django/docs/internals/deprecation.txt

===========================
Django Deprecation Timeline
===========================

This document outlines when various pieces of Django will be removed or altered
in a backward incompatible way, following their deprecation, as per the
:ref:`deprecation policy <internal-release-deprecation-policy>`. More details
about each item can often be found in the release notes of two versions prior.

.. _deprecation-removed-in-2.1:

2.1
---

See the :ref:`Django 1.9 release notes<deprecated-features-1.9>` for more
details on these changes.

* The ``weak`` argument to ``django.dispatch.signals.Signal.disconnect()`` will
  be removed.

.. _deprecation-removed-in-2.0:

2.0
---

See the :ref:`Django 1.8 release notes<deprecated-features-1.8>` for more
details on these changes.

* Support for calling a ``SQLCompiler`` directly as an alias for calling its
  ``quote_name_unless_alias`` method will be removed.

* ``cycle`` and ``firstof`` template tags will be removed from the ``future``
  template tag library (used during the 1.6/1.7 deprecation period).

* ``django.conf.urls.patterns()`` will be removed.

* Support for the ``prefix`` argument to
  ``django.conf.urls.i18n.i18n_patterns()`` will be removed.

* ``SimpleTestCase.urls`` will be removed.

* Using an incorrect count of unpacked values in the ``for`` template tag
  will raise an exception rather than fail silently.

* The ability to :func:`~django.core.urlresolvers.reverse` URLs using a dotted
  Python path will be removed.

* Support for :py:mod:`optparse` will be dropped for custom management commands
  (replaced by :py:mod:`argparse`).

* The class :class:`~django.core.management.NoArgsCommand` will be removed. Use
  :class:`~django.core.management.BaseCommand` instead, which takes no arguments
  by default.

* ``django.core.context_processors`` module will be removed.

* ``django.db.models.sql.aggregates`` module will be removed.

* ``django.contrib.gis.db.models.sql.aggregates`` module will be removed.

* The following methods and properties of ``django.db.sql.query.Query`` will
  be removed:

  * Properties: ``aggregates`` and ``aggregate_select``
  * Methods: ``add_aggregate``, ``set_aggregate_mask``, and
    ``append_aggregate_mask``.

* ``django.template.resolve_variable`` will be removed.

* The following private APIs will be removed from
  :class:`django.db.models.options.Options` (``Model._meta``):

  * ``get_field_by_name()``
  * ``get_all_field_names()``
  * ``get_fields_with_model()``
  * ``get_concrete_fields_with_model()``
  * ``get_m2m_with_model()``
  * ``get_all_related_objects()``
  * ``get_all_related_objects_with_model()``
  * ``get_all_related_many_to_many_objects()``
  * ``get_all_related_m2m_objects_with_model()``

* The ``error_message`` argument of ``django.forms.RegexField`` will be removed.

* The ``unordered_list`` filter will no longer support old style lists.

* Support for string ``view`` arguments to ``url()`` will be removed.

* The backward compatible shim  to rename ``django.forms.Form._has_changed()``
  to ``has_changed()`` will be removed.

* The ``removetags`` template filter will be removed.

* The ``remove_tags()`` and ``strip_entities()`` functions in
  ``django.utils.html`` will be removed.

* The ``is_admin_site`` argument to
  ``django.contrib.auth.views.password_reset()`` will be removed.

* ``django.db.models.field.subclassing.SubfieldBase`` will be removed.

* ``django.utils.checksums`` will be removed; its functionality is included
  in django-localflavor 1.1+.

* The ``original_content_type_id`` attribute on
  ``django.contrib.admin.helpers.InlineAdminForm`` will be removed.

* The backwards compatibility shim to allow ``FormMixin.get_form()`` to be
  defined with no default value for its ``form_class`` argument will be removed.

* The following settings will be removed:

  * ``ALLOWED_INCLUDE_ROOTS``
  * ``TEMPLATE_CONTEXT_PROCESSORS``
  * ``TEMPLATE_DIRS``
  * ``TEMPLATE_LOADERS``
  * ``TEMPLATE_STRING_IF_INVALID``

* The backwards compatibility alias ``django.template.loader.BaseLoader`` will
  be removed.

