Planet Python
Last update: July 04, 2026 09:48 PM UTC
July 04, 2026
Bob Belderbos
One Core, Two Interfaces, No Rewrites
When building applications, I always build the core first, then the interfaces. It was no different with Ask the Canon: a uv run main.py ask "..." CLI for quick iteration and validation, then the web app for MVP. Search, ranking, citations, all using the same engine.
Armin Ronacher
Better Models: Worse Tools
July 03, 2026
Mycli
Release v2.0.0
mycli is a command line interface for MySQL which includes
auto-completion and syntax highlighting.
Read the install instructions to find out how to get the latest version.
Mycli v2.0.0 has breaking changes!
Major features added in recent months include
Tryton News
Security Release for issue #5160 and #14869
The user titou has discovered that the administrator group can execute Python code on the server which is hidden inside an uploaded report template.
And Dan Shallom has discovered that the same can also be accomplished by the marketing group when uploading marketing email templates.
Impact
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Confidentiality: High
- Integrity: None
- Availability: None
Workaround
There is no workaround.
Resolution
All affected users should upgrade trytond to the latest version.
Affected versions per series:
trytond:- 8.0: <= 8.0.5
- 7.8: <= 7.8.11
- 7.0: <= 7.0.52
Not affected versions per series:
trytond:- 8.0: >= 8.0.6
- 7.8: >= 7.8.12
- 7.0: >= 7.0.53
Some custom reports may fail after the upgrade because they are using dynamic or private attributes. Such reports must be updated to use only the allowed statements.
Reference
- Report customisation (#5160) · Issues · Tryton / Tryton · GitLab
- Remote Code Execution via Template Injection (#14869) · Issues · Tryton / Tryton · GitLab
Concerns?
Any security concerns should be reported on the bug-tracker at https://bugs.tryton.org/ with the confidential checkbox checked.
3 posts - 2 participants
Security Release for issue 14907
Cédric Krier has discovered that access is not enforced when browsing record instances in template.
Impact
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Confidentiality: High
- Integrity: None
- Availability: None
Workaround
There is no workaround.
Resolution
All affected users should upgrade trytond, marketing_automation and marketing_email to the latest version.
Affected versions per series:
trytond:- 8.0: <= 8.0.5
- 7.8: <= 7.8.11
- 7.0: <= 7.0.52
markting_automation:- 8.0: <= 8.0.0
- 7.8: <= 7.8.2
- 7.0: <= 7.0.3
marketing_email:- 8.0: <= 8.0.0
- 7.8: <= 7.8.2
- 7.0: <= 7.0.2
Not affected versions per series:
trytond:- 8.0: >= 8.0.6
- 7.8: >= 7.8.12
- 7.0: >= 7.0.53
markting_automation:- 8.0: >= 8.0.1
- 7.8: >= 7.8.3
- 7.0: >= 7.0.4
marketing_email:- 8.0: >= 8.0.1
- 7.8: >= 7.8.3
- 7.0: >= 7.0.3
Reference
Concerns?
Any security concerns should be reported on the bug-tracker at https://bugs.tryton.org/ with the confidential checkbox checked.
1 post - 1 participant
July 02, 2026
Anwesha Das
Dreams are real, so chase them
A Mortgage lawyer had dream to work full time in technology and policy,
The journey started long ago with a new mum reading "Intellectual Property and Open Source: A Practical Guide to Protecting Code" by Van Lindberg, to her keep entertained during breastfeeding sessions.Then from meaning of
EuroPython
EuroPython 2026 Job Opportunities from Our Sponsors
As EuroPython 2026 approaches and we prepare for another exciting edition, we’d like to thank our community and sponsors for their continued support.
We’re also pleased to share some fantastic job opportunities from our sponsors. Take a look and perhaps you’ll discover your next
Python Software Foundation
Everything Security at PyCon US 2026
Thinking about running for the PSF Board? Let’s talk!
July 01, 2026
Tryton News
Tryton News July 2026
Once again this month the community put most of its energy into fixing bugs, refining existing behaviour, and improving performance on top of our last LTS release 8.0. In addition, we are happy to present a selection of new features and documentation updates in this newsletter.
For an in depth overview of the Tryton issues please take a look at our issue tracker or see the issues and merge requests filtered by label.
Changes for the User
Sales, Purchases and Projects
We now move the warehouse and the shipping date of the sale to a different page, which keeps the sale form a little more compact.
Accounting, Invoicing and Payments
The entry for invoice payment methods is now moved under the invoice payments menu, so the menus for invoices and invoice payments are no longer mixed.
