03.09.2025 15:45
content (@content@socialhome.network)

Django security releases issued: 5.2.6, 5.1.12, and 4.2.24

In accordance with our security release policy, the Django team is issuing releases for Django 5.2.6, Django 5.1.12, and Django 4.2.24. These releases address the security issues detailed below. We encourage all users of Django to upgrade as soon as possible.

CVE-2025-57833: Potential SQL injection in FilteredRelation column aliases

<tt class="docutils literal">FilteredRelation</tt> was subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the <tt class="docutils literal">**kwargs</tt> passed <tt class="docutils literal">QuerySet.annotate()</tt> or <tt class="docutils literal">QuerySet.alias()</tt>.

Thanks to Eyal Gabay (EyalSec) for the report.

This issue has severity "high" according to the Django security policy.

Affected supported versions

• Django main
• Django 5.2
• Django 5.1
• Django 4.2

Resolution

Patches to resolve the issue have been applied to Django's main, 5.2, 5.1, and 4.2 branches. The patches may be obtained from the following changesets.

CVE-2025-57833: Potential SQL injection in FilteredRelation column aliases

• On the main branch
• On the 5.2 branch
• On the 5.1 branch
• On the 4.2 branch

The following releases have been issued

• Django 5.2.6 (download Django 5.2.6 | 5.2.6 checksums)
• Django 5.1.12 (download Django 5.1.12 | 5.1.12 checksums)
• Django 4.2.24 (download Django 4.2.24 | 4.2.24 checksums)

The PGP key ID used for this release is : 3955B19851EA96EF

General notes regarding security reporting

As always, we ask that potential security issues be reported via private email to <tt class="docutils literal">security@djangoproject.com</tt>, and not via Django's Trac instance, nor via the Django Forum. Please see our security policies for further information.

https://www.djangoproject.com/weblog/2025/sep/03/security-releases/

#django #python #webdev

Show Original Post

copy and reply to the post

03.09.2025 15:31
smattymatty (@smattymatty@techhub.social)

@thingrex

I prefer #Python but I understand it's not a one-tool-fits-all situation,

some problems are better solved with other languages!

Show Original Post

copy and reply to the post

03.09.2025 15:22
davelunt (@davelunt@genomic.social)

I loved the #Python documentary but I’m annoyed how Americans pronounce it with a long-o “Pi-thorn” rather than us Brits with a short “Pi-thun” (or schwa). Guido (Netherlands Python inventor) says it medium-long, but Python is named after Monty Python! Investigations suggest all of the Pythons (even Gilliam) pronounce it with a short-o. So it’s totally valid for me to tell Americans over a beer they’re pronouncing it all wrong? Also, reconsider how you say tomato. https://youtu.be/GfH4QL4VqJ0

Show Original Post

copy and reply to the post

03.09.2025 15:10
Posit (@Posit@fosstodon.org)

For data scientists using VS Code: a new resource just dropped to help you easily migrate your setup to Positron.

Check it out here: https://positron.posit.co/migrate-vscode.html

#Python #VSCode #Positron

Show Original Post

copy and reply to the post

03.09.2025 15:02
habr (@habr@zhub.link)

Как подружить MISP и Python? Мой опыт

Привет, хабровчане! С вами снова Иван — разработчик, который пишет на Python, и хаброписатель, который пишет для блога МТС. Если вы работаете в сфере кибербезопасности или интересуетесь ей, то, скорее всего, знаете о существовании индикаторов компрометации. «Да, они есть, и что дальше?» — скажете вы. Ответ: их нужно где-то хранить. Для этой задачи есть различные платформы, одни платные, другие — нет. Сегодня мы сфокусируемся на MISP — у этого продукта множество фанатов, и их можно понять. Но вручную вносить все индикаторы скучно, не так ли? Поэтому мы добавим нотку автоматизации, и тут нам поможет Python. Как именно, узнаете дальше.

https://habr.com/ru/companies/ru_mts/articles/943538/

#python #кибербезопасность #разработка #misp

Show Original Post

copy and reply to the post

03.09.2025 14:45
davepotts (@davepotts@mastodon.org.uk)

Anyone have experience of using Copier (https://copier.readthedocs.io/en/stable/ ) as a replacement for cookiecutter templates to solve the problem of updating projects as the template updates?

#python #softwaredevelopment

Show Original Post

copy and reply to the post

03.09.2025 14:03
robinlovelace (@robinlovelace@fosstodon.org)

Does anyone have recommendations for Docker images for multilingual data science, with support for #RStats and #Python. Looking to update our ghcr.io/geocompx images hosted at https://github.com/geocompx/docker building on recent best practice. Rocker (what we're using) and the images at https://github.com/b-data are a solid foundation but wondering what else is out there and hoping to crowd-source guidance 🙏

Show Original Post

copy and reply to the post

03.09.2025 14:01
qiita (@qiita@rss-mstdn.studiofreesia.com)

3日で作ったサービスが、公開1日で1000人の阪大生に届いた話
https://qiita.com/takasan1234/items/071d60e2a31dbb68602f?utm_campaign=popular_items&utm_medium=feed&utm_source=popular_items

#qiita #Python #Django #AWS #AI #大学生エンジニア

Show Original Post

copy and reply to the post

03.09.2025 13:30
ThePSF (@ThePSF@fosstodon.org)

The 2025 Python Type System & Tooling Survey is live 📝❓🤔 No typing experience needed— your perspective as a #Python dev matters most. Take a couple minutes to help improve Python typing for all! https://forms.gle/AUkcEGZ3hybQfNea8
https://forms.gle/AUkcEGZ3hybQfNea8

Show Original Post

copy and reply to the post

03.09.2025 13:22
habr (@habr@zhub.link)

[Перевод] Самый быстрый способ читать Excel в Python

Команда Python for Devs подготовила перевод статьи о том, как читать Excel в Python быстрее всех. В статье результаты тестирования pandas, openpyxl, Tablib, DuckDB, LibreOffice и даже связки с Rust. Кто справился лучше всех и как за 4 секунды Python «проглотил» полмиллиона строк — читайте в статье.

https://habr.com/ru/articles/942320/

#Python #excel #pandas #openpyxl #tablib #duckdb #libreoffice #calamine #производительность

Show Original Post

copy and reply to the post

03.09.2025 13:21
keyboardpipette (@keyboardpipette@genomic.social)

Any users of @marimo_io editor out there? I noticed that there is an in-built editor in it but little no information about it online. Like, it doesn't have nano or vi installed. What shell / linux distro is that?

#marimo #python

Show Original Post

copy and reply to the post

03.09.2025 12:18
lukewarmtea (@lukewarmtea@mastodon.social)

This was an actually interesting #documentary (thanks @8luewater for the rec!) about #python 's beginnings and its challenges about switching from 2 to 3, diversity of core members, and more.

I'm very new to #programming in general, having dipped my toe into python and r few years ago during undergrad; I had no idea that the major revision was so controversial because I encountered python after all that happened.

https://youtu.be/GfH4QL4VqJ0?si=Jach-uyWzaeUIAoF

Show Original Post

copy and reply to the post