Djblets 0.7.18 Release Notes¶
Release date: September 15, 2013
- We now require Django 1.4.8, which has some important security updates to prevent a DoS against the auth module.
- Web API resource lists are now more careful about access permissions. See the section on djblets.webapi below.
inlineEditornow has a “raw value” option.
There are now a couple new options to the
inlineEditorwidget for dealing with custom text:
true, then the contents of
rawValueis used as the source text for the editor, instead of the text contents of the associated element. This allows the caller to do some specialized pre-formatting on the text contents.
inlineEditorto prevent the height-matching behavior.
true), the editor won’t attempt to match the height of the rendered element. This is important when pre-formatting the text going into the widget using the new raw value options.
Preserve the height of the label for
inlineEditorwhen toggling pencil visibility.
The label should no longer change height when the pencil icon is shown or hidden.
Fixed access permissions on resource lists.
The list resources, by default, didn’t do any permissions checking other than the basic logged-in checks. This meant that if you had a protected resource with children, you could get lists of the children even without access to the parents.
This is an important security update, and we recommend all users of the API update immediately.
Requests to invalid API resources now return a standard API 404, instead of a default Django 404. (Bug #3052)
- Christian Hammond
- David Trowbridge