Plone.namedfile

Latest version: v6.3.0

Safety actively analyzes 613750 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 1 of 13

6.3.0

------------------

New features:


- Improve contenttype detection logic for unregistered but common types.

Change get_contenttype to support common types which are or were not registered
with IANA, like image/webp or audio/midi.

Note: image/webp is already a IANA registered type and also added by
Products.MimetypesRegistry.
[thet] (157-2)
- Support for allowed media types.

Support to constrain files to specific media types with a "accept" attribute on
file and image fields, just like the "accept" attribute of the HTML file input.

Fixes: 157
[thet] (157)

6.2.3

------------------

Bug fixes:


- Be more strict when checking if mimetype is allowed to be displayed inline.
[maurits] (1167)

6.2.2

------------------

Bug fixes:


- Fix calculation of file modification time. davisagli (153)

6.2.1

------------------

Bug fixes:


- Fix stored XSS (Cross Site Scripting) for SVG images.
Done by forcing a download instead of displaying inline.
See `security advisory <https://github.com/plone/plone.namedfile/security/advisories/GHSA-jj7c-jrv4-c65x>`_.
[maurits] (1)

6.2.0

Not secure
------------------

New features:


- Add internal modification timestamp with fallback to _p_mtime.
[mathias.leimgruber] (149)
- Use new internal modification timestamp as part of the hash key for scales.
[mathias.leimgruber] (150)

6.1.2

Not secure
------------------

Bug fixes:


- Fixed the issue where SVG images containing extensive metadata were not being displayed
correctly (resulting in a width/height of 1px). This problem could occur when the
<svg> tag exceeded the MAX_INFO_BYTES limit.

Fixes `issue 147 <https://github.com/plone/plone.namedfile/issues/147>`_.
[mliebischer] (147)

Page 1 of 13

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.