

Django 1.4.9 and 1.5.5 released - hackhackhack
https://www.djangoproject.com/weblog/2013/oct/24/bugfix-releases/

======
tocomment
Just curious, how badly would an upgrade from 1.2 go? I want to do it if it
takes less than a day.

~~~
jsdalton
Do you have good tests? I've done this pretty recently and it got somewhat
messy -- though I had great test coverage on the project that I upgraded, so
it probably only took a day or so.

The main road bump I hit was Django Piston. It's totally broken past 1.5 and
there are a gazillion forks that solved non-overlapping subsets of the
problems I was having.

~~~
Demiurge
Makes me pat myself on the back for trying to resist non-essential packages if
I can roll my own, as much as possible :)

~~~
raverbashing
Yes

Some people will try to solve whatever problem they have by searching for a
package. Even if this could be solved with a couple of lines of code

Yes, reinventing is bad. Yes, good libraries have been tested, are supported
through upgrades, etc.

But I'm very wary of libraries. Beyond the learning curve, then finding out it
doesn't solve your problem or it has some stupid bugs, I think it's usually
easier to roll your own except for the most mainstream libraries.

------
drivingmenuts
Which version should one use? I went digging thru the FAQs, but the 1.5 series
is still listed as experimental.

It's not immediately clear which is stable and which is developmental.

~~~
mhurron
Where did you see 1.5 listed as experimental?

The front page clearly has 1.5.5 as the release and that takes you to a page
that has 1.5.5 listed as the latest official version and 1.6 as the
development version.

Are you referring to 1.5's Python 3 support? That is experimental, but 1.5.5
itself is not.

------
IgorPartola
Does the removal of the limit on the password length mean that the DoS is
fully mitigated by the password hashing speedup?

------
fvox13
How does this impact the release of 1.6, considering that 1.6RC1 was released
yesterday? Does 1.6RC1 contain these fixes, or does this mean that 1.6RC2 is
coming out soon?

~~~
djm_
1.6 will inevitably get the fixes, but as it's not a security release and 1.6
is not officially out yet, they'll probably just bundle them with the actual
release.

