4.1.4 release notes#

November 12, 2024

Warning

Upgrading from previous versions

django CMS 4.1 is the first community release of django CMS 4. Django CMS 4 introduces changes that require action if you are upgrading from a 3.x version. Please read the step-by-step guide to the process of upgrading from 3.5+ to 4 here: 4.0.0 release notes

Welcome to django CMS 4.1.4!

Security fix#

django CMS 4.1.4 closes a security vulnerability that could allow an attacker to inject malicious code into the page title allowing to load arbitrary javascript code when viewing the page. We recommend that you upgrade to this version as soon as possible.

The security issue is of low severity, since an attacker needs to have access to the django CMS admin interface to exploit it.

Thanks to Ali İltizar (@alii76tt) for reporting the issue.

Note

As ever, we remind our users and contributors that all security reports, patches and concerns be addressed only to our security team by email, at security@django-cms.org.

Django and Python compatibility#

django CMS supports Django 3.2 to 5.1. We highly recommend and only support the latest release of each series.

It supports Python 3.9, 3.10, 3.11, and 3.12. As for Django we highly recommend and only support the latest release of each series.

What’s new in 4.1.4#

Bug Fixes:#

  • XSS vulnerability for page title (#8075) (c045a990e) – Fabian Braun

  • Menus crashed when unexpected page content was present (#8052) – Fabian Braun

  • Sites menu was empty in the page tree (#8064) – Fabian Braun

  • Added redirect message when in editing a redirect toolbar object (#8056) – Sal

  • X frame options added to page settings form (#8041) – Sal

  • template tag get_admin_url_for_language did not return the latest page content (#7967) – Fabian Braun

  • Sitemap return a QuerySet in CMSSitemap.items() (#8031) – Jens-Erik Weber

  • Improved UX when page content is missing in selected language (#8033) – Jacob Rief

Other:#

  • Updated welcome page (#8057) – Fabian Braun

Statistics:#

This release includes 9 pull requests, and was created with the help of the following contributors (in alphabetical order):

  • Fabian Braun (5 pull request)

  • Jacob Rief (1 pull request)

  • Jens-Erik Weber (1 pull request)

  • Sal (2 pull request)

With the review help of the following contributors:

  • Jacob Rief

  • Mark Walker

  • Vinit Kumar

Thanks to all contributors for their efforts!