<!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="ROBOTS" content="ALL" /> <meta name="MSSmartTagsPreventParsing" content="true" /> <meta name="Copyright" content="Django Software Foundation" /> <meta name="keywords" content="Python, Django, framework, open-source" /> <meta name="description" content="" /> <link rel="canonical" href="https://docs.djangoproject.com/en/dev/internals/security/"> <link rel="alternate" hreflang="en" href="https://docs.djangoproject.com/en/dev/internals/security/"> <link rel="search" type="application/opensearchdescription+xml" href="https://docs.djangoproject.com/en/dev/search/description/" title="Django documentation"> <!-- Favicons --> <link rel="apple-touch-icon" href="https://static.djangoproject.com/img/icon-touch.e4872c4da341.png"> <link rel="icon" sizes="192x192" href="https://static.djangoproject.com/img/icon-touch.e4872c4da341.png"> <link rel="shortcut icon" href="https://static.djangoproject.com/img/favicon.6dbf28c0650e.ico"> <meta name="msapplication-TileColor" content="#113228"> <meta name="msapplication-TileImage" content="https://static.djangoproject.com/img/icon-tile.b01ac0ef9f67.png"> <meta name="theme-color" content="#0C4B33"> <meta property="og:title" content="Django’s security policies | Django documentation" /> <meta property="og:description" content="The web framework for perfectionists with deadlines." /> <meta property="og:image" content="https://static.djangoproject.com/img/logos/django-logo-negative.1d528e2cb5fb.png" /> <meta property="og:image:alt" content="Django logo" /> <meta property="og:image:width" content="1200" /> <meta property="og:image:height" content="546" /> <meta property="og:image:type" content="image/png" /> <meta property="og:url" content="https://docs.djangoproject.com/en/dev/internals/security/" /> <meta property="og:site_name" content="Django Project" /> <meta property="twitter:creator" content="djangoproject" /> <meta property="twitter:site" content="djangoproject" /> <meta property="twitter:card" content="summary"> <title>Django’s security policies | Django documentation | Django</title> <link rel="stylesheet" href="https://static.djangoproject.com/css/output.7ba5275ca1ad.css" > <script src="https://static.djangoproject.com/js/lib/webfontloader/webfontloader.e75218f5f090.js"></script> <script> WebFont.load({ custom: { families: ['FontAwesome', 'Fira+Mono'], }, google: { families: ['Roboto:400italic,700italic,300,700,400:latin' ] }, classes: false, events: false, timeout: 1000 }); </script> <script src="https://static.djangoproject.com/js/lib/modernizr.3b36762e418a.js"></script> <script src="https://static.djangoproject.com/js/mod/switch-dark-mode.69777ee87b91.js"></script> </head> <body id="generic" class=""> <div role="banner" id="top"> <div class="container container--flex--wrap--mobile"> <a class="logo" href="https://www.djangoproject.com/">Django</a> <p class="meta">The web framework for perfectionists with deadlines.</p> <div class="mobile-toggle"> <button class="theme-toggle"> <div class="visually-hidden theme-label-when-auto">Toggle theme (current theme: auto)</div> <div class="visually-hidden theme-label-when-light">Toggle theme (current theme: light)</div> <div class="visually-hidden theme-label-when-dark">Toggle theme (current theme: dark)</div> <div class="visually-hidden">Toggle Light / Dark / Auto color theme</div> <svg aria-hidden="true" class="theme-icon-when-auto"> <use xlink:href="#icon-auto" /> </svg> <svg aria-hidden="true" class="theme-icon-when-dark"> <use xlink:href="#icon-moon" /> </svg> <svg aria-hidden="true" class="theme-icon-when-light"> <use xlink:href="#icon-sun" /> </svg> </button> </div> <button class="menu-button"> <i class="icon icon-reorder"></i> <span class="visuallyhidden">Menu</span> </button> <div role="navigation"> <ul> <li> <a href="https://www.djangoproject.com/start/overview/">Overview</a> </li> <li> <a href="https://www.djangoproject.com/download/">Download</a> </li> <li class="active"> <a href="https://docs.djangoproject.com/">Documentation</a> </li> <li> <a href="https://www.djangoproject.com/weblog/">News</a> </li> <li> <a href="https://www.djangoproject.com/community/">Community</a> </li> <li> <a href="https://github.com/django/django" target="_blank" rel="noopener">Code</a> </li> <li> <a href="https://code.djangoproject.com/">Issues</a> </li> <li> <a