Release Notes

...

from tzlocal import get_localzone

TIME_ZONE = get_localzone().zone

This works similar to settings.TIME_ZONE = None except that it also sets os.environ['TZ']. Let us know if there’s a use case where you find you can’t adapt your code to set a TIME_ZONE.

...

• If no items in the feed have a pubdate or updateddate attribute, SyndicationFeed.latest_post_date() now returns the current UTC date/time, instead of a datetime without any timezone information.
• CSRF failures are logged to the django.security.csrf logger instead of django.request.

  Jira Legacy
  showSummary false server JIRA (openedx.atlassian.net) serverId 13fd1930-5608-3aac-a5dd-21b934d3a4b4 key PLAT-1381

• ALLOWED_HOSTS validation is no longer disabled when running tests.

  Jira Legacy
  showSummary false server JIRA (openedx.atlassian.net) serverId 13fd1930-5608-3aac-a5dd-21b934d3a4b4 key PLAT-1382

  If your application includes tests with custom host names, you must include those host names in ALLOWED_HOSTS. See Tests and multiple host names.
• Using a foreign key’s id (e.g. 'field_id') in ModelAdmin.list_display displays the related object’s ID.

  Jira Legacy
  showSummary false server JIRA (openedx.atlassian.net) serverId 13fd1930-5608-3aac-a5dd-21b934d3a4b4 key PLAT-1383

  Remove the _id suffix if you want the old behavior of the string representation of the object.
• In model forms, CharField with null=True now saves NULL for blank values instead of empty strings.

  Jira Legacy
  showSummary false server JIRA (openedx.atlassian.net) serverId 13fd1930-5608-3aac-a5dd-21b934d3a4b4 key PLAT-1385

• On Oracle, Model.validate_unique() no longer checks empty strings for uniqueness as the database interprets the value as NULL.
• If you subclass AbstractUser and override clean(), be sure it calls super(). BaseUserManager.normalize_email() is called in a new AbstractUser.clean() method so that normalization is applied in cases like model form validation.
• EmailField and URLField no longer accept the strip keyword argument. Remove it because it doesn’t have an effect in older versions of Django as these fields always strip whitespace.
• The checked and selected attribute rendered by form widgets now uses HTML5 boolean syntax rather than XHTML’s checked='checked' and selected='selected'.
• RelatedManager.add(), remove(), clear(), and set() now clear the prefetch_related() cache.
• To prevent possible loss of saved settings, setup_test_environment() now raises an exception if called a second time before calling teardown_test_environment().
• The undocumented DateTimeAwareJSONEncoder alias for DjangoJSONEncoder (renamed in Django 1.0) is removed.
• The cached template loader is now enabled if DEBUG is False and OPTIONS['loaders'] isn’t specified. This could be backwards-incompatible if you have some template tags that aren’t thread safe.
• The prompt for stale content type deletion no longer occurs after running the migrate command. Use the new remove_stale_contenttypes command instead.
• The admin’s widget for IntegerField uses type="number" rather than type="text".
• Conditional HTTP headers are now parsed and compared according to the RFC 7232 Conditional Requests specification rather than the older RFC 2616.
• patch_response_headers() no longer adds a Last-Modified header. According to the RFC 7234#section-4.2.2, this header is useless alongside other caching headers that provide an explicit expiration time, e.g. Expires or Cache-Control.UpdateCacheMiddleware and add_never_cache_headers() call patch_response_headers() and therefore are also affected by this change.
• In the admin templates, <p class="help"> is replaced with a <div> tag to allow including lists inside help text.
• ConditionalGetMiddleware no longer sets the Date header as Web servers set that header. It also no longer sets the Content-Length header as this is now done by CommonMiddleware.
• get_model() and get_models() now raise AppRegistryNotReady if they’re called before models of all applications have been loaded. Previously they only required the target application’s models to be loaded and thus could return models without all their relations set up. If you need the old behavior of get_model(), set the require_ready argument to False.
• The unused BaseCommand.can_import_settings attribute is removed.
• The undocumented django.utils.functional.lazy_property is removed.
• For consistency with non-multipart requests, MultiPartParser.parse() now leaves request.POST immutable. If you’re modifying that QueryDict, you must now first copy it, e.g. request.POST.copy().
• Support for cx_Oracle < 5.2 is removed.
• Support for IPython < 1.0 is removed from the shell command.
• The signature of private API Widget.build_attrs() changed from extra_attrs=None, **kwargs to base_attrs,extra_attrs=None.
• File-like objects (e.g., StringIO and BytesIO) uploaded to an ImageField using the test client now require a name attribute with a value that passes the validate_image_file_extension validator. See the note in Client.post().

...

from django.db import models

class MyModel(models.Model):
    ...

    @models.permalink
    def url(self):
        return ('guitarist_detail', [self.slug])

becomes:

from django.db import models
from django.urls import reverse

class MyModel(models.Model):
    ...

    def url(self):
        return reverse('guitarist_detail', args=[self.slug])

Miscellaneous¶

• contrib.auth’s login() and logout() function-based views are deprecated in favor of new class-based views LoginView andLogoutView.
• The unused extra_context parameter of contrib.auth.views.logout_then_login() is deprecated.
• contrib.auth’s password_change(), password_change_done(), password_reset(), password_reset_done(), password_reset_confirm(), and password_reset_complete() function-based views are deprecated in favor of new class-based views PasswordChangeView, PasswordChangeDoneView, PasswordResetView, PasswordResetDoneView,PasswordResetConfirmView, and PasswordResetCompleteView.
• django.test.runner.setup_databases() is moved to django.test.utils.setup_databases(). The old location is deprecated.
• django.utils.translation.string_concat() is deprecated in favor of django.utils.text.format_lazy(). string_concat(*strings) can be replaced by format_lazy('{}' * len(strings), *strings).
• For the PyLibMCCache cache backend, passing pylibmc behavior settings as top-level attributes of OPTIONS is deprecated. Set them under a behaviors key within OPTIONS instead.
• The host parameter of django.utils.http.is_safe_url() is deprecated in favor of the new allowed_hosts parameter.
• Silencing exceptions raised while rendering the {% include %} template tag is deprecated as the behavior is often more confusing than helpful. In Django 2.1, the exception will be raised.
• DatabaseIntrospection.get_indexes() is deprecated in favor of DatabaseIntrospection.get_constraints().
• authenticate() now passes a request argument to the authenticate() method of authentication backends. Support for methods that don’t accept request as the first positional argument will be removed in Django 2.1.
• The USE_ETAGS setting is deprecated in favor of ConditionalGetMiddleware which now adds the ETag header to responses regardless of the setting. CommonMiddleware and django.utils.cache.patch_response_headers() will no longer set ETags when the deprecation ends.
• Model._meta.has_auto_field is deprecated in favor of checking if Model._meta.auto_field is not None.
• Using regular expression groups with iLmsu# in url() is deprecated. The only group that’s useful is (?i) for case-insensitive URLs, however, case-insensitive URLs aren’t a good practice because they create multiple entries for search engines, for example. An alternative solution could be to create a handler404 that looks for uppercase characters in the URL and redirects to a lowercase equivalent.
• The renderer argument is added to the Widget.render() method. Methods that don’t accept that argument will work through a deprecation period.