- Do not allow ``file:`` protocol in ical url. Previously, only ``file://`` was disallowed, but this left room for relative paths. Taken over from `PloneHotfix20210518 <https://plone.org/security/hotfix/20210518/server-side-request-forgery-via-event-ical-url>`_. [maurits] (3274)
4.0.0a3
--------------------
Bug fixes:
- Fix 330 traversal problem in the portlet_events template when an object in a folder is called "image" [sneridagh] (330)
4.0.0a2
--------------------
New features:
- Restructure event summary [agitator] (328)
4.0.0a1
--------------------
Breaking changes:
- Update for Plone 6 with Bootstrap markup NavBar in Upcoming/Past/iCal Navigation [1letter] (326)
3.2.10
-------------------
Bug fixes:
- Give validation error in ical importer when a ``file://`` URL is used. This could be a line of attack for a hacker. [maurits] (3209)
3.2.9
------------------
Bug fixes:
- Replaced deprecated ``plone.testing.z2`` imports with ``plone.testing.zope``, where possible. [maurits] (3130)