RepoJournal
Django

@django

Python's batteries-included web framework

Pick a date

The Wire · Showcase

DJANGO DOCS OVERHAUL FIXES EMAIL INJECTION GAPS AND BUILD PIPELINE

By RepoJournal · Filed · About Django

Django's documentation team shipped critical updates to email safety guidance while fixing a broken docs build pipeline that's been blocking releases.

The core docs got a significant refresh on email handling [1][2], reworking the outdated "Preventing header injection" section with new guidance on safely formatting email addresses with variable display names to block injection attacks. The update clarifies what Django itself prevents (CRLF injection via Python) versus what developers need to handle in their own code. Meanwhile, the djangoproject.com build pipeline was failing because Django core removed the custom "djangohtml" Sphinx builder [3], leaving the docs update_docs management command broken on release builds. The site's maintainers switched to the standard HTML builder to fix the blockage. Both changes landed within 24 hours, suggesting the docs team is working in tight coordination with core.

Action items

References

  1. [1] Fixed #34753 -- Extended security and safety remarks in email topics docs. django/django
  2. [2] Fixed #34753 -- Updated documentation on email safety. ↗ django/django
  3. [3] Fixed #2685 -- Switched update_docs management command to use html builder ↗ django/djangoproject.com

FAQ

What changed in Django on July 2, 2026?
Django's documentation team shipped critical updates to email safety guidance while fixing a broken docs build pipeline that's been blocking releases.
What should Django teams do about it?
Review email formatting patterns in your codebase against the new Django docs • If you maintain Django docs tooling, migrate to standard Sphinx HTML builder before next release
Which Django repositories shipped on July 2, 2026?
django/django, django/djangoproject.com

Related across the cluster

For your repos

The showcase is a teaser.
Your wire is the product.

Same engine. Different stack. Below: what changes when the wire is yours.

Showcase wire

  • 14 famous open source orgs
  • One wire per day
  • Public, generic
  • Read on the web, when you remember

Your wire

  • Up to 1,500 of your repos - orgs, deps, vendors
  • Morning and evening briefs
  • Action items routed to your team
  • Slack delivery, email, breaking-news CVE alerts

Want a hands-on demo first? Ask a current user for an invite link.