Skip to content

build(deps): Bump wagtail from 2.11.9 to 7.0.7#35

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/wagtail-7.0.7
Open

build(deps): Bump wagtail from 2.11.9 to 7.0.7#35
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/wagtail-7.0.7

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github May 8, 2026
edited
Loading

Bumps wagtail from 2.11.9 to 7.0.7.

Release notes

Sourced from wagtail's releases.

7.0.7

  • Security fix: Improper permission handling when comparing revisions (Seoyoung Kang, Jake Howard)
  • Security fix: Improper permission handling when viewing page history (Seoyoung Kang, Jake Howard, Dan Braghis)
  • Security fix: Improper permission handling when deleting form submissions (Vishal Shukla, Jake Howard)
  • Security fix: Improper restriction handling on Documents and Images API (Sanjok Karki, Jake Howard)
  • Security fix: Improper permission handling when copying pages (Sanjok Karki, Matt Westcott)
  • Fix: Index the contents of image descriptions as well as titles, for CMS search (Advik Sharma)
  • Fix: Correctly escape the sizes attribute in responsive image template tags (Jake Howard)
  • Fix: Add accessible label to userbar aside element for accessibility (Kalash Kumari Thakur)
  • Fix: Prevent incorrect concurrent editing conflict notifications when doing a manual save (Sage Abdullah)

7.0.6

  • Fix: CVE-2026-28222: Improper escaping of HTML (Cross-site Scripting) on TableBlock class attributes (Guan Chenxian, Matt Westcott)
  • Fix: CVE-2026-28223: Improper escaping of HTML (Cross-site Scripting) in simple_translation admin interface (Guan Chenxian, Matt Westcott)

7.0.5

  • Remove upper bound on Pillow dependency (Kunal Hemnani)

7.0.4

  • Fix: Prevent error on custom generic create and edit views without a header icon (Sage Abdullah)
  • Fix: CVE-2026-25517: Improper permission handling on admin preview endpoints (thxtech, Matt Westcott, Jake Howard)

7.0.3

  • Fix: Prevent crash when previewing a form page with an empty field type (Sage Abdullah)

7.0.2

  • Fix: Prevent error when restoring scroll position for cross-domain preview iframe (Sage Abdullah)
  • Fix: Remove ngram parser on MySQL that prevented autocomplete search from returning results (Vince Salvino)
  • Fix: Ensure the editing of translation alias pages correctly shows links to the source page if the alias was created from a draft (Dan Braghis)

7.0.1

  • Fix: Fix type hints for register_filter_adapter_class parameters (Sébastien Corbin)
  • Fix: Use correct URL when redirecting back to the listing after filtering and deleting form submissions (Sage Abdullah)
  • Fix: Fix broken migration when ListBlock is defined with a child_block kwarg (Matt Westcott)
  • Fix: Fix saving of empty values in EmbedBlock (Matt Westcott)
  • Fix: Sanitize request data when logging method not allowed (Jake Howard)
  • Docs: Use tuple instead of set in UniqueConstraint examples for a custom rendition model to avoid spurious migrations (Alec Baron)
  • Docs: Document how to turn off StreamField block previews (Shlomo Markowitz)
  • Maintenance: Use utf8mb4 charset and collation for MySQL test database (Sage Abdullah)

7.0 LTS

  • Add formal support for Django 5.2 (Matt Westcott)
  • Allow validation of required fields to be deferred on saving drafts (Matt Westcott, Sage Abdullah)
  • Add WAGTAIL_ prefix to Wagtail-specific tag settings (Aayushman Singh)
  • Implement normalize on TypedTableBlock to assist with setting default and preview_value (Sage Abdullah)
  • Apply normalization when modifying a StreamBlock's value to assist with programmatic changes to StreamField (Matt Westcott)
  • Allow a custom image rendition model to define its unique constraint with models.UniqueConstraint instead of unique_together (Oliver Parker, Cynthia Kiser, Sage Abdullah)
  • Default to the standard tokenizer on Elasticsearch, to correctly handle numbers as tokens (Matt Westcott)
  • Add color-scheme meta tag to Wagtail admin (Ashish Nagmoti)
  • Add the ability to set the default privacy restriction for new pages using get_default_privacy_setting (Shlomo Markowitz)

... (truncated)

Changelog

Sourced from wagtail's changelog.

