Releases: wagtail/wagtail
Releases · wagtail/wagtail
6.1.2
- Fix: Fix client-side handling of select inputs within
ChoiceBlock
(Matt Westcott) - Fix: Support SVG icon id attributes with single quotes in the styleguide (Sage Abdullah)
- Fix: CVE-2024-35228: Improper handling of insufficient permissions in
wagtail.contrib.settings
(Victor Miti, Matt Westcott, Jake Howard)
6.0.5
- Fix: CVE-2024-35228: Improper handling of insufficient permissions in
wagtail.contrib.settings
(Victor Miti, Matt Westcott, Jake Howard)
6.1.1
- Fix: Fix form action URL in user edit and delete views for custom user models (Sage Abdullah)
- Fix: Fix snippet copy view not prefilling form data (Sage Abdullah)
- Fix: Address layout issues in the title cell of universal listings (Sage Abdullah)
- Fix: Fix incorrect rich text to HTML conversion when multiple link / embed types are present (Andy Chosak, Matt Westcott)
- Fix: Restore ability for custom widgets in StreamField blocks to have multiple top-level nodes (Sage Abdullah, Matt Westcott)
6.0.4
6.1
- Refine wording of page & collection privacy using password is a shared password and should not be used for secure content (Rohit Sharma, Jake Howard)
- Add RelatedObjectsColumn to the table UI framework (Matt Westcott)
- Reduce memory usage when rebuilding search indexes (Jake Howard)
- Support creating images in .ico format (Jake Howard)
- Add the ability to disable the usage of a shared password for enhanced security for the private pages and collections (documents) feature (Salvo Polizzi, Jake Howard)
- Add system checks to ensure that
WAGTAIL_DATE_FORMAT
,WAGTAIL_DATETIME_FORMAT
,WAGTAIL_TIME_FORMAT
are correctly configured (Rohit Sharma, Coen van der Kamp) - Allow custom permissions with the same prefix as built-in permissions (Sage Abdullah)
- Allow displaying permissions linked to the Admin model's content type (Sage Abdullah)
- Add support for Draftail's JavaScript to use chooserUrls provided by entity options & for the Draftail widget to encode lazy URLs/ translations (Elhussein Almasri)
- Reimplement search promotions
IndexView
using thegeneric.IndexView
(Rohit Sharma, Sage Abdullah, Storm Heg) - Reimplement redirects
IndexView
using thegeneric.IndexView
(Rohit Sharma, Sage Abdullah, Temidayo Azeez) - Add
PageListingViewSet
for custom per-page-type page listings (Matt Westcott) - Add
ChooseParentView
toPageListingViewSet
to allow creating pages from custom page listings (Abdelrahman Hamada, Sage Abdullah) - Implement new universal listings design for image listing view (Sage Abdullah)
- Implement new universal listings design for document listing view (Sage Abdullah)
- Implement new universal listings design for site and locale listing views (Sage Abdullah)
- Implement new universal listings design for page and snippet history view (Sage Abdullah)
- Implement new universal listings design for form builder submissions view (Sage Abdullah)
- Implement new universal listings design for collections listing view (Sage Abdullah)
- Implement new universal listings design for groups views (Sage Abdullah)
- Implement new universal listings design for users views (Sage Abdullah)
- Implement new universal listings design for workflow and task views (Sage Abdullah)
- Refine slim header button style to match designs (Sage Abdullah)
- Add simple admin keyboard shortcuts overview dialog, available in the help sub-menu (Karthik Ayangar, Rohit Sharma)
- Add ability to bulk toggle permissions in the user group editing view, including shift+click for multiple selections (LB (Ben) Johnston, Kalob Taulien)
