

Django 1.4 release candidate 2 - googletron
https://www.djangoproject.com/weblog/2012/mar/14/14rc2/

======
GeneralMaximus
This release brings some really great features to the table. Here are some
things that affect me directly:

    
    
        - Lots and lots of improvements to the admin app. Also, dropped support for IE6 in the admin ;)
        - Better password hashing.
        - A cookie-based session backend that uses cryptographic signing to store session data in the browser.
        - A new form wizard. This is a big one for me since I needed something like this for one of my side projects.
        - Improved WSGI support.
        - Custom project and app templates.
        - OMG OMG OMG timezone support. "When it's enabled, Django stores date and time information in UTC in the database, uses time-zone-aware datetime objects internally and translates them to the end user's time zone in templates and forms." You could always do this manually, but it's one of those things that should be handled by the framework.
    

Pretty nice stuff. Best part is, since I'm in very early stages of building a
personal website using Django, I can start using this release right now.

PS: does anyone else think activity around Django has increased ever since
Adrian started spending more time on it? (see
<http://www.holovaty.com/writing/back-to-django/>)

~~~
po
You're right that velocity has picked up. It actually picked up about a year
and a half ago. I would say the main driver was the Django core expanding to
include people like Carl Meyer (look him up on stack overflow if you want to
learn how you help a community. He also appears to be an absolute monster at
crushing bugs) Alex Gaynor, Andrew Godwin, and a bunch of other people:

[https://code.djangoproject.com/log/django/trunk/docs/interna...](https://code.djangoproject.com/log/django/trunk/docs/internals/committers.txt?rev=15890)

I think that Django went through a rough period of growing pains there but now
seems back on track.

------
BonoboBoner
I am so looking forward to QuerySet.prefetch_related as I can finally optimize
M2M-relationship data-prefetching in my views.

~~~
natmaster
prefetch_related is by far the best feature in this release. Huge improvements
in efficiency. :)

~~~
tocomment
What is that?

~~~
nigma
QuerySet.prefetch_related lets you fetch related objects in a batch for the
whole query set. In other words it does joins in the application. A really
nice stuff. Take a look at docs for more info:

[https://docs.djangoproject.com/en/dev/ref/models/querysets/#...](https://docs.djangoproject.com/en/dev/ref/models/querysets/#prefetch-
related)

~~~
tocomment
What's the difference between that and select related? Edit, nevermind I read
the link ...

------
mixmastamyk
Anyone have any pointers on upgrading a decent sized project from 1.3? I'm
looking to do it shortly and hoping for some premptive expertise with the
inevitible gotchas... e.g. using a lot of local datetimes and sha2 passwords.

~~~
huxley
The password updating is pretty seamless (so long as you don't need to share
the database with an older Django project).

    
    
      PASSWORD_HASHERS = (
          'django.contrib.auth.hashers.PBKDF2PasswordHasher',
          'django.contrib.auth.hashers.PBKDF2SHA1PasswordHasher',
          'django.contrib.auth.hashers.BCryptPasswordHasher',
          'django.contrib.auth.hashers.SHA1PasswordHasher',
          'django.contrib.auth.hashers.MD5PasswordHasher',
          'django.contrib.auth.hashers.CryptPasswordHasher',
      )
    
    

You get a tuple of password algorithms that are supported. The higher on the
list the greater priority it has, so if you have SHA1 passwords in your
database, they will get converted to PBKDF2 when the user logs in the first
time.

If you decided to switch to BCrypt, you would first install py-bcrypt and
change the tuple to put BCrypt at the top:

    
    
      PASSWORD_HASHERS = (
          'django.contrib.auth.hashers.BCryptPasswordHasher',
          'django.contrib.auth.hashers.PBKDF2PasswordHasher',
          'django.contrib.auth.hashers.PBKDF2SHA1PasswordHasher',
          'django.contrib.auth.hashers.BCryptPasswordHasher',
          'django.contrib.auth.hashers.SHA1PasswordHasher',
          'django.contrib.auth.hashers.MD5PasswordHasher',
          'django.contrib.auth.hashers.CryptPasswordHasher',
      )
    

and you're done.

HOWEVER, if you are sharing the database with an older project that is still
using Django 1.3 or less, make sure that
'django.contrib.auth.hashers.SHA1PasswordHasher' is on the top of the list
(until all your projects are Django 1.4 or higher) otherwise your other
installations won't be able to read the passwords since they won't support any
of the newer password hashes.

~~~
mixmastamyk
Thanks for the detailed replies.