* Django template objects returned by
  :func:`~django.template.loader.get_template` and
  :func:`~django.template.loader.select_template` won't accept a
  :class:`~django.template.Context` in their
  :meth:`~django.template.backends.base.Template.render()` method anymore.

* :doc:`Template response APIs </ref/template-response>` will enforce the use
  of :class:`dict` and backend-dependent template objects instead of
  :class:`~django.template.Context` and :class:`~django.template.Template`
  respectively.

* The ``current_app`` parameter for the following function and classes will be
  removed:

  * ``django.shortcuts.render()``
  * ``django.template.Context()``
  * ``django.template.RequestContext()``
  * ``django.template.response.TemplateResponse()``

* The ``dictionary`` and ``context_instance`` parameters for the following
  functions will be removed:

  * ``django.shortcuts.render()``
  * ``django.shortcuts.render_to_response()``
  * ``django.template.loader.render_to_string()``

* The ``dirs`` parameter for the following functions will be removed:

  * ``django.template.loader.get_template()``
  * ``django.template.loader.select_template()``
  * ``django.shortcuts.render()``
  * ``django.shortcuts.render_to_response()``

* Session verification will be enabled regardless of whether or not
  ``'django.contrib.auth.middleware.SessionAuthenticationMiddleware'`` is in
  ``MIDDLEWARE_CLASSES``.

* Private attribute ``django.db.models.Field.related`` will be removed.

* The ``--list`` option of the ``migrate`` management command will be removed.

* The ``ssi`` template tag will be removed.

* Support for the ``=`` comparison operator in the ``if`` template tag will be
  removed.

* The backwards compatibility shims to allow ``Storage.get_available_name()``
  and ``Storage.save()`` to be defined without a ``max_length`` argument will
  be removed.

* Support for the legacy ``%(<foo>)s`` syntax in ``ModelFormMixin.success_url``
  will be removed.

* ``GeoQuerySet`` aggregate methods ``collect()``, ``extent()``, ``extent3d()``,
  ``makeline()``, and ``union()`` will be removed.

* Ability to specify ``ContentType.name`` when creating a content type instance
  will be removed.

.. _deprecation-removed-in-1.9:

1.9
---

See the :ref:`Django 1.7 release notes<deprecated-features-1.7>` for more
details on these changes.

* ``django.utils.dictconfig`` will be removed.

* ``django.utils.importlib`` will be removed.

* ``django.utils.tzinfo`` will be removed.

* ``django.utils.unittest`` will be removed.

* The ``syncdb`` command will be removed.

* ``django.db.models.signals.pre_syncdb`` and
  ``django.db.models.signals.post_syncdb`` will be removed.

* ``allow_syncdb`` on database routers will no longer automatically become
  ``allow_migrate``.

* The legacy method of syncing apps without migrations will be removed,
  and migrations will become compulsory for all apps. This includes automatic
  loading of ``initial_data`` fixtures and support for initial SQL data.

* All models will need to be defined inside an installed application or
  declare an explicit :attr:`~django.db.models.Options.app_label`.
  Furthermore, it won't be possible to import them before their application
  is loaded. In particular, it won't be possible to import models inside
  the root package of their application.

* The model and form ``IPAddressField`` will be removed. A stub field will
  remain for compatibility with historical migrations.

* ``AppCommand.handle_app()`` will no longer be supported.

* ``RequestSite`` and ``get_current_site()`` will no longer be importable from
  ``django.contrib.sites.models``.

* FastCGI support via the ``runfcgi`` management command will be
  removed. Please deploy your project using WSGI.

* ``django.utils.datastructures.SortedDict`` will be removed. Use
  :class:`collections.OrderedDict` from the Python standard library instead.

* ``ModelAdmin.declared_fieldsets`` will be removed.

* Instances of ``util.py`` in the Django codebase have been renamed to
  ``utils.py`` in an effort to unify all util and utils references.
  The modules that provided backwards compatibility will be removed:

  * ``django.contrib.admin.util``
  * ``django.contrib.gis.db.backends.util``
  * ``django.db.backends.util``
  * ``django.forms.util``

* ``ModelAdmin.get_formsets`` will be removed.

* The backward compatibility shim introduced to rename the
  ``BaseMemcachedCache._get_memcache_timeout()`` method to
  ``get_backend_timeout()`` will be removed.

