026): Updated our Enforcement Manual, Reporting Guidelines, and FAQs to align with Contributor Covenant 3 and incorporate lessons learned from our working group’s experience. Step 3 (Completed April 2026): Adopted the Contributor Covenant 3 with Django-specific enhancements. Why Contributor Covenant 3? Contributor Covenant 3 represents a significant evolution in community standards, incorporating years of experience from communities around the world. The new version: Centers impact over intent, recognizing that even unintentional harm requires accountability and repair Emphasizes consent and boundaries, making explicit that community members must respect stated boundaries immediately Addresses modern harassment patterns like sea-lioning, coordinated harassment, and microaggressions Includes clearer guidance on enforcement, transparency, and accountability By adopting this widely-used standard, Django joins a global community of projects committed to fostering welcoming, inclusive spaces for everyone. What’s New in Django’s Code of Conduct While we’ve adopted Contributor Covenant 3 as our foundation, we’ve also made Django-specific enhancements: In-person event guidance: Added requirements and best practices for Code of Conduct points of contact at Django events Affiliated programs documentation: Clarified scope and expectations for programs that reference Django’s Code of Conduct Bad-faith reporting provisions: Added protections against misuse of the reporting process Escalation processes: Established clear procedures for handling disagreements between working groups Enhanced transparency: Updated our statistics and reporting to provide better visibility into how we enforce our Code of Conduct You can view the complete changelog of changes at our Code of Conduct repository. Community-Driven Process This adoption represents months of collaborative work. The Code of Conduct Working Group reviewed community feedback, consulted with the DSF Board, and incorporated insights from our enforcement experience. Each step was completed through pull requests that were open for community review and discussion. We’re grateful to everyone who participated in this process—whether by opening issues, commenting on pull requests, joining forum discussions, or simply taking the time to review and understand the changes. Where to Find Everything All of our Code of Conduct documentation is available on both djangoproject.com and our GitHub repository: Code of Conduct: djangoproject.com/conduct Reporting Guidelines: djangoproject.com/conduct/reporting Enforcement Manual: djangoproject.com/conduct/enforcement-manual FAQs: djangoproject.com/conduct/faq GitHub Repository: github.com/django/code-of-conduct How You Can Continue to Help The Code of Conduct is a living document that will continue to evolve with our community’s needs: Propose changes: Anyone can open an issue to suggest improvements Join discussions: Participate in community conversations on the Django forum, Discord, or DSF Slack Report violations: If you experience or witness a Code of Conduct violation, please report it to conduct@djangoproject.com Stay informed: Watch the Code of Conduct repository for updates Thank You Creating a truly welcoming and inclusive community is ongoing work that requires participation from all of us. Thank you for being part of Django’s community and for your commitment to making it a safe, respectful space where everyone can contribute and thrive. If you have questions about the new Code of Conduct or our processes, please don’t hesitate to reach out to the Code of Conduct Working Group at conduct@djangoproject.com. Posted by Dan Ryan on behalf of the Django Code of Conduct Working Group

In accordance with our security release policy, the Django team is issuing releases for Django 6.0.4, Django 5.2.13, and Django 4.2.30. These releases address the security issues detailed below. We encourage all users of Django to upgrade as soon as possible. Django 4.2 has reached the end of extended support Note that with this release, Django 4.2 has reached the end of extended support. All Django 4.2 users are encouraged to upgrade to Django 5.2 or later to continue receiving fixes for security issues. See the downloads page for a table of supported versions and the future release schedule. CVE-2026-3902: ASGI header spoofing via underscore/hyphen conflation ASGIRequest normalizes header names following WSGI conventions, mapping hyphens to underscores. As a result, even in configurations where reverse proxies carefully strip security-sensitive headers named with hyphens, such a header could be spoofed by supplying a header named with underscores. Under WSGI, it is the responsibility of the server or proxy to avoid ambiguous mappings. (Django's runserver was patched in CVE-2015-0219.) But under ASGI, there is not the same uniform expectation, even if many proxies protect against this under default configuration (including nginx via underscores_in_headers off;). Headers containing underscores are now ignored by ASGIRequest, matching the behavior of Daphne, the reference server for ASGI. This issue has severity "low" according to the Django Security Policy. Thanks to Tarek Nakkouch for the report. CVE-2026-4277: Privilege abuse in GenericInlineModelAdmin Add permissions on inline model instances were not validated on submission of forged POST data in GenericInlineModelAdmin. This issue has severity "low" according to the Django Security Policy. Thanks to N05ec@LZU-DSLab for the report. CVE-2026-4292: Privilege abuse in