Merge branch 'develop' of github.com:divio/django-cms into develop

.travis.yml

@@ -1,13 +1,12 @@
 language: python
 
+dist: xenial
+
 python:
   - 3.8
   - 3.7
   - 3.6
   - 3.5
-  - 2.7
-
-sudo: false
 
 services:
   - mysql
@@ -34,7 +33,7 @@ env:
     # temporary solution until https://github.com/ariya/phantomjs/issues/13953 is resolved
     - PHANTOMJS_CDNURL=https://s3.amazonaws.com/aldryn-local-assets
     # make sure travis jobs are recognised
-    - DJANGO=1.11
+    - DJANGO=2.2
 
 matrix:
   include:
@@ -44,69 +43,62 @@ matrix:
     - python: 3.6
       env: FRONTEND=1 LINT=1
     - python: 3.6
-      env: FRONTEND=1 INTEGRATION=1 INTEGRATION_TESTS_BUCKET=1 DJANGO=1.11 DATABASE_URL='sqlite://localhost/testdb.sqlite'
-    - python: 3.6
-      env: FRONTEND=1 INTEGRATION=1 INTEGRATION_TESTS_BUCKET=2 DJANGO=1.11 DATABASE_URL='sqlite://localhost/testdb.sqlite'
-    - python: 3.6
-      env: FRONTEND=1 INTEGRATION=1 INTEGRATION_TESTS_BUCKET=3 DJANGO=1.11 DATABASE_URL='sqlite://localhost/testdb.sqlite'
-
-    # DJANGO 1.11
-    - python: 2.7
-      env: DJANGO=1.11 DATABASE_URL='sqlite://localhost/:memory:'
-    - python: 3.5
-      env: DJANGO=1.11 DATABASE_URL='mysql://root@127.0.0.1/djangocms_test'
-    - python: 3.6
-      env: DJANGO=1.11 DATABASE_URL='postgres://postgres@127.0.0.1/djangocms_test'
+      env: FRONTEND=1 INTEGRATION=1 INTEGRATION_TESTS_BUCKET=1 DJANGO=2.2 DATABASE_URL='sqlite://localhost/testdb.sqlite'
     - python: 3.6
-      env: DJANGO=1.11 DATABASE_URL='postgres://postgres@127.0.0.1/djangocms_test' AUTH_USER_MODEL='emailuserapp.EmailUser'
+      env: FRONTEND=1 INTEGRATION=1 INTEGRATION_TESTS_BUCKET=2 DJANGO=2.2 DATABASE_URL='sqlite://localhost/testdb.sqlite'
     - python: 3.6
-      env: DJANGO=1.11 DATABASE_URL='postgres://postgres@127.0.0.1/djangocms_test' AUTH_USER_MODEL='customuserapp.User'
+      env: FRONTEND=1 INTEGRATION=1 INTEGRATION_TESTS_BUCKET=3 DJANGO=2.2 DATABASE_URL='sqlite://localhost/testdb.sqlite'
 
     # DJANGO 2.2
     - python: 3.5
       env: DJANGO=2.2 DATABASE_URL='sqlite://localhost/:memory:'
-      dist: xenial
-      sudo: true
     - python: 3.5
       env: DJANGO=2.2 DATABASE_URL='mysql://root@127.0.0.1/djangocms_test'
     - python: 3.6
       env: DJANGO=2.2 DATABASE_URL='postgres://postgres@127.0.0.1/djangocms_test'
     - python: 3.6
       env: DJANGO=2.2 DATABASE_URL='postgres://postgres@127.0.0.1/djangocms_test' AUTH_USER_MODEL='emailuserapp.EmailUser'
-    - python: 3.6
+    - python: 3.7
       env: DJANGO=2.2 DATABASE_URL='postgres://postgres@127.0.0.1/djangocms_test' AUTH_USER_MODEL='customuserapp.User'
-    - python: 3.6
-      env: DJANGO=2.2 TEST_DOCS=1 DATABASE_URL='sqlite://localhost/:memory:'
-      dist: xenial
-      sudo: true
     - python: 3.7
+      env: DJANGO=2.2 TEST_DOCS=1 DATABASE_URL='sqlite://localhost/:memory:'
+    - python: 3.8
       env: DJANGO=2.2 DATABASE_URL='postgres://postgres@127.0.0.1/djangocms_test' AUTH_USER_MODEL='customuserapp.User'
-      dist: xenial
-      sudo: true
 
