This is essentially the same problem as with MultiChoiceField in #2993 but now with a Serializer. The fix would also be similar, I believe.

Problem is in the following case, where uploading a file with multipart PATCH can null the related_model relationship.

class SomeSerializer(serializers.Serializer):
  related_model = OtherSerializer()
  file = serializers.FileField()
  ...

The problem is in the following get_value (serializer.py) method that returns a {} instead of empty when doing a multipart PATCH that does not contain the said field (and thus empty would be desired). This could result in accidentally nulling fields (~destroying data) during PATCH requests.

 def get_value(self, dictionary):
    # We override the default field access in order to support
    # nested HTML forms.
    if html.is_html_input(dictionary):
        return html.parse_html_dict(dictionary, prefix=self.field_name)
    return dictionary.get(self.field_name, empty)

The same issue could be present at (they don't do a check for 'partial'):

• https://github.com/tomchristie/django-rest-framework/blob/3.1.3/rest_framework/serializers.py#L502
• https://github.com/tomchristie/django-rest-framework/blob/3.1.3/rest_framework/fields.py#L1262
• https://github.com/tomchristie/django-rest-framework/blob/3.1.3/rest_framework/fields.py#L1286

I noticed this effect using MultiChoiceFields with 3.0.5 but it was fixed in 3.1.3. However, I also bumped into it using a nested Serializer relation like I describe above with SomeSerializer.