href="https://www.djangoproject.com/foundation/">About</a> </li> <li> <a href="https://www.djangoproject.com/fundraising/">&#9829; Donate</a> </li> <li> <button class="theme-toggle"> <div class="visually-hidden theme-label-when-auto">Toggle theme (current theme: auto)</div> <div class="visually-hidden theme-label-when-light">Toggle theme (current theme: light)</div> <div class="visually-hidden theme-label-when-dark">Toggle theme (current theme: dark)</div> <div class="visually-hidden">Toggle Light / Dark / Auto color theme</div> <svg aria-hidden="true" class="theme-icon-when-auto"> <use xlink:href="#icon-auto" /> </svg> <svg aria-hidden="true" class="theme-icon-when-dark"> <use xlink:href="#icon-moon" /> </svg> <svg aria-hidden="true" class="theme-icon-when-light"> <use xlink:href="#icon-sun" /> </svg> </button> </li> </ul> </div> </div> </div> <div class="copy-banner"> <div class="container container--flex container--flex--wrap--mobile "> <h1><a href="https://docs.djangoproject.com/en/dev/">Documentation</a></h1> <form action="https://docs.djangoproject.com/en/dev/search/" class="search form-input" role="search"> <label class="visuallyhidden" for="id_q">Search:</label> <input type="search" name="q" placeholder="Search development documentation" id="id_q"> <button type="submit"> <i class="icon icon-search"></i> <span class="visuallyhidden">Search</span> </button> </form> </div> </div> <div id="billboard"> <div class="banner"> <p> Please take a few minutes to complete the <a href="https://jb.gg/asjljo">2024 Django Developers Survey</a>.<br> Your feedback will help guide future efforts. </p> </div> </div> <div class="container sidebar-right"> <div role="main"> <div id="version-switcher"> <ul id="faq-link"> <li class="current-link"> <a href="https://docs.djangoproject.com/en/dev/faq/help/"> <span>Getting Help</span> </a> </li> </ul> <ul id="doc-languages" class="language-switcher doc-switcher"> <li class="current" title="Click on the links on the left to switch to another language."> <span>Language: <strong>en</strong></span> </li> </ul> <ul id="doc-versions" class="version-switcher doc-switcher"> <li class="other"> <a href="https://docs.djangoproject.com/en/1.8/internals/security/">1.8</a> </li> <li class="other"> <a href="https://docs.djangoproject.com/en/1.10/internals/security/">1.10</a> </li> <li class="other"> <a href="https://docs.djangoproject.com/en/1.11/internals/security/">1.11</a> </li> <li class="other"> <a href="https://docs.djangoproject.com/en/2.0/internals/security/">2.0</a> </li> <li class="other"> <a href="https://docs.djangoproject.com/en/2.1/internals/security/">2.1</a> </li> <li class="other"> <a href="https://docs.djangoproject.com/en/2.2/internals/security/">2.2</a> </li> <li class="other"> <a href="https://docs.djangoproject.com/en/3.0/internals/security/">3.0</a> </li> <li class="other"> <a href="https://docs.djangoproject.com/en/3.1/internals/security/">3.1</a> </li> <li class="other"> <a href="https://docs.djangoproject.com/en/3.2/internals/security/">3.2</a> </li> <li class="other"> <a href="https://docs.djangoproject.com/en/4.0/internals/security/">4.0</a> </li> <li class="other"> <a href="https://docs.djangoproject.com/en/4.1/internals/security/">4.1</a> </li> <li class="other"> <a href="https://docs.djangoproject.com/en/4.2/internals/security/">4.2</a> </li> <li class="other"> <a href="https://docs.djangoproject.com/en/5.0/internals/security/">5.0</a> </li> <li class="other"> <a href="https://docs.djangoproject.com/en/5.1/internals/security/">5.1</a> </li> <li class="current dev" title="This document is for Django's development version, which can be significantly different from previous releases. Click on the links on the left to see other versions."> <span>Documentation version: <strong>development</strong> </span> </li> </ul> <ul id="backtotop-link"> <li class="current-link"> <a href="#top" aria-label="Back to top" class="icon-chevron-up-align"><i class="icon icon-chevron-up"></i></a> </li> </ul> </div> <div id="docs-content"> <section id="s-django-s-security-policies"> <span id="django-s-security-policies"></span><h1>Django’s security policies<a class="headerlink" href="#django-s-security-policies" title="Link to this heading">¶</a></h1> <p>Django’s development team is strongly committed to responsible reporting and disclosure of security-related issues. As such, we’ve adopted and follow a set of policies which conform to that ideal and are geared toward allowing us to deliver timely security updates to the official distribution of Django, as well as to third-party distributions.