ModelAdmin.list_editable Admin changelist forms using ModelAdmin.list_editable incorrectly allowed new instances to be created via forged POST data. This issue has severity "low" according to the Django Security Policy. CVE-2026-33033: Potential denial-of-service vulnerability in MultiPartParser via base64-encoded file upload When using django.http.multipartparser.MultiPartParser, multipart uploads with Content-Transfer-Encoding: base64 that include excessive whitespace may trigger repeated memory copying, potentially degrading performance. This issue has severity "moderate" according to the Django Security Policy. Thanks to Seokchan Yoon for the report. CVE-2026-33034: Potential denial-of-service vulnerability in ASGI requests via memory upload limit bypass ASGI requests with a missing or understated Content-Length header could bypass the DATA_UPLOAD_MAX_MEMORY_SIZE limit when reading HttpRequest.body, potentially loading an unbounded request body into memory and causing service degradation. This issue has severity "low" according to the Django Security Policy. Thanks to Superior for the report. Affected supported versions Django main Django 6.0 Django 5.2 Django 4.2 Resolution Patches to resolve the issue have been applied to Django's main, 6.0, 5.2, and 4.2 branches. The patches may be obtained from the following changesets. CVE-2026-3902: ASGI header spoofing via underscore/hyphen conflation On the main branch On the 6.0 branch On the 5.2 branch On the 4.2 branch CVE-2026-4277: Privilege abuse in GenericInlineModelAdmin On the main branch On the 6.0 branch On the 5.2 branch On the 4.2 branch CVE-2026-4292: Privilege abuse in ModelAdmin.list_editable On the main branch On the 6.0 branch On the 5.2 branch On the 4.2 branch CVE-2026-33033: Potential denial-of-service vulnerability in MultiPartParser via base64-encoded file upload On the main branch On the 6.0 branch On the 5.2 branch On the 4.2 branch CVE-2026-33034: Potential denial-of-service vulnerability in ASGI requests via memory upload limit bypass On the main branch On the 6.0 branch On the 5.2 branch On the 4.2 branch The following releases have been issued Django 6.0.4 (download Django 6.0.4 | 6.0.4 checksums) Django 5.2.13 (download Django 5.2.13 | 5.2.13 checksums) Django 4.2.30 (download Django 4.2.30 | 4.2.30 checksums) The PGP key ID used for this release is Jacob Walls: 131403F4D16D8DC7 General notes regarding security reporting As always, we ask that potential security issues be reported via private email to security@djangoproject.com, and not via Django's Trac instance, nor via the Django Forum. Please see our security policies for further information.

We are looking for the next group of organizers to own and lead the 2027 DjangoCon Europe conference. Could your town's football stadium, theatre, cinema, city hall, circus tent or a private island host this wonderful community event? DjangoCon Europe is a major pillar of the Django community, as people from across the world meet and share. Many qualities make it a unique event: Unconventional and conventional venues, creative happenings, a feast of talks and a dedication to inclusion and diversity. Hosting a DjangoCon is an ambitious undertaking. It's hard work, but each year it has been successfully run by a team of community volunteers, not all of whom have had previous experience - more important is enthusiasm, organizational skills, the ability to plan and manage budgets, time and people - and plenty of time to invest in the project. For 2027, rest assured that we will be there to answer questions and put you in touch with previous organizers through the brand new DSF Events Support Working Group (a reboot of the previous DjangoCon Europe Support Working Group). Step 1: Submit your expression of interest If you're considering organizing DjangoCon Europe (🙌 great!), fill in our DjangoCon Europe 2027 expression of interest form with your contact details. No need to fill in all the information at this stage if you don't have it all already, we'll reach out and help you figure it out. Express your interest in organizing Step 2: We're here to help! We've set up a DjangoCon Europe support working group of previous organizers that you can reach out to with questions about organizing and running a DjangoCon Europe. The group will be in touch with everyone submitting the expression of interest form, or you can reach out to them directly: events-support@djangoproject.com We'd love to hear from you as soon as possible, so your proposal can be finalized and sent to the DSF board by June 1st 2026. Step 3: Submitting the proposal The more detailed and complete your final proposal is, the better. Basic details include: Organizing committee members: You won't have a full team yet, probably, naming just some core team members is enough. The legal entity that is intended to run the conference: Even if the entity does not exist yet, please share how you are planning to set it up. Dates: See "What dates are possible in 2027?" below. We must avoid conflicts with major holidays, EuroPython, DjangoCon US, and PyCon US. Venue(s), including size, number of possible attendees, pictures, accessibility concerns, catering, etc. Transport links and accommodation: Can your venue be reached by international travelers? Budgets and ticket prices: Talk to the DjangoCon Europe Support group to get help with this, including information on past event budgets. We also like to see: Timelines Pictures Plans for online participation, and other ways to make the event more inclusive and reduce its