Judge Juan Merchan runs a mental health court when he’s not hearing a Trump case The Associated PressA Weary Trump Appears to Doze Off in Courtroom Ahead of Criminal Trial The New York TimesDoes Trump hush money make for the weirdest campaign ever? USA TODAY
Re-Creating The New York Times’ Website in Under 30 Minutes Using WordPress.com
In this “Build and Beyond” video, Jamie Marsland re-creates The New York Times’ website in less than 30 minutes using WordPress.com. By utilizing mega menus, master layouts, typography controls, and post grids, Jamie shows us what’s possible with the limitless customizations available with WordPress.
When it comes to mega menus, specifically, it’s worth noting that this is a highly complex customization that should only be attempted by WordPress pros and is mainly shown here as a demo of what’s possible. Please read this blog post on the WordPress.org developer blog before embarking on your own mega menu.
To learn more and get started on your own site today, click below:
Health Alert Network (HAN) – 00504 | Increase in Global and Domestic Measles Cases and Outbreaks: Ensure Children in the United States and Those Traveling Internationally 6 Months and Older are Current on MMR Vaccination – CDC Emergency Preparedness
Health Alert Network (HAN) – 00504 | Increase in Global and Domestic Measles Cases and Outbreaks: Ensure Children in the United States and Those Traveling Internationally 6 Months and Older are Current on MMR Vaccination CDC Emergency PreparednessU.S. Measles Cases Surpass 2023 Levels, C.D.C. Says The New York TimesWisconsin pediatrician emphasizes vaccination as measles cases surge across 17 states Fox11online.comMeasles count through mid-March surpassed last year’s total The Washington Post
WordCamp Asia 2024: The WordPress Community Comes Together in Taipei
This year’s WordCamp Asia was held in Taipei, the vibrant capital city of Taiwan. Members from WordPress.com joined other Automatticians, as well as around 2,000 other attendees from across 70 countries to connect, learn, build, and give back to the platform that powers millions of top websites across the internet.
The event kicked off with Contributor Day, an opportunity for anyone in the WordPress community, from newcomers to seasoned experts, to get involved and contribute to WordPress. Contributing can mean contributing to code, but it can also mean sharing your expertise in design, offering support in forums, translating content, and much much more. This year’s Contributor Day had a fantastic turnout and it was amazing to see so many folks show up and participate!
As always, there was a variety of informative and inspiring talks. Some of our favorites included talks about the future of WordPress, the multifaceted nature of design, building and maintaining WordPress sites with AI, achieving efficient workflows with the site editor, and the importance of diversity, equity, inclusion, and belonging in the tech and WordPress communities. If any of these topics pique your interest, you can take a look at the livestream recordings for these and all other WordCamp Asia 2024 talks here.
While our colleagues from the WordPress Project, Woo, and Jetpack participated in the event, folks from WordPress.com were also present, contributing, networking, and engaging with the community.
This year we were particularly interested in connecting with developers so that we could better understand their experiences with WordPress.com. Our hosting infrastructure, powered by WP Cloud, is best-in-class, yet the benefits aren’t as well-known in the developer community. To help get the word out about all of our developer-focused features, we’ve recently relaunched our developer site at developer.wordpress.com. Check it out to learn about staging sites, WP-CLI access, and Studio, our upcoming local development environment.
During the anticipated closing Q&A session at WordCamp Asia 2024, Matt Mullenweg, co-founder of WordPress and CEO of Automattic, opened up about his dreams for a web that’s both open and accessible to everyone. He shared how the core principles of open source are not just shaping WordPress but also knitting together a worldwide community of contributors.
That sense of community is something you can definitely feel at WordCamps. Thirty-six percent of attendees at this WordCamp were first-time participants—a testament to the event’s growing appeal and the ever-expanding WordPress community.
During the closing remarks, Matt revealed that State of the Word 2024 will be held in Tokyo, Japan. The lead organizers also revealed the next WordCamp Asia location: Manila, Philippines, in February 2025. With Manila’s rich tapestry of Spanish, European, American, and Asian influences, we’re in for a vibrant mix of culture, cuisine, and community!
But you don’t have to wait until 2025 to start getting involved. There’s a huge number of local and regional WordCamps happening year-round. Head over to https://central.wordcamp.org/ to find one near you. Whether you’re looking to develop your skills, learn something new, network with the community, there’s something for everyone. We hope to see you out there!
