Django 5.0 release notes - UNDER DEVELOPMENT

Expected December 2023

Welcome to Django 5.0!

These release notes cover the new features, as well as some backwards incompatible changes you’ll want to be aware of when upgrading from Django 4.2 or earlier. We’ve begun the deprecation process for some features.

See the How to upgrade Django to a newer version guide if you’re updating an existing project.

Python compatibility

Django 5.0 supports Python 3.10, 3.11, and 3.12. We highly recommend and only officially support the latest release of each series.

The Django 4.2.x series is the last to support Python 3.8 and 3.9.

Third-party library support for older version of Django

Following the release of Django 5.0, we suggest that third-party app authors drop support for all versions of Django prior to 4.2. At that time, you should be able to run your package’s tests using python -Wd so that deprecation warnings appear. After making the deprecation warning fixes, your app should be compatible with Django 5.0.

What’s new in Django 5.0

Facet filters in the admin

Facet counts are now shown for applied filters in the admin changelist when toggled on via the UI. This behavior can be changed via the new ModelAdmin.show_facets attribute. For more information see Facets.

Minor features

django.contrib.admin

  • The new AdminSite.get_log_entries() method allows customizing the queryset for the site’s listed log entries.

  • The django.contrib.admin.AllValuesFieldListFilter, ChoicesFieldListFilter, RelatedFieldListFilter, and RelatedOnlyFieldListFilter admin filters now handle multi-valued query parameters.

django.contrib.admindocs

django.contrib.auth

  • The default iteration count for the PBKDF2 password hasher is increased from 600,000 to 720,000.

  • AuthenticationMiddleware now adds an HttpRequest.auser() asynchronous method that returns the currently logged-in user.

django.contrib.contenttypes

django.contrib.gis

  • The new ClosestPoint() function returns a 2-dimensional point on the geometry that is closest to another geometry.

django.contrib.messages

django.contrib.postgres

django.contrib.redirects

django.contrib.sessions

django.contrib.sitemaps

django.contrib.sites

django.contrib.staticfiles

django.contrib.syndication

Cache

CSRF

Decorators

Email

Error Reporting

File Storage

File Uploads

Forms

Generic Views

Internationalization

Logging

Management Commands

Migrations

Models

Requests and Responses

Security

Serialization

Signals

  • The new Signal.asend() and Signal.asend_robust() methods allow asynchronous signal dispatch. Signal receivers may be synchronous or asynchronous, and will be automatically adapted to the correct calling style.

Templates

Tests

URLs

Utilities

Validators

Backwards incompatible changes in 5.0

Database backend API

This section describes changes that may be needed in third-party database backends.

Using create_defaults__exact may now be required with QuerySet.update_or_create()

QuerySet.update_or_create() now supports the parameter create_defaults. As a consequence, any models that have a field named create_defaults that are used with an update_or_create() should specify the field in the lookup with create_defaults__exact.

Miscellaneous

  • The instance argument of the undocumented BaseModelFormSet.save_existing() method is renamed to obj.

  • The undocumented django.contrib.admin.helpers.checkbox is removed.

  • Integer fields are now validated as 64-bit integers on SQLite to match the behavior of sqlite3.

Features deprecated in 5.0

Miscellaneous

  • The DjangoDivFormRenderer and Jinja2DivFormRenderer transitional form renderers are deprecated.

  • Passing positional arguments name and violation_error_message to BaseConstraint is deprecated in favor of keyword-only arguments.

Features removed in 5.0

These features have reached the end of their deprecation cycle and are removed in Django 5.0.

See Features deprecated in 4.0 for details on these changes, including how to remove usage of these features.

  • The SERIALIZE test setting is removed.

  • The undocumented django.utils.baseconv module is removed.

  • The undocumented django.utils.datetime_safe module is removed.

  • The default value of the USE_TZ setting is changed from False to True.

  • The default sitemap protocol for sitemaps built outside the context of a request is changed from 'http' to 'https'.

  • The extra_tests argument for DiscoverRunner.build_suite() and DiscoverRunner.run_tests() is removed.

  • The django.contrib.postgres.aggregates.ArrayAgg, JSONBAgg, and StringAgg aggregates no longer return [], [], and '', respectively, when there are no rows.

  • The USE_L10N setting is removed.

  • The USE_DEPRECATED_PYTZ transitional setting is removed.

  • Support for pytz timezones is removed.

  • The is_dst argument is removed from:

    • QuerySet.datetimes()

    • django.utils.timezone.make_aware()

    • django.db.models.functions.Trunc()

    • django.db.models.functions.TruncSecond()

    • django.db.models.functions.TruncMinute()

    • django.db.models.functions.TruncHour()

    • django.db.models.functions.TruncDay()

    • django.db.models.functions.TruncWeek()

    • django.db.models.functions.TruncMonth()

    • django.db.models.functions.TruncQuarter()

    • django.db.models.functions.TruncYear()

  • The django.contrib.gis.admin.GeoModelAdmin and OSMGeoAdmin classes are removed.

  • The undocumented BaseForm._html_output() method is removed.

  • The ability to return a str, rather than a SafeString, when rendering an ErrorDict and ErrorList is removed.

See Features deprecated in 4.1 for details on these changes, including how to remove usage of these features.

  • The SitemapIndexItem.__str__() method is removed.

  • The CSRF_COOKIE_MASKED transitional setting is removed.

  • The name argument of django.utils.functional.cached_property() is removed.

  • The opclasses argument of django.contrib.postgres.constraints.ExclusionConstraint is removed.

  • The undocumented ability to pass errors=None to SimpleTestCase.assertFormError() and assertFormsetError() is removed.

  • django.contrib.sessions.serializers.PickleSerializer is removed.

  • The usage of QuerySet.iterator() on a queryset that prefetches related objects without providing the chunk_size argument is no longer allowed.

  • Passing unsaved model instances to related filters is no longer allowed.

  • created=True is required in the signature of RemoteUserBackend.configure_user() subclasses.

  • Support for logging out via GET requests in the django.contrib.auth.views.LogoutView and django.contrib.auth.views.logout_then_login() is removed.

  • The django.utils.timezone.utc alias to datetime.timezone.utc is removed.

  • Passing a response object and a form/formset name to SimpleTestCase.assertFormError() and assertFormSetError() is no longer allowed.

  • The django.contrib.gis.admin.OpenLayersWidget is removed.

  • The django.contrib.auth.hashers.CryptPasswordHasher is removed.

  • The "django/forms/default.html" and "django/forms/formsets/default.html" templates are removed.

  • The default form and formset rendering style is changed to the div-based.

  • Passing nulls_first=False or nulls_last=False to Expression.asc() and Expression.desc() methods, and the OrderBy expression is no longer allowed.