Lektor

Bugs

Admin server

- Fix route declaration for the `add-child` endpoint. (Thanks to
mjoerg [1184])

[1184]: https://github.com/lektor/lektor/pull/1184

Security

Prior to this release it was possible to create files outside of the
`content` tree using the admin API. (Normally, the admin API should not
be made accessible to untrusted parties, since the point of the API to
to allow for editing of the Lektor project content.)

- Better sanitation of DB file paths, better validation of path passed
to `make_editor_session`. ([1179])
- Better validation of API parameters. ([1181])

[1179]: https://github.com/lektor/lektor/pull/1179
[1181]: https://github.com/lektor/lektor/pull/1181

Bugs Fixed

Admin Server

- Fix `"re.error: bad escape \u"` exception. ([1177])

[1177]: https://github.com/lektor/lektor/pull/1177

Compatibility

- Drop support for python 3.7. ([1173])
- Officially support python 3.12. ([1167])
- Remove pin on `werkzeug<3`. ([1172], [1171])

Refactorings

This release includes a significant continuation of refactoring of the
code in `lektor.imagetools` which started in [1104]:

- We now use Pillow to access image file metadata (e.g. dimensions,
format, and EXIF tags). This replaces some homegrown code for
reading basic image metadata and `exifread` for EXIF tag access.

- Some internal API has been cleaned up.

- Compatibility with various versions of Pillow has been increased.

See [1138] for details.

Features Removed

- Removed `--no-reload` option to the `lektor server` command. This was added in 3.4.0b4 as part of 1027 and seems no longer necessary since now live-reload can be disabled on a per-window bases (see 1164).

Features Added

- Added Turkish translation. Thank you [\uyar]! ([1157])

Admin GUI

- Replace the _“Edit Pencil”_ with a toolbar containing both an _Edit_
button and a toggle that can be used to disable
_Live-reload_. ([1164])

Bugs Fixed

Admin GUI

- Use a real link (`<a href=...`) for the "Return to Website" button. ([1164])

Jinja Globals

- Fix `bag()` to object the pad from `site` in the Jinja context, rather than from the Lektor build context. ([1155])

Plugins

- Use symlinks when constructing Lektor's private virtual
environment. This fixes issues install plugins on macOS. ([1161],
[1159])

Style

- Update prettier, update eslint rules. ([1153])
- Update to latest pylint, black, flake8. Use flake8-bugbear. ([1162])
- Update npm locks, upgrade esbuild, update tests to React 18 APIs. ([1170])
- Apply `pyupgrade --py38-plus` to codebase ([1174])

[\uyar]: https://github.com/uyar
[1138]: https://github.com/lektor/lektor/pull/1138
[1153]: https://github.com/lektor/lektor/pull/1153
[1155]: https://github.com/lektor/lektor/pull/1155
[1157]: https://github.com/lektor/lektor/pull/1157
[1159]: https://github.com/lektor/lektor/issues/1159
[1161]: https://github.com/lektor/lektor/pull/1161
[1162]: https://github.com/lektor/lektor/pull/1162
[1164]: https://github.com/lektor/lektor/pull/1164
[1167]: https://github.com/lektor/lektor/pull/1167
[1170]: https://github.com/lektor/lektor/issues/1170
[1171]: https://github.com/lektor/lektor/issues/1171
[1172]: https://github.com/lektor/lektor/pull/1172
[1173]: https://github.com/lektor/lektor/pull/1173
[1174]: https://github.com/lektor/lektor/pull/1174

Bugs Fixed

- When there are multiple _asset_ trees being merged (i.e. when
_themes_ are in use), avoid building shadowed assets. ([908],
[1147])
- Fix asset URL resolution in the dev server when asset extensions
differ from that of their source. ([1111], [1147])

[908]: https://github.com/lektor/lektor/issues/908
[1111]: https://github.com/lektor/lektor/issues/1111
[1147]: https://github.com/lektor/lektor/pull/1147

Slightly Breaking Changes

- The `--profile` option has been removed from the `lektor build` command. ([1137])

Bugs Fixed

- Pin `watchfiles>=0.12`. (Our tests use the `stop_event` parameter of `watchfiles.watch`.)
- Fix exception from `describe_build_func` when building thumbnails with verbose logging enabled.
- Fix "FATAL: exception not rethrown" message when `lektor server` is stopped. ([1145])
- Fix multiple browser new tabs when `lektor server --browse` is used with `LEKTOR_DEV` set ([1145])
- Fix mypy errors in `lektor.admin.modules`.
- Fix `Builder.touch_site_config` so that it actually touches the site
config. This fixes the _Refresh Build_ button of the admin
UI. ([1146])
- Ensure that `Artifact.open` respects the value of its `encoding` argument when opening files. ([1146])
- Fix logic flaw in `FileInfo.unchanged` which, under certain
circumstances, causes source files to be considered unchanged even
if their size (or mtime) is changed. ([1146])

[1137]: https://github.com/lektor/lektor/pull/1137
[1145]: https://github.com/lektor/lektor/pull/1145
[1146]: https://github.com/lektor/lektor/pull/1146