Compatibility with Django 4.2 #480
Conversation
for more information, see https://pre-commit.ci
|
So this was the only change needed for me to run omero-web with Django 4.2.2 locally. Strange error. I moved that config line till later in the script, which resulted in a more cryptic failure much later on.. https://merge-ci.openmicroscopy.org/jenkins/job/OMERO-web/209/console Reverting back to Django 4.0.10 restored the build. |
|
Django 4.1.9 works with this PR: https://merge-ci.openmicroscopy.org/jenkins/job/OMERO-web/214/ |
|
Googling for "Error printing text" finds https://forum.image.sc/t/installing-omero-web-server/67398/3 Just testing locally, it looks like the same issue I first saw above: #480 (comment) |
|
So that last commit fixes the merge-ci deploy with Django 4.2.2: https://merge-ci.openmicroscopy.org/jenkins/job/OMERO-web/217/console |
|
In 4.2 the changes in django/django#15352 were made which check if the key matches I'm quite concerned that the requirement for those settings to be available during our own settings processing might create race conditions or other unintended consequences now or in the future. Basically, we've been using that filter beyond its intended use case for some time and that's likely never been a good idea; What I'd recommend is that we not hack around this by messing with the order of /cc @sbesson Footnotes |
This middleware is not in use anywhere in the codebase, has not had substantial updates for 10+ years and has long been superceded by: * https://docs.djangoproject.com/en/4.2/ref/middleware/#module-django.middleware.gzip See also: * https://docs.djangoproject.com/en/4.2/releases/4.2/#mitigation-for-the-breach-attack
There was a problem hiding this comment.
The code changes are relatively minimal and sizeable, in part due to the preliminary work that has been taken place as separate PRs.
Deployed the application both locally with a development server and a file-based session store and on a testing server with Nginx and Redis. In both cases the application started without issue and I was able to achieve the minimal workflows (login, image browsing, admin tab, image opening).
Finally, this has been successfully integrated in the nightly build of the OME Jenkins CI and deployed alongside various OMERO.web apps including OMERO.iviewer, OMERO.iviewer. Here again , a quick round of testing did not highlight any outstanding issues.
In terms of roadmap, my inclination would be to
1- only support compatibility with a single Django version for any given release
2- target an upgrade of Django to 4.2 as part of the upcoming release.
Having additional reviewers would be useful but to some extent, the next logical step will probably be to get this merged and start planning the testing & release timeline.
Looking at the backwards-incompatible changes, possibly the biggest question as per the deprecation of django.contrib.sessions.serializers.PickleSerializer is whether we are also scheduling to update the default value of omero.web.session_serializer to use the JSON serializer (all the testing above was performed using the legacy pickle serializer)
|
Thanks @chris-allan for fixing that. I don't have a strong view on whether we should support a single or multiple versions of Django in future releases. 👍 (I can't approve my own PR!) |
Python 3.6 and Python 3.7 are EOL and several other dependencies in the OMERO ecosystem have already raised their minimal version to Python 3.8 if not greater like NumPy which is now Python 3.9+. I don't perceive this as an issue, we are simply updating our stack to comply with the latest supported base requirements. In all cases, thanks for raising this point. Definitely worth including both in the release notes as well as in the upgrading section. |
|
This pull request has been mentioned on Image.sc Forum. There might be relevant details there: https://forum.image.sc/t/release-of-omero-server-5-6-8-and-omero-web-5-22-0/84157/1 |
|
This pull request has been mentioned on Image.sc Forum. There might be relevant details there: https://forum.image.sc/t/omero-figure-dev-install-with-docker-fails/86022/2 |
Introduction
This PR is a follow on from the Django 4.0.x compatibility added in #458.
The strategy followed in this PR is to first allow Django 4.2.x and then make all the changes in a way that is also still compatible with Django 3.2. This should allow us to work with both versions and then revert the singular commit allowing Django 4.2 if desired and when we are ready.
Release notes for the major versions between our current 4.0.x and the 4.2.x target:
The
django-pipelinedependency has been updated to the latest version in order to support Django 4.2.x.django-redishas been updated to the latest version for better Django 4.2.x compatibility. All other dependencies have been left alone.NOTE: The supported Python versions for Django 4.2.x are currently 3.8, 3.9, 3.10, and 3.11.
Per-version specific concerns
Django 4.1.x (deprecations from Django 3.2.x removed)
See:
Detail:
django.contrib.sessions.serializers.PickleSerializeris deprecated due to the risk of remote code execution.Django 4.2.x (no past deprecates from earlier versions of Django were removed)
See:
Detail:
GzipMiddleware, not in use and has not had substantial updates since 2010, has been removed