- :warning: Resources and community resources creation API change [2545](https://github.com/opendatateam/udata/pull/2545):
- Remove the RESOURCES_FILE_ALLOWED_DOMAINS setting and mechanism.
- The community resource's/resource's url could be set from the client side, even in the case of a hosted one, which is illogical.
A hosted community resource's/resource's url should only be the sole responsibility of the backend.
- Consequently, the POST endpoint of the community resources/resources API is only meant for the remote ones and the PUT endpoint of the community resources/resources API will take the existing resource's url to override the one sent by the client.
- Community resources changes [2546](https://github.com/opendatateam/udata/pull/2546):
- Dataset is now correctly set at community resource creation
- Remove now useless job 'purge-orphan-community-resources'
- Using the fs_filename logic when uploading a new resource on the data catalog.[2547](https://github.com/opendatateam/udata/pull/2547)
- Remove old file when updating resources and community resources from API [2548](https://github.com/opendatateam/udata/pull/2548)
- Sortable.js upgrade to fix an issue in udata's editorial page when reordering featured datasets [2550](https://github.com/opendatateam/udata/pull/2550)
- Password rotation mechanism [2551](https://github.com/opendatateam/udata/pull/2551):
- Datetime fields `password_rotation_demanded` and `password_rotation_performed` added to user model.
- Override Flask-Security's login and reset password forms to implement the password rotation checks.
- Password complexity settings hardening [2554](https://github.com/opendatateam/udata/pull/2554)
- Migrate ODS datasets urls [2559](https://github.com/opendatateam/udata/pull/2559)