Kiwi TCMS 12.3

security updates, general improvements and new translations

Posted by Kiwi TCMS Team on Mon 22 May 2023 under releases

We're happy to announce Kiwi TCMS version 12.3!

IMPORTANT: this is a small release which contains security related updates, general improvements and new translations!

You can explore everything at https://public.tenant.kiwitcms.org!

Supported upgrade paths:

5.3   (or older) -> 5.3.1
5.3.1 (or newer) -> 6.0.1
6.0.1            -> 6.1
6.1              -> 6.1.1
6.1.1            -> 6.2 (or newer)

---

Upstream container images (x86_64):

kiwitcms/kiwi   latest  1cbaba8640d9    594MB

IMPORTANT: version tagged and multi-arch container images are available only to subscribers!

Changes since Kiwi TCMS 12.2

Security

  • Update Django from 4.1.8 to 4.2.1 which contains a fix for CVE-2023-31047. We believe this does not affect Kiwi TCMS
  • Implement better scanning for embedded <script> tags in uploaded files
  • Force Content-Type: text/plain when serving uploaded files. See GHSA-x7c2-7wvg-jpx7
  • Explicitly configure top-level permissions for CI jobs as read-all
  • Pass untrusted input via intermediate ENV variables in CI jobs

Improvements

  • Update nginx from 1.20 to 1.22
  • Update django-grappelli from 3.0.5 to 3.0.6
  • Update pygithub from 1.58.1 to 1.58.2
  • Add Helm chart examples (Michael Abramovich)

Refactoring and testing

  • Update node_modules/webpack-cli from 5.0.1 to 5.1.1
  • Update node_modules/webpack from 5.80.0 to 5.83.1
  • Update node_modules/eslint from 8.38.0 to 8.40.0
  • Update tests/bugzilla/fedora from 37 to 38
  • Enable the checkov static linter

Translations

Kiwi TCMS Enterprise v12.3-mt

  • Based on Kiwi TCMS v12.3

  • Update dj-database-url from 1.3.0 to 2.0.0

  • Update django-ses from 3.3.0 to 3.5.0

  • Update kiwitcms-tenants from 2.5.0 to 2.5.1

  • Explicitly set permissions to read-all

  • Enable checkov linter

    Private images:

    quay.io/kiwitcms/version            12.3 (aarch64)          8bf8cd56c565    22 May 2023     601MB
quay.io/kiwitcms/version            12.3 (x86_64)           1cbaba8640d9    22 May 2023     592MB
quay.io/kiwitcms/enterprise         12.3-mt (aarch64)       36d6670c3fca    22 May 2023     845MB
quay.io/kiwitcms/enterprise         12.3-mt (x86_64)        e769e6bdb5c1    22 May 2023     835MB

IMPORTANT: version tagged, multi-arch and Enterprise container images are available only to subscribers!

How to upgrade

Backup first! Then execute the commands:

cd path/containing/docker-compose/
docker-compose down
docker-compose pull
docker-compose up -d
docker exec -it kiwi_web /Kiwi/manage.py upgrade

Refer to our documentation for more details!

Happy testing!

---

If you like what we're doing and how Kiwi TCMS supports various communities please help us grow!