Django: Security and Query Performance Updates

Django merged two significant pull requests addressing Content Security Policy support in admin templates and fixing a query ordering regression in combined database queries.

Duration: PT1M44S

Episode overview

This episode is a short developer briefing from Django.

It explains recent repository work in plain language.

  • Show: Django
  • Published: 2026-05-19T10:00:56Z
  • Audio duration: PT1M44S

Transcript excerpt

This excerpt keeps the crawler page concise. Listen to the episode or use the RSS feed for the full update.

Good morning, this is your Django development briefing for Thursday, May 19th, 2026.

Two key pull requests were merged yesterday addressing security and database performance issues.

Johannes Maron merged PR #21270, which implements Content Security Policy nonce support across Django's admin interface. This comprehensive update touches 22 files, adding CSP nonce tags to script, link, and style elements in admin templates including login pages, change forms, and error pages. The change improves…

Jacob Walls merged PR #21277, fixing a regression in query ordering for combined database queries. The issue involved the clear_ordering method not properly clearing ordering on union, intersection, and difference queries recursively. This fix ensures that unnecessary ordering is properly removed from nested…

The merged changes include four additional commits that implement the core functionality. The CSP nonce implementation required updates to base admin templates and forms, while the query ordering fix involved modifications to Django's ORM compiler and query handling logic.

What's next: These changes strengthen Django's security posture with better CSP support and resolve database query…

Nearby episodes from Django

  1. Weekly Recap - Security & Admin Enhancements
  2. Security and Admin Consistency Fixes
  3. Media Object Equality Performance Fix
  4. Version 6.2 Bootstrap and Admin Accessibility
  5. Weekly Recap - Email Infrastructure & Admin Enhancements
  6. RedirectView Enhancement and Python 3.15 Compatibility
  7. Email Backend Overhaul and Admin Actions
  8. Documentation and Compatibility Fixes