Plone.rest

------------------

Bug fixes:


- Remove wrong `preview_image_link` addition from blocks (de)serializers. sneridagh (1737)

------------------

New features:


- Added preview_image and preview_image_link to the list of smart fields for resolveuid and link integrity. sneridagh (1735)


Internal:


- Does not test Python 3.7. wesleybl (1732)
- Use plone.recipe.precompiler to generate mo files to test. wesleybl (1733)

------------------

Bug fixes:


- Fix jwt_auth extractCredentials plugin to only try to read credentials from the request body if there is a `Content-Type: application/json` header. davisagli (1728)
- Temporarily disable form memory limit checking for files and images.
This fixes a regression due to a low Zope form memory limit of 1MB used since Plone 6.0.7.
See `CMFPlone issue 3848 <https://github.com/plone/Products.CMFPlone/issues/3848>`_ and `Zope PR 1142 <https://github.com/zopefoundation/Zope/pull/1142>`_.
maurits (3848)


Documentation:


- Remove regular expression from `sphinx-copybutton` configuration, now that `linenos` are excluded by default. stevepiercy (1725)

------------------

Bug fixes:


- Be more strict when checking if mimetype is allowed to be displayed inline.
[maurits] (1167)

------------------

New features:


- Add support for Python 3.12. tisto (1722)


Bug fixes:


- Treat sub-items like items in ``linkintegrity`` endpoint. jaroel (1714)
- Limits the use of multilingual services only if multilingual is actually installed. mamico (1723)


Internal:


- Remove unused code. davisagli (1703)
- Replace deprecated assert methods. gforcada (1719)
- Drop, already unused plone.app.robotframework test. gforcada (1720)


Documentation:


- Fix redirect for https://json-schema.org/. stevepiercy (#1718)

------------------

Breaking changes:


- Remove deprecated unlock, refresh-lock endpoints avoinea (1235)
- Remove `plone.tiles` and the `tiles` endpoint. tisto (1308)
- Change the linkintegrity endpoint to add `items_total`, the number of contained items which would be deleted. davisagli, danalvrz, pgrunewald (1636)
- The default branch was renamed from `master` to `main`. tisto, davisagli (1695)
- Drop support for Python 3.7. Set python_requires to >= 3.8 tisto (1709)


New features:


- Add Spanish translation macagua (1684)
- Add support for getting the `/querystring` endpoint in a specific context. davisagli (1704)


Bug fixes:


- Fix stored XSS (Cross Site Scripting) for SVG image in user portrait.
Done by forcing a download instead of displaying inline.
Normal accessing via an image tag is not affected and is safe.
See `security advisory <https://github.com/plone/plone.restapi/security/advisories/GHSA-hc5c-r8m5-2gfh>`_. maurits (#1)
- Use incoming request to produce location for `tus-upload`. instification (1570)
- Undeprecate comma separated expansion parameters (that were deprecated in plone.restapi 8) tisto (1696)
- Undeprecate token parameter from vocabularies endpoint tisto (1697)
- Improve RESOLVEUID_RE regexp to catch also paths generated by Link content-types. cekk (1699)


Internal:


- Upgrade buildout: Plone 6.0.6 -> 6.0.7 and Plone 5.2.12 -> 5.2.14 tisto (1706)


Documentation:


- Added translation code through expansion. Akshat2Jain (1374)
- Restores formatting and fixes some MyST syntax from 1689. stevepiercy (1691)
- Documentation fixes for 1599. stevepiercy (1692)
- Fix linkcheckbroken 301 redirect to https://www.4teamwork.ch/en. stevepiercy (#1693)
- Polish docs for v9 release. stevepiercy (1698)