7.0.7 (05.05.2026)


 * Fix: CVE-2026-44197: Improper permission handling when comparing revisions (Seoyoung Kang, Jake Howard)
 * Fix: CVE-2026-44198: Improper permission handling when viewing page history (Seoyoung Kang, Jake Howard, Dan Braghis)
 * Fix: CVE-2026-44199: Improper permission handling when deleting form submissions (Vishal Shukla, Jake Howard)
 * Fix: CVE-2026-44200: Improper permission handling when copying pages (Sanjok Karki, Matt Westcott)
 * Fix: CVE-2026-44201: Improper restriction handling on Documents and Images API (Sanjok Karki, Jake Howard)
 * Fix: Index the contents of image descriptions as well as titles, for CMS search (Advik Sharma)
 * Fix: Correctly escape the `sizes` attribute in responsive image template tags (Jake Howard)
 * Fix: Add accessible label to userbar aside element for accessibility (Kalash Kumari Thakur)
 * Fix: Prevent incorrect concurrent editing conflict notifications when doing a manual save (Sage Abdullah)

7.0.6 (03.03.2026)

  • Fix: CVE-2026-28222: Improper escaping of HTML (Cross-site Scripting) on TableBlock class attributes (Guan Chenxian, Matt Westcott)
  • Fix: CVE-2026-28223: Improper escaping of HTML (Cross-site Scripting) in simple_translation admin interface (Guan Chenxian, Matt Westcott)

7.0.5 (12.02.2026)


 * Remove upper bound on Pillow dependency (Kunal Hemnani)

7.0.4 (03.02.2026)

  • Fix: Prevent error on custom generic create and edit views without a header icon (Sage Abdullah)
  • Fix: CVE-2026-25517: Improper permission handling on admin preview endpoints (thxtech, Matt Westcott, Jake Howard)

7.0.3 (28.08.2025)


 * Fix: Prevent crash when previewing a form page with an empty field type (Sage Abdullah)

7.0.2 (24.07.2025)

  • Fix: Prevent error when restoring scroll position for cross-domain preview iframe (Sage Abdullah)
  • Fix: Remove ngram parser on MySQL that prevented autocomplete search from returning results (Vince Salvino)
  • Fix: Ensure the editing of translation alias pages correctly shows links to the source page if the alias was created from a draft (Dan Braghis)

7.0.1 (12.06.2025)


 * Fix: Fix type hints for `register_filter_adapter_class` parameters (Sébastien Corbin)
 * Fix: Use correct URL when redirecting back to the listing after filtering and deleting form submissions (Sage Abdullah)
</tr></table>

... (truncated)

Commits
  • cb3ed5a ruff format
  • 195962f Version bump to 7.0.7 final
  • 3da9b74 Release notes for security fixes in 7.0.7
  • c75351b Fix permission check on creating alias
  • c731322 Fix permission handling on page copy
  • 052caa0 Exclude view-restricted collections from document and images API
  • 2aa9694 Only support deleting form submissions for the chosen page
  • bdfb723 Add test
  • 585cb02 Check object permissions in PageHistoryView
  • d8e88bd Change permission test to edit or publish
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels May 8, 2026
@dependabot dependabot Bot mentioned this pull request May 8, 2026
Closed
@dependabot
build(deps): Bump wagtail from 2.11.9 to 7.0.7
21a5752 
Bumps [wagtail](https://github.com/wagtail/wagtail) from 2.11.9 to 7.0.7.
- [Release notes](https://github.com/wagtail/wagtail/releases)
- [Changelog](https://github.com/wagtail/wagtail/blob/main/CHANGELOG.txt)
- [Commits](wagtail/wagtail@v2.11.9...v7.0.7)

---
updated-dependencies:
- dependency-name: wagtail
  dependency-version: 7.0.7
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/pip/wagtail-7.0.7 branch from fcb59aa to 21a5752 Compare May 11, 2026 16:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants