Django 2.1 has been released with changes to Model view permissions, Database backend API, and additional new features. Django 2.1 supports Python 3.5, 3.6, and 3.7. Django 2.1 is a time-based release. The schedule followed was:
| May 14, 2018 | Django 2.1 alpha; feature freeze. |
| June 18 | Django 2.1 beta; non-release blocking bug fix freeze. |
| July 16 | Django 2.1 RC 1; translation string freeze. |
| ~August 1 | Django 2.1 final |
Here is the list of all new features:
Model view permission
Django 2.1 adds a view permission to the model Meta.default_permissions. This new permission will allow users read-only access to models in the admin. The permission will be created automatically when running migrate.
Considerations for the new model view permission
With the new “view” permission, existing custom admin forms may raise errors when a user doesn’t have the change permission because the form might access nonexistent fields.
If users have a custom permission with a codename of the form can_view_<modelname>, the new view permission handling in the admin will allow view access to the changelist and detail pages for those models.
Changes to Database backend API
- To adhere to PEP 249, exceptions where a database doesn’t support a feature are changed from NotImplementedError to django.db.NotSupportedError.
- The allow_sliced_subqueries database feature flag is renamed to allow_sliced_subqueries_with_in.
- The DatabaseOperations.distinct_sql() now requires an additional params argument and returns a tuple of SQL and parameters instead of a SQL string.
- The DatabaseFeatures.introspected_boolean_field_type is changed from a method to a property.
Dropped support for MySQL 5.5 and PostgreSQL 9.3
Django 2.1 marks the end of upstream support for MySQL 5.5. It now supports MySQL 5.6 and higher. Similarly, it ends the support for PostgreSQL 9.3. Django 2.1 supports PostgreSQL 9.4 and higher.
SameSite cookies
The cookies used for django.contrib.sessions, django.contrib.messages, and Django’s CSRF protection now set the SameSite flag to Lax by default. Browsers that respect this flag won’t send these cookies on cross-origin requests.
Other Features
- It removes BCryptPasswordHasher from the default PASSWORD_HASHERS setting.
- The minimum supported version of mysqlclient is increased from 1.3.3 to 1.3.7.
- Support for SQLite < 3.7.15 is removed.
- The multiple attribute rendered by the SelectMultiple widget now uses HTML5 boolean syntax rather than XHTML’s multiple=”multiple”.
- The local-memory cache backend now uses a least-recently-used (LRU) culling strategy rather than a pseudo-random one.
- The new json_script filter safely outputs a Python object as JSON, wrapped in a <script> tag, ready for use with JavaScript.
These are just a select few updates in available in Django 2.1. The release notes cover all the new features in detail.
Read Next
Getting started with Django RESTful Web Services
Getting started with Django and Django REST frameworks to build a RESTful app
Python web development: Django vs Flask in 2018