* The ``--natural`` and ``-n`` options for :djadmin:`dumpdata` will be removed.
  Use :djadminopt:`--natural-foreign` instead.

* The ``use_natural_keys`` argument for ``serializers.serialize()`` will be
  removed. Use ``use_natural_foreign_keys`` instead.

* Private API ``django.forms.forms.get_declared_fields()`` will be removed.

* The ability to use a ``SplitDateTimeWidget`` with ``DateTimeField`` will be
  removed.

* The ``WSGIRequest.REQUEST`` property will be removed.

* The class ``django.utils.datastructures.MergeDict`` will be removed.

* The ``zh-cn`` and ``zh-tw`` language codes will be removed and have been
  replaced by the ``zh-hans`` and ``zh-hant`` language code respectively.

* The internal ``django.utils.functional.memoize`` will be removed.

* ``django.core.cache.get_cache`` will be removed. Add suitable entries
  to :setting:`CACHES` and use :data:`django.core.cache.caches` instead.

* ``django.db.models.loading`` will be removed.

* Passing callable arguments to querysets will no longer be possible.

* ``BaseCommand.requires_model_validation`` will be removed in favor of
  ``requires_system_checks``. Admin validators will be replaced by admin
  checks.

* The ``ModelAdmin.validator_class`` and ``default_validator_class`` attributes
  will be removed.

* ``ModelAdmin.validate()`` will be removed.

* ``django.db.backends.DatabaseValidation.validate_field`` will be removed in
  favor of the ``check_field`` method.

* The ``check`` management command will be removed.

* ``django.utils.module_loading.import_by_path`` will be removed in favor of
  ``django.utils.module_loading.import_string``.

* ``ssi`` and ``url`` template tags will be removed from the ``future`` template
  tag library (used during the 1.3/1.4 deprecation period).

* ``django.utils.text.javascript_quote`` will be removed.

* Database test settings as independent entries in the database settings,
  prefixed by ``TEST_``, will no longer be supported.

* The `cache_choices` option to :class:`~django.forms.ModelChoiceField` and
  :class:`~django.forms.ModelMultipleChoiceField` will be removed.

* The default value of the
  :attr:`RedirectView.permanent <django.views.generic.base.RedirectView.permanent>`
  attribute will change from ``True`` to ``False``.

* ``django.contrib.sitemaps.FlatPageSitemap`` will be removed in favor of
  ``django.contrib.flatpages.sitemaps.FlatPageSitemap``.

* Private API ``django.test.utils.TestTemplateLoader`` will be removed.

* The ``django.contrib.contenttypes.generic`` module will be removed.

* Private APIs ``django.db.models.sql.where.WhereNode.make_atom()`` and
  ``django.db.models.sql.where.Constraint`` will be removed.

.. _deprecation-removed-in-1.8:

1.8
---

See the :ref:`Django 1.6 release notes<deprecated-features-1.6>` for more
details on these changes.

* ``django.contrib.comments`` will be removed.

* The following transaction management APIs will be removed:

  - ``TransactionMiddleware``,
  - the decorators and context managers ``autocommit``, ``commit_on_success``,
    and ``commit_manually``, defined in ``django.db.transaction``,
  - the functions ``commit_unless_managed`` and ``rollback_unless_managed``,
    also defined in ``django.db.transaction``,
  - the ``TRANSACTIONS_MANAGED`` setting.

  Upgrade paths are described in the :ref:`transaction management docs
  <transactions-upgrading-from-1.5>`.

* The :ttag:`cycle` and :ttag:`firstof` template tags will auto-escape their
  arguments. In 1.6 and 1.7, this behavior is provided by the version of these
  tags in the ``future`` template tag library.

* The ``SEND_BROKEN_LINK_EMAILS`` setting will be removed. Add the
  :class:`django.middleware.common.BrokenLinkEmailsMiddleware` middleware to
  your :setting:`MIDDLEWARE_CLASSES` setting instead.

* ``django.middleware.doc.XViewMiddleware`` will be removed. Use
  ``django.contrib.admindocs.middleware.XViewMiddleware`` instead.

* ``Model._meta.module_name`` was renamed to ``model_name``.