     # DJANGO 3.0
     - python: 3.6
       env: DJANGO=3.0 DATABASE_URL='sqlite://localhost/:memory:'
-      dist: xenial
-      sudo: true
     - python: 3.6
       env: DJANGO=3.0 DATABASE_URL='mysql://root@127.0.0.1/djangocms_test'
     - python: 3.7
       env: DJANGO=3.0 DATABASE_URL='postgres://postgres@127.0.0.1/djangocms_test'
     - python: 3.7
       env: DJANGO=3.0 DATABASE_URL='postgres://postgres@127.0.0.1/djangocms_test' AUTH_USER_MODEL='emailuserapp.EmailUser'
-    - python: 3.7
+    - python: 3.8
       env: DJANGO=3.0 DATABASE_URL='postgres://postgres@127.0.0.1/djangocms_test' AUTH_USER_MODEL='customuserapp.User'
-    - python: 3.7
+    - python: 3.8
       env: DJANGO=3.0 TEST_DOCS=1 DATABASE_URL='sqlite://localhost/:memory:'
-      dist: xenial
-      sudo: true
     - python: 3.8
       env: DJANGO=3.0 DATABASE_URL='postgres://postgres@127.0.0.1/djangocms_test' AUTH_USER_MODEL='customuserapp.User'
-      dist: xenial
-      sudo: true
 
-  fast_finish: true
+    # DJANGO 3.1
+    - python: 3.6
+      env: DJANGO=3.1 DATABASE_URL='sqlite://localhost/:memory:'
+    - python: 3.6
+      env: DJANGO=3.1 DATABASE_URL='mysql://root@127.0.0.1/djangocms_test'
+    - python: 3.7
+      env: DJANGO=3.1 DATABASE_URL='postgres://postgres@127.0.0.1/djangocms_test'
+    - python: 3.7
+      env: DJANGO=3.1 DATABASE_URL='postgres://postgres@127.0.0.1/djangocms_test' AUTH_USER_MODEL='emailuserapp.EmailUser'
+    - python: 3.8
+      env: DJANGO=3.1 DATABASE_URL='postgres://postgres@127.0.0.1/djangocms_test' AUTH_USER_MODEL='customuserapp.User'
+    - python: 3.8
+      env: DJANGO=3.1 TEST_DOCS=1 DATABASE_URL='sqlite://localhost/:memory:'
+    - python: 3.8
+      env: DJANGO=3.1 DATABASE_URL='postgres://postgres@127.0.0.1/djangocms_test' AUTH_USER_MODEL='customuserapp.User'
+  allow_failures:
+    - python: 3.6
+      env: FRONTEND=1 INTEGRATION=1 INTEGRATION_TESTS_BUCKET=2 DJANGO=2.2 DATABASE_URL='sqlite://localhost/testdb.sqlite'
 
 before_script:
   - pip freeze
@@ -115,7 +107,7 @@ before_script:
   - if [ "$DATABASE_URL" == "mysql://root@127.0.0.1/djangocms_test" ]; then mysql -e 'create database IF NOT EXISTS djangocms_test CHARACTER SET utf8 COLLATE utf8_general_ci;'; fi
 
 before_install:
-  - "export TRAVIS_COMMIT_MSG=\"$(git log --format=%B --no-merges -n 1)\""
+  - 'export TRAVIS_COMMIT_MSG="$(git log --format=%B --no-merges -n 1)"'
   - pip install -U pip>=8.0
   - echo "$TRAVIS_COMMIT_MSG" | grep '\[skip saucelabs\]'; export USE_SAUCE_LABS=$?; true
   - echo "$TRAVIS_COMMIT_MSG" | grep '\[ci only docs\]'; export ONLY_DOCS=$?; true

