Content: Blog

Release

What’s New in django CMS 5.0.7

Fabian Braun

Fabian Braun

May 8, 2026

This release focuses on stability, security, editor experience, and compatibility improvements across the CMS core. It includes fixes for frontend editing, permissions handling, plugin behavior, apphooks, migrations, and performance-related edge cases.

We recommend all users of the 5.0 LTS series upgrade to 5.0.7.

Security improvements

The most notable security fix was a security issue involving improper escaping of page titles, which could allow JavaScript injection under certain conditions (thanks to Sanjok Karki, Javi Escribano, and galbadrakhtergel0820 for responsibly reporting the issue).

In addition, inline editing permission handling has been tightened:

Editor and frontend improvements

Several fixes improve the editing experience and frontend consistency:

  • GET parameters are now preserved when toggling structure mode (#8497)
  • Fixed garbled <head> sections caused by DiffDOM updates in some situations (#8562)
  • Deleting a non-local plugin now properly refreshes the interface (#8582)
  • External placeholders now correctly display the pin icon (#8520)
  • Empty fallback languages no longer render blank output when fallback redirects are disabled (#8558)
  • Frontend edit mode now resolves empty page_title values correctly for apphooks (#8449)

Plugin and model handling

This release fixes several issues related to plugins, queryset iteration, and CMSPlugin proxy models:

  • Added the missing chunk size for plugin queryset.iterator() usage (#8532)
  • Fixed downcasting for proxy models of CMSPlugin (#8539)
  • Fixed caching behavior for slug and overwrite_url in read-only change views (#8507)

API and compatibility fixes

A number of improvements enhance compatibility and developer ergonomics:

  • Added a page_title parameter to cms.api.create_page() (#8567)
  • Fixed compatibility shim behavior for Page.objects.order_by() when using non-existing fields (#8598)
  • Fixed ApplicationConfigSelect value conversion issues (#8594)
  • Fixed migration failures with custom user models that could trigger ProgrammingError exceptions (#8606)

Stability

This release also addresses database and tree operation reliability when moving large page subtrees (#8529)

Upgrading

To upgrade:

pip install -U "django-cms>=5.0.7,<5.1"

As always, please review your project-specific dependencies and test thoroughly before deploying to production.

Thank you for supporting django CMS!

Additional resources:

Release notes django CMS 5.0.7

Do you want to test django CMS?

Try django CMS

django CMS Association

The association behind django CMS
Email [email protected]

Subscribe to Newsletter

 

Community
Blog
Events
Security
Our Supporters
Developers
Documentation
Roadmap
Repository
Issue tracker
Follow us

icon-github.png   icon-linkedin-32.png
Mastodon
Youtube
Join our Discord Community

Copyright © 2001 - 2026 Divio AG. BSD Open-Source License.

Django CMS is based on Python and Django

A project backed by the django CMS Association