* Remove the backward compatible shims introduced to rename ``get_query_set``
  and similar queryset methods. This affects the following classes:
  ``BaseModelAdmin``, ``ChangeList``, ``BaseCommentNode``,
  ``GenericForeignKey``, ``Manager``, ``SingleRelatedObjectDescriptor`` and
  ``ReverseSingleRelatedObjectDescriptor``.

* Remove the backward compatible shims introduced to rename the attributes
  ``ChangeList.root_query_set`` and ``ChangeList.query_set``.

* ``django.views.defaults.shortcut`` will be removed, as part of the
  goal of removing all ``django.contrib`` references from the core
  Django codebase. Instead use
  ``django.contrib.contenttypes.views.shortcut``. ``django.conf.urls.shortcut``
  will also be removed.

* Support for the Python Imaging Library (PIL) module will be removed, as it
  no longer appears to be actively maintained & does not work on Python 3.
  You are advised to install `Pillow`_, which should be used instead.

  .. _`Pillow`: https://pypi.python.org/pypi/Pillow

* The following private APIs will be removed:

  - ``django.db.backend``
  - ``django.db.close_connection()``
  - ``django.db.backends.creation.BaseDatabaseCreation.set_autocommit()``
  - ``django.db.transaction.is_managed()``
  - ``django.db.transaction.managed()``

* ``django.forms.widgets.RadioInput`` will be removed in favor of
  ``django.forms.widgets.RadioChoiceInput``.

* The module ``django.test.simple`` and the class
  ``django.test.simple.DjangoTestSuiteRunner`` will be removed. Instead use
  ``django.test.runner.DiscoverRunner``.

* The module ``django.test._doctest`` will be removed. Instead use the doctest
  module from the Python standard library.

* The ``CACHE_MIDDLEWARE_ANONYMOUS_ONLY`` setting will be removed.

* Usage of the hard-coded *Hold down "Control", or "Command" on a Mac, to select
  more than one.* string to override or append to user-provided ``help_text`` in
  forms for ManyToMany model fields will not be performed by Django anymore
  either at the model or forms layer.

* The ``Model._meta.get_(add|change|delete)_permission`` methods will
  be removed.

* The session key ``django_language`` will no longer be read for backwards
  compatibility.

* Geographic Sitemaps will be removed
  (``django.contrib.gis.sitemaps.views.index`` and
  ``django.contrib.gis.sitemaps.views.sitemap``).

* ``django.utils.html.fix_ampersands``, the ``fix_ampersands`` template filter and
  ``django.utils.html.clean_html`` will be removed following an accelerated deprecation.

.. _deprecation-removed-in-1.7:

1.7
---

See the :ref:`Django 1.5 release notes<deprecated-features-1.5>` for more
details on these changes.

* The module ``django.utils.simplejson`` will be removed. The standard library
  provides :mod:`json` which should be used instead.

* The function ``django.utils.itercompat.product`` will be removed. The Python
  builtin version should be used instead.

* Auto-correction of INSTALLED_APPS and TEMPLATE_DIRS settings when they are
  specified as a plain string instead of a tuple will be removed and raise an
  exception.

* The ``mimetype`` argument to the ``__init__`` methods of
  :class:`~django.http.HttpResponse`,
  :class:`~django.template.response.SimpleTemplateResponse`, and
  :class:`~django.template.response.TemplateResponse`, will be removed.
  ``content_type`` should be used instead. This also applies to the
  :func:`~django.shortcuts.render_to_response` shortcut and
  the sitemap views, :func:`~django.contrib.sitemaps.views.index` and
  :func:`~django.contrib.sitemaps.views.sitemap`.

* When :class:`~django.http.HttpResponse` is instantiated with an iterator,
  or when :attr:`~django.http.HttpResponse.content` is set to an iterator,
  that iterator will be immediately consumed.

* The ``AUTH_PROFILE_MODULE`` setting, and the ``get_profile()`` method on
  the User model, will be removed.

* The ``cleanup`` management command will be removed. It's replaced by
  ``clearsessions``.

* The ``daily_cleanup.py`` script will be removed.

* The ``depth`` keyword argument will be removed from
  :meth:`~django.db.models.query.QuerySet.select_related`.

* The undocumented ``get_warnings_state()``/``restore_warnings_state()``
  functions from :mod:`django.test.utils` and the ``save_warnings_state()``/
  ``restore_warnings_state()``
  :ref:`django.test.*TestCase <django-testcase-subclasses>` methods are
  deprecated. Use the :class:`warnings.catch_warnings` context manager
  available starting with Python 2.6 instead.