Introducing “Build and Beyond”: A New Video Series From WordPress.com and Jamie Marsland
Jamie Marsland has been preaching the WordPress gospel for over a decade and has trained thousands of people on blocks, plugins, and more. Through his popular YouTube channel and hands-on courses, Jamie provides incredible tutorials and breaks down the most common misconceptions about building with WordPress.
We’re happy to share that WordPress.com is partnering with Jamie over the next few months to create a series of videos that will show you how to get the most out of your website experience. From exciting new feature announcements to handy tips and tricks to Jamie’s mind-blowing “website re-creations,” we promise you’ll learn something new in every video.
Starting later this week, you’ll see those videos posted to both our own YouTube channel as well as this blog. Stay tuned!
WP Cloud Is Powering the Future of WordPress
The foundational infrastructure for the websites you build and manage is crucial for ensuring a safe, secure, fast, and reliable environment. That’s where WP Cloud comes in.
Automattic, the parent company of WordPress.com, built WP Cloud because we wanted a cloud platform constructed from the ground up just for WordPress. We’ve hosted millions of websites across the WordPress ecosystem and have become one of the most trusted providers in cloud services.
At WordPress.com, the WP Cloud infrastructure powers all websites on our Creator and Entrepreneur plans.
We’re proud of WP Cloud’s 99.999% uptime, automated burst scaling and failure detection, and failover redundancies that allow you to spend time focusing on building your business or serving your clients instead of worrying about whether a traffic spike will crash the site.
WP Cloud is also incredibly secure. With DDoS protection, malware scanning, anti-spam measures, SSL certificates, TLS traffic encryption, and real-time backups, you’ll have peace of mind from day one.
We’re confident that there’s no better cloud platform for your WordPress site(s) than WP Cloud. And we’re not the only ones to think so.
Today, WP Cloud is announcing that Bluehost—one of the largest website hosts in the world—is launching a new product built atop WP Cloud’s best-in-class infrastructure.
Bluehost Cloud includes all the technical excellence of WP Cloud, with bundled options for hosting multiple websites. Plus, as with all of the sites on WordPress.com, it comes with Jetpack’s highly acclaimed performance and security features built right in.
To kick off this partnership, we’re showcasing Bluehost Cloud on WordPress.com’s pricing page, so that you can choose the product that best fits your business needs. As fellow supporters of the WordPress ecosystem, we’re glad Bluehost has chosen WP Cloud for this powerful new offering.
Take advantage of these robust WP Cloud solutions with the Creator, Entrepreneur, or Bluehost Cloud plan.
Django security releases issued: 5.0.3, 4.2.11, and 3.2.25
In accordance with our security release policy, the Django team
is issuing
Django 5.0.3,
Django 4.2.11, and
Django 3.2.25.
These releases addresses the security issue detailed below. We encourage all
users of Django to upgrade as soon as possible.
CVE-2024-27351: Potential regular expression denial-of-service in django.utils.text.Truncator.words()
django.utils.text.Truncator.words() method (with html=True) and
truncatewords_html template filter were subject to a potential
regular expression denial-of-service attack using a suitably crafted string
(follow up to CVE-2019-14232 and CVE-2023-43665).
Thanks Seokchan Yoon for the report.
This issue has severity “moderate” according to the Django security policy.
Affected supported versions
Django 5.0
Django 4.2
Django 3.2
Resolution
Patches to resolve the issue have been applied to the 5.0, 4.2, and 3.2
release branches. The patches may be obtained from the following changesets:
On the 5.0 release branch
On the 4.2 release branch
On the 3.2 release branch
The following releases have been issued:
Django 5.0.3 (download Django 5.0.3 | 5.0.3 checksums)
Django 4.2.11 (download Django 4.2.11 | 4.2.11 checksums)
Django 3.2.25 (download Django 3.2.25 | 3.2.25 checksums)
The PGP key ID used for this release is Mariusz Felisiak: 2EF56372BA48CD1B.
General notes regarding security reporting
As always, we ask that potential security issues be reported via
private email to [email protected], and not via Django’s
Trac instance or the django-developers list. Please see our security
policies for further
information.
