Releases: mozilla/addons-server
Releases · mozilla/addons-server
2025.05.29
This week's push hero is @KevinMind
Previous Release: 2025.05.15-1
Blockers:
Cherry-picks:
Before we push:
Before we start:
Before we promote:
After we're done:
Addons-Frontend Changelog:
mozilla/addons-frontend@2025.05.15...2025.05.29
Addons Server Changelog:
What's Changed
Notable things shipping
- drop support for AMO_ESCALATE and forwarded jobs by @eviljeff in #23338
- Drop Legacy Promoted Models by @chrstinalin in #23425
- Fix including policies text in emails of decisions coming from Cinder with notes by @diox in #23451
- Improvements to Discovery Addon Admin by @chrstinalin in #23457
- Add retry mechanism to health check and notification of recovery by @KevinMind in #23453
- Allow policies to be selected directly for reviewer tools actions by @eviljeff in #23437
- Display banned column in user admin changelist page by @diox in #23464
- Add auto generated model documentation to AMO docs by @KevinMind in #22483
- update ContentActionTargetAppealRemovalAffirmation template by @eviljeff in #23466
- Add distinct to search by promoted in discovery addons by @chrstinalin in #23477
- When resolving multiple jobs in a reviewer action, record activity & notify owners once by @diox in #23459
- Squash migrations the right way by @KevinMind in #23458
- Fix urlparams() when a query has multiple values for a given key by @diox in #23478
- Expose when jobs were created / forwarded / requeued in review page by @diox in #23485
- Docker compose: Add 'start_period' to healthcheck for web and worker by @wagnerand in #23500
- Make add-ons in PromotedClass Partner pre-review by @wagnerand in #23497
- Handle version rejection appeals forwarded to legal by @eviljeff in #23484
- Remove 'dsa-appeals-review' waffle switch by @diox in #23506
Dependendabots
- Bump packaging from 24.2 to 25.0 in /requirements by @dependabot in #23351
- Bump pyparsing from 3.2.1 to 3.2.3 in /requirements by @dependabot in #23222
- Bump addons-linter from 7.11.0 to 7.13.0 by @dependabot in #23494
- Bump nginx from 1.27-bookworm@sha256:124b44bfc9ccd1f3cedf4b592d4d1e8bddb78b51ec2ed5056c52d3692baebc19 to sha256:5ed8fcc66f4ed123c1b2560ed708dc148755b6e4cbd8b943fab094f2c6bfa91e by @dependabot in #23354
- Bump pyuwsgi from 2.0.28.post1 to 2.0.29 in /requirements by @dependabot in #23375
- Bump setuptools from 75.8.0 to 78.1.1 in /requirements by @dependabot in #23481
- Bump pip from 25.0.1 to 25.1.1 in /requirements by @dependabot in #23418
- Bump memcached from 1.5.16 to 1.5.16 by @dependabot in #23384
- Bump typing-extensions from 4.12.2 to 4.13.2 in /requirements by @dependabot in #23302
- Bump yara-python from 4.5.1 to 4.5.2 in /requirements by @dependabot in #23416
- Bump stylelint from 16.17.0 to 16.19.1 by @dependabot in #23385
- Bump @eslint/compat from 1.2.8 to 1.2.9 by @dependabot in #23406
- Bump charset-normalizer from 3.4.1 to 3.4.2 in /requirements by @dependabot in #23403
- Bump mypy-extensions from 1.0.0 to 1.1.0 in /requirements by @dependabot in #23360
- Bump certifi from 2025.1.31 to 2025.4.26 in /requirements by @dependabot in #23376
Full Changelog: 2025.05.15...2025.05.29
Contributors
diox, eviljeff, and 4 other contributors
Assets 2
2025.05.15-1
This week's push hero is @diox
Previous Release: 2025.05.01-1
Blockers:
Cherry-picks:
Before we push:
Before we start:
Before we promote:
After we're done:
Addons-Frontend Changelog:
mozilla/addons-frontend@2025.05.01...2025.05.15
Addons Server Changelog:
What's Changed
Notable things shipping
- Ignore all decisions that originated from the api by @eviljeff in #23386
- Enable Partner Group for High Profile Rating by @chrstinalin in #23390
- prevent empty
job_idvalues -nullshould be the only empty value by @eviljeff in #23396 - Only consider active NHR when filtering for due date reasons by @diox in #23421
- Remove locales below 80% threshold by @diox in #23395
- Prepare Drop of Old Promotion Models by @chrstinalin in #23315
