- XSS vulnerability: Unescaped HTML in title propagated to notification (WhiteSource Vulnerability Research Team)
0.7.8
Released on 2021-10-25.
Fixed
- Notification menu bug after Bootstrap upgrades :url-issue:`1142` (Fred Dyc)
0.7.7
-----
Released on 2021-08-28.
Changed
Bundled JQuery upgraded from 3.4.1 to 3.6.0 :url-issue:1138 (Benjamin Balder Bach)
Fixed
- Small notification plugin registration bug introduced in 0.7.6 :url-issue:`1132` (SlyPerdix)
</code></pre>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/django-wiki/django-wiki/commit/f0a042bb58ff388872c0704fe16590c335fa66ad"><code>f0a042b</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/django-wiki/django-wiki/issues/1148">#1148</a> from benjaoming/escape-title</li>
<li><a href="https://github.com/django-wiki/django-wiki/commit/e6dd214d1393a2bb0f7c24a53bb35ecaa3674fed"><code>e6dd214</code></a> Bump version</li>
<li><a href="https://github.com/django-wiki/django-wiki/commit/9eaccc7519e4206a4d2f22640882f0737b2da9c5"><code>9eaccc7</code></a> Security fix (XSS) - Build HTML elements for notifications safely</li>
<li><a href="https://github.com/django-wiki/django-wiki/commit/28dcfabda3b331d0004bad8c5c589bd441be4301"><code>28dcfab</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/django-wiki/django-wiki/issues/1146">#1146</a> from benjaoming/newrelease</li>
<li><a href="https://github.com/django-wiki/django-wiki/commit/402489af0da648bf29f6a55caac3789e75236058"><code>402489a</code></a> Bump to 0.7.8, add release note</li>
<li><a href="https://github.com/django-wiki/django-wiki/commit/f726bc27de0273347552b1f65840acc62bef5229"><code>f726bc2</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/django-wiki/django-wiki/issues/1142">#1142</a> from fredmajor/feature/optional_trailing_slash_in_path</li>
<li><a href="https://github.com/django-wiki/django-wiki/commit/b425a2aa6cd5b068133cf95f8d126a25c192e399"><code>b425a2a</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/django-wiki/django-wiki/issues/1145">#1145</a> from benjaoming/rtd-fix</li>
<li><a href="https://github.com/django-wiki/django-wiki/commit/9f89b164327a787af45f57b560ddffa9e29cf87d"><code>9f89b16</code></a> Fix of issue in RTD that Github complains about in the eternal security threa...</li>
<li><a href="https://github.com/django-wiki/django-wiki/commit/873cc06b914316bf7114893f7d82e2349bb735a0"><code>873cc06</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/django-wiki/django-wiki/issues/1144">#1144</a> from benjaoming/session-cookie-testproject</li>
<li><a href="https://github.com/django-wiki/django-wiki/commit/9eba24e0b77d516d83fd2ad4f8f9d7eb91d80a6e"><code>9eba24e</code></a> Add SESSION_COOKIE_SECURE = True for demo project</li>
<li>Additional commits viewable in <a href="https://github.com/django-wiki/django-wiki/compare/releases/0.7.6...releases/0.7.9">compare view</a></li>
</ul>
</details>
<br />
[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=wiki&package-manager=pip&previous-version=0.7.6&new-version=0.7.9)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/auto-mat/klub/network/alerts).
Coverage remained the same at 26.695% when pulling a7bd53278e1717a8f60855a835a33b74a7fb395d on dependabot/pip/wiki-0.7.9 into a5e2d32cdc9d02a8f413e66d935cf8a3b3ee4662 on master.
Bumps wiki from 0.7.6 to 0.7.9.
Release notes
Sourced from wiki's releases.
Changelog
Sourced from wiki's changelog.