* The undocumented ``check_for_test_cookie`` method in
  :class:`~django.contrib.auth.forms.AuthenticationForm` will be removed
  following an accelerated deprecation. Users subclassing this form should
  remove calls to this method, and instead ensure that their auth related views
  are CSRF protected, which ensures that cookies are enabled.

* The version of :func:`django.contrib.auth.views.password_reset_confirm` that
  supports base36 encoded user IDs
  (``django.contrib.auth.views.password_reset_confirm_uidb36``) will be
  removed. If your site has been running Django 1.6 for more than
  :setting:`PASSWORD_RESET_TIMEOUT_DAYS`, this change will have no effect. If
  not, then any password reset links generated before you upgrade to Django 1.7
  won't work after the upgrade.

* The ``django.utils.encoding.StrAndUnicode`` mix-in will be removed.
  Define a ``__str__`` method and apply the
  :func:`~django.utils.encoding.python_2_unicode_compatible` decorator instead.

.. _deprecation-removed-in-1.6:

1.6
---

See the :ref:`Django 1.4 release notes<deprecated-features-1.4>` for more
details on these changes.

* ``django.contrib.databrowse`` will be removed.

* ``django.contrib.localflavor`` will be removed following an accelerated
  deprecation.

* ``django.contrib.markup`` will be removed following an accelerated
  deprecation.

* The compatibility modules ``django.utils.copycompat`` and
  ``django.utils.hashcompat`` as well as the functions
  ``django.utils.itercompat.all`` and ``django.utils.itercompat.any`` will
  be removed. The Python builtin versions should be used instead.

* The ``csrf_response_exempt`` and ``csrf_view_exempt`` decorators will
  be removed. Since 1.4 ``csrf_response_exempt`` has been a no-op (it
  returns the same function), and ``csrf_view_exempt`` has been a
  synonym for ``django.views.decorators.csrf.csrf_exempt``, which should
  be used to replace it.

* The ``django.core.cache.backends.memcached.CacheClass`` backend
  was split into two in Django 1.3 in order to introduce support for
  PyLibMC. The historical ``CacheClass`` will be removed in favor of
  ``django.core.cache.backends.memcached.MemcachedCache``.

* The UK-prefixed objects of ``django.contrib.localflavor.uk`` will only
  be accessible through their GB-prefixed names (GB is the correct
  ISO 3166 code for United Kingdom).

* The ``IGNORABLE_404_STARTS`` and ``IGNORABLE_404_ENDS`` settings have been
  superseded by :setting:`IGNORABLE_404_URLS` in the 1.4 release. They will be
  removed.

* The form wizard has been refactored to use class-based views with pluggable
  backends in 1.4. The previous implementation will be removed.

* Legacy ways of calling
  :func:`~django.views.decorators.cache.cache_page` will be removed.

* The backward-compatibility shim to automatically add a debug-false
  filter to the ``'mail_admins'`` logging handler will be removed. The
  :setting:`LOGGING` setting should include this filter explicitly if
  it is desired.

* The builtin truncation functions ``django.utils.text.truncate_words()``
  and ``django.utils.text.truncate_html_words()`` will be removed in
  favor of the ``django.utils.text.Truncator`` class.

* The :class:`~django.contrib.gis.geoip.GeoIP` class was moved to
  :mod:`django.contrib.gis.geoip` in 1.4 -- the shortcut in
  :mod:`django.contrib.gis.utils` will be removed.

* ``django.conf.urls.defaults`` will be removed. The functions
  :func:`~django.conf.urls.include`, :func:`~django.conf.urls.patterns` and
  :func:`~django.conf.urls.url` plus :data:`~django.conf.urls.handler404`,
  :data:`~django.conf.urls.handler500`, are now available through
  :mod:`django.conf.urls` .

* The functions ``setup_environ()`` and ``execute_manager()`` will be removed
  from :mod:`django.core.management`. This also means that the old (pre-1.4)
  style of :file:`manage.py` file will no longer work.

* Setting the ``is_safe`` and ``needs_autoescape`` flags as attributes of
  template filter functions will no longer be supported.

