Plone.namedfile

------------------

Bug fixes:


- Fix calculation of file modification time. davisagli (153)

------------------

Bug fixes:


- Fix stored XSS (Cross Site Scripting) for SVG images.
Done by forcing a download instead of displaying inline.
See `security advisory <https://github.com/plone/plone.namedfile/security/advisories/GHSA-jj7c-jrv4-c65x>`_.
[maurits] (1)

------------------

New features:


- Add internal modification timestamp with fallback to _p_mtime.
[mathias.leimgruber] (149)
- Use new internal modification timestamp as part of the hash key for scales.
[mathias.leimgruber] (150)

------------------

Bug fixes:


- Fixed the issue where SVG images containing extensive metadata were not being displayed
correctly (resulting in a width/height of 1px). This problem could occur when the
<svg> tag exceeded the MAX_INFO_BYTES limit.

Fixes `issue 147 <https://github.com/plone/plone.namedfile/issues/147>`_.
[mliebischer] (147)

------------------

Bug fixes:


- Return a 400 Bad Request response if the `images` view is published without a subpath. davisagli (144)


Tests


- Fix tests to work with various ``beautifulsoup4`` versions.
[maurits] (867)

------------------

New features:


- Move ``Zope2FileUploadStorable`` code from plone.app.z3cform to here to break a cyclic dependency.
[gforcada] (3764)