environmental footprint Draft agreements with providers Alternatives you have considered Have a look at our proposed (draft, feedback welcome) DjangoCon Europe 2027 Licensing Agreement for the fine print on contractual requirements and involvement of the Django Software Foundation. Submit your completed proposal by June 1st 2026 via our DjangoCon Europe 2027 expression of interest form, this time filling in as many fields as possible. We look forward to reviewing great proposals that continue the excellence the whole community associates with DjangoCon Europe. Q&A Can I organize a conference alone? We strongly recommend that a team of people submit an application. I/we don't have a legal entity yet, is that a problem? Depending on your jurisdiction, this is usually not a problem. But please share your plans about the entity you will use or form in your application. Do I/we need experience with organizing conferences? The support group is here to help you succeed. From experience, we know that many core groups of 2-3 people have been able to run a DjangoCon with guidance from previous organizers and help from volunteers. What is required in order to announce an event? Ultimately, a contract with the venue confirming the dates is crucial, since announcing a conference makes people book calendars, holidays, buy transportation and accommodation etc. This, however, would only be relevant after the DSF board has concluded the application process. Naturally, the application itself cannot contain any guarantees, but it's good to check concrete dates with your venues to ensure they are actually open and currently available, before suggesting these dates in the application. Do we have to do everything ourselves? No. You will definitely be offered lots of help by the community. Typically, conference organizers will divide responsibilities into different teams, making it possible for more volunteers to join. Local organizers are free to choose which areas they want to invite the community to help out with, and a call will go out through a blog post announcement on djangoproject.com and social media. What kind of support can we expect from the Django Software Foundation? The DSF regularly provides grant funding to DjangoCon organizers, to the extent of $6,000 in recent editions. We also offer support via specific working groups: The dedicated DjangoCon Europe support working group. The social media working group can help you promote the event. The Code of Conduct working group works with all event organizers. In addition, a lot of Individual Members of the DSF regularly volunteer at community events. If your team aren't Individual Members, we can reach out to them on your behalf to find volunteers. What dates are possible in 2027? For 2027, DjangoCon Europe should happen between January 4th and April 26th, or June 3rd and June 27th. This is to avoid the following community events' provisional dates: PyCon US 2027: May 2027 EuroPython 2027: July 2027 DjangoCon US 2027: September - October 2027 DjangoCon Africa 2027: August - September 2027 We also want to avoid the following holidays: New Year's Day: Friday 1st January 2027 Chinese New Year: Saturday 6th February 2027 Eid Al-Fitr: Tuesday 9th March 2027 Easter: Sunday 28th March 2027 Passover: Wednesday 21st - Thursday 29th April 2027 Eid Al-Adha: Monday 17th - Thursday 20th May 2027 Rosh Hashanah: Saturday 2nd - Monday 4th October 2027 Yom Kippur: Monday 11th - Tuesday 12th October 2027 What cities or countries are possible? Any city in Europe. This can be a city or country where DjangoCon Europe has happened in the past (Athens, Vigo, Edinburgh, Porto, Copenhagen, Heidelberg, Florence, Budapest, Cardiff, Toulon, Warsaw, Zurich, Amsterdam, Berlin), or a new locale. References Past calls Interested in organizing DjangoCon Europe 2016? | Weblog | Django Could you host DjangoCon Europe 2017? | Weblog | Django DjangoCon Europe 2019 - where will it be? | Weblog | Django Could you host DjangoCon Europe 2023? | Weblog | Django Last Chance for a DjangoCon Europe 2023 | Weblog | Django Want to host DjangoCon Europe 2024? | Weblog | Django DjangoCon Europe 2025 Call for Proposals | Weblog | Django Last call for DjangoCon Europe 2025 organizers | Weblog | Django Could you host DjangoCon Europe 2026? Call for organizers | Weblog | Django

For March 2026, we welcome Theresa Seyram Agbenyegah as our DSF member of the month! ⭐ Theresa is a passionate community builder serving in the DSF Events Support Working Group. She has demonstrated strong leadership by taking on roles such as Local Organizer Commitee (LOC) Program Lead at PyCon Africa 2024 and Programs Chair for PyCon Ghana 2025. She also organized DjangoGirls events across multiple PyCons, including PyCon Ghana 2022 and PyCon Africa 2024. You can learn more about Theresa by visiting Theresa's LinkedIn profile and her GitHub Profile. Let’s spend some time getting to know Theresa better! Can you tell us a little about yourself (hobbies, education, etc)? I’m Theresa Seyram Agbenyegah, mostly referred to in the community as Stancy; a backend engineer, social entrepreneur, and an open source advocate/contributor passionate about using technology for impact. My background is in technology, community management, and systems design. Over the years, I have grown into roles that combine engineering, leadership, and ecosystem building. I know many folks call you Stancy, me included, why specifically this name? So “Stancy” is my initials 😁, People think it is my nickname. How did you start using Django? I was