Plone.namedfile

------------------

Bug fixes:


- Cache stable image scales strongly.
When plone.app.imaging is available, this is already done.
Otherwise, we should do this ourselves.
Fixes `issue 100 <https://github.com/plone/plone.namedfile/issues/100>`_.
[maurits] (100)

------------------

New features:


- Prevent stored XSS from file upload (svg, html).
Do this by implementing an allowlist of trusted mimetypes.
You can turn this around by using a denylist of just svg, html and javascript.
Do this by setting OS environment variable ``NAMEDFILE_USE_DENYLIST=1``.
From `Products.PloneHotfix20210518 <https://plone.org/security/hotfix/20210518/reflected-xss-in-various-spots>`_.
[maurits] (3274)

------------------

New features:


- Range support (https://developer.mozilla.org/en-US/docs/Web/HTTP/Range_requests)
[mamico] (86)

------------------

Bug fixes:


- Fix image scaling to re-use the original image when scaling is not required to allow Plone REST API to use cacheable scale URL for the original image without performance penalty [datakurre] (92)

------------------

New features:


- Change to use field value _p_mtime instead of context object _p_mtime as image scale invalidation timestamp to fix issue where context object (e.g. a document with lead image) modification invalidated all its image field scales even the images itself were not modified. [datakurre] (91)

------------------

Bug fixes:


- Close BlobFile in DefaultImageScalingFactory. [timo] (89)
- Implement the handling of SVG files before passing it to Pillow, fixes 3063
[sneridagh] (3063)