- Only Show Badged Promoted Groups in Devhub by @chrstinalin in #23372
- Expose the policy text for decisions in version|important-changes history by @eviljeff in #23401
- Re-order needs human review reasons, display them in the review queue for each add-on by @diox in #23426
- associate deny appeal version logs with original versions by @eviljeff in #23449
- Record
reasoningandprivate_notesseparately in Content Decisions by @diox in #23419 - Add runbooks with examples for localdev/dev/statistics by @KevinMind in #23286
Dependendabots
- Bump django from 4.2.20 to 4.2.21 in /requirements by @dependabot in #23433
- Bump vitest from 3.1.1 to 3.1.3 by @dependabot in #23422
- Bump vite from 6.2.6 to 6.3.5 by @dependabot in #23410
- Bump jsdom from 26.0.0 to 26.1.0 by @dependabot in #23310
- Bump pillow from 11.1.0 to 11.2.1 in /requirements by @dependabot in #23313
- Bump less from 4.2.2 to 4.3.0 by @dependabot in #23278
- Bump pytz from 2025.1 to 2025.2 in /requirements by @dependabot in #23221
- Bump mozilla/addons-frontend from 2025.04.17 to 2025.05.01 by @dependabot in #23413
- Bump drf-yasg from 1.21.8 to 1.21.10 in /requirements by @dependabot in #23152
- Bump drf-spectacular from 0.27.2 to 0.28.0 in /requirements by @dependabot in #23201
- Bump glob from 11.0.1 to 11.0.2 by @dependabot in #23364
- Bump iniconfig from 2.0.0 to 2.1.0 in /requirements by @dependabot in #23196
- Bump attrs from 25.1.0 to 25.3.0 in /requirements by @dependabot in #23167
- Bump proto-plus from 1.25.0 to 1.26.1 in /requirements by @dependabot in #23156
- Bump python from
a866731to8582432by @dependabot in #23382
Full Changelog: 2025.05.01...2025.05.15-1
Contributors
diox, eviljeff, and 3 other contributors
Assets 2
2025.05.15
This week's push hero is @diox
Previous Release: 2025.05.01-1
Blockers:
Cherry-picks:
Before we push:
Before we start:
Before we promote:
After we're done:
Addons-Frontend Changelog:
mozilla/addons-frontend@2025.05.01...2025.05.15
Addons Server Changelog:
What's Changed
Notable things shipping
- Ignore all decisions that originated from the api by @eviljeff in #23386
- Enable Partner Group for High Profile Rating by @chrstinalin in #23390
- prevent empty
job_idvalues -nullshould be the only empty value by @eviljeff in #23396 - Only consider active NHR when filtering for due date reasons by @diox in #23421
- Remove locales below 80% threshold by @diox in #23395
- Prepare Drop of Old Promotion Models by @chrstinalin in #23315
- Only Show Badged Promoted Groups in Devhub by @chrstinalin in #23372
- Expose the policy text for decisions in version|important-changes history by @eviljeff in #23401
- Re-order needs human review reasons, display them in the review queue for each add-on by @diox in #23426
- associate deny appeal version logs with original versions by @eviljeff in #23449
- Record
reasoningandprivate_notesseparately in Content Decisions by @diox in #23419 - Add runbooks with examples for localdev/dev/statistics by @KevinMind in #23286
Dependendabots
- Bump django from 4.2.20 to 4.2.21 in /requirements by @dependabot in #23433
- Bump vitest from 3.1.1 to 3.1.3 by @dependabot in #23422
- Bump vite from 6.2.6 to 6.3.5 by @dependabot in #23410
- Bump jsdom from 26.0.0 to 26.1.0 by @dependabot in #23310
- Bump pillow from 11.1.0 to 11.2.1 in /requirements by @dependabot in #23313
- Bump less from 4.2.2 to 4.3.0 by @dependabot in #23278
- Bump pytz from 2025.1 to 2025.2 in /requirements by @dependabot in #23221
- Bump mozilla/addons-frontend from 2025.04.17 to 2025.05.01 by @dependabot in #23413
- Bump drf-yasg from 1.21.8 to 1.21.10 in /requirements by @dependabot in #23152
- Bump drf-spectacular from 0.27.2 to 0.28.0 in /requirements by @dependabot in #23201
- Bump glob from 11.0.1 to 11.0.2 by @dependabot in #23364
- Bump iniconfig from 2.0.0 to 2.1.0 in /requirements by @dependabot in #23196
- Bump attrs from 25.1.0 to 25.3.0 in /requirements by @dependabot in #23167
- Bump proto-plus from 1.25.0 to 1.26.1 in /requirements by @dependabot in #23156
