Skip to content

Bump wagtail from 7.0.6 to 7.0.7#151

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/pip/wagtail-7.0.7
Open

Bump wagtail from 7.0.6 to 7.0.7#151
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/pip/wagtail-7.0.7

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 8, 2026

Copy link
Copy Markdown
Contributor

Bumps wagtail from 7.0.6 to 7.0.7.

Release notes

Sourced from wagtail's releases.

7.0.7

  • Security fix: Improper permission handling when comparing revisions (Seoyoung Kang, Jake Howard)
  • Security fix: Improper permission handling when viewing page history (Seoyoung Kang, Jake Howard, Dan Braghis)
  • Security fix: Improper permission handling when deleting form submissions (Vishal Shukla, Jake Howard)
  • Security fix: Improper restriction handling on Documents and Images API (Sanjok Karki, Jake Howard)
  • Security fix: Improper permission handling when copying pages (Sanjok Karki, Matt Westcott)
  • Fix: Index the contents of image descriptions as well as titles, for CMS search (Advik Sharma)
  • Fix: Correctly escape the sizes attribute in responsive image template tags (Jake Howard)
  • Fix: Add accessible label to userbar aside element for accessibility (Kalash Kumari Thakur)
  • Fix: Prevent incorrect concurrent editing conflict notifications when doing a manual save (Sage Abdullah)
Changelog

Sourced from wagtail's changelog.

7.0.7 (05.05.2026)


 * Fix: CVE-2026-44197: Improper permission handling when comparing revisions (Seoyoung Kang, Jake Howard)
 * Fix: CVE-2026-44198: Improper permission handling when viewing page history (Seoyoung Kang, Jake Howard, Dan Braghis)
 * Fix: CVE-2026-44199: Improper permission handling when deleting form submissions (Vishal Shukla, Jake Howard)
 * Fix: CVE-2026-44200: Improper permission handling when copying pages (Sanjok Karki, Matt Westcott)
 * Fix: CVE-2026-44201: Improper restriction handling on Documents and Images API (Sanjok Karki, Jake Howard)
 * Fix: Index the contents of image descriptions as well as titles, for CMS search (Advik Sharma)
 * Fix: Correctly escape the `sizes` attribute in responsive image template tags (Jake Howard)
 * Fix: Add accessible label to userbar aside element for accessibility (Kalash Kumari Thakur)
 * Fix: Prevent incorrect concurrent editing conflict notifications when doing a manual save (Sage Abdullah)
Commits
  • cb3ed5a ruff format
  • 195962f Version bump to 7.0.7 final
  • 3da9b74 Release notes for security fixes in 7.0.7
  • c75351b Fix permission check on creating alias
  • c731322 Fix permission handling on page copy
  • 052caa0 Exclude view-restricted collections from document and images API
  • 2aa9694 Only support deleting form submissions for the chosen page
  • bdfb723 Add test
  • 585cb02 Check object permissions in PageHistoryView
  • d8e88bd Change permission test to edit or publish
  • Additional commits viewable in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

Bumps [wagtail](https://github.com/wagtail/wagtail) from 7.0.6 to 7.0.7.
- [Release notes](https://github.com/wagtail/wagtail/releases)
- [Changelog](https://github.com/wagtail/wagtail/blob/main/CHANGELOG.txt)
- [Commits](wagtail/wagtail@v7.0.6...v7.0.7)

---
updated-dependencies:
- dependency-name: wagtail
  dependency-version: 7.0.7
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels May 8, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants