* Fix: CVE-2023-45809: Disclosure of user names via admin bulk action views (Matt Westcott)
* Fix: Fix `SnippetBulkAction` not respecting `models` definition (Sandro Rodrigues)
* Fix: Correctly quote non-numeric primary keys on snippet inspect view (Sage Abdullah)
* Fix: Prevent crash on snippet inspect view when displaying a null foreign key to an image (Sage Abdullah)
* Fix: Populate the correct return value when creating a new snippet within the snippet chooser (claudobahn)
* Fix: Reinstate missing filter by page type on page search (Matt Westcott)
* Fix: Use the correct action log when creating a redirect (Thibaud Colas)
5.1.2 (25.09.2023)
Fix: Avoid use of ignore_conflicts when creating extra permissions for snippets, for SQL Server compatibility (Sage Abdullah)
Fix: Ensure sequence on wagtailsearchpromotions_query table is correctly set after migrating data (Jake Howard)
Fix: Change spreadsheet export headings to match listing view column headings (Christer Jensen, Sage Abdullah)
Fix: Fix numbers, booleans, and None from being exported as strings (Christer Jensen)
Fix: Restore fallback on full-word search for snippet choosers and generic index views (Matt Westcott)
Fix: Restore compatibility with pre-7.15 versions of the Elasticsearch Python library, allowing use of Opensearch (Matt Westcott)
Fix: Fix error when pickling BaseSiteSetting instances (Matt Westcott)
Maintenance: For Python 3.13 support - upgrade Willow to v1.6.2, replace imghdr with Willow's built-in MIME type detection (Jake Howard)
5.1.1 (14.08.2023)
* Introduce `wagtail.admin.ui.tables.BooleanColumn` to display boolean values as icons (Sage Abdullah)
* Fix: Show not-`None` falsy values instead of blank in generic table cell template (Sage Abdullah)
* Fix: Fix `read_only` panels for fields with translatable choice labels (Florent Lebreton)
5.1 (01.08.2023)
* Add support for read-only FieldPanels (Andy Babic)
* Add support for query-time boosting to Elasticsearch 6 and above (Shohan Dutta Roy)
* Add support for Elasticsearch 8 (Matt Westcott, Wesley van Lee)
* Mark calls to `md5` as not being used for secure purposes, to avoid flagging on FIPS-mode systems (Sean Kelly)
* Return filters from `parse_query_string` as a `QueryDict` to support multiple values (Aman Pandey)
* Explicitly specify `MenuItem.name` for all admin menu and submenu items (Justin Koestinger)
* Add oEmbed provider patterns for YouTube Shorts and YouTube Live URLs (valnuro, Fabien Le Frapper)
* Add initial implementation of `PagePermissionPolicy` (Sage Abdullah)
* Refactor `UserPagePermissionsProxy` and `PagePermissionTester` to use `PagePermissionPolicy` (Sage Abdullah, Tidiane Dia)
* Add a predictable default ordering of the "Object/Other permissions" in the Group Editing view, allow this ordering to be customised (Daniel Kirkham)
* Add `AbstractImage.get_renditions()` for efficient generation of multiple renditions (Andy Babic)
* Optimise queries in collection permission policies using cache on the user object (Sage Abdullah)
* Phone numbers entered via a link chooser will now have any spaces stripped out, ensuring a valid href="tel:..." attribute (Sahil Jangra)
* Auto-select the `StreamField` block when only one block type is declared (Sébastien Corbin)
</tr></table>
</code></pre>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/wagtail/wagtail/commit/582d4d9720ddb543a7327f6c75db1b7e9ec534e7"><code>582d4d9</code></a> Version bump to 5.1.3</li>
<li><a href="https://github.com/wagtail/wagtail/commit/b0b70b1a2eda91976f988b2a52ff78436e711cf8"><code>b0b70b1</code></a> Release note for CVE-2023-45809 in 5.1.3 (and fill in release date)</li>
<li><a href="https://github.com/wagtail/wagtail/commit/aa838f393d34a8b33e6a1811f9e89ec76c811a81"><code>aa838f3</code></a> Add 5.0.5 release note page</li>
<li><a href="https://github.com/wagtail/wagtail/commit/bc1178853114f6d06c0460fc40dfbda3ae3bb573"><code>bc11788</code></a> Release note for CVE-2023-45809 in 5.0.5</li>
<li><a href="https://github.com/wagtail/wagtail/commit/c8c313e077e87cc6d68e25860a38997c1f82b3f2"><code>c8c313e</code></a> Release note for CVE-2023-45809 in 4.1.9</li>
<li><a href="https://github.com/wagtail/wagtail/commit/bc96aed6ac53f998b2f4c4bf97e2d4f5fe337e5b"><code>bc96aed</code></a> Redirect away from user bulk actions when user has no permissions on users</li>
<li><a href="https://github.com/wagtail/wagtail/commit/190af7887d39ab6a1a2c3c3b389c2d44c121a2b1"><code>190af78</code></a> Add release notes for <a href="https://redirect.github.com/wagtail/wagtail/issues/11080">#11080</a>, <a href="https://redirect.github.com/wagtail/wagtail/issues/11081">#11081</a> in v5.1.3</li>
<li><a href="https://github.com/wagtail/wagtail/commit/087d566ef636bcbb366b894d9f3d70c5160504ec"><code>087d566</code></a> Use the correct action log when creating a redirect</li>
<li><a href="https://github.com/wagtail/wagtail/commit/6595b3dc04880c5fa03ae6d44d042fa324a0972a"><code>6595b3d</code></a> Docs - Fix typo for migration command in the section under Tag posts</li>
<li><a href="https://github.com/wagtail/wagtail/commit/893143b5abc8116a3d8d692a40437db659b2818f"><code>893143b</code></a> Fix port number in tutorial</li>
<li>Additional commits viewable in <a href="https://github.com/wagtail/wagtail/compare/v2.15.3...v5.1.3">compare view</a></li>
</ul>
</details>
<br />
[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=wagtail&package-manager=pip&previous-version=2.15.3&new-version=5.1.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps wagtail from 2.15.3 to 5.1.3.
Release notes
Sourced from wagtail's releases.
... (truncated)
Changelog
Sourced from wagtail's changelog.