The Wire · Showcase
DJANGO FIXES PREFETCH_RELATED ASYNC TRAP AND ADMIN DEFAULT DISPLAY BUG
By RepoJournal · Filed · About Django
Django patched a critical async iteration bug that silently multiplies database queries when prefetch_related is used without an explicit chunk_size parameter.
The async iterator bug [1] is the kind of silent performance killer that survives code review: QuerySet.aiterator() was missing the same validation that the synchronous iterator() received months ago, so developers using prefetch_related could accidentally trigger a query explosion without any warning. This lands alongside a fix [2] to the admin interface, where database default values now correctly display as empty rather than showing raw defaults, improving the user experience for anyone managing records with computed fields. The django/djangoproject.com team also shipped FontAwesome icon replacements [3] for the dark mode toggle, removing inline SVG sprites from the base template for cleaner rendering. On the dependency front, the site bumped codecov-action to 6.0.1 [4] which patches a template injection vulnerability (VULN-1652), requests to 2.34.2 [5], and sentry-sdk to 2.60.0 [6] for improved gen_ai span handling.
Action items
- → Review any code using prefetch_related with aiterator() - ensure chunk_size is explicitly set to avoid query spikes django/django [immediate]
- → Merge the admin defaults display fix into your next patch release django/django [plan]
- → Update codecov-action to 6.0.1 to close template injection vulnerability django/djangoproject.com [immediate]
References
- [1] Fixed #37143 -- Added missing chunk_size=None check to QuerySet.aiterator(). ↗ django/django
- [2] Fixed #37168 -- Made admin display database defaults as empty values. ↗ django/django
- [3] Changed dark mode theme switcher to FontAwesome icons. (#2652) django/djangoproject.com
- [4] Bump codecov/codecov-action from 6 to 6.0.1 ↗ django/djangoproject.com
- [5] Bump requests from 2.33.1 to 2.34.2 in /requirements ↗ django/djangoproject.com
- [6] Bump sentry-sdk from 2.59.0 to 2.60.0 in /requirements ↗ django/djangoproject.com
FAQ
- What changed in Django on June 19, 2026?
- Django patched a critical async iteration bug that silently multiplies database queries when prefetch_related is used without an explicit chunk_size parameter.
- What should Django teams do about it?
- Review any code using prefetch_related with aiterator() - ensure chunk_size is explicitly set to avoid query spikes • Merge the admin defaults display fix into your next patch release • Update codecov-action to 6.0.1 to close template injection vulnerability
- Which Django repositories shipped on June 19, 2026?
- django/django, django/djangoproject.com