</p> <section id="s-reporting-security-issues"> <span id="s-id1"></span><span id="reporting-security-issues"></span><span id="id1"></span><h2>Reporting security issues<a class="headerlink" href="#reporting-security-issues" title="Link to this heading">¶</a></h2> <p><strong>Short version: please report security issues by emailing security&#64;djangoproject.com</strong>.</p> <p>Most normal bugs in Django are reported to <a class="reference external" href="https://code.djangoproject.com/query">our public Trac instance</a>, but due to the sensitive nature of security issues, we ask that they <strong>not</strong> be publicly reported in this fashion.</p> <p>Instead, if you believe you’ve found something in Django which has security implications, please send a description of the issue via email to <code class="docutils literal notranslate"><span class="pre">security&#64;djangoproject.com</span></code>. Mail sent to that address reaches the <a class="reference external" href="https://www.djangoproject.com/foundation/teams/#security-team">security team</a>.</p> <p>Once you’ve submitted an issue via email, you should receive an acknowledgment from a member of the security team within 48 hours, and depending on the action to be taken, you may receive further followup emails.</p> <div class="admonition-sending-encrypted-reports admonition"> <p class="admonition-title">Sending encrypted reports</p> <p>If you want to send an encrypted email (<em>optional</em>), the public key ID for <code class="docutils literal notranslate"><span class="pre">security&#64;djangoproject.com</span></code> is <code class="docutils literal notranslate"><span class="pre">0xfcb84b8d1d17f80b</span></code>, and this public key is available from most commonly-used keyservers.</p> </div> </section> <section id="s-how-does-django-evaluate-a-report"> <span id="s-security-report-evaluation"></span><span id="how-does-django-evaluate-a-report"></span><span id="security-report-evaluation"></span><h2>How does Django evaluate a report<a class="headerlink" href="#how-does-django-evaluate-a-report" title="Link to this heading">¶</a></h2> <p>These are criteria used by the security team when evaluating whether a report requires a security release:</p> <ul class="simple"> <li><p>The vulnerability is within a <a class="reference internal" href="#security-support"><span class="std std-ref">supported version</span></a> of Django.</p></li> <li><p>The vulnerability applies to a production-grade Django application. This means the following do not require a security release:</p> <ul> <li><p>Exploits that only affect local development, for example when using <a class="reference internal" href="../../ref/django-admin/#django-admin-runserver"><code class="xref std std-djadmin docutils literal notranslate"><span class="pre">runserver</span></code></a>.</p></li> <li><p>Exploits which fail to follow security best practices, such as failure to sanitize user input. For other examples, see our <a class="reference internal" href="../../topics/security/#cross-site-scripting"><span class="std std-ref">security documentation</span></a>.</p></li> <li><p>Exploits in AI generated code that do not adhere to security best practices.</p></li> </ul> </li> </ul> <p>The security team may conclude that the source of the vulnerability is within the Python standard library, in which case the reporter will be asked to report the vulnerability to the Python core team. For further details see the <a class="reference external" href="https://www.python.org/dev/security/">Python security guidelines</a>.</p> <p>On occasion, a security release may be issued to help resolve a security vulnerability within a popular third-party package. These reports should come from the package maintainers.</p> <p>If you are unsure whether your finding meets these criteria, please still report it <a class="reference internal" href="#reporting-security-issues"><span class="std std-ref">privately by emailing security&#64;djangoproject.com</span></a>. The security team will review your report and recommend the correct course of action.