CHANGELOG.rst

@@ -3,6 +3,18 @@ Changelog
 =========
 
 
+3.8.0 (unreleased)
+==================
+
+* Introduced support for Django 3.1
+* Dropped support for Python 2.7 and Python 3.4
+* Dropped support for Django < 2.2
+* Removed ``djangocms-column`` from the manual installation instructions
+* Removed duplicate ``attr`` declaration from the documentation
+* Fixed a reference to a wrong variable in log messages in ``utils/conf.py``
+* Fixed an issue in ``wizards/create.html`` where the error message did not use the plural form
+
+
 3.7.4 (2020-07-21)
 ==================
 
@@ -70,6 +82,12 @@ Changelog
 * Fixed override ``urlconf_module`` so that Django system checks don't crash.
 
 
+3.6.1 (2020-07-21)
+==================
+
+* Fixed a security vulnerability in the plugin_type url parameter to insert JavaScript code.
+
+
 3.6.0 (2019-01-29)
 ==================
 
@@ -84,6 +102,12 @@ Changelog
 * Introduced Django 2.1 support.
 
 
+3.5.4 (2020-07-21)
+==================
+
+* Fixed a security vulnerability in the plugin_type url parameter to insert JavaScript code.
+
+
 3.5.3 (2018-11-20)
 ==================
 
@@ -159,6 +183,37 @@ Changelog
 * Prevent users from passing a public page as parent in ``create_page`` api function
 
 
+3.4.7 (2020-07-21)
+==================
+
+* Removed extra quotation mark from the sideframe button template
+* Fixed a bug where xframe options were processed by clickjacking middleware
+  when page was served from cache, rather then get this value from cache
+* Fixed a bug where cached page permissions overrides global permissions
+* Fixed a bug where editing pages with primary keys greater than 9999 would throw an
+  exception.
+* Fixed broken wizard page creation when no language is set within the template context (see #5828).
+* Fixed a security vulnerability in the plugin_type url parameter to insert JavaScript code.
+
+
+3.4.6 (2018-03-26)
+==================
+
+* Changed the way drag and drop works in the page tree. The page has to be
+  selected first before moving.
+* Fixed a bug where the cms alias plugin leaks context into the rendered aliased plugins.
+* Fixed a bug where users without the "Change advanced settings" permission could still
+  change a page's template.
+* Added ``on_delete`` to ``ForeignKey`` and ``OneToOneField`` to silence Django
+  deprecation warnings.
+* Fixed a bug where the sitemap would ignore the ``public`` setting of the site languages
+  and thus display hidden languages.
+* Fixed an ``AttributeError`` raised when adding or removing apphooks in Django 1.11.
+* Fixed an ``InconsistentMigrationHistory`` error raised when the contenttypes app
+  has a pending migration after the user has applied the ``0010_migrate_use_structure`` migration.
+* Fixed a bug where plugins rendered multiple times won't be editable
+
+
 3.4.5 (2017-10-12)
 ==================
 

SECURITY.rst

@@ -0,0 +1,24 @@
+###############
+Security Policy
+###############
+
+Supported Versions
+==================
+
+Security updates are provided to the latest 2 django CMS versions released. Exceptions apply to the LTS releases.
+
+======= =========
+Version Supported         
+------- ---------
+3.7.x   yes (LTS)
+3.6.x   yes
+3.5.x   no
+< 3.4   no
+======= =========
+
+Reporting a Vulnerability
+=========================
+
+If you think you have discovered a security issue in our code, please report it **privately**, by emailing us at security@django-cms.org.
+
+Please **do not** raise it on IRC, GitHub, either of our email lists, StackOverflow or in any other public forum until we have had a chance to deal with it.

cms/__init__.py

@@ -1,5 +1,4 @@
-# -*- coding: utf-8 -*-
 
-__version__ = '3.7.4'
+__version__ = '3.8.0rc1'
 
 default_app_config = 'cms.apps.CMSConfig'

cms/admin/__init__.py

@@ -1,4 +1,3 @@
-# -*- coding: utf-8 -*-
 import cms.admin.pageadmin
 import cms.admin.useradmin
 import cms.admin.permissionadmin