- Update the minimum version of
djangorestframework
to 3.15.1 (Sage Abdullah) - Add support for related fields in generic
IndexView.list_display
(Abdelrahman Hamada) - Improve page fetching logic and cache route results per request (Gordon Pendleton)
- Optimise rewriting of links / embeds in rich text using bulk database lookups (Andy Chosak)
- Add normalization mechanism to StreamField so that assignments and defaults can be passed in a wider range of data types (Joshua Munn, Matt Westcott)
- Allow specifying a
STORAGES
alias name forWAGTAILIMAGES_RENDITION_STORAGE
(Alec Baron) - Update
PASSWORD_REQUIRED_TEMPLATE
setting toWAGTAIL_PASSWORD_REQUIRED_TEMPLATE
with deprecation of previous naming (Saksham Misra, LB (Ben) Johnston) - Update
DOCUMENT_PASSWORD_REQUIRED_TEMPLATE
setting toWAGTAILDOCS_PASSWORD_REQUIRED_TEMPLATE
with deprecation of previous naming (Saksham Misra, LB (Ben) Johnston) - When editing settings (contrib) use the same icon in the editing view that was declared when registering the setting (Vince Salvino, Rohit Sharma)
- Populate django-treebeard cache during page routing to improve performance of
get_parent
(Nigel van Keulen) - Add a new user profile preference to configure user interface information density (Thibaud Colas)
- Add additional field types to Elasticsearch mapping (scott-8)
- Fix: CVE-2024-32882: Permission check bypass when editing a model with per-field restrictions through
wagtail.contrib.settings
orModelViewSet
(Ben Morse, Joshua Munn, Jake Howard, Sage Abdullah) - Fix: Fix typo in
__str__
for MySQL search index (Jake Howard) - Fix: Ensure that unit tests correctly check for migrations in all core Wagtail apps (Matt Westcott)
- Fix: Correctly handle
date
objects onhuman_readable_date
template tag (Jhonatan Lopes) - Fix: Ensure re-ordering buttons work correctly when using a nested InlinePanel (Adrien Hamraoui)
- Fix: Consistently remove model's
verbose_name
in group edit view when listing custom permissions (Sage Abdullah, Neeraj Yetheendran, Omkar Jadhav) - Fix: Resolve issue local development of docs when running
make livehtml
(Sage Abdullah) - Fix: Resolve issue with unwanted padding in chooser modal listings (Sage Abdullah)
- Fix: Ensure form builder emails that have date or datetime fields correctly localize dates based on the configured
LANGUAGE_CODE
(Mark Niehues) - Fix: Ensure the Stimulus
UnsavedController
checks for nested removal/additions of inputs so that the unsaved warning shows in more valid cases when editing a page (Karthik Ayangar) - Fix: Ensure
get_add_url()
is always used to re-render the add button when the listing is refreshed in viewsets (Sage Abdullah) - Fix: Ensure dropdown content cannot get higher than the viewport and add scrolling within content if needed (Chiemezuo Akujobi)
- Fix: Prevent snippets model index view from crashing when a model does not have an
objects
manager (Jhonatan Lopes) - Fix: Fix
get_dummy_request
's resulting host name when running tests withALLOWED_HOSTS = ["*"]
(David Buxton) - Fix: Fix timezone handling in the
timesince_last_update
template tag (Matt Westcott) - Fix: Fix Postgres phrase search to respect the language set in settings (Ihar Marhitych)
- Fix: Retain query parameters when switching between locales in the page chooser (Abdelrahman Hamada, Sage Abdullah)
- Fix: Add
w-kbd-scope-value
with support forglobal
so that specific keyboard shortcuts (e.g. ctrl+s/cmd+s) trigger consistently even when focused on fields (Neeraj Yetheendran) - Fix: Improve exception handling when generating image renditions concurrently (Andy Babic)
- Fix: Respect
WAGTAIL_ALLOW_UNICODE_SLUGS
setting when auto-generating slugs (LB (Ben) Johnston) - Fix: Use correct URL when redirecting back to page search results after an AJAX search (Sage Abdullah)
- Fix: Reinstate missing static files in style guide (Sage Abdullah)
- Fix: Provide
convert_mariadb_uuids
management command to assist with upgrading to Django 5.0+ on MariaDB (Matt Westcott) - Docs: Add contributing development documentation on how to work with a fork of Wagtail (Nix Asteri, Dan Braghis)
- Docs: Make sure the settings panel is listed in tabbed interface examples (Tibor Leupold)
- Docs: Update content and page names to their US spelling instead of UK spelling (Victoria Poromon)
- Docs: Update broken and incorrect links throughout the documentation (EK303)
- Docs: Fix formatting of
--purge-only
inwagtail_update_image_renditions
management command section (Pranith Beeram) - Docs: Update template components documentation to better explain the usage of the Laces library (Tibor Leupold)
- Docs: Update Sphinx theme to
6.3.0
with a fix for the missing favicon (Sage Abdullah) - Docs: Document risk of XSS attacks on document upload (Matt Westcott, with thanks to Georgios Roumeliotis of TwelveSec for the original report)
- Docs: Add clarity to how custom StreamField validation works (Tibor Leupold)
- Docs: Add additional reference to the
wagtail_update_image_renditions
management command on the using images page (LB (Ben) Johnston) - Docs: Correct information about line endings in Window development docs (Sage Abdullah)
- Docs: Improve code snippets for "Create a footer for all pages" tutorial section (Drikus Roor)
- Docs: Update list of third-party tutorials (LB (Ben) Johnston)
- Docs: Update "Integrating into Django" documentation to emphasise creating page models (Matt Westcott)
- Maintenance: Move RichText HTML whitelist parser to use the faster, built in
html.parser
(Jake Howard) - Maintenance: Remove duplicate 'path' in default_exclude_fields_in_copy (Ramchandra Shahi Thakuri)
- Maintenance: Update unit tests to always use the faster, built in
html.parser
& removehtml5lib
dependency (Jake Howard) - Maintenance: Adjust Eslint rules for TypeScript files (Karthik Ayangar)
- Maintenance: Rename the React
Button
that only renders links (a element) toLink
and remove unused prop & behavior that was non-compliant for aria role usage (Advik Kabra) - Maintenance: Set up an
wagtail.models.AbstractWorkflow
model to support future customizations around workflows (Hossein) - Maintenance: Improve
classnames
template tag to handle nested lists of strings, use template tag for adminbody
element (LB (Ben) Johnston) - Maintenance: Merge
UploadedDocument
andUploadedImage
into newUploadedFile
model for easier shared code usage (Advik Kabra, Karl Hobley) - Maintenance: Optimize queries in dashboard panels (Sage Abdullah)
- Maintenance: Optimize queries in group create/edit view (Sage Abdullah)
- Maintenance: Move modal-workflow.js script usage to base admin template instead of ad-hoc imports (Elhussein Almasri)
- Maintenance: Update all Draftail chooserUrls to be passed in via the Entity options instead of using
window.chooserUrls
globals, removing the need for inline scripts (Elhussein Almasri) - Maintenance: Enhance
w-init
(InitController) to support adetail
value to be dispatched on events (Chiemezuo Akujobi) - Maintenance: Remove usage of inline scripts and instead use event dispatching to instantiate standalone Draftail editor instances (Chiemezuo Akujobi)
- Maintenance: Refactor
page_breadcrumbs
tag to...
