MariaDB support¶

Django now officially supportsMariaDB 10.1 andhigher. SeeMariaDB notes for more details.

ASGI support¶

Django 3.0 begins our journey to making Django fully async-capable by providingsupport for running as anASGI application.

This is in addition to our existing WSGI support. Django intends to supportboth for the foreseeable future. Async features will only be available toapplications that run under ASGI, however.

At this stage async support only applies to the outer ASGI application.Internally everything remains synchronous. Asynchronous middleware, views, etc.are not yet supported. You can, however, use ASGI middleware around Django’sapplication, allowing you to combine Django with other ASGI frameworks.

There is no need to switch your applications over unless you want to startexperimenting with asynchronous code, but we havedocumentation on deploying with ASGI ifyou want to learn more.

Note that as a side-effect of this change, Django is now aware of asynchronousevent loops and will block you calling code marked as “async unsafe” - such asORM operations - from an asynchronous context. If you were using Django fromasync code before, this may trigger if you were doing it incorrectly. If yousee aSynchronousOnlyOperation error, then closely examine your code andmove any database operations to be in a synchronous child thread.

Exclusion constraints on PostgreSQL¶

The newExclusionConstraint classenable adding exclusion constraints on PostgreSQL. Constraints are added tomodels using theMeta.constraints option.

Filter expressions¶

Expressions that outputBooleanField may now beused directly inQuerySet filters, without having to first annotate andthen filter against the annotation.

Enumerations for model field choices¶

Custom enumeration typesTextChoices,IntegerChoices, andChoicesare now available as a way to defineField.choices.TextChoicesandIntegerChoices types are provided for text and integer fields. TheChoices class allows defining a compatible enumeration for other concretedata types. These custom enumeration types support human-readable labels thatcan be translated and accessed via a property on the enumeration or itsmembers. SeeEnumeration types for moredetails and examples.

Minor features¶

Model.save() when providing a default for the primary key¶

Model.save() no longer attempts to find a row when saving a newModel instance and a default value for the primary key is provided, andalways performs a singleINSERT query. In older Django versions,Model.save() performed either anINSERT or anUPDATE based onwhether or not the row exists.

This makes callingModel.save() while providing a default primary key valueequivalent to passingforce_insert=True tomodel’ssave(). Attempts to use a newModel instance to update anexisting row will result in anIntegrityError.

In order to update an existing model for a specific primary key value, use theupdate_or_create() method orQuerySet.filter(pk=…).update(…) instead. For example:

>>>MyModel.objects.update_or_create(pk=existing_pk,defaults={"name":"new name"})>>>MyModel.objects.filter(pk=existing_pk).update(name="new name")

Database backend API¶

This section describes changes that may be needed in third-party databasebackends.

• The second argument ofDatabaseIntrospection.get_geometry_type() is nowthe row description instead of the column name.

• DatabaseIntrospection.get_field_type() may no longer return tuples.

• If the database can create foreign keys in the same SQL statement that adds afield, addSchemaEditor.sql_create_column_inline_fk with the appropriateSQL; otherwise, setDatabaseFeatures.can_create_inline_fk=False.

• DatabaseFeatures.can_return_id_from_insert andcan_return_ids_from_bulk_insert are renamed tocan_return_columns_from_insert andcan_return_rows_from_bulk_insert.

• Database functions now handledatetime.timezone formats when createdusingdatetime.timedelta instances (e.g.timezone(timedelta(hours=5)), which would output'UTC+05:00').Third-party backends should handle this format when preparingDateTimeField indatetime_cast_date_sql(),datetime_extract_sql(), etc.

• Entries forAutoField,BigAutoField, andSmallAutoField are addedtoDatabaseOperations.integer_field_ranges to support the integer rangevalidators on these field types. Third-party backends may need to customizethe default entries.

• DatabaseOperations.fetch_returned_insert_id() is replaced byfetch_returned_insert_columns() which returns a list of values returnedby theINSERT…RETURNING statement, instead of a single value.

• DatabaseOperations.return_insert_id() is replaced byreturn_insert_columns() that accepts afieldsargument, which is an iterable of fields to be returned after insert. Usuallythis is only the auto-generated primary key.

django.contrib.admin¶

• Admin’s model history change messages now prefers more readable field labelsinstead of field names.

django.contrib.gis¶

• Support for PostGIS 2.1 is removed.

• Support for SpatiaLite 4.1 and 4.2 is removed.

• Support for GDAL 1.11 and GEOS 3.4 is removed.

Dropped support for PostgreSQL 9.4¶

Upstream support for PostgreSQL 9.4 ends in December 2019. Django 3.0 supportsPostgreSQL 9.5 and higher.

Dropped support for Oracle 12.1¶

Upstream support for Oracle 12.1 ends in July 2021. Django 2.2 will besupported until April 2022. Django 3.0 officially supports Oracle 12.2 and 18c.

Removed private Python 2 compatibility APIs¶

While Python 2 support was removed in Django 2.0, some private APIs weren’tremoved from Django so that third party apps could continue using them untilthe Python 2 end-of-life.