</p> </section> <section id="s-supported-versions"> <span id="s-security-support"></span><span id="supported-versions"></span><span id="security-support"></span><h2>Supported versions<a class="headerlink" href="#supported-versions" title="Link to this heading">¶</a></h2> <p>At any given time, the Django team provides official security support for several versions of Django:</p> <ul class="simple"> <li><p>The <a class="reference external" href="https://github.com/django/django/">main development branch</a>, hosted on GitHub, which will become the next major release of Django, receives security support. Security issues that only affect the main development branch and not any stable released versions are fixed in public without going through the <a class="reference internal" href="#security-disclosure"><span class="std std-ref">disclosure process</span></a>.</p></li> <li><p>The two most recent Django release series receive security support. For example, during the development cycle leading to the release of Django 1.5, support will be provided for Django 1.4 and Django 1.3. Upon the release of Django 1.5, Django 1.3’s security support will end.</p></li> <li><p><a class="reference internal" href="../release-process/#term-Long-term-support-release"><span class="xref std std-term">Long-term support release</span></a>s will receive security updates for a specified period.</p></li> </ul> <p>When new releases are issued for security reasons, the accompanying notice will include a list of affected versions. This list is comprised solely of <em>supported</em> versions of Django: older versions may also be affected, but we do not investigate to determine that, and will not issue patches or new releases for those versions.</p> </section> <section id="s-how-django-discloses-security-issues"> <span id="s-security-disclosure"></span><span id="how-django-discloses-security-issues"></span><span id="security-disclosure"></span><h2>How Django discloses security issues<a class="headerlink" href="#how-django-discloses-security-issues" title="Link to this heading">¶</a></h2> <p>Our process for taking a security issue from private discussion to public disclosure involves multiple steps.</p> <p>Approximately one week before public disclosure, we send two notifications:</p> <p>First, we notify <a class="reference internal" href="../mailing-lists/#django-announce-mailing-list"><span class="std std-ref">django-announce</span></a> of the date and approximate time of the upcoming security release, as well as the severity of the issues. This is to aid organizations that need to ensure they have staff available to handle triaging our announcement and upgrade Django as needed. Severity levels are:</p> <ul class="simple"> <li><p><strong>High</strong></p> <ul> <li><p>Remote code execution</p></li> <li><p>SQL injection</p></li> </ul> </li> <li><p><strong>Moderate</strong></p> <ul> <li><p>Cross site scripting (XSS)</p></li> <li><p>Cross site request forgery (CSRF)</p></li> <li><p>Denial-of-service attacks</p></li> <li><p>Broken authentication</p></li> </ul> </li> <li><p><strong>Low</strong></p> <ul> <li><p>Sensitive data exposure</p></li> <li><p>Broken session management</p></li> <li><p>Unvalidated redirects/forwards</p></li> <li><p>Issues requiring an uncommon configuration option</p></li> </ul> </li> </ul> <p>Second, we notify a list of <a class="reference internal" href="#security-notifications"><span class="std std-ref">people and organizations</span></a>, primarily composed of operating-system vendors and other distributors of Django. This email is signed with the PGP key of someone from <a class="reference external" href="https://www.djangoproject.com/foundation/teams/#releasers-team">Django’s release team</a> and consists of:</p> <ul class="simple"> <li><p>A full description of the issue and the affected versions of Django.</p></li> <li><p>The steps we will be taking to remedy the issue.</p></li> <li><p>The patch(es), if any, that will be applied to Django.</p></li> <li><p>The date on which the Django team will apply these patches, issue new releases and publicly disclose the issue.</p></li> </ul> <p>On the day of disclosure, we will take the following steps:</p> <ol class="arabic simple"> <li><p>Apply the relevant patch(es) to Django’s codebase.