Web Framework Django has been officially released version Django 2.0. This version no longer supports Python 2.x and adds a bunch of new features.
With Django, you can take Web applications from concept to launch in a matter of hours. Django takes care of much of the hassle of Web development, so you can focus on writing your app without needing to reinvent the wheel. It’s free and open source.
- Ridiculously fastDjango was designed to help developers take applications from concept to completion as quickly as possible.
- Fully loadedDjango includes dozens of extras you can use to handle common Web development tasks. Django takes care of user authentication, content administration, site maps, RSS feeds, and many more tasks — right out of the box.
- Reassuringly secureDjango takes security seriously and helps developers avoid many common security mistakes, such as SQL injection, cross-site scripting, cross-site request forgery and clickjacking. Its user authentication system provides a secure way to manage user accounts and passwords.
- Exceedingly scalableSome of the busiest sites on the planet use Django’s ability to quickly and flexibly scale to meet the heaviest traffic demands.
- Incredibly versatileCompanies, organizations and governments have used Django to build all sorts of things — from content management systems to social networks to scientific computing platforms.
Changelog v2.0.2 & 1.11.10
CVE-2018-6188: Information leakage in
A regression in Django 1.11.8 made
confirm_login_allowed()method even if an incorrect password is entered. This can leak information about a user, depending on what messages
confirm_login_allowed()isn’t overridden, an attacker enter an arbitrary username and see if that user has been set to
confirm_login_allowed()is overridden, more sensitive details could be leaked.
This issue is fixed with the caveat that
AuthenticationFormcan no longer raise the “This account is inactive.” error if the authentication backend rejects inactive users (the default authentication backend,
ModelBackend, has done that since Django 1.10). This issue will be revisited for Django 2.1 as a fix to address the caveat will likely be too invasive for inclusion in older versions.