wagtail/wagtail
### [`v4.1.4`](https://togithub.com/wagtail/wagtail/releases/tag/v4.1.4): 4.1.4
[Compare Source](https://togithub.com/wagtail/wagtail/compare/v4.1.3...v4.1.4)
- Fix: CVE-2023-28836 - Stored XSS attack via ModelAdmin views (Thibaud Colas)
- Fix: CVE-2023-28837 - Denial-of-service via memory exhaustion when uploading large files (Jake Howard)
- Fix: Fix radio and checkbox elements shrinking when using a long label (Sage Abdullah)
- Fix: Fix select elements expanding beyond their container when using a long option label (Sage Abdullah)
- Fix: Fix timezone handling of `TemplateResponse`s for users with a custom timezone (Stefan Hammer, Sage Abdullah)
- Fix: Ensure TableBlock initialisation correctly runs after load and its width is aligned with the parent panel (Dan Braghis)
- Fix: Ensure that the JavaScript media files are loaded by default in Snippet index listings for date fields (Sage Abdullah)
- Fix: Fix server-side caching of the icons sprite (Thibaud Colas)
- Fix: Always show Add buttons, guide lines, Move up/down, Duplicate, Delete; in StreamField and Inline Panel (Thibaud Colas)
- Fix: Ensure datetimepicker widget overlay shows over modals & drop-downs (LB (Ben) Johnston)
- Maintenance: Render large image renditions to disk (Jake Howard)
### [`v4.1.3`](https://togithub.com/wagtail/wagtail/releases/tag/v4.1.3): 4.1.3
[Compare Source](https://togithub.com/wagtail/wagtail/compare/v4.1.2...v4.1.3)
- Fix: Add right-to-left (RTL) support for the following form components: Switch, Minimap, live preview (Thibaud Colas)
- Fix: Improve right-to-left (RTL) positioning for the following components: Page explorer, Sidebar sub-menu, rich text tooltips, rich text toolbar trigger, editor section headers (Thibaud Colas)
- Fix: Ensure links within help blocks meet colour contrast guidelines for accessibility (Theresa Okoro)
- Fix: Support creating `StructValue` copies (Tidiane Dia)
- Fix: Fix "Edit this page" missing from userbar (Satvik Vashisht)
- Fix: Prevent audit log report from failing on missing models (Andy Chosak)
- Fix: Add missing log information for `wagtail.schedule.cancel` (Stefan Hammer)
- Fix: Fix timezone activation leaking into subsequent requests in `require_admin_access()` (Stefan Hammer)
- Fix: Prevent matches from unrelated models from leaking into SQLite FTS searches (Matt Westcott)
- Docs: Clarify `ClusterableModel` requirements for using relations with `RevisionMixin`-enabled models (Sage Abdullah)
- Maintenance: Update Algolia DocSearch to use new application and correct versioning setup (Thibaud Colas)
Configuration
π Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
π¦ Automerge: Disabled by config. Please merge this manually once you are satisfied.
β» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
π Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
==4.1.2->==4.1.4Release Notes
wagtail/wagtail
### [`v4.1.4`](https://togithub.com/wagtail/wagtail/releases/tag/v4.1.4): 4.1.4 [Compare Source](https://togithub.com/wagtail/wagtail/compare/v4.1.3...v4.1.4) - Fix: CVE-2023-28836 - Stored XSS attack via ModelAdmin views (Thibaud Colas) - Fix: CVE-2023-28837 - Denial-of-service via memory exhaustion when uploading large files (Jake Howard) - Fix: Fix radio and checkbox elements shrinking when using a long label (Sage Abdullah) - Fix: Fix select elements expanding beyond their container when using a long option label (Sage Abdullah) - Fix: Fix timezone handling of `TemplateResponse`s for users with a custom timezone (Stefan Hammer, Sage Abdullah) - Fix: Ensure TableBlock initialisation correctly runs after load and its width is aligned with the parent panel (Dan Braghis) - Fix: Ensure that the JavaScript media files are loaded by default in Snippet index listings for date fields (Sage Abdullah) - Fix: Fix server-side caching of the icons sprite (Thibaud Colas) - Fix: Always show Add buttons, guide lines, Move up/down, Duplicate, Delete; in StreamField and Inline Panel (Thibaud Colas) - Fix: Ensure datetimepicker widget overlay shows over modals & drop-downs (LB (Ben) Johnston) - Maintenance: Render large image renditions to disk (Jake Howard) ### [`v4.1.3`](https://togithub.com/wagtail/wagtail/releases/tag/v4.1.3): 4.1.3 [Compare Source](https://togithub.com/wagtail/wagtail/compare/v4.1.2...v4.1.3) - Fix: Add right-to-left (RTL) support for the following form components: Switch, Minimap, live preview (Thibaud Colas) - Fix: Improve right-to-left (RTL) positioning for the following components: Page explorer, Sidebar sub-menu, rich text tooltips, rich text toolbar trigger, editor section headers (Thibaud Colas) - Fix: Ensure links within help blocks meet colour contrast guidelines for accessibility (Theresa Okoro) - Fix: Support creating `StructValue` copies (Tidiane Dia) - Fix: Fix "Edit this page" missing from userbar (Satvik Vashisht) - Fix: Prevent audit log report from failing on missing models (Andy Chosak) - Fix: Add missing log information for `wagtail.schedule.cancel` (Stefan Hammer) - Fix: Fix timezone activation leaking into subsequent requests in `require_admin_access()` (Stefan Hammer) - Fix: Prevent matches from unrelated models from leaking into SQLite FTS searches (Matt Westcott) - Docs: Clarify `ClusterableModel` requirements for using relations with `RevisionMixin`-enabled models (Sage Abdullah) - Maintenance: Update Algolia DocSearch to use new application and correct versioning setup (Thibaud Colas)Configuration
π Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
π¦ Automerge: Disabled by config. Please merge this manually once you are satisfied.
β» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
π Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.