</p></li> <li><p>Issue the relevant release(s), by placing new packages on the <a class="extlink-pypi reference external" href="https://pypi.org/project/Django/">Python Package Index</a> and on the <a class="reference external" href="https://www.djangoproject.com/download/">djangoproject.com website</a>, and tagging the new release(s) in Django’s git repository.</p></li> <li><p>Post a public entry on <a class="reference external" href="https://www.djangoproject.com/weblog/">the official Django development blog</a>, describing the issue and its resolution in detail, pointing to the relevant patches and new releases, and crediting the reporter of the issue (if the reporter wishes to be publicly identified).</p></li> <li><p>Post a notice to the <a class="reference internal" href="../mailing-lists/#django-announce-mailing-list"><span class="std std-ref">django-announce</span></a> and <a class="reference external" href="mailto:oss-security&#37;&#52;&#48;lists&#46;openwall&#46;com">oss-security<span>&#64;</span>lists<span>&#46;</span>openwall<span>&#46;</span>com</a> mailing lists that links to the blog post.</p></li> </ol> <p>If a reported issue is believed to be particularly time-sensitive – due to a known exploit in the wild, for example – the time between advance notification and public disclosure may be shortened considerably.</p> <p>Additionally, if we have reason to believe that an issue reported to us affects other frameworks or tools in the Python/web ecosystem, we may privately contact and discuss those issues with the appropriate maintainers, and coordinate our own disclosure and resolution with theirs.</p> <p>The Django team also maintains an <a class="reference internal" href="../../releases/security/"><span class="doc">archive of security issues disclosed in Django</span></a>.</p> </section> <section id="s-who-receives-advance-notification"> <span id="s-security-notifications"></span><span id="who-receives-advance-notification"></span><span id="security-notifications"></span><h2>Who receives advance notification<a class="headerlink" href="#who-receives-advance-notification" title="Link to this heading">¶</a></h2> <p>The full list of people and organizations who receive advance notification of security issues is not and will not be made public.</p> <p>We also aim to keep this list as small as effectively possible, in order to better manage the flow of confidential information prior to disclosure. As such, our notification list is <em>not</em> simply a list of users of Django, and being a user of Django is not sufficient reason to be placed on the notification list.</p> <p>In broad terms, recipients of security notifications fall into three groups:</p> <ol class="arabic simple"> <li><p>Operating-system vendors and other distributors of Django who provide a suitably-generic (i.e., <em>not</em> an individual’s personal email address) contact address for reporting issues with their Django package, or for general security reporting. In either case, such addresses <strong>must not</strong> forward to public mailing lists or bug trackers. Addresses which forward to the private email of an individual maintainer or security-response contact are acceptable, although private security trackers or security-response groups are strongly preferred.</p></li> <li><p>On a case-by-case basis, individual package maintainers who have demonstrated a commitment to responding to and responsibly acting on these notifications.</p></li> <li><p>On a case-by-case basis, other entities who, in the judgment of the Django development team, need to be made aware of a pending security issue. Typically, membership in this group will consist of some of the largest and/or most likely to be severely impacted known users or distributors of Django, and will require a demonstrated ability to responsibly receive, keep confidential and act on these notifications.</p></li> </ol> <div class="admonition-security-audit-and-scanning-entities admonition"> <p class="admonition-title">Security audit and scanning entities</p> <p>As a policy, we do not add these types of entities to the notification list.</p> </div> </section> <section id="s-requesting-notifications"> <span id="requesting-notifications"></span><h2>Requesting notifications<a class="headerlink" href="#requesting-notifications" title="Link to this heading">¶</a></h2> <p>If you believe that you, or an organization you are authorized to represent, fall into one of the groups listed above, you can ask to be added to Django’s notification list by emailing <code class="docutils literal notranslate"><span class="pre">security&#64;djangoproject.com</span></code>. Please use the subject line “Security notification request”.