Accounts with the setting party required are now grouping their account move lines per party in the general ledger.
The lines of the general ledger account are now ordered consistently with the cumulative balance.
We update the version of Stripe used by the payment gateway to the latest one.
Stock, Production and Shipments
On the stock move form, the cost fields are now displayed more cleanly: the commission price is only shown when it is set.
User Interface
The binary and image widgets now accept a custom filters attribute, so administrators can restrict the file types users see when picking or saving a file.
When downloading a product image, the file is now suffixed with the proper .jpg extension, which makes the file easier to open from a folder.
For tall screens, the maximal height of tree views and list forms is now relative to the viewport instead of a fixed pixel value, so the available vertical space is no longer wasted.
In the domain parser, selection values are now completed using a “contains” matcher instead of “starts with”, which makes it easier to write a filter when several options share a common prefix.
Searching by record name on a contact mechanism now also matches the contact mechanism’s own name field, so users can find a phone number or e-mail by typing a label like “office” or “personal”.
New Documentation
The help text of the tax rule fields on the party is now explicit about what happens when the field is left empty.
The usage of the active_test context key in ModelSQL.search_domain is now documented in the reference manual.
The module tutorial has been updated to match the layout of the project skeleton generated by cookiecutter, so newcomers can follow it without surprises.
New Releases
We released bug fixes for the currently maintained long term support series
8.0 and 7.0, and for the penultimate series 7.8.
Changes for Implementers and Developers
The WSGI dispatcher now handles exceptions raised from within the with_pool decorator itself: unexpected exceptions are logged at exception level and their traceback is written to the WSGI wsgi.errors stream, while exceptions used as HTTP responses have their description converted to a plain string.
This text is produced by utilising minimax-m3.
2 posts - 1 participant
Python Software Foundation
Python Packaging Council Inaugural Election Dates
June 30, 2026
Anwesha Das
CRA Stewarship in Ansible project
CRA, EU Cyber Resilience Act, has stirred a lot of discussion in the Open Source Communities. Will my project be usable in EU anymore? What are my responsibilities as a developer of open source software? My software is shipped with a commercial software, does it make me a manufacturer? Open
PyCoder’s Weekly
Issue #741: Root Loggers, PEP 832, Django Tasks, and More (2026-06-30)
Django Weblog
Keeping Up with the Django Community
The Django community runs on volunteer effort spread across several different groups of people. Most of it is public, but it isn't always easy to find.
Here are the public places to find it:
- Weekly DSF Office Hours (website)
- DSF Board updates (website, GitHub repo)
- Steering Council (forum thread, GitHub repo)
- Website Working Group (forum thread)
- Online Community Working Group (forum thread)
- Django Fellow Reports (Jacob, Natalia, Sarah)
DSF Office Hours
Most of these are places to read and follow along, but one invites you to show up in real time, the DSF Office Hours. From the website:
These are weekly office hours to work on anything related to the DSF. At least one board member will try to attend each week. Office hours take place every Wednesday at 6:00 PM UTC.
All you need to do is bring something DSF-related to work on. This is intentionally broad, as long as it's vaguely DSF-related you're welcome to come. It's not a general-purpose Django coding session (you're welcome to be writing code but it should be related the DSF, e.g. working on djangoproject.com or something).
They are friendly and casual. People are welcome to bring topics and discussions for everyone to cover. I personally find them helpful in staying on top of community news and finding impactful ways to contribute to the community.

To help set expectations, here's a list of what we discussed in the latest office hour:
- Executive Director position and fundraising
- Marketing / broadcasting office hours to the rest of the community
- Analytics on the website
- Community updates (Steering Council, Djangonaut Space)
- New prospectus discussion for DSF sponsors
- djangoproject.com website updates to reflect new prospectus pricing
- Google Summer of Code Working Group charter
- Contributor experience in Django
Each meeting the topics will change based on who is there and what's new, but if this sounds interesting to you, we'll see you next Wednesday!
Python Software Foundation
PSF Board Election Dates for 2026
Python Bytes
#486 underscore-underscore-ghost-emoji
Topics include Free-threaded Python: past, present, and future, django-admin-site-search, Qwen 3.6 27B is the sweet spot for local development, and.
ListenData
How to Automate Cloudflare Usage Monitoring
Bob Belderbos
Ask the Canon: Semantic Search Without a Vector Database
I built out askthecanon.com this weekend, a semantic search over 100 public-domain books (from the Gutenberg project). You ask a question in plain language and get the passages that mean that, cited by author, title, and chapter. I wanted a local, no-generative-AI solution: a retrieval engine using Hugging Face embeddings and NumPy that returns original passages, no full vector database (yet), no API calls at query time.
