We're happy to announce Kiwi TCMS version 12.3!
IMPORTANT: this is a small release which contains security related updates, general improvements and new translations!
You can explore everything at https://public.tenant.kiwitcms.org!
Supported upgrade paths:5.3 (or older) -> 5.3.1 5.3.1 (or newer) -> 6.0.1 6.0.1 -> 6.1 6.1 -> 6.1.1 6.1.1 -> 6.2 (or newer)
Upstream container images (x86_64):kiwitcms/kiwi latest 1cbaba8640d9 594MB
IMPORTANT: version tagged and multi-arch container images are available only to subscribers!
Changes since Kiwi TCMS 12.2
- Update Django from 4.1.8 to 4.2.1 which contains a fix for CVE-2023-31047. We believe this does not affect Kiwi TCMS
- Implement better scanning for embedded <script> tags in uploaded files
- Force Content-Type: text/plain when serving uploaded files. See GHSA-x7c2-7wvg-jpx7
- Explicitly configure top-level permissions for CI jobs as read-all
- Pass untrusted input via intermediate ENV variables in CI jobs
- Update nginx from 1.20 to 1.22
- Update django-grappelli from 3.0.5 to 3.0.6
- Update pygithub from 1.58.1 to 1.58.2
- Add Helm chart examples (Michael Abramovich)
Refactoring and testing
- Update node_modules/webpack-cli from 5.0.1 to 5.1.1
- Update node_modules/webpack from 5.80.0 to 5.83.1
- Update node_modules/eslint from 8.38.0 to 8.40.0
- Update tests/bugzilla/fedora from 37 to 38
- Enable the checkov static linter
- Updated Russian translation
Kiwi TCMS Enterprise v12.3-mt
Based on Kiwi TCMS v12.3
Update dj-database-url from 1.3.0 to 2.0.0
Update django-ses from 3.3.0 to 3.5.0
Update kiwitcms-tenants from 2.5.0 to 2.5.1
Explicitly set permissions to read-all
Enable checkov linter
quay.io/kiwitcms/version 12.3 (aarch64) 8bf8cd56c565 22 May 2023 601MB quay.io/kiwitcms/version 12.3 (x86_64) 1cbaba8640d9 22 May 2023 592MB quay.io/kiwitcms/enterprise 12.3-mt (aarch64) 36d6670c3fca 22 May 2023 845MB quay.io/kiwitcms/enterprise 12.3-mt (x86_64) e769e6bdb5c1 22 May 2023 835MB
How to upgrade
Backup first! Then execute the commands:
cd path/containing/docker-compose/ docker-compose down docker-compose pull docker-compose up -d docker exec -it kiwi_web /Kiwi/manage.py upgrade
Refer to our documentation for more details!
If you like what we're doing and how Kiwi TCMS supports various communities please help us grow!