6.0.3
- Fix: CVE-2024-32882: Permission check bypass when editing a model with per-field restrictions through
wagtail.contrib.settings
orModelViewSet
(Ben Morse, Joshua Munn, Jake Howard, Sage Abdullah) - Fix: Respect
WAGTAIL_ALLOW_UNICODE_SLUGS
setting when auto-generating slugs (LB (Ben) Johnston) - Fix: Use correct URL when redirecting back to page search results after an AJAX search (Sage Abdullah)
- Fix: Reinstate missing static files in style guide (Sage Abdullah)
- Fix: Provide
convert_mariadb_uuids
management command to assist with upgrading to Django 5.0+ on MariaDB (Matt Westcott) - Fix: Fix generic CopyView for models with primary keys that need to be quoted (Sage Abdullah)
5.2.5
- Fix: Respect
WAGTAIL_ALLOW_UNICODE_SLUGS
setting when auto-generating slugs (LB (Ben) Johnston) - Fix: Use correct URL when redirecting back to page search results after an AJAX search (Sage Abdullah)
- Fix: Provide
convert_mariadb_uuids
management command to assist with upgrading to Django 5.0+ on MariaDB (Matt Westcott)
6.1rc2
Updates from 6.1rc1:
- Fix: Reinstate wagtail.models.collections to prevent import errors in migrations (Matt Westcott)
- Fix: Use correct URL when redirecting back to page search results after an AJAX search (Sage Abdullah)
- Docs: Update list of third-party tutorials (LB (Ben) Johnston)
6.1rc1
- Refine wording of page & collection privacy using password is a shared password and should not be used for secure content (Rohit Sharma, Jake Howard)
- Add RelatedObjectsColumn to the table UI framework (Matt Westcott)
- Reduce memory usage when rebuilding search indexes (Jake Howard)
- Support creating images in .ico format (Jake Howard)
- Add the ability to disable the usage of a shared password for enhanced security for the private pages and collections (documents) feature (Salvo Polizzi, Jake Howard)
- Add system checks to ensure that
WAGTAIL_DATE_FORMAT
,WAGTAIL_DATETIME_FORMAT
,WAGTAIL_TIME_FORMAT
are correctly configured (Rohit Sharma, Coen van der Kamp) - Allow custom permissions with the same prefix as built-in permissions (Sage Abdullah)
- Allow displaying permissions linked to the Admin model's content type (Sage Abdullah)
- Add support for Draftail's JavaScript to use chooserUrls provided by entity options & for the Draftail widget to encode lazy URLs/ translations (Elhussein Almasri)
- Reimplement search promotions
IndexView
using thegeneric.IndexView
(Rohit Sharma, Sage Abdullah, Storm Heg) - Reimplement redirects
IndexView
using thegeneric.IndexView
(Rohit Sharma, Sage Abdullah, Temidayo Azeez) - Add
PageListingViewSet
for custom per-page-type page listings (Matt Westcott) - Add
ChooseParentView
toPageListingViewSet
to allow creating pages from custom page listings (Abdelrahman Hamada, Sage Abdullah) - Implement new universal listings design for image listing view (Sage Abdullah)
- Implement new universal listings design for document listing view (Sage Abdullah)
- Implement new universal listings design for site and locale listing views (Sage Abdullah)
- Implement new universal listings design for page and snippet history view (Sage Abdullah)
- Implement new universal listings design for form builder submissions view (Sage Abdullah)
- Implement new universal listings design for collections listing view (Sage Abdullah)
- Implement new universal listings design for groups views (Sage Abdullah)
- Implement new universal listings design for users views (Sage Abdullah)
- Implement new universal listings design for workflow and task views (Sage Abdullah)
- Refine slim header button style to match designs (Sage Abdullah)
- Add simple admin keyboard shortcuts overview dialog, available in the help sub-menu (Karthik Ayangar, Rohit Sharma)
- Add ability to bulk toggle permissions in the user group editing view, including shift+click for multiple selections (LB (Ben) Johnston, Kalob Taulien)
- Update the minimum version of
djangorestframework
to 3.15.1 (Sage Abdullah) - Add support for related fields in generic
IndexView.list_display
