Django-cms

==================

* Fixed a bug which prevented users from seeing the welcome screen when debug is
turned off.
* Introduced improved repr for ``Page``, ``Title``, ``Placeholder`` and ``CMSPlugin`` models.
* Rename publish buttons to no longer reference "page"
* Page rendering will now use the draft page instead of public page for logged in
users with change permissions, unless the ``preview`` GET parameter is used.
* Fixed "Expand all / Collapse all" not reflecting real state of the placeholder tree
* Fixed a bug where Aliased plugins would render if their host page was unpublished (and user was not on edit mode).
* Fixed a bug where focusing inputs in modal would require 2 clicks in some browsers
* Changed the language chooser to always show all configured languages to staff members
and public-only languages to anon users.
* Introduced logic to copy pages to different sites from the admin.
* Removed "View on Site" button when adding a page
* Welcome page no longer uses multilingual URLs when not required.
* Prevent users from passing a public page as parent in ``create_page`` api function

==================

* Removed extra quotation mark from the sideframe button template
* Fixed a bug where xframe options were processed by clickjacking middleware
when page was served from cache, rather then get this value from cache
* Fixed a bug where cached page permissions overrides global permissions
* Fixed a bug where editing pages with primary keys greater than 9999 would throw an
exception.
* Fixed broken wizard page creation when no language is set within the template context (see 5828).
* Fixed a security vulnerability in the plugin_type url parameter to insert JavaScript code.

==================

* Changed the way drag and drop works in the page tree. The page has to be
selected first before moving.
* Fixed a bug where the cms alias plugin leaks context into the rendered aliased plugins.
* Fixed a bug where users without the "Change advanced settings" permission could still
change a page's template.
* Added ``on_delete`` to ``ForeignKey`` and ``OneToOneField`` to silence Django
deprecation warnings.
* Fixed a bug where the sitemap would ignore the ``public`` setting of the site languages
and thus display hidden languages.
* Fixed an ``AttributeError`` raised when adding or removing apphooks in Django 1.11.
* Fixed an ``InconsistentMigrationHistory`` error raised when the contenttypes app
has a pending migration after the user has applied the ``0010_migrate_use_structure`` migration.
* Fixed a bug where plugins rendered multiple times won't be editable

==================

* Introduced Django 1.11 compatibility
* Fixed a bug where slug wouldn't be generated in the creation wizard
* Fixed a bug where the add page endpoint rendered ``Change page`` as the html title.
* Fixed an issue where non-staff users could request the wizard create endpoint.
* Fixed an issue where the ``Edit page`` toolbar button wouldn't show on non-cms pages
with placeholders.
* Fixed a bug where placeholder inheritance wouldn't work if the inherited placeholder
is cached in an ancestor page.
* Fixed a regression where the code following a ``{% placeholder x or %}`` declaration,
was rendered before attempting to inherit content from parent pages.
* Changed page/placeholder cache keys to use sha1 hash instead of md5 to be FIPS compliant.
* Fixed a bug where the change of a slug would not propagate to all descendant pages
* Fixed a ``ValueError`` raised when using ``ManifestStaticFilesStorage`` or similar for static files.
This only affects Django >= 1.10

==================

* Fixed a bug in which cancelling the publishing dialog wasn't respected.
* Fixed a bug causing post-login redirection to an incorrect URL on single-language sites.
* Changed the signature for internal ``cms.plugin_base.CMSPluginBase`` methods ``get_child_classes``
and ``get_parent_classes`` to take an optional ``instance`` parameter.
* Fixed an error when retrieving placeholder label from configuration.
* Fixed a bug which caused certain translations to display double-escaped text in the page
list admin view.
* Adjusted the toolbar JavaScript template to escape values coming from the request.
* Added Dropdown class to toolbar items
* Replaced all custom markup on the ``admin/cms/page/includes/fieldset.html`` template
with an ``{% include %}`` call to Django's built-in ``fieldset.html`` template.
* Fixed a bug which prevented a page from being marked as dirty when a placeholder was cleared.
* Fixed an IntegrityError raised when publishing a page with no public version and whose publisher
state was pending.
* Fixed an issue with JavaScript not being able to determine correct path to the async bundle
* Fixed a ``DoesNotExist`` database error raised when moving a page marked as published, but whose public
translation did not exist.
* Fixed a bug in which the menu rendered nodes using the site session variable (set in the admin),
instead of the current request site.
* Fixed a race condition bug in which the database cache keys were deleted without syncing with the
cache server, and as a result old menu items would continue to be displayed.
* Fixed a 404 raised when using the ``Delete`` button for a Page or Title extension on Django >= 1.9
* Added "How to serve multiple languages" section to documentation
* Fixed a performance issue with nested pages when using the ``inherit`` flag on the ``{% placeholder %}`` tag.
* Removed the internal ``reset_to_public`` page method in favour of the ``revert_to_live`` method.
* Fixed a bug in which the placeholder cache was not consistently cleared when a page was published.
* Enhanced the plugin menu to not show plugins the user does not have permission to add.
* Fixed a regression which prevented users from setting a redirect to the homepage.

==================

* Fixed a security vulnerability in the page redirect field which allowed users
to insert JavaScript code.
* Fixed a security vulnerability where the ``next`` parameter for the toolbar login
was not sanitised and could point to another domain.