Aid an Investigation or Report Something Suspicious in any National Park Service Site – Investigative Services (U.S – National Park Service
Aid an Investigation or Report Something Suspicious in any National Park Service Site – Investigative Services (U.S National Park ServicePark rangers looking for two vandalism suspects at Lake Mead National Recreation Area KTNV 13 Action News Las VegasMen caught on camera destroying protected rock formations at Lake Mead National Recreation Area Fox 5 Las VegasTwo men topple boulders at Nevada national park as young girl watches in fear: ‘Daddy, don’t fall!’ New York Post
Django accessibility in 2023 and beyond
Happy birthday, Django accessibility team! 🌈
The team has been up and running for three years, and is now looking for new members. With a lot happening in this space, we thought we were overdue for an update on what we’re up to.
Django accessibility in 2023
We’re very happy with the work done to date. There have been a lot of efforts to improve the accessibility of core Django features such as forms, and of the administrative interface. Beyond Django core, there has also been progress on djangoproject.com, Django packages, and community awareness via talks and events.
Django core
We made a lot of improvements this year. Django forms saw big fixes, which shipped in Django 5.0:
Fields’ help text and errors should be associated with input – #32819
Fields’ errors should be programmatically associated with fields – #32820
With forms being such a core feature of Django, reused across countless websites, those changes will lead to accessibility improvements across big parts of the web.
The admin interface also saw a lot of fixes and improvements:
Tab order should match visual order for admin model forms’ submit buttons – #33728
Low text contrast over light blue backgrounds in admin light theme – #34036
Ensures <meta name=”viewport”> does not disable text scaling and zooming – #34617
Admin action log entry types should be communicated to screen reader users – #34618
Django admin site name shouldn’t be an h1 – #34621
RelatedFieldWidgetWrapper links don’t convey their state for screen reader users – #34622
Active row states invisible for WHCM users – #34627
RelatedFieldWidgetWrapper link icons are very hard to see – #34628
Use banner landmark or <header> element for the admin header area – #34832
Use a main landmark in the admin interface – #34833
Use search role for the admin changelist search form – #34834
Use a nav element or navigation landmark for changelist filters – #34835
Date picker cancel button does not respect color theme/dark mode – #34857
Main landmark is on the wrong element – #34905
Accessible names for Add / Change buttons in Django Admin – #34909
Admindocs index skips from h1 to h3 – #34911
Admindocs back-links and bookmarklet help text is too small – #34912
Django Admin high contrast mode no clear session – #34913
Missing scope attribute in admin doc table headers – #34919
Some of those improvements will reflect for everyone, and some will only be beneficial for users of specific assistive technologies, such as Contrast themes in Windows:
→ Screenshot of the admin interface in a “Change redirect” form, in Windows high contrast mode with the “Black” theme.
Can you spot the five issues in this screenshot? Though Contrast Themes isn’t well known, it’s a built-in feature of Windows which is essential for people with low vision. There is a lot of room for improvement to better support it in Django.
We’ve also made a lot of progress on documenting accessibility considerations, though there is still work to be done there:
FAQ: What assistive technologies are supported for using the admin?
In progress: Accessibility guidelines for all contributors
In progress: Guidelines for accessibility considerations in documentation
And finally tooling improvements such as running accessibility checks in the CI pipeline is still a big topic for us, with in-progress efforts to add checks in Selenium tests and standalone with Pa11y.
Django website
In 2023, the website saw its first ever accessibility audit with a focus on the homepage, as well as a good number of accessibility improvements. Those are all very welcome iterative steps in the context of user research on the usability of the website, led by 20tab.
Display all header anchor link indicators, always – #1429
Add Keyboard Accessibility To Hamburger Menu – #1418
Fix selection css on dark mode – #1415
Add back to top link in documentation – #1370
Improve accessibility on warning admonitions – #1360
Accessibility review of djangoproject.com at DjangoCon Europe 2023
Thank you to our website contributors Sarah Abderemane, Thibaud Colas, ontowhee, Sanyam Khurana, Hana Burtin, Paolo Melchiorre, and Tom Carrick ❤️.
Accessibility in our community
We’re elated to see accessibility being such a prominent topic in our community. In 2023, there were a lot of accessibility talks at Django events. There were accessibility contributors at the sprints for DjangoCon Europe, and DjangoCon US. The #accessibility channel on the Django Discord was also very active, and we got a new Accessibility forum category.
