Plone.restapi

Bug fixes:

- Remove wrong `preview_image_link` addition from blocks
(de)serializers. sneridagh (1737)

New features:

- Added preview_image and preview_image_link to the list of smart
fields for resolveuid and link integrity. sneridagh (1735)

Internal:

- Does not test Python 3.7. wesleybl (1732)
- Use plone.recipe.precompiler to generate mo files to test.
wesleybl (1733)

Bug fixes:

- Fix jwt_auth extractCredentials plugin to only try to read
credentials from the request body if there is a `Content-Type:
application/json` header. davisagli (1728)
- Temporarily disable form memory limit checking for files and images.
This fixes a regression due to a low Zope form memory limit of 1MB
used since Plone 6.0.7. See [CMFPlone issue
3848](https://github.com/plone/Products.CMFPlone/issues/3848) and
Zope PR 1142(https://github.com/zopefoundation/Zope/pull/1142).
maurits (3848)

Documentation:

- Remove regular expression from `sphinx-copybutton` configuration,
now that `linenos` are excluded by default. stevepiercy (1725)

Bug fixes:

- Be more strict when checking if mimetype is allowed to be displayed
inline. maurits (1167)

New features:

- Add support for Python 3.12. tisto (1722)

Bug fixes:

- Treat sub-items like items in `linkintegrity` endpoint. jaroel
(1714)
- Limits the use of multilingual services only if multilingual is
actually installed. mamico (1723)

Internal:

- Remove unused code. davisagli (1703)
- Replace deprecated assert methods. gforcada (1719)
- Drop, already unused plone.app.robotframework test. gforcada
(1720)

Documentation:

- Fix redirect for <https://json-schema.org/>. stevepiercy (#1718)

Breaking changes:

- Remove deprecated unlock, refresh-lock endpoints avoinea
(1235)
- Remove `plone.tiles` and the `tiles` endpoint. tisto (1308)
- Change the linkintegrity endpoint to add `items_total`, the number
of contained items which would be deleted. davisagli, danalvrz,
pgrunewald (1636)
- The default branch was renamed from `master` to `main`. tisto,
davisagli (1695)
- Drop support for Python 3.7. Set python_requires to >= 3.8 tisto
(1709)

New features:

- Add Spanish translation macagua (1684)
- Add support for getting the `/querystring` endpoint in a specific
context. davisagli (1704)

Bug fixes:

- Fix stored XSS (Cross Site Scripting) for SVG image in user
portrait. Done by forcing a download instead of displaying inline.
Normal accessing via an image tag is not affected and is safe. See
[security
advisory](https://github.com/plone/plone.restapi/security/advisories/GHSA-hc5c-r8m5-2gfh).
maurits (1)
- Use incoming request to produce location for `tus-upload`.
instification (1570)
- Undeprecate comma separated expansion parameters (that were
deprecated in plone.restapi 8) tisto (1696)
- Undeprecate token parameter from vocabularies endpoint tisto
(1697)
- Improve RESOLVEUID_RE regexp to catch also paths generated by Link
content-types. cekk (1699)

Internal:

- Upgrade buildout: Plone 6.0.6 -> 6.0.7 and Plone 5.2.12 -> 5.2.14
tisto (1706)

Documentation:

- Added translation code through expansion. Akshat2Jain (1374)
- Restores formatting and fixes some MyST syntax from 1689.
stevepiercy (1691)
- Documentation fixes for 1599. stevepiercy (1692)
- Fix linkcheckbroken 301 redirect to <https://www.4teamwork.ch/en>.
stevepiercy (1693)
- Polish docs for v9 release. stevepiercy (1698)