RepoJournal
Django

@django

Python's batteries-included web framework

Pick a date

Topics: Python Full archive →

The Wire · Showcase

ASGIREF 3.12 SHIPS WITH SYNCTOASYNC FIXES AND SECURITY DOCS OVERHAUL

By RepoJournal · Filed · About Django

Asgiref 3.12 landed overnight with critical fixes to SyncToAsync internals, while Django's security docs got a major XSS refresh that makes it harder for developers to ship vulnerable code.

Asgiref 3.12.0 and 3.12.1 are live [1][2], addressing a regression in SyncToAsync.__call__ that broke the internal code shape [3][4]. This fix matters because async-to-sync bridging is foundational to Django's async story, and the previous implementation had child partials in the wrong state. The release also separates mypy from the tests extra [5], reducing friction for projects that don't need type checking in CI.

On the Django side, the security documentation got a significant rewrite focused on the XSS section [6][7]. This isn't just cosmetics: clearer guidance on Cross Site Scripting directly prevents the mistakes that land in production. The cached_db session backend now logs cache delete failures instead of letting them propagate [8][9], matching the existing write-failure behavior and improving observability for session-heavy applications.

Release infrastructure moved forward too. The djangoproject.com release checklists now include a step to bump asgiref [10][11], closing the gap that led to version skew in prior releases. James Bligh joined the Triage & Review working group [12][13], bringing fresh capacity to the review queue.

Action items

References

  1. [1] Releasing 3.12.0 django/asgiref
  2. [2] Releasing 3.12.1 django/asgiref
  3. [3] Restore previous SyncToAsync.__call__ internal code shape. django/asgiref
  4. [4] Restore previous SyncToAsync.__call__ internal code shape. ↗ django/asgiref
  5. [5] Separate mypy from tests extra. django/asgiref
  6. [6] Fixed #37131 -- Improved XSS section in security documentation. django/django
  7. [7] Fixed #37131 -- Improved XSS section in security documentation. ↗ django/django
  8. [8] Fixed #37210 -- Logged cached_db session cache delete failures. ↗ django/django
  9. [9] Fixed #37210 -- Logged cached_db session cache delete failures. django/django
  10. [10] [checklists] Add step to bump asgiref django/djangoproject.com
  11. [11] [checklists] Add step to bump asgiref ↗ django/djangoproject.com
  12. [12] Add James Bligh to Triage & Review WG members django/dsf-working-groups
  13. [13] Add James Bligh to Triage & Review WG members ↗ django/dsf-working-groups

Quick answers

What shipped in Django on July 15, 2026?
Asgiref 3.12 landed overnight with critical fixes to SyncToAsync internals, while Django's security docs got a major XSS refresh that makes it harder for developers to ship vulnerable code. In total, 12 commits and 8 pull requests landed.
Who contributed to Django on July 15, 2026?
4 developers shipped this update, including VIZZARD-X, vismaytiwari, Jacob Walls, and carltongibson.
What were the notable Django updates?
Releasing 3.12.0, Releasing 3.12.1, and Restore previous SyncToAsync.__call__ internal code shape.

More from @django

Daily updates, in your inbox

Follow Django

Python's batteries-included web framework We'll email you a link to confirm first.

Free. Confirm via email. Unsubscribe in one click.

— or follow the whole beat:

Elsewhere on the wire