HoloViz
Introducing Panel Live Server: An MCP Server for Instant Python Visualization Rendering
Panel Live Server is an MCP server and local web server that lets AI assistants like Claude, VS Code, and Cursor render Python visualizations as interactive web pages in real time, with a standalone browser mode for use without AI.
June 29, 2026
Talk Python Blog
Portuguese subtitles available for all courses
Over the past couple of months, we announced support for multi-lingual subtitles on our courses, starting with German and then Spanish. Now we are ready to release our third language, Portuguese!

All 283 hours of courses have complete Portuguese subtitles. Just choose your language, set the subtitle size and location and you have high-quality Portuguese subtitles to accompany your learning.
Your next course
What’s next? Well, either drop into your account page and continue with an existing course you’re studying or browse our catalog of courses to find your next one.
Django Weblog
DSF member of the month - Salim Nuru
For June 2026, we welcome Salim Nuru as our DSF member of the month! ⭐
Salim was a Djangonaut Space participant in the first session. He has been an organizer of the DjangoCon Africa conference. He is currently the chair of the DjangoCon US website team. He is a DSF member since October 2024. He is looking for new opportunities!
You can learn more about Salim by visiting Salim's blog and his GitHub Profile.
Let’s spend some time getting to know Salim better!
Can you tell us a little about yourself (hobbies, education, etc)?
I'm Salim, I’m from Addis, Ababa Ethiopia. I'm a software engineer by day and a security researcher by night. And for fun, I like chess, video games, and books.
I already have an idea, but where does your nickname "theShinigami" come from?
I LOVE anime, and the very first anime I watched was Death Note. There's this character called Ryuk, who is a "shinigami," and when I created my GitHub account, it was a time when I was really into anime (which I still am). That's why it stuck as my GitHub username.
How did you start using Django?
I started using Django during my college years. I was doing freelance work and mostly using .NET and JavaScript, when I got a huge project that needed to be built with Django. I didn't want to pass up the opportunity. At that time, I had heard about Django but never gotten to use it, so I had a week to prepare and spent every minute of it learning Django. I liked how easy it was to learn.
What other frameworks do you know, and is there anything you would like to have in Django if you had magical powers?
From Python based frameworks, I use Flask, FastAPI, etc. And I would like Django to support REST APIs out of the box.
What projects are you working on now?
I have a couple of projects I'm working on currently, and the one I'm proud of, and actively working on, is a platform that scans an Android app and gives security suggestions. It also has an AI that can do a deep scan and suggest a proof of concept if any vulnerabilities are found in the app. This is my first project that involves AI and running my own local LLM for security.
Which Django libraries are your favorite (core or 3rd party)?
There are a lot of great libraries, but the Django Debug Toolbar has a special place in my heart. Also Django Rest Framework (DRF), which I use for most of the projects I work on.
What are the top three things in Django that you like?
Community, security by default, and finally the admin panel.
I know you have a lot of knowledge in cybersecurity. How do you find the security in Django? Have you ever thought about being part of the security team, by any chance?
I'm still learning, and in Django I like how it applies security by default, which is a good thing. For now, I'm replicating the CVEs found in Django, just trying to understand them and find my next CVE in Django 🤞, and hopefully it would be great to work with the Django security team 🙂
You have been an organizer of DjangoCon Africa, thank you for organizing it. Organizers always do a lot of work that people can't see. How did you start? What are the things that surprised you or that you didn't expect as an organizer?
Organizing is a team effort. I like the saying “there is no "I" in DjangoCon US” 🙂
I attended my very first DjangoCon at the very first DjangoCon Africa, as a speaker, and I really enjoyed it. I liked how the community was really welcoming and friendly, and right there and then I decided that this was going to be my community and that I had to do my part.
So I joined the organizing team for the next DjangoCon Africa, and after organizing it, I was really surprised by how many people from the community joined the event, and how far they had come just to attend the conference.
You are now the chair of the DjangoCon US website, that's amazing! What does it mean exactly? How has your experience been so far?
Well, if people want to know anything about the conference, they're going to be checking out the website, and as the chair, I should be able to make that experience great. As for my own experience, I think it's really great and a step up in role. I'm learning a lot, and I'm very happy that I'm able to do it.
You now have some experience in organizing big events. Do you have any recommendations for people who would potentially be interested in contributing to or organizing this type of event?