</p> <p>Your request <strong>must</strong> include the following information:</p> <ul class="simple"> <li><p>Your full, real name and the name of the organization you represent, if applicable, as well as your role within that organization.</p></li> <li><p>A detailed explanation of how you or your organization fit at least one set of criteria listed above.</p></li> <li><p>A detailed explanation of why you are requesting security notifications. Again, please keep in mind that this is <em>not</em> simply a list for users of Django, and the overwhelming majority of users should subscribe to <a class="reference internal" href="../mailing-lists/#django-announce-mailing-list"><span class="std std-ref">django-announce</span></a> to receive advanced notice of when a security release will happen, without the details of the issues, rather than request detailed notifications.</p></li> <li><p>The email address you would like to have added to our notification list.</p></li> <li><p>An explanation of who will be receiving/reviewing mail sent to that address, as well as information regarding any automated actions that will be taken (i.e., filing of a confidential issue in a bug tracker).</p></li> <li><p>For individuals, the ID of a public key associated with your address which can be used to verify email received from you and encrypt email sent to you, as needed.</p></li> </ul> <p>Once submitted, your request will be considered by the Django development team; you will receive a reply notifying you of the result of your request within 30 days.</p> <p>Please also bear in mind that for any individual or organization, receiving security notifications is a privilege granted at the sole discretion of the Django development team, and that this privilege can be revoked at any time, with or without explanation.</p> <div class="admonition-provide-all-required-information admonition"> <p class="admonition-title">Provide all required information</p> <p>A failure to provide the required information in your initial contact will count against you when making the decision on whether or not to approve your request.</p> </div> </section> </section> </div> <div class="browse-horizontal"> <div class="left"><a rel="prev" href="../organization/"><i class="icon icon-chevron-left"></i> Organization of the Django Project</a></div> <div class="right"><a rel="next" href="../release-process/">Django’s release process <i class="icon icon-chevron-right"></i></a></div> </div> <a href="#top" class="backtotop"><i class="icon icon-chevron-up"></i> Back to Top</a> </div> <h1 class="visuallyhidden">Additional Information</h1> <div role="complementary"> <div class="fundraising-sidebar"> <h2>Support Django!</h2> <div class="small-heart"> <img src="https://static.djangoproject.com/img/fundraising-heart.cd6bb84ffd33.svg" alt="Support Django!" /> </div> <div class="small-cta"> <ul class="list-links-small"> <li><a href="https://www.djangoproject.com/fundraising/"> Aircon Dealer Singapore donated to the Django Software Foundation to support Django development. Donate today! </a></li> </ul> </div> </div> <h2>Contents</h2> <ul> <li><a class="reference internal" href="#">Django’s security policies</a><ul> <li><a class="reference internal" href="#reporting-security-issues">Reporting security issues</a></li> <li><a class="reference internal" href="#how-does-django-evaluate-a-report">How does Django evaluate a report</a></li> <li><a class="reference internal" href="#supported-versions">Supported versions</a></li> <li><a class="reference internal" href="#how-django-discloses-security-issues">How Django discloses security issues</a></li> <li><a class="reference internal" href="#who-receives-advance-notification">Who receives advance notification</a></li> <li><a class="reference internal" href="#requesting-notifications">Requesting notifications</a></li> </ul> </li> </ul> <h2>Browse</h2> <ul> <li>Prev: <a rel="prev" href="../organization/">Organization of the Django Project</a></li> <li>Next: <a rel="next" href="../release-process/">Django’s release process</a></li> <li><a href="https://docs.djangoproject.com/en/dev/contents/">Table of contents</a></li> <li><a href="https://docs.djangoproject.com/en/dev/genindex/">General Index</a></li> <li><a href="https://docs.djangoproject.com/en/dev/py-modindex/">Python Module Index</a></li> </ul> <h2>You are here:</h2> <ul> <li> <a href="https://docs.djangoproject.com/en/dev/">Django dev documentation</a> <ul><li><a href="../">Django internals</a> <ul><li>Django’s security policies</li></ul> </li></ul> </li> </ul> <h2 id="getting-help-sidebar">Getting help</h2> <dl class="list-links"> <dt><a href="https://docs.djangoproject.com/en/dev/faq/">FAQ</a></dt> <dd>Try the FAQ — it's got answers to many common questions.