* The attribute ``HttpRequest.raw_post_data`` was renamed to ``HttpRequest.body``
  in 1.4. The backward compatibility will be removed --
  ``HttpRequest.raw_post_data`` will no longer work.

* The value for the ``post_url_continue`` parameter in
  ``ModelAdmin.response_add()`` will have to be either ``None`` (to redirect
  to the newly created object's edit page) or a pre-formatted url. String
  formats, such as the previous default ``'../%s/'``, will not be accepted any
  more.

.. _deprecation-removed-in-1.5:

1.5
---

See the :ref:`Django 1.3 release notes<deprecated-features-1.3>` for more
details on these changes.

* Starting Django without a :setting:`SECRET_KEY` will result in an exception
  rather than a ``DeprecationWarning``. (This is accelerated from the usual
  deprecation path; see the :doc:`Django 1.4 release notes</releases/1.4>`.)

* The ``mod_python`` request handler will be removed. The ``mod_wsgi``
  handler should be used instead.

* The ``template`` attribute on ``django.test.client.Response``
  objects returned by the :ref:`test client <test-client>` will be removed.
  The :attr:`~django.test.Response.templates` attribute should be
  used instead.

* The ``django.test.simple.DjangoTestRunner`` will be removed.
  Instead use a unittest-native class.  The features of the
  ``django.test.simple.DjangoTestRunner`` (including fail-fast and
  Ctrl-C test termination) can currently be provided by the unittest-native
  :class:`~unittest.TextTestRunner`.

* The undocumented function
  ``django.contrib.formtools.utils.security_hash`` will be removed,
  instead use ``django.contrib.formtools.utils.form_hmac``

* The function-based generic view modules will be removed in favor of their
  class-based equivalents, outlined :doc:`here
  </topics/class-based-views/index>`.

* The ``django.core.servers.basehttp.AdminMediaHandler`` will be
  removed.  In its place use
  ``django.contrib.staticfiles.handlers.StaticFilesHandler``.

* The template tags library ``adminmedia`` and the template tag ``{%
  admin_media_prefix %}`` will be removed in favor of the generic static files
  handling. (This is faster than the usual deprecation path; see the
  :doc:`Django 1.4 release notes</releases/1.4>`.)

* The :ttag:`url` and :ttag:`ssi` template tags will be
  modified so that the first argument to each tag is a template variable, not
  an implied string. In 1.4, this behavior is provided by a version of the tag
  in the ``future`` template tag library.

* The ``reset`` and ``sqlreset`` management commands will be removed.

* Authentication backends will need to support an inactive user
  being passed to all methods dealing with permissions.
  The ``supports_inactive_user`` attribute will no longer be checked
  and can be removed from custom backends.

* :meth:`~django.contrib.gis.geos.GEOSGeometry.transform` will raise
  a :class:`~django.contrib.gis.geos.GEOSException` when called
  on a geometry with no SRID value.

* ``django.http.CompatCookie`` will be removed in favor of
  ``django.http.SimpleCookie``.

* ``django.core.context_processors.PermWrapper`` and
  ``django.core.context_processors.PermLookupDict`` will be removed in
  favor of the corresponding
  ``django.contrib.auth.context_processors.PermWrapper`` and
  ``django.contrib.auth.context_processors.PermLookupDict``, respectively.

* The :setting:`MEDIA_URL` or :setting:`STATIC_URL` settings will be
  required to end with a trailing slash to ensure there is a consistent
  way to combine paths in templates.

* ``django.db.models.fields.URLField.verify_exists`` will be removed. The
  feature was deprecated in 1.3.1 due to intractable security and
  performance issues and will follow a slightly accelerated deprecation
  timeframe.

* Translations located under the so-called *project path* will be ignored during
  the translation building process performed at runtime. The
  :setting:`LOCALE_PATHS` setting can be used for the same task by including the
  filesystem path to a ``locale`` directory containing non-app-specific
  translations in its value.

* The Markup contrib app will no longer support versions of Python-Markdown
  library earlier than 2.1. An accelerated timeline was used as this was
  a security related deprecation.

* The ``CACHE_BACKEND`` setting will be removed. The cache backend(s) should be
  specified in the :setting:`CACHES` setting.

.. _deprecation-removed-in-1.4:

1.4
---

See the :ref:`Django 1.2 release notes<deprecated-features-1.2>` for more
details on these changes.