There were a lot of accessibility-focused talks at Django events:
Django Accessibility for Everyone – DjangoCon Europe 2023, by Lauren Parsons
Consider the Colourblind – Django Day CPH 2023, by Michael Nicholson
Best Practices for Making a Wagtail Site as Accessible as Possible – DjangoCon US 2023, by Scott Cranfill
Django’s accessibility track record – DjangoCon US 2023, by Thibaud Colas
Making Our Python Code More Accessible – PyOhio 2023, Dmitriy Chukhin & Janelle Bouchard
Our very own accessibility team member Sarah Abderemane was also featured on Django Chat: Accessibility – Sarah Abderemane 🎉, while Tom and Thibaud signed up for Djangonaut Space’s first session as navigators.
Behind the scenes, the accessibility team also started maintaining a backlog of django accessibility improvement, and also publish their accessibility team meeting notes on the forum.
Django accessibility in numbers
This year, we were able to produce statistics on the accessibility of Django projects, thanks to reports from the HTTP Archive. There is clear room for improvement, with Django websites generally scoring lower than sites built with other technologies:
→ Median Lighthouse website accessibility score of websites by framework. Source: HTTP Archive cwvtech.report, December 2023. Next.js: 85/100, Rails: 83, “All”: 82.5, Django: 80.5, ASP.NET: 79, Laravel: 78.5.
There is also clear data to establish exactly which accessibility issues are common on Django websites:
→ Difference in Lighthouse audit success rate for sites built with Django vs. average site, HTTP Archive 2023-04-01 data, Django vs. “All”. We see 8 metrics where Django does worse than average, and 8 where it does better.
We see those numbers as a good challenge for the Django community to explore ways in which the framework could be improved. There is clear room for improvement, and we have a lot of ideas on how to go about it.
Accessibility plans for 2024
There are a lot of ways in which the accessibility of Django could be improved in 2024. Here are a few ideas that have been discussed so far, where our accessibility team is looking for help:
Django ecosystem accessibility audits: Testing Trac or the Forum; or popular Django packages.
Creating an official Django demo site: converting Tom’s django-admin-demo to a ready-to-use official demo.
Stylesheets linting: To catch and fix common issues such as small font sizes or poor focus states.
Accessibility in docs: A possible big docs overhaul as a Google Season of Docs project.
New, accessible admin components: Addressing big gaps in the admin interface.
User testing: Working directly with users of assistive technologies.
An official Django accessibility statement: On the website, loud and clear.
New members
With this roadmap of improvements in mind, our accessibility team is looking for six new members in 2024. If this sounds like the type of valuable, high-purpose work you want to contribute to – reach out on the Django Discord in #accessibility, or on the forum.
Thank you
Thank you to everyone who took part in making Django more accessible in 2023 and early 2024. You rock!
Django security releases issued: 5.0.2, 4.2.10, and 3.2.24
In accordance with our security release policy, the Django team
is issuing
Django 5.0.2,
Django 4.2.10, and
Django 3.2.24.
These releases address the security issue detailed below. We encourage all
users of Django to upgrade as soon as possible.
CVE-2024-24680: Potential denial-of-service in intcomma template filter
The intcomma template filter was subject to a potential denial-of-service
attack when used with very long strings.
Thanks Seokchan Yoon for the report.
This issue has severity “moderate” according to the Django security policy.
Affected supported versions
Django main branch
Django 5.0
Django 4.2
Django 3.2
Resolution
Patches to resolve the issue have been applied to Django’s main branch and the
5.0, 4.2, and 3.2 stable branches. The patches may be obtained from the
following changesets:
On the main branch
On the 5.0 release branch
On the 4.2 release branch
On the 3.2 release branch
The following releases have been issued:
Django 5.0.2 (download Django 5.0.2 | 5.0.2 checksums)
Django 4.2.10 (download Django 4.2.10 | 4.2.10 checksums)
Django 3.2.24 (download Django 3.2.24 | 3.2.24 checksums)
The PGP key ID used for this release is Natalia Bidart: 2EE82A8D9470983E
General notes regarding security reporting
As always, we ask that potential security issues be reported via private email
to [email protected], and not via Django’s Trac instance, nor via
the Django Forum, nor via the django-developers list. Please see our security
policies for further information.