From 5d1dc07e710cd275b16ba39bc530202aa637b308 Mon Sep 17 00:00:00 2001 From: Timo Stollenwerk Date: Fri, 22 Sep 2023 08:02:30 +0200 Subject: [PATCH 1/5] Drop Python 3.7 support --- news/1.bugfix | 3 +-- news/1570.bugfix | 3 +-- news/1709.breaking | 1 + setup.py | 3 +-- 4 files changed, 4 insertions(+), 6 deletions(-) create mode 100644 news/1709.breaking diff --git a/news/1.bugfix b/news/1.bugfix index 37a92b93ea..0e46ff88db 100644 --- a/news/1.bugfix +++ b/news/1.bugfix @@ -1,5 +1,4 @@ Fix stored XSS (Cross Site Scripting) for SVG image in user portrait. Done by forcing a download instead of displaying inline. Normal accessing via an image tag is not affected and is safe. -See `security advisory `_. -[maurits] +See `security advisory `_. @maurits diff --git a/news/1570.bugfix b/news/1570.bugfix index 37f023d218..c186aa1612 100644 --- a/news/1570.bugfix +++ b/news/1570.bugfix @@ -1,2 +1 @@ -Use incoming request to produce location for @tus-upload -[instification] +Use incoming request to produce location for @tus-upload @instification diff --git a/news/1709.breaking b/news/1709.breaking new file mode 100644 index 0000000000..369f3bd5c6 --- /dev/null +++ b/news/1709.breaking @@ -0,0 +1 @@ +Drop support for Python 3.7. Set python_requires to >= 3.8 @tisto \ No newline at end of file diff --git a/setup.py b/setup.py index 1c18881064..f3cc03baf2 100644 --- a/setup.py +++ b/setup.py @@ -67,7 +67,6 @@ def read(filename): "Intended Audience :: Developers", "Operating System :: OS Independent", "Programming Language :: Python", - "Programming Language :: Python :: 3.7", "Programming Language :: Python :: 3.8", "Programming Language :: Python :: 3.9", "Programming Language :: Python :: 3.10", @@ -83,7 +82,7 @@ def read(filename): packages=find_packages("src"), package_dir={"": "src"}, namespace_packages=["plone"], - python_requires=">=3.6", + python_requires=">=3.8", include_package_data=True, zip_safe=False, install_requires=[ From e498c49d14eae6955086a37a1fa9be240722c928 Mon Sep 17 00:00:00 2001 From: Timo Stollenwerk Date: Fri, 22 Sep 2023 08:08:29 +0200 Subject: [PATCH 2/5] Update README --- README.rst | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/README.rst b/README.rst index 29a681392a..caa6c056c4 100644 --- a/README.rst +++ b/README.rst @@ -74,12 +74,10 @@ Install ``plone.restapi`` by adding it to your buildout. Python / Plone Compatibility ============================ -plone.restapi 8 requires Python 3 and works with Plone 5.2 and Plone 6.x. - -plone.restapi 8 does not officially support Python 3.6. +plone.restapi 8 and 9 require Python 3 and work with Plone 5.2 and Plone 6.x. Python versions that reached their `end-of-life `_, -including Python 3.6, might still work, but the maintainers do not guarantee this in any way. +including Python 3.6 and Python 3.7 are not supported any longer. Use plone.restapi 7 if you are running Python 2.7 or Plone versions below 5.2. From df2b61192adf634c886535f7c3ad996ade2930b6 Mon Sep 17 00:00:00 2001 From: Timo Stollenwerk Date: Fri, 22 Sep 2023 08:25:18 +0200 Subject: [PATCH 3/5] Update README and upgrade guide --- README.rst | 7 ++++++- docs/source/upgrade-guide.md | 4 ++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/README.rst b/README.rst index caa6c056c4..63fcc0f18c 100644 --- a/README.rst +++ b/README.rst @@ -74,7 +74,12 @@ Install ``plone.restapi`` by adding it to your buildout. Python / Plone Compatibility ============================ -plone.restapi 8 and 9 require Python 3 and work with Plone 5.2 and Plone 6.x. +plone.restapi 9 requires Python 3 and works with Plone 5.2 and Plone 6.x. + +plone.restapi 8 entered "maintenance" mode with the release of plone.restapi 9 (September 2023). +It is not planned to backport any features to this version and we highly recommend to upgrade to plone.restapi 9. +plone.restapi 8 will receive security releases (if they are any) for the next two years (until September 2025). +After September 2025 it will be unsupported. Python versions that reached their `end-of-life `_, including Python 3.6 and Python 3.7 are not supported any longer. diff --git a/docs/source/upgrade-guide.md b/docs/source/upgrade-guide.md index 8ea4a5f110..98c5455bcd 100644 --- a/docs/source/upgrade-guide.md +++ b/docs/source/upgrade-guide.md @@ -14,6 +14,10 @@ It explains the steps that are needed to upgrade to the latest version. ## Upgrading to `plone.restapi` 9.x +`plone.restapi` 9.x dropped support for Python 3.7, which reached its `end-of-life `_ in July 2023. + +Upgrading to `plone.restapi` 9.x might require minor changes to your code base that are described in this section. If you are using a recent version of Volto, there are no changes necessary. + ### Link Integrity When calling the @linkintegrity endpoint in `plone.restapi` before 9.0.0, a content object with no link integrity breaches would return just an empty list in the response body: From 055312eb6ccd9a0985ab0714c07c61fa6ea17091 Mon Sep 17 00:00:00 2001 From: Timo Stollenwerk Date: Fri, 22 Sep 2023 11:58:59 +0200 Subject: [PATCH 4/5] Update news/1570.bugfix Co-authored-by: Steve Piercy --- news/1570.bugfix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/news/1570.bugfix b/news/1570.bugfix index c186aa1612..c6e766f2e5 100644 --- a/news/1570.bugfix +++ b/news/1570.bugfix @@ -1 +1 @@ -Use incoming request to produce location for @tus-upload @instification +Use incoming request to produce location for `@tus-upload`. @instification From 9059ace6b1b362e3df26834b9a5d1c34cd335fef Mon Sep 17 00:00:00 2001 From: Timo Stollenwerk Date: Fri, 22 Sep 2023 16:56:21 +0200 Subject: [PATCH 5/5] Remove 2 years security releases committment. We use the regular Plone core policy here. --- README.rst | 2 -- 1 file changed, 2 deletions(-) diff --git a/README.rst b/README.rst index 63fcc0f18c..86425831a1 100644 --- a/README.rst +++ b/README.rst @@ -78,8 +78,6 @@ plone.restapi 9 requires Python 3 and works with Plone 5.2 and Plone 6.x. plone.restapi 8 entered "maintenance" mode with the release of plone.restapi 9 (September 2023). It is not planned to backport any features to this version and we highly recommend to upgrade to plone.restapi 9. -plone.restapi 8 will receive security releases (if they are any) for the next two years (until September 2025). -After September 2025 it will be unsupported. Python versions that reached their `end-of-life `_, including Python 3.6 and Python 3.7 are not supported any longer.