The Wire · Showcase
DJANGO DOCS OVERHAUL FIXES EMAIL INJECTION GAPS AND BUILD PIPELINE
By RepoJournal · Filed · About Django
Django's documentation team shipped critical updates to email safety guidance while fixing a broken docs build pipeline that's been blocking releases.
The core docs got a significant refresh on email handling [1][2], reworking the outdated "Preventing header injection" section with new guidance on safely formatting email addresses with variable display names to block injection attacks. The update clarifies what Django itself prevents (CRLF injection via Python) versus what developers need to handle in their own code. Meanwhile, the djangoproject.com build pipeline was failing because Django core removed the custom "djangohtml" Sphinx builder [3], leaving the docs update_docs management command broken on release builds. The site's maintainers switched to the standard HTML builder to fix the blockage. Both changes landed within 24 hours, suggesting the docs team is working in tight coordination with core.
Action items
- → Review email formatting patterns in your codebase against the new Django docs django/django [plan]
- → If you maintain Django docs tooling, migrate to standard Sphinx HTML builder before next release django/djangoproject.com [immediate]
References
- [1] Fixed #34753 -- Extended security and safety remarks in email topics docs. django/django
- [2] Fixed #34753 -- Updated documentation on email safety. ↗ django/django
- [3] Fixed #2685 -- Switched update_docs management command to use html builder ↗ django/djangoproject.com
FAQ
- What changed in Django on July 2, 2026?
- Django's documentation team shipped critical updates to email safety guidance while fixing a broken docs build pipeline that's been blocking releases.
- What should Django teams do about it?
- Review email formatting patterns in your codebase against the new Django docs • If you maintain Django docs tooling, migrate to standard Sphinx HTML builder before next release
- Which Django repositories shipped on July 2, 2026?
- django/django, django/djangoproject.com