Django: Security and Email Infrastructure Updates
Django merged six pull requests on May 6-7, 2026, featuring a new CSP nonce template tag for enhanced security and significant email backend improvements. Additional work included ASGI authentication fixes and development workflow enhancements.
Duration: PT2M12S
Episode overview
This episode is a short developer briefing from Django.
It explains recent repository work in plain language.
- Show: Django
- Published: 2026-05-07T10:01:12Z
- Audio duration: PT2M12S
Transcript excerpt
This excerpt keeps the crawler page concise. Listen to the episode or use the RSS feed for the full update.
Good morning, this is your Django development briefing for May 7th, 2026.
Yesterday and today saw significant activity with six merged pull requests and twelve additional commits focused on security and email infrastructure.
Natalia merged the CSP nonce template tag implementation, adding a new `csp_nonce_attr` template tag that automatically includes Content Security Policy nonces in script and link elements. The tag renders `nonce="value"` when CSP nonce is present in the template context and renders nothing otherwise, streamlining…
Mike Edmunds merged email provider preparation work, delivering extensive cleanup and new tests for Django's email backends. The changes include better error handling for missing EMAIL_FILE_PATH settings, simplified test structures, and comprehensive coverage for BaseEmailBackend, SMTP, and file backend configurations.
Jacob Walls merged a critical ASGI fix for RemoteUserMiddleware, restoring the semantic where the header attribute corresponds to request.META under ASGI. This addresses a regression introduced in Django 5.2 that affected custom authentication headers in ASGI deployments.
Additional merged work included improvements to the PR quality…
Nearby episodes from Django
- Documentation and Compatibility Fixes
- QuerySet Performance and Testing Updates
- Python 3.15 Compatibility and Admin Calendar Fixes
- Security and Forms Enhancement
- Security Triple-Header and Base64 Validation
- Critical Security Updates
- Weekly Recap - Security & Template Engine Improvements
- MongoDB Compatibility Fix