2.21.0 — Gunicorn in production (catch-up release since 2.9.0)

This is a catch-up release: deploy tags have run well ahead of published GitHub Releases (the last was 2.9.0), so these notes roll up the major work shipped across 2.10–2.21. The headline change in 2.21.0 itself is moving production onto Gunicorn.

2.21.0 — Production-grade serving

• Gunicorn replaces Django's dev runserver on test & prod (#1034). We'd been running the development server in production since 2017, which Django's docs explicitly warn against (unaudited for security/performance). Gunicorn brings managed workers, crash recovery, and request timeouts. The swap is fully inside the container — Apache still reverse-proxies and serves static/media — so nothing changed for visitors except robustness.
• /version/ now reports the live WSGI server (and already exposed git SHA + build time, #1366), so a deploy can be confirmed at a glance.

Highlights since 2.9.0

Admin & content management

• Restructured admin access into personal accounts + permission groups (#1125): Editors (full content) and Contributors (submit/review, no deletes); account/Grant/Award admin reserved for superusers.
• Replaced CKEditor 4 with django-prose-editor (#1269) — removed an EOL editor with unpatched XSS, unblocking the path to newer Django; legacy news images made responsive.
• Admin changelist performance + usability pass (#1346), photo/upload guards so files survive validation errors (#248, #1346), banner management in admin (#1082), poster/talk preview popovers (#840), media-integrity row action (#1376).

Analytics, SEO & social

• Migrated to native GA4 analytics (#855).
• SEO/social metadata overhaul: Open Graph/canonical/meta-description fallbacks, sitemap lastmod + scheme fixes, search-console docs (#1236, #1142, #1324, #1313).

Accessibility

• Reduced-motion support (pauses video/animated logo) (#1294), related-project alt text (#1020), banner cross-fade blink fix (#1010), mobile section-nav and project-listing overflow fixes (#1331, #1367).

Data integrity

• De-duplicated duplicate people and colliding url_names (#1275, #1206); PI/Co-PI project data-health checks (#1182); link/propagate artifacts to their publication's projects (#649).

Infrastructure & testing

• Custom 404 page (#1190), upload file-type validation (#6), test-coverage backfill + Pa11y CI + factory_boy fixtures (#1278, #1272), CI guard against multi-line {# #} template comments.

Full commit history: 2.9.0...2.21.0

2.9.0

What's Changed

• External slides URL on Talk/Poster; drop slideshare_url (#1273) by @jonfroehlich in #1274
• Add read-only Data Health admin dashboard + checks (#1276) by @jonfroehlich in #1277
• Add CI + test-settings shim + split tests into a package (#1279) by @jonfroehlich in #1280
• Refactor view_project_people: fix director hardcoding + N+1 query storm by @jonfroehlich in #1285
• Fix mobile navbar sizing/wrap and logo overflow (#1281, #1282, #1286) by @jonfroehlich in #1287
• Remove unused jQuery UI + dead autocomplete.css (#1288) by @jonfroehlich in #1289
• Vanilla navbar collapse; remove dead back-to-top + jQuery Easing (#1288) by @jonfroehlich in #1290
• Remove dead Bootstrap scrollspy from (#1288) by @jonfroehlich in #1291
• Replace Bootstrap 3 popover (jQuery) with a vanilla popover (#1288) by @jonfroehlich in #1292
• Replace Bootstrap carousel JS with a vanilla crossfade carousel (#1288) by @jonfroehlich in #1293
• Drop jQuery 1.9.1 + Bootstrap 3.3.6 JavaScript (#1288) by @jonfroehlich in #1295
• Remove redundant allowfullscreen on video iframes (#1296) by @jonfroehlich in #1297
• Auto-calculate publication num_pages from PDF (#1298) by @jonfroehlich in #1301
• Make projects private by default with a single is_visible flag (#1300) by @jonfroehlich in #1302
• Hide private projects on all remaining surfaces (#1300 follow-up) by @jonfroehlich in #1303
• Replace django-image-cropping with an in-repo Cropper.js admin widget (#1299) by @jonfroehlich in #1305
• Admin: preview, crop & shuffle the Star Wars easter-egg figure in the Person cropper (#1304) by @jonfroehlich in #1306
• Add dynamic sitemap.xml and robots.txt (#1252) by @jonfroehlich in #1307
• Serve sitemap via static robots.txt; drop dead Django robots view (#1252) by @jonfroehlich in #1308
• Bump version to 2.8.1 for the sitemap.xml release (#1252) by @jonfroehlich in #1309
• Pin sitemap URLs to https; bump to 2.8.2 (#1252) by @jonfroehlich in #1310
• docs: document Apache static-vs-Django routing (robots.txt & sitemap.xml) by @jonfroehlich in #1311
• docs: correct log locations in DEPLOYMENT.md (buildlog.txt not on shared FS) by @jonfroehlich in #1312
• Member page: dynamic load-more, vertical papers, bio expand, section nav (#1110) by @jonfroehlich in #1314

Full Changelog: 2.3.4...2.9.0

2.3.4

2.3.4 — Performance, correctness, and hygiene

A focused pass on long-standing bugs and the publications/index page perf cliff. No breaking changes — drop-in upgrade from 2.3.2. 49 unit tests now pass (up from 0 at the start of the pass).