* ``CsrfResponseMiddleware`` and ``CsrfMiddleware`` will be removed.  Use
  the ``{% csrf_token %}`` template tag inside forms to enable CSRF
  protection. ``CsrfViewMiddleware`` remains and is enabled by default.

* The old imports for CSRF functionality (``django.contrib.csrf.*``),
  which moved to core in 1.2, will be removed.

* The ``django.contrib.gis.db.backend`` module will be removed in favor
  of the specific backends.

* ``SMTPConnection`` will be removed in favor of a generic Email backend API.

* The many to many SQL generation functions on the database backends
  will be removed.

* The ability to use the ``DATABASE_*`` family of top-level settings to
  define database connections will be removed.

* The ability to use shorthand notation to specify a database backend
  (i.e., ``sqlite3`` instead of ``django.db.backends.sqlite3``) will be
  removed.

* The ``get_db_prep_save``, ``get_db_prep_value`` and
  ``get_db_prep_lookup`` methods will have to support multiple databases.

* The ``Message`` model (in ``django.contrib.auth``), its related
  manager in the ``User`` model (``user.message_set``), and the
  associated methods (``user.message_set.create()`` and
  ``user.get_and_delete_messages()``), will be removed.  The
  :doc:`messages framework </ref/contrib/messages>` should be used
  instead. The related ``messages`` variable returned by the
  auth context processor will also be removed. Note that this
  means that the admin application will depend on the messages
  context processor.

* Authentication backends will need to support the ``obj`` parameter for
  permission checking. The ``supports_object_permissions`` attribute
  will no longer be checked and can be removed from custom backends.

* Authentication backends will need to support the ``AnonymousUser`` class
  being passed to all methods dealing with permissions.  The
  ``supports_anonymous_user`` variable will no longer be checked and can be
  removed from custom backends.

* The ability to specify a callable template loader rather than a
  ``Loader`` class will be removed, as will the ``load_template_source``
  functions that are included with the built in template loaders for
  backwards compatibility.

* ``django.utils.translation.get_date_formats()`` and
  ``django.utils.translation.get_partial_date_formats()``. These functions
  will be removed; use the locale-aware
  ``django.utils.formats.get_format()`` to get the appropriate formats.

* In ``django.forms.fields``, the constants: ``DEFAULT_DATE_INPUT_FORMATS``,
  ``DEFAULT_TIME_INPUT_FORMATS`` and
  ``DEFAULT_DATETIME_INPUT_FORMATS`` will be removed. Use
  ``django.utils.formats.get_format()`` to get the appropriate
  formats.

* The ability to use a function-based test runner will be removed,
  along with the ``django.test.simple.run_tests()`` test runner.

* The ``views.feed()`` view and ``feeds.Feed`` class in
  ``django.contrib.syndication`` will be removed. The class-based view
  ``views.Feed`` should be used instead.

* ``django.core.context_processors.auth``.  This release will
  remove the old method in favor of the new method in
  ``django.contrib.auth.context_processors.auth``.

* The ``postgresql`` database backend will be removed, use the
  ``postgresql_psycopg2`` backend instead.

* The ``no`` language code will be removed and has been replaced by the
  ``nb`` language code.

* Authentication backends will need to define the boolean attribute
  ``supports_inactive_user`` until version 1.5 when it will be assumed that
  all backends will handle inactive users.

* ``django.db.models.fields.XMLField`` will be removed. This was
  deprecated as part of the 1.3 release. An accelerated deprecation
  schedule has been used because the field hasn't performed any role
  beyond that of a simple ``TextField`` since the removal of ``oldforms``.
  All uses of ``XMLField`` can be replaced with ``TextField``.

* The undocumented ``mixin`` parameter to the ``open()`` method of
  ``django.core.files.storage.Storage`` (and subclasses) will be removed.

.. _deprecation-removed-in-1.3:

1.3
---

See the :ref:`Django 1.1 release notes<deprecated-features-1.1>` for more
details on these changes.

* ``AdminSite.root()``.  This method of hooking up the admin URLs will be
  removed in favor of including ``admin.site.urls``.

* Authentication backends need to define the boolean attributes
  ``supports_object_permissions`` and ``supports_anonymous_user`` until
  version 1.4, at which point it will be assumed that all backends will
  support these options.