We're happy to announce Kiwi TCMS version 14.0!
IMPORTANT:
This is a major version release which includes security related updates, backwards incompatible changes, several improvements and new translations.
Recommended upgrade path:
13.7 -> 14.0
You can explore everything at https://public.tenant.kiwitcms.org!
---
Upstream container images (x86_64):
kiwitcms/kiwi latest a4c45db53541 681MB
IMPORTANT: version tagged and multi-arch container images are available only to subscribers!
Changes since Kiwi TCMS 13.7
Security
- Update node_modules/cross-spawn from 7.0.3 to 7.0.6 to resolve a regular expression denial of service (ReDoS) vulnerability, CVE-2024-21538
- Update node_modules/semver from 6.3.0 to 6.3.1 to resolve a regular expression denial of service (ReDoS) vulnerability, CVE-2022-25883
- Note that these are indirect dependencies of Kiwi TCMS, in particular pulled in via some of our developer tools, eslint and webpack, and the risk to existing Kiwi TCMS installations is minimal if at all!
Improvements
- Update Django from 5.0.10 to 5.1.6
- Update django-colorfield from 0.11.0 to 0.12.0
- Update django-modern-rpc from 1.0.3 to 1.1.0
- Update django-simple-captcha from 0.6.0 to 0.6.1
- Update django-simple-history from 3.7.0 to 3.8.0
- Update mysqlclient from 2.2.6 to 2.2.7
- Update psycopg[binary] from 3.2.3 to 3.2.4
- Update pygments from 2.18.0 to 2.19.1
- Update python-gitlab from 5.1.0 to 5.6.0
- Update tzdata from 2024.2 to 2025.1
- Update Node.js runtime from v16 to v22
- Update node_modules/pdfmake from 0.2.15 to 0.2.18
- Add Scarf.sh pixel - open source analytics
Database
- WARNING: Postgres 12 is no longer supported. Minimum version is 13!
- Remove index_together from historical migrations
Settings
- WARNING: the DEFAULT_FILE_STORAGE and STATICFILES_STORAGE settings have been removed!
- Explicitly define the STORAGES setting
Refactoring and testing
- Update black from 24.10.0 to 25.1.0
- Update isort from 5.13.2 to 6.0.0
- Update node_modules/webpack from 5.97.0 to 5.97.1
- Update node_modules/webpack-cli from 5.1.4 to 6.0.1
- Refactor request_contents_processor() to expose only data we use which sometimes lead to traceback recursion when rendering templates!
- Similate an API write performance test with Locust. References Issue #721
- Simulate a web performance test with Locust + Playwright. References Issue #721. Execution frequencies are informed by our Plausible.io stats
Translations
- Updated Chinese Simplified translation
- Updated Hungarian translation
Kiwi TCMS Enterprise v14.0-mt
- Based on Kiwi TCMS v14.0
- Remove dependency on dict-hash package
- Update certbot-* from 3.0.1 to 3.1.0
- Update django-ses from 4.3.0 to 4.4.0
- Update sentry-sdk from 2.19.0 to 2.20.0
- Update kiwitcms-tenants from 3.2.1 to 4.0.0
- Replace deprecated STATICFILES_STORAGE setting
Private container images
quay.io/kiwitcms/version 14.0 (aarch64) 9aaf5f3e5c7e 05 Feb 2025 695MB quay.io/kiwitcms/version 14.0 (x86_64) 0152d6ac4cec 05 Feb 2025 681MB quay.io/kiwitcms/enterprise 14.0-mt (aarch64) f28044190b68 05 Feb 2025 1.08GB quay.io/kiwitcms/enterprise 14.0-mt (x86_64) 317f8f14a984 05 Feb 2025 1.06GB
IMPORTANT: version tagged, multi-arch and Enterprise container images are available only to subscribers!
How to upgrade
Backup first! Then follow the Upgrading instructions from our documentation.
Happy testing!
---
If you like what we're doing and how Kiwi TCMS supports various communities please help us grow!
- Give ⭐ on GitHub;
- Give 👍 on GitLab;
- Join our newsletter and follow all project news;
- Become a contributor and an awesome open source hacker;
- Become a subscriber and help us sustain development