The Wire · Showcase
ASGIREF 3.12 SHIPS WITH SYNCTOASYNC FIXES AND SECURITY DOCS OVERHAUL
By RepoJournal · Filed · About Django
Asgiref 3.12 landed overnight with critical fixes to SyncToAsync internals, while Django's security docs got a major XSS refresh that makes it harder for developers to ship vulnerable code.
Asgiref 3.12.0 and 3.12.1 are live [1][2], addressing a regression in SyncToAsync.__call__ that broke the internal code shape [3][4]. This fix matters because async-to-sync bridging is foundational to Django's async story, and the previous implementation had child partials in the wrong state. The release also separates mypy from the tests extra [5], reducing friction for projects that don't need type checking in CI.
On the Django side, the security documentation got a significant rewrite focused on the XSS section [6][7]. This isn't just cosmetics: clearer guidance on Cross Site Scripting directly prevents the mistakes that land in production. The cached_db session backend now logs cache delete failures instead of letting them propagate [8][9], matching the existing write-failure behavior and improving observability for session-heavy applications.
Release infrastructure moved forward too. The djangoproject.com release checklists now include a step to bump asgiref [10][11], closing the gap that led to version skew in prior releases. James Bligh joined the Triage & Review working group [12][13], bringing fresh capacity to the review queue.
Action items
- → Pin asgiref to 3.12.1 in your next Django deployment django/asgiref [plan]
- → Review the XSS section in Django's security docs with your team django/django [monitor]
- → Verify cached_db session logging is enabled in staging django/django [plan]
References
- [1] Releasing 3.12.0 django/asgiref
- [2] Releasing 3.12.1 django/asgiref
- [3] Restore previous SyncToAsync.__call__ internal code shape. django/asgiref
- [4] Restore previous SyncToAsync.__call__ internal code shape. ↗ django/asgiref
- [5] Separate mypy from tests extra. django/asgiref
- [6] Fixed #37131 -- Improved XSS section in security documentation. django/django
- [7] Fixed #37131 -- Improved XSS section in security documentation. ↗ django/django
- [8] Fixed #37210 -- Logged cached_db session cache delete failures. ↗ django/django
- [9] Fixed #37210 -- Logged cached_db session cache delete failures. django/django
- [10] [checklists] Add step to bump asgiref django/djangoproject.com
- [11] [checklists] Add step to bump asgiref ↗ django/djangoproject.com
- [12] Add James Bligh to Triage & Review WG members django/dsf-working-groups
- [13] Add James Bligh to Triage & Review WG members ↗ django/dsf-working-groups