Don't wait to feel ready, because that feeling rarely comes. Take on a small role first, lean on the people around you, and keep everyone in the loop. So to anyone considering it, I'd say jump in, the experience is well worth it.
You have been part of the Djangonaut Space program as a djangonaut (participant), and you are now involved in the community in many ways. How do you reflect on your evolution since your participation in the program? Any advice for potential new contributors or people who would like to give it a try?
When I joined Djangonaut Space as a participant, I would say that was the highlight of my year, because I always wanted to contribute to open source, especially to Django and Python projects, but I always hesitated to do it. The program really helped me, from picking my first issue to creating the PR (a big shoutout to Fabian, lead maintainer of Django CMS) it was really amazing. And for any new contributors, if you're planning to join Djangonaut Space, it's not just going to help you with your open source contribution, you're going to be joining a community.
Do you remember your first contribution to Django and to open source?
My very first contribution was to a tool for binary instrumentation. I was doing some reverse engineering, but there was a bug that made it difficult, so I had to understand and fix the bug and then create a PR. I remember getting good feedback and having a good interaction via Discord, and the PR was finally merged 🙂. In Django, it was Django CMS, and the issue I worked on was the missing X-Frame option from the Advanced form (#7981). It was a great first issue, and it taught me a lot.
Is there anything else you’d like to say?
I'd just like to thank the Django community for being so welcoming to newcomers, and I'm looking forward to making new contributions (especially in security) 🙂.
Thank you for doing the interview, Salim !
Mike Driscoll
Python eBook and Course Summer Sale
It’s officially summer, and I am bringing you some HOT Python deals today! Get 33% off almost all my books and courses on Gumroad today using the following H5N5F7K You can start learning the basics of Python with Python 101, or get more targeted learning with my book, Python Logging. If you want to create […]
The post Python eBook and Course Summer Sale appeared first on Mouse Vs Python.
Seth Michael Larson
United Nations Open Source Week 2026
June 28, 2026
"Michael Kennedy's Thoughts on Technology"
What the pls?
uv tool, pipx, and uvx will work the way you’d expect. The catch: none of this is live yet. It ships with v7, which is still in beta, so a plain uv tool install pls today still pulls the abandoned v6, and the metadata issues (the 404 homepage and broken links) won’t be cleaned up until v7 is released. Want the fix right now? Install the beta directly from the pls 7.0.0b1 release on PyPI. A big thank you to Dhruv for jumping on this so quickly. See the full thread in issue #153.
tl;dr; The pls package on PyPI is an abandoned Python version (last released as v6.0.0 in 2023). The actively-developed pls was rewritten in Rust and now lives at pls-rs/pls. If you installed it with uv tool install pls or pipx install pls, you have the wrong one. Uninstall it and install the Rust build instead (e.g. brew install pls-rs/pls/pls).
You may have heard me sing the praises of pls. I really love the icons and colors to disambiguate files and provide more information about them, the developer workflow, and more. Here’s an example in the Warp terminal for my jinja-partials package.

But installing and managing this package is weird and kinda deceiving to say the least. pls was originally pure Python (up to v6.0.0 in 2023). It’s listed on PyPI here. So it looks like that is just the latest, right? After all, if it was rewritten in Rust, it can still be installed via PyPI and in particular, via uv tool install pls.
But no.
There are a few funky things about the PyPI listing that give it away:
- The homepage 404s. The homepage link on the PyPI page goes nowhere. A bit sus.
- The GitHub repo is a silent redirect. The repo seems alive, but the link https://github.com/dhruvkb/pls silently redirects to https://github.com/pls-rs/pls. Clicking the link in PyPI seems to reference the Rust/latest version. But this happens only because GitHub does the redirect.
How do I install the correct, Rust-based pls?
To get the actively-developed version, don’t let PyPI fool you. There are two steps:
- Uninstall the Python version if you installed it via Python:
uv tool uninstall pls(orpipx uninstall pls). - Then install the Rust version directly. I use Homebrew, so it’s
brew install pls-rs/pls/pls. See their getting started page for the option that works best for you.
Should you switch from the PyPI version of pls?
Yes - if you installed it with a Python tool, switch to the Rust version. Normally, I’d just chalk this up to standard package / open source drift and carry on with my life. But I’ve recommended pls to enough people that I feel I should call a bit of attention here. So if you’re using pls and you used Python tools to install it, like uv, uninstall that version and jump over to the Rust-based one.
Python Insider
Packaging Council Inaugural Election Dates
A new Python Packaging Council (PPC) is being established, with their election of the inaugural PPC will be held in parallel to the 2026 PSF Board election.