introduced to Django through a Django Girls workshop, and oh i’m a Django girl. I loved how opinionated yet flexible it was. The “batteries-included” philosophy made backend architecture feel structured without being restrictive. The admin interface especially blew my mind early on; being able to scaffold powerful internal tools so quickly felt magical. What other frameworks do you know, and if you had magical powers, what would you add to Django? I have worked with Flask, FastAPI, and explored the Dart framework. Each has strengths, especially FastAPI in performance and modern async patterns. If I had magical powers, I would: Make async patterns even more seamless across the ecosystem Improve first class support for large scale distributed system Provide even more built-in tooling for observability and performance profiling But overall, Django’s maturity and ecosystem are hard to beat. What projects are you working on now? I’m not working on any big projects at the moment, I'm mostly working on client projects at work. Which Django libraries are your favorite (core or 3rd party)? Some of my favorites: Django Rest Framework (it’s practically essential for modern APIs) django-filter django-allauth Celery (for async task processing) Django Debug Toolbar (for development clarity) The ecosystem really makes Django powerful. What are the top three things in Django that you like? The admin interface The ORM The strong community and documentation (FYI: it gives me a sense of belonging) Django feels stable, mature, and production-ready which builds developer confidence. You have been in the organization of PyCon Africa and DjangoGirls that happen during this conference in 2024. That's great, do you have any advice for people who would like to join or create their own DjangoGirls event in their city? Start small and start with intention. You don’t need a massive budget. What you need is: A committed small team Clear structure Support from the global DjangoGirls organization, Django Software Foundation, and other communities. A safe, welcoming environment Most importantly, center the participants. The goal isn’t just teaching Django, it’s building confidence and introducing them to the Tech industry. How did you become a leader of the PyLadies Ghana chapter? My Leadership journey in the PyLadies Ghana community began with a simple step: attending a Django Girls workshop at Ho while I was in school. At the time, I was just curious and eager to learn more about programming. After the workshop, I was introduced to the PyLadies Ghana community and added to the group. That was my first real connection to a tech community. I started by simply showing up, participating in conversations, attending events, and learning from others in the community. Over time, I became more involved. I joined the PyLadies Ghana Tema Chapter, where I supported the community lead with organizing activities that are bootcamps, meetups,etc. Through that experience, I had the opportunity to contribute more actively. Because of my commitment and willingness to help, I was later asked to volunteer as a co-lead of PyLadies Ghana Tema Chapter. I accepted the opportunity and began working more closely with the Lead to organize events, support members, and grow the community. It was a period of learning, collaboration, and service. As I continued contributing and volunteering, more opportunities opened up. When there was a chance to volunteer with PyLadies Ghana programs and events, I stepped forward again and volunteered as PyLadies Ghana Programs and Events Lead. That experience eventually led to me becoming a lead. Looking back, my journey with PyLadies Ghana has been shaped by community, consistency, and volunteering. What started as attending a workshop grew into leadership and the chance to help create opportunities for others. It reminds me that sometimes all it takes is showing up, contributing where you can, and being willing to grow with the community. You have been organizing a lot of events in Africa, especially in Ghana. How do you envision organizing an event? Would you like additional support? For me, events are ecosystems, not just gatherings. Focus on: Clear goals and impact Accessibility Diversity of voices Strong logistics planning Follow-up community building Yes, more funding support, institutional partnerships for internships, and long-term sponsorship pipelines would significantly help African tech communities scale sustainably. This is the international women's day today, I'm glad to have you featured on this special day. Do you have any word to mention in relation to this? International Women’s Day is a reminder that representation is not a trend, it's a necessity. We need more women building systems, shaping infrastructure, leading conversations, and owning technical spaces. And to every woman in tech: your presence is powerful. Keep building. Keep speaking. Keep leading. Keep mentoring and raising the next tech women. What are your hobbies or what do you do when you’re not working? When I’m not working, I’m usually reading books/articles, mentoring, watching movies or documentaries, cooking, reflecting, or exploring new ideas around technology and social impact. I also enjoy quiet strategy sessions with myself, thinking about how to build things that outlive me. Is there anything else you’d like to say? Technology is more than code, it's access, power, and possibility. I hope more people see themselves not just as users of technology, but as architects of it. Thank you for doing the interview, Stancy !