(Abdelrahman Hamada) - Improve page fetching logic and cache route results per request (Gordon Pendleton)
- Optimise rewriting of links / embeds in rich text using bulk database lookups (Andy Chosak)
- Add normalization mechanism to StreamField so that assignments and defaults can be passed in a wider range of data types (Joshua Munn, Matt Westcott)
- Allow specifying a
STORAGES
alias name forWAGTAILIMAGES_RENDITION_STORAGE
(Alec Baron) - Update
PASSWORD_REQUIRED_TEMPLATE
setting toWAGTAIL_PASSWORD_REQUIRED_TEMPLATE
with deprecation of previous naming (Saksham Misra, LB (Ben) Johnston) - Update
DOCUMENT_PASSWORD_REQUIRED_TEMPLATE
setting toWAGTAILDOCS_PASSWORD_REQUIRED_TEMPLATE
with deprecation of previous naming (Saksham Misra, LB (Ben) Johnston) - When editing settings (contrib) use the same icon in the editing view that was declared when registering the setting (Vince Salvino, Rohit Sharma)
- Populate django-treebeard cache during page routing to improve performance of
get_parent
(Nigel van Keulen) - Add a new user profile preference to configure user interface information density (Thibaud Colas)
- Add additional field types to Elasticsearch mapping (scott-8)
- Fix: Fix typo in
__str__
for MySQL search index (Jake Howard) - Fix: Ensure that unit tests correctly check for migrations in all core Wagtail apps (Matt Westcott)
- Fix: Correctly handle
date
objects onhuman_readable_date
template tag (Jhonatan Lopes) - Fix: Ensure re-ordering buttons work correctly when using a nested InlinePanel (Adrien Hamraoui)
- Fix: Consistently remove model's
verbose_name
in group edit view when listing custom permissions (Sage Abdullah, Neeraj Yetheendran, Omkar Jadhav) - Fix: Resolve issue local development of docs when running
make livehtml
(Sage Abdullah) - Fix: Resolve issue with unwanted padding in chooser modal listings (Sage Abdullah)
- Fix: Ensure form builder emails that have date or datetime fields correctly localize dates based on the configured
LANGUAGE_CODE
(Mark Niehues) - Fix: Ensure the Stimulus
UnsavedController
checks for nested removal/additions of inputs so that the unsaved warning shows in more valid cases when editing a page (Karthik Ayangar) - Fix: Ensure
get_add_url()
is always used to re-render the add button when the listing is refreshed in viewsets (Sage Abdullah) - Fix: Ensure dropdown content cannot get higher than the viewport and add scrolling within content if needed (Chiemezuo Akujobi)
- Fix: Prevent snippets model index view from crashing when a model does not have an
objects
manager (Jhonatan Lopes) - Fix: Fix
get_dummy_request
's resulting host name when running tests withALLOWED_HOSTS = ["*"]
(David Buxton) - Fix: Fix timezone handling in the
timesince_last_update
template tag (Matt Westcott) - Fix: Fix Postgres phrase search to respect the language set in settings (Ihar Marhitych)
- Fix: Retain query parameters when switching between locales in the page chooser (Abdelrahman Hamada, Sage Abdullah)
- Fix: Add
w-kbd-scope-value
with support forglobal
so that specific keyboard shortcuts (e.g. ctrl+s/cmd+s) trigger consistently even when focused on fields (Neeraj Yetheendran) - Fix: Improve exception handling when generating image renditions concurrently (Andy Babic)
- Fix: Respect
WAGTAIL_ALLOW_UNICODE_SLUGS
setting when auto-generating slugs (LB (Ben) Johnston) - Docs: Add contributing development documentation on how to work with a fork of Wagtail (Nix Asteri, Dan Braghis)
- Docs: Make sure the settings panel is listed in tabbed interface examples (Tibor Leupold)
- Docs: Update content and page names to their US spelling instead of UK spelling (Victoria Poromon)
- Docs: Update broken and incorrect links throughout the documentation (EK303)
- Docs: Fix formatting of
--purge-only
inwagtail_update_image_renditions
management command section (Pranith Beeram) - Docs: Update template components documentation to better explain the usage of the Laces library (Tibor Leupold)
- Docs: Update Sphinx theme to
6.3.0