⚡ Performance

• /publications/ is ~8× faster end-to-end. Added prefetch_related('authors', 'projects', 'keywords') to the Publication queryset across /publications/, /, /project/<n>/, and /member/<n>/. The snippet loops pub.authors.all / pub.projects.all / pub.keywords.all per row, so the prefetch eliminates the bulk of the N+1. Measured locally: 617 queries / 275.83 ms → 60 queries / 35 ms. (d4f6d65)
• Talk and Video pages also faster via the same select_related + prefetch_related shape across index/project/member views. Index: 348 → 154 queries / 174 → 104 ms. Project page: 85 → 63 queries / 71 → 39 ms. (1cae31c)
• Thumbnails now lazy-load. loading="lazy" added to all 9 artifact-thumbnail <img> tags in display_pub_snippet.html and display_talk_snippet.html. Below-the-fold images defer until scrolled into view. Particularly noticeable on slow mobile networks. (a51d812)

🐛 Bug fixes

• serve_pdf no longer crashes on duplicate substring matches and no longer enables PDF-filename enumeration. Replaced Publication.objects.get(pdf_file__icontains=filename) with filter(pdf_file__iendswith=filename).first(). Preserves the fuzzy difflib fallback for stale external links (#1173). (f78fc14)
• News pages with deleted authors no longer crash. News.author is null=True, on_delete=SET_NULL. Previously the news_item view raised AttributeError and the news_listing template raised NoReverseMatch whenever a News row's author had been removed. Both call sites guarded. (1c0d6c0)
• delete_unused_files no longer crashes on artifacts with no PDF or thumbnail. Three call sites guarded (talk PDF, pub PDF, pub thumbnail), matching the existing poster-branch pattern (#1254). (202b1bb)
• views/member.py MultipleObjectsReturned handler now references a real field. The fallback used order_by('-modified_date') which doesn't exist on Person; switched to -bio_datetime_modified (#1254). (202b1bb)
• Artifact.do_filenames_need_updating checks the correct fields. The raw_file and thumbnail branches were both comparing pdf_file.name (copy-paste bug); each now checks its own field. (c7abcf7)
• News.save() slug-collision loop excludes self. Admin-cleared slugs no longer bump unnecessarily on re-save. (c7abcf7)
• Person.save() no longer leaks file descriptors when assigning the Star Wars fallback image — wrapped in try/finally that closes after super().save() reads the file. (c7abcf7)

🧹 Hygiene

• Production file-log level is now INFO instead of DEBUG. The file handler in settings.py is conditional on DEBUG — local dev keeps verbose file logs; production logs are much smaller and no longer expose per-request URLs or _logger.debug payloads at /logs/debug.log. (~75 MB of stale rotated debug.log* files in ~/ml-www-prod were also cleaned up manually.) (31f2b4f)
• Stray print() statements removed from models/projectils/ml_utils.py. (14da008)
• Broken _logger.debug payload fixed in views/people.py:62 — the second positional arg was being silently dropped. (14da008)
• Duplicate Coalesce import removed from models/personn models/project_role.py:88` per PEP 8 (#1254). (f0d44c1)
• Dead code removed: get_closest_filename_from_filesystem helper in serve_pdf.py. (f78fc14)

🧪 Tests

The test suite went from effectively empty to 49 unit tests covering BibTeX citation, get_current_member_count, Artifact.do_filenames_need_updating, serve_pdf paths, plu_biocoverage. AllSimpleTestCase` — no DB setup required,runs in <100 ms.

🛠 Known follow-ups (not in this release)

• Production-side Apache exemption for /media/publications/ (#1173) — the serve_pdf view's code is now safe to expose, but Apache on production still serves /media/publications/* directly. The test serve IT in Dec 2025; the prod-side ask is in flight.
• /logs/ exposure design check — currently public by design per docs/DEPLOYMENT.md. Open question whether to add an IP allowlist or basic auth; not load-bearing since prod logs are now INFO-only.
• DB-touching test infrastructure — would unlock assertNumQueries regression tests for the perf wins and view-level integration tests for the null-guard logic.

Full diff: https://github.com/makeabilitylab/makeabilityl.4

More Accessibility Improvements

More accessibility and CSS improvements and refinements.

What's Changed

• Fixing a number of bugs by @jonfroehlich in #1246
• More accessibility fixes by @jonfroehlich in #1247
• added medical position titles by @jonfroehlich in #1248
• Significantly updated this internal page with a frontend by @jonfroehlich in #1249

Full Changelog: 2.1.1.0...2.2.3

Accessibility Overhaul

• Massive accessibility overhaul by @jonfroehlich in #1242
• Fix poster issues by @jonfroehlich in #1235
• Fix same name problem by @jonfroehlich in #1237
• Auto-fills poster content from pub info, addressing Issue #1229 by @jonfroehlich in #1230
• Update admin interfaces by @jonfroehlich in #1232

Django 5.2.9 Upgrade

What's Changed

• Upgrade to django 5.2.9 by @jonfroehlich in #1214
• Fixed YouTube Embed Error #1211
• Fixed popup fails to close on admin interface #973

Full Changelog: 1.9.4.9...1.9.6

1.3.1

What's Changed

• Simplified navbar.css significantly. Also added better support for light vs. dark navbar
• Updated logos to v3
• Updated footer to include educational mission
• Redid people page with updated aesthetics and fast load times
• Updated publications page to no longer use .js

1.1

What's Changed

• Adding significantly more logging to help debug lag/slowness
• Upgraded to Docker 4.2.5, which required upgrading to at least PostgreSQL 12 (from 11). Now up to 16 on -test and prod
• Rebuilt docker-compose structure to improve handling of -test and prod and address security issues

New Contributors

• @yhtill made their first contribution in #1038

Full Changelog: 1.0.10...1.1

v1.0.0 with Django 4.1.2

• Updated to Django 4.1.2 along with all libraries (140ffc5)
• Finally refactored Django model names to follow Django and Python convention (CamelCase); see #837
• Removed old Command code for importing data from UMD website (de74baf)

Django Update

Django is updated to 2.1.7, reorders people page, fixes minor bugs, and adds high school research section to FAQ.