</dd> <dt><a href="/en/stable/genindex/">Index</a>, <a href="/en/stable/py-modindex/">Module Index</a>, or <a href="/en/stable/contents/">Table of Contents</a></dt> <dd>Handy when looking for specific information.</dd> <dt><a href="https://groups.google.com/group/django-users/">django-users mailing list</a></dt> <dd>Search for information in the archives of the django-users mailing list, or post a question.</dd> <dt><a href="irc://irc.libera.chat/django">#django IRC channel</a></dt> <dd>Ask a question in the #django IRC channel, or search the IRC logs to see if it’s been asked before.</dd> <dt><a href="https://discord.gg/xcRH6mN4fa">Django Discord Server</a></dt> <dd>Join the Django Discord Community.</dd> <dt><a href="https://forum.djangoproject.com/">Official Django Forum</a></dt> <dd>Join the community on the Django Forum.</dd> <dt><a href="https://code.djangoproject.com/">Ticket tracker</a></dt> <dd>Report bugs with Django or Django documentation in our ticket tracker.</dd> </dl> <h2>Download:</h2> <p> Offline (development version): <a href="https://media.djangoproject.com/docs/django-docs-dev-en.zip">HTML</a> | <a href="https://media.readthedocs.org/pdf/django/latest/django.pdf">PDF</a> | <a href="https://media.readthedocs.org/epub/django/latest/django.epub">ePub</a> <br> <span class="quiet"> Provided by <a href="https://readthedocs.org/">Read the Docs</a>. </span> </p> </div> </div> <!-- SVGs --> <svg xmlns="http://www.w3.org/2000/svg"> <symbol viewBox="0 0 24 24" id="icon-auto"><path d="M0 0h24v24H0z" fill="currentColor"/><path d="M12 22C6.477 22 2 17.523 2 12S6.477 2 12 2s10 4.477 10 10-4.477 10-10 10zm0-2V4a8 8 0 1 0 0 16z"/></symbol> <symbol viewBox="0 0 24 24" id="icon-moon"><path d="M0 0h24v24H0z" fill="currentColor"/><path d="M10 7a7 7 0 0 0 12 4.9v.1c0 5.523-4.477 10-10 10S2 17.523 2 12 6.477 2 12 2h.1A6.979 6.979 0 0 0 10 7zm-6 5a8 8 0 0 0 15.062 3.762A9 9 0 0 1 8.238 4.938 7.999 7.999 0 0 0 4 12z"/></symbol> <symbol viewBox="0 0 24 24" id="icon-sun"><path d="M0 0h24v24H0z" fill="currentColor"/><path d="M12 18a6 6 0 1 1 0-12 6 6 0 0 1 0 12zm0-2a4 4 0 1 0 0-8 4 4 0 0 0 0 8zM11 1h2v3h-2V1zm0 19h2v3h-2v-3zM3.515 4.929l1.414-1.414L7.05 5.636 5.636 7.05 3.515 4.93zM16.95 18.364l1.414-1.414 2.121 2.121-1.414 1.414-2.121-2.121zm2.121-14.85l1.414 1.415-2.121 2.121-1.414-1.414 2.121-2.121zM5.636 16.95l1.414 1.414-2.121 2.121-1.414-1.414 2.121-2.121zM23 11v2h-3v-2h3zM4 11v2H1v-2h3z"/></symbol> </svg> <!-- END SVGs --> <div role="contentinfo"> <div class="subfooter"> <div class="container"> <h1 class="visuallyhidden">Django Links</h1> <div class="column-container"> <div class="col-learn-more"> <h2>Learn More</h2> <ul> <li><a href="https://www.djangoproject.com/start/overview/">About Django</a></li> <li><a href="https://www.djangoproject.com/start/">Getting Started with Django</a></li> <li><a href="https://docs.djangoproject.com/en/dev/internals/organization/">Team Organization</a></li> <li><a href="https://www.djangoproject.com/foundation/">Django Software Foundation</a></li> <li><a href="https://www.djangoproject.com/conduct/">Code of Conduct</a></li> <li><a href="https://www.djangoproject.com/diversity/">Diversity Statement</a></li> </ul> </div> <div class="col-get-involved"> <h2>Get Involved</h2> <ul> <li><a href="https://www.djangoproject.com/community/">Join a Group</a></li> <li><a href="https://docs.djangoproject.com/en/dev/internals/contributing/">Contribute to Django</a></li> <li><a href="https://docs.djangoproject.com/en/dev/internals/contributing/bugs-and-features/">Submit a Bug</a></li> <li><a href="https://docs.djangoproject.com/en/dev/internals/security/#reporting-security-issues">Report a Security Issue</a></li> <li><a href="https://www.djangoproject.com/foundation/individual-members/">Individual