with a fix for the missing favicon (Sage Abdullah) - Docs: Document risk of XSS attacks on document upload (Matt Westcott, with thanks to Georgios Roumeliotis of TwelveSec for the original report)
- Docs: Add clarity to how custom StreamField validation works (Tibor Leupold)
- Docs: Add additional reference to the
wagtail_update_image_renditions
management command on the using images page (LB (Ben) Johnston) - Docs: Correct information about line endings in Window development docs (Sage Abdullah)
- Docs: Improve code snippets for "Create a footer for all pages" tutorial section (Drikus Roor)
- Maintenance: Move RichText HTML whitelist parser to use the faster, built in
html.parser
(Jake Howard) - Maintenance: Remove duplicate 'path' in default_exclude_fields_in_copy (Ramchandra Shahi Thakuri)
- Maintenance: Update unit tests to always use the faster, built in
html.parser
& removehtml5lib
dependency (Jake Howard) - Maintenance: Adjust Eslint rules for TypeScript files (Karthik Ayangar)
- Maintenance: Rename the React
Button
that only renders links (a element) toLink
and remove unused prop & behavior that was non-compliant for aria role usage (Advik Kabra) - Maintenance: Set up an
wagtail.models.AbstractWorkflow
model to support future customizations around workflows (Hossein) - Maintenance: Improve
classnames
template tag to handle nested lists of strings, use template tag for adminbody
element (LB (Ben) Johnston) - Maintenance: Merge
UploadedDocument
andUploadedImage
into newUploadedFile
model for easier shared code usage (Advik Kabra, Karl Hobley) - Maintenance: Optimize queries in dashboard panels (Sage Abdullah)
- Maintenance: Optimize queries in group create/edit view (Sage Abdullah)
- Maintenance: Move modal-workflow.js script usage to base admin template instead of ad-hoc imports (Elhussein Almasri)
- Maintenance: Update all Draftail chooserUrls to be passed in via the Entity options instead of using
window.chooserUrls
globals, removing the need for inline scripts (Elhussein Almasri) - Maintenance: Enhance
w-init
(InitController) to support adetail
value to be dispatched on events (Chiemezuo Akujobi) - Maintenance: Remove usage of inline scripts and instead use event dispatching to instantiate standalone Draftail editor instances (Chiemezuo Akujobi)
- Maintenance: Refactor
page_breadcrumbs
tag to use sharedbreadcrumbs.html
template (Sage Abdullah) - Maintenance: Add
keyboard
icon to admin icon set (Rohit Sharma) - Maintenance: Remove dead code in the minimap when elements are not found (LB (Ben) Johnston)
- Maintenance: Ensure untrusted data sources are logged correctly in the Stimulus
SwapController
(LB (Ben) Johnston) - Maintenance: Update Wagtail logo in admin sidebar & favicon plus documentation to the latest version (Osaf AliSayed, Albina Starykova, LB (Ben) Johnston)
- Maintenance: Remove usage of inline scripts and instead use a new Stimulus controller (
w-block
/BlockController
) to instantiateStreamField
blocks (Karthik Ayangar) - Mai...
6.0.2
- Fix: Ensure that modal tabs width are not impacted by side panel opening (LB (Ben) Johnston)
- Fix: Resolve issue local development of docs when running
make livehtml
(Sage Abdullah) - Fix: Resolve issue with unwanted padding in chooser modal listings (Sage Abdullah)
- Fix: Ensure
get_add_url()
is always used to re-render the add button when the listing is refreshed in viewsets (Sage Abdullah) - Fix: Move
modal-workflow.js
script usage to base admin template instead of ad-hoc imports so that choosers work inModelViewSet
s (Elhussein Almasri) - Fix: Ensure JavaScript for common widgets such as
InlinePanel
is included by default inModelViewSet
's create and edit views (Sage Abdullah) - Fix: Reinstate styles for customizations of
extra_footer_actions
block in page create/edit templates (LB (Ben) Johnston, Sage Abdullah) - Fix: Prevent crash when loading an empty table block in the editor (Sage Abdullah)
- Docs: Update Sphinx theme to
6.3.0
with a fix for the missing favicon (Sage Abdullah)