3.0.14 release notes¶
What’s new in 3.0.14¶
Fixed an issue where privileged users could be tricked into performing actions without their knowledge via a CSRF vulnerability.
Fix issue with causes menu classes to be duplicated in advanced settings
Fix issue with breadcrumbs not showing
Fix issues with show_menu template tags
Minor documentation fixes
Fix an issue related to “Empty all” Placeholder feature
Fix plugin sorting in Python 3
Fix search results number and items alignment in page changelist
Preserve information regarding the current view when applying the CMS decorator
Fix X-Frame-Options on top-level pages
Fix order of which application URLs are injected into
Fix delete non existing page language
Fix language fallback for nested plugins
Fix render_model template tag doesn’t show correct change list
Fix Scanning for placeholders fails on include tags with a variable as an argument
Pin South version to 1.0.2
Pin html5lib version to 0.999 until a current bug is fixed
Fix language chooser template
Potentially backward incompatible changes¶
The order in which the applications are injected is now based on the page depth, if you use nested apphooks, you might want to check that this does not change the behaviour of your applications depending on applications urlconf greediness.
Many thanks community members who have submitted issue reports and especially to these GitHub users who have also submitted pull requests: douwevandermeij, furiousdave, nikolas, olarcheveque, sephii, vstoykov.
A special thank to Matt Wilkes and Sylvain Fankhauser for reporting the security issue.