It was just over one year ago that the last major version for Django was launched. On March 26th 2012, Django 1.4, which is a Python based web framework, was launched. The biggest addition to the framework is that it includes help for handling dates and times in the form of time zone support. The new objects in the framework, called ‘time-zone-aware’ objects, are capable of storing time and date as UTC internally and then they can translate it to the local time zone of the user before displaying it. There is a warning attached with this new addition stating that certain ‘sloppy behavior’ that you could get away with earlier is no longer allowed. Taking Python training classes or help of a time zone migration guide is recommended to properly use Django 1.4.
Major improvements
Certain improvements have been made to the Object Relational Manager (ORM) as well. The ORM now has the ability to produce ‘SELECT FOR UPDATE’ queries along with the ‘bulk_create()’ command that can be used for insertion into large data sets. The GenericIPAddressField model, form field and valuators in Django 1.4 allow much better handling of IPv6 addresses. In-browser type testing frameworks are also supported. This is done using a LiveServerTestCase base class, which allows testing interactions between backbends and frontends of applications. The default project layout has also been updated. Now there is support for templates when you are creating new applications and projects.
Security
Django 1.3 used SHA 1 hashing for security, but the newer version uses PBKDF2 as the default password hashing algorithm. This improves the security considerably. The new version also makes it a lot easier to change the hashing algorithm. So, you can go for the bcrypt2 algorithm if you like it better.
Another aspect which will help in strengthening the security is that the session backend is cookie based. It uses cryptography signing for the session data and greatly helps in making the sessions more secure. The CSRF features have also been improved through the introduction of protection for DELETE and PUT requests. It should be noted that Django 1.4 does not support Python 2.4 and is compatible with Python 2.5, 2.6, and 2.7 only. This should not be a concern for most of the users as OS vendors use Python 2.5 or higher for the default version. If you use Python 2.4, then you will need to stick to Django 1.3 which will receive security upgrades till Django 1.5 is released.
HTML 5
The admin and various other bundled templates have been switched to using the HTML 5 doctype. Officials have said that Django will still maintain compatibility with the old browsers, but this change will mean that users will be able to utilize different features of HTML 5 in admin pages. They will no longer need to override the given templates to make changes to the doctype or lose their HTML validity.
Please Share This Knowledge With Others!