Django 4.0 Released
So finally Django 4.0 has been released on December 6, 2021. Django 4.0 supports Python 3.8,3.9, and 3.10.
Let’s see What we cover in the new Django 4.0
- Zoneinfo default timezone implementation.
- Functional unique constraints-on expressions.
- Scrypt password hasher.
- Redis cache backend, redis-py 3.0.0 or higher required.
- Template-based form rendering.
- Django 4.0 supports PostgreSQL 10 and higher versions.
Zoneinfo default timezone implementation
The Python standard library’s zoneinfo is now the default timezone implementation in Django.
This is the next step in the migration from using pytz to using zoneinfo. Django 3.2 allowed the use of non-pytz time zones. Django 4.0 makes zoneinfo the default implementation. Support for pytz is now deprecated and will be removed in Django 5.0.
zoneinfo is part of the Python standard library from Python 3.9. The backports. zoneinfo package is automatically installed alongside Django if you are using Python 3.8.
Using ZoneInfo
ZoneInfo is a concrete implementation of the datetime. tzinfo abstract base class, and is intended to be attached to tzinfo, either via the constructor, the datetime.replace method or datetime.astimezone:
Functional unique constraints-on expressions and db functions
The new *expressions positional argument of UniqueConstraint() enables creating functional unique constraints on expressions and database functions. For example:
Functional unique constraints are added to models using the Meta.constraints option.
Scrypt password hasher.
The new scrypt password hasher is more secure and recommended over PBKDF2. However, it’s not the default as it requires OpenSSL 1.1+ and more memory.
scrypt is similar to PBKDF2 and bcrypt in utilizing a set number of iterations to slow down brute-force attacks. However, because PBKDF2 and bcrypt do not require a lot of memory, attackers with sufficient resources can launch large-scale parallel attacks in order to speed up the attacking process. scrypt is specifically designed to use more memory compared to other password-based key derivation functions in order to limit the amount of parallelism an attacker can use, see RFC 7914 for more details.
To use scrypt as your default storage algorithm, do the following:
- Create a subclass of django.contrib.auth.hashers.PBKDF2PasswordHasher:
Save this somewhere in your project. For example, you might put this in a file like myproject/hashers.py.
2. Add your new hasher as the first entry in PASSWORD_HASHERS:
That’s it — now your Django install will use more iterations when it stores passwords using PBKDF2.
Redis cache backend, redis-py 3.0.0 or higher required.
Redis is an in-memory database that can be used for caching. To begin you’ll need a Redis server running either locally or on a remote machine.
After setting up the Redis server, you’ll need to install Python bindings for Redis. redis-py is the binding supported natively by Django. Installing the additional hiredis-py package is also recommended.
To use Redis as your cache backend with Django:
- Set
BACKENDtodjango.core.cache.backends.redis.RedisCache. - Set
LOCATIONto the URL pointing to your Redis instance, using the appropriate scheme. See theredis-pydocs for details on the available schemes.
For example, if Redis is running on localhost (127.0.0.1) port 6379:
Often Redis servers are protected with authentication. In order to supply a username and password, add them in the LOCATION along with the URL:
If you have multiple Redis servers set up in the replication mode, you can specify the servers either as a semicolon or comma delimited string, or as a list. While using multiple servers, write operations are performed on the first server (leader). Read operations are performed on the other servers (replicas) chosen at random:
Template based form rendering.
Forms, Formsets, and ErrorList are now rendered using the template engine to enhance customization. See the new render(), get_context(), and template_name for Form and formset rendering for Formset.
Django 4.0 supports PostgreSQL 10 and higher versions.
Django provides support for a number of data types which will only work with PostgreSQL. There is no fundamental reason why (for example) a contrib.mysql module does not exist, except that PostgreSQL has the richest feature set of the supported databases so its users have the most to gain.
Django supports PostgreSQL 10 and higher. psycopg2 2.5.4 or higher is required, though the latest release is recommende.
PostgreSQL connection settings.
To connect using a service name from the connection service file and a password from the password file, you must specify them in the OPTIONS part of your database configuration in DATABASES:
So, these are some of the key new features being introduced with the release of Django 4.0. I hope you enjoyed this article! If you have any questions, let me know in the comments below.
Happy Learning!
hello@crossml.com