- Bump python from
a866731to8582432by @dependabot in #23382
Full Changelog: 2025.05.01...2025.05.15
Contributors
diox, eviljeff, and 3 other contributors
Assets 2
2025.05.01-1
Off-band release
This week's push hero is @eviljeff
Previous Release: 2025.05.01
Cherry-picks:
Before we push:
Before we start:
Before we promote:
After we're done:
Contributors
eviljeff
Assets 2
2025.05.01
This week's push hero is @eviljeff
Previous Release: 2025.04.17-2
Blockers:
Cherry-picks:
Before we push:
Before we start:
Before we promote:
After we're done:
Addons-Frontend Changelog:
mozilla/addons-frontend@2025.04.17...2025.05.01
Addons Server Changelog:
What's Changed
Notable things shipping
- Record which versions were affected when force disabling/enabling add-ons by @diox in #23308
- Enable swagger on dev by @KevinMind in #23332
- migrate PrimaryHero model to use addon instead of promoted_addon in a migration safe way by @KevinMind in #23333
- allow multiple ContentDecision to link to CinderJob; etc by @eviljeff in #23301
- Update 0055_fill_cinderjob_fk_on_decision.py by @eviljeff in #23339
- Correct approved_applications_for() by @chrstinalin in #23337
- fix Expression injection in Actions by @odaysec in #23358
- Fix broken settings import in review_reports command by @diox in #23371
- Allow selecting "AMO_CLOSED_NO_ACTION" policies when resolving jobs in reviewer tools by @diox in #23369
- Hide Strategic and Notable groups from the API by @chrstinalin in #23373
- Update PrimaryHero to Drop promoted_addon field and Add Null Constraint by @chrstinalin in #23391
- allow null CinderJob.job_id by @eviljeff in #23387
- Don't inherit due date and/or NeedsHumanReview for ABUSE_ADDON_VIOLATION/CINDER_ESCALATION by @diox in #23343
Dependendabots
- Bump addons-linter from 7.10.0 to 7.11.0 by @dependabot in #23340
- Bump mozilla/addons-frontend from 2025.04.03@sha256:7e69b592cd2e47290c1cbf3f9251553359aed57e5b5d8c50fa6fb93145104de0 to sha256:649541aa871dda9e5befcc9b036c94e99b1fecee5ce26128d960eb2d601f0529 by @dependabot in #23353
- Bump the google group across 1 directory with 2 updates by @dependabot in #23317
- Bump asttokens from 2.4.1 to 3.0.0 in /requirements by @dependabot in #22907
- Bump executing from 2.1.0 to 2.2.0 in /requirements by @dependabot in #23017
- Bump responses from 0.25.6 to 0.25.7 in /requirements by @dependabot in #23159
- Bump decorator from 5.1.1 to 5.2.1 in /requirements by @dependabot in #23103
- Bump cryptography from 44.0.1 to 44.0.2 in /requirements by @dependabot in #23131
- Bump cssselect from 1.2.0 to 1.3.0 in /requirements by @dependabot in #23151
- Bump googleapis-common-protos from 1.69.1 to 1.70.0 in /requirements by @dependabot in #23314
- Bump @eslint/compat from 1.2.7 to 1.2.8 by @dependabot in #23257
- Bump eslint-plugin-prettier from 5.2.5 to 5.2.6 by @dependabot in #23263
- Bump pytest-django from 4.10.0 to 4.11.1 in /requirements by @dependabot in #23271
- Bump prompt-toolkit from 3.0.50 to 3.0.51 in /requirements by @dependabot in #23319
- Bump markdown from 3.7 to 3.8 in /requirements by @dependabot in #23312
- Bump lxml from 5.3.1 to 5.4.0 in /requirements by @dependabot in #23361
New Contributors
Full Changelog: 2025.04.17...2025.05.01
Contributors
diox, eviljeff, and 4 other contributors
Assets 2
2025.04.17-2
964bd82
This commit was signed with the committer’s verified signature.
willdurand
William Durand
This week's push hero is @KevinMind
Previous Release: 2025.04.17-1
Blockers:
Cherry-picks:
Before we push:
Before we start:
Before we promote:
After we're done:
- IMMEDIATELY run the task triggering a data migration for primary hero migrating
promoted_addontoaddon
- Run the task in a web pod
celery -A olympia.amo.celery:app call olympia.hero.tasks.sync_primary_hero_addon- Notify #addons channel that promoted_addon and promoted_approval tables are no longer being written to and that redash dashboards need to be updated to use promoted_addon_promotion and promoted