Django: Weekly Recap - Security Patches & Code Organization
Django addressed a critical ASGI security vulnerability this week while advancing authentication features and completing a major reorganization of email backend tests. Development activity focused on security hardening and codebase maintenance.
Duration: PT2M30S
Episode overview
This episode is a short developer briefing from Django.
It explains recent repository work in plain language.
- Show: Django
- Published: 2026-04-13T00:00:00Z
- Audio duration: PT2M30S
Transcript excerpt
This excerpt keeps the crawler page concise. Listen to the episode or use the RSS feed for the full update.
Welcome to Django's weekly recap for April 6th through 13th, 2026.
Zero pull requests were merged this week, with 27 additional commits addressing security, features, and code organization.
Starting with security fixes, the team patched CVE-2026-33034, a critical vulnerability in ASGI request handling. The issue involved Django's DATA_UPLOAD_MAX_MEMORY_SIZE setting being bypassed on chunked requests without Content-Length headers. The fix now enforces memory limits based on actual bytes consumed rather…
For new features, Django 6.1 gained two notable enhancements. The authentication system now includes a Permission.user_perm_str property, simplifying permission checking via has_perm(). The task decorator system was also expanded to accept keyword arguments, enabling additional parameters for custom Task subclasses.
The bulk of this week's activity centered on test organization improvements. Mike Edmunds led a comprehensive restructuring of email backend tests, addressing issue #36953. The work split a monolithic 744-line test file into focused, smaller classes covering specific django.core.mail APIs. EmailBackend tests were…
Additional maintenance work included isolating a test case…