membership</a></li> </ul> </div> <div class="col-get-help"> <h2>Get Help</h2> <ul> <li><a href="https://docs.djangoproject.com/en/stable/faq/">Getting Help FAQ</a> </li> <li><a href="irc://irc.libera.chat/django">#django IRC channel</a></li> <li><a href="https://discord.gg/xcRH6mN4fa" target="_blank">Django Discord</a></li> <li><a href="https://forum.djangoproject.com/" target="_blank">Official Django Forum</a></li> </ul> </div> <div class="col-follow-us"> <h2>Follow Us</h2> <ul> <li><a href="https://github.com/django">GitHub</a></li> <li><a href="https://twitter.com/djangoproject">Twitter</a></li> <li><a href="https://fosstodon.org/@django" rel="me">Fediverse (Mastodon)</a></li> <li><a href="https://www.djangoproject.com/rss/weblog/">News RSS</a></li> <li><a href="https://groups.google.com/forum/#!forum/django-users">Django Users Mailing List</a></li> </ul> </div> <div class="col-support-us"> <h2>Support Us</h2> <ul> <li><a href="https://www.djangoproject.com/fundraising/">Sponsor Django</a></li> <li><a href="/foundation/corporate-membership/">Corporate membership</a></li> <li><a href="https://django.threadless.com/" target="_blank">Official merchandise store</a></li> <li><a href="/foundation/donate/#benevity-giving">Benevity Workplace Giving Program</a></li> </ul> </div> </div> </div> </div> <div class="footer"> <div class="container"> <div class="footer-logo"> <a class="logo" href="https://www.djangoproject.com/">Django</a> </div> <ul class="thanks"> <li> <span>Hosting by</span> <a class="in-kind-donors" href="https://www.djangoproject.com/fundraising/#in-kind-donors">In-kind donors</a> </li> <li class="design"><span>Design by</span> <a class="threespot" href="https://www.threespot.com">Threespot</a> <span class="ampersand">&amp;</span> <a class="andrevv" href="http://andrevv.com/">andrevv</a></li> </ul> <p class="copyright">&copy; 2005-2024 <a href="https://www.djangoproject.com/foundation/"> Django Software Foundation</a> and individual contributors. Django is a <a href="https://www.djangoproject.com/trademarks/">registered trademark</a> of the Django Software Foundation. </p> </div> </div> </div> <script> function extless(input) { return input.replace(/(.*)\.[^.]+$/, '$1'); } var require = { shim: { 'jquery': [], 'jquery.inview': ["jquery"], 'jquery.payment': ["jquery"], 'jquery.flot': ["jquery"], 'jquery.unveil': ["jquery"], 'stripe': { exports: 'Stripe' } }, paths: { "jquery": extless("https://static.djangoproject.com/js/lib/jquery/dist/jquery.min.eb6af28969bd.js"), "jquery.inview": extless("https://static.djangoproject.com/js/lib/jquery.inview/jquery.inview.min.4edba1c65592.js"), "jquery.payment": extless("https://static.djangoproject.com/js/lib/jquery.payment/lib/jquery.payment.e99c05ca79ae.js"), "jquery.unveil": extless("https://static.djangoproject.com/js/lib/unveil/jquery.unveil.min.ac79eb277093.js"), "jquery.flot": extless("https://static.djangoproject.com/js/lib/jquery-flot/jquery.flot.min.9964206e9d7f.js"), "clipboard": extless("https://static.djangoproject.com/js/lib/clipboard/dist/clipboard.min.bd70fd596a23.js"), "mod/floating-warning": extless("https://static.djangoproject.com/js/mod/floating-warning.a21b2abd2884.js"), "mod/list-collapsing": extless("https://static.djangoproject.com/js/mod/list-collapsing.c1a08d3ef9e9.js"), "mod/list-feature": extless("https://static.djangoproject.com/js/mod/list-feature.73529480f25b.js"), "mod/mobile-menu": extless("https://static.djangoproject.com/js/mod/mobile-menu.8e7e063d3524.js"), "mod/version-switcher": extless("https://static.djangoproject.com/js/mod/version-switcher.c56ff7ed5481.js"), "mod/search-key": extless("https://static.djangoproject.com/js/mod/search-key.ae7292327b47.js"), "mod/stripe-change-card": extless("https://static.djangoproject.com/js/mod/stripe-change-card.682c710317a8.js"), "mod/switch-dark-mode": extless("https://static.djangoproject.com/js/mod/switch-dark-mode.69777ee87b91.js"), "mod/console-tabs": extless("https://static.djangoproject.com/js/mod/console-tabs.70ce882faaf3.js"), "stripe-checkout": "https://checkout.stripe.com/checkout", "stripe": "https://js.stripe.com/v3/?" // ? needed due to require.js } }; </script> <script data-main="https://static.djangoproject.com/js/main.48270eac7c0b.js" src="https://static.djangoproject.com/js/lib/require.177879fbe7dd.js"></script> </body> </html>