Since we expect apps to drop Python 2 compatibility when adding support forDjango 3.0, we’re removing these APIs at this time.

• django.test.utils.str_prefix() - Strings don’t have ‘u’ prefixes inPython 3.

• django.test.utils.patch_logger() - Useunittest.TestCase.assertLogs() instead.

• django.utils.lru_cache.lru_cache() - Alias offunctools.lru_cache().

• django.utils.decorators.available_attrs() - This function returnsfunctools.WRAPPER_ASSIGNMENTS.

• django.utils.decorators.ContextDecorator - Alias ofcontextlib.ContextDecorator.

• django.utils._os.abspathu() - Alias ofos.path.abspath().

• django.utils._os.upath() andnpath() - These functions do nothing onPython 3.

• django.utils.six - Remove usage of this vendored library or switch tosix.

• django.utils.encoding.python_2_unicode_compatible() - Alias ofsix.python_2_unicode_compatible().

• django.utils.functional.curry() - Usefunctools.partial() orfunctools.partialmethod. See5b1c389603a353625ae1603ba345147356336afb.

• django.utils.safestring.SafeBytes - Unused since Django 2.0.

New default value for theFILE_UPLOAD_PERMISSIONS setting¶

In older versions, theFILE_UPLOAD_PERMISSIONS setting defaults toNone. With the defaultFILE_UPLOAD_HANDLERS, this results inuploaded files having different permissions depending on their size and whichupload handler is used.

FILE_UPLOAD_PERMISSIONS now defaults to0o644 to avoid thisinconsistency.

New default values for security settings¶

To make Django projects more secure by default, some security settings now havemore secure default values:

• X_FRAME_OPTIONS now defaults to'DENY'.

• SECURE_CONTENT_TYPE_NOSNIFF now defaults toTrue.

See theWhat’s NewSecurity section above formore details on these changes.

Miscellaneous¶

• ContentType.__str__() now includes the model’sapp_label todisambiguate models with the same name in different apps.

• Because accessing the language in the session rather than in the cookie isdeprecated,LocaleMiddleware no longer looks for the user’s language inthe session anddjango.contrib.auth.logout() no longer preserves thesession’s language after logout.

• django.utils.html.escape() now useshtml.escape() to escape HTML.This converts' to' instead of the previous equivalent decimalcode'.

• Thedjango-admintest-k option now works as theunittest-k option rather than as a shortcut for--keepdb.

• Support forpywatchman < 1.2.0 is removed.

• urlencode() now encodes iterable values as they arewhendoseq=False, rather than iterating them, bringing it into line withthe standard libraryurllib.parse.urlencode() function.

• intword template filter now translates1.0 as a singular phrase andall other numeric values as plural. This may be incorrect for some languages.

• Assigning a value to a model’sForeignKey orOneToOneField'_id' attribute now unsets thecorresponding field. Accessing the field afterward will result in a query.

• patch_vary_headers() now handles an asterisk'*' according toRFC 7231 Section 7.1.4, i.e. if a list of headerfield names contains an asterisk, then theVary header will consist of asingle asterisk'*'.

• On MySQL 8.0.16+,PositiveIntegerField andPositiveSmallIntegerFieldnow include a check constraint to prevent negative values in the database.

• alias=None is added to the signature ofExpression.get_group_by_cols().

• RegexPattern, used byre_path(), no longer returnskeyword arguments withNone values to be passed to the view for theoptional named groups that are missing.

django.utils.encoding.force_text() andsmart_text()¶

Thesmart_text() andforce_text() aliases (since Django 2.0) ofsmart_str() andforce_str() are deprecated. Ignore this deprecation ifyour code supports Python 2 as the behavior ofsmart_str() andforce_str() is different there.

Miscellaneous¶

• django.utils.http.urlquote(),urlquote_plus(),urlunquote(), andurlunquote_plus() are deprecated in favor of the functions that they’realiases for:urllib.parse.quote(),quote_plus(),unquote(), andunquote_plus().

• django.utils.translation.ugettext(),ugettext_lazy(),ugettext_noop(),ungettext(), andungettext_lazy() are deprecatedin favor of the functions that they’re aliases for:django.utils.translation.gettext(),gettext_lazy(),gettext_noop(),ngettext(), andngettext_lazy().

• To limit creation of sessions and hence favor some caching strategies,django.views.i18n.set_language() will stop setting the user’s languagein the session in Django 4.0. Since Django 2.1, the language is always storedin theLANGUAGE_COOKIE_NAME cookie.

• django.utils.text.unescape_entities() is deprecated in favor ofhtml.unescape(). Note that unlikeunescape_entities(),html.unescape() evaluates lazy strings immediately.

• To avoid possible confusion as to effective scope, the private internalutilityis_safe_url() is renamed tourl_has_allowed_host_and_scheme(). That a URL has an allowed host andscheme doesn’t in general imply that it’s “safe”. It may still be quotedincorrectly, for example. Ensure to also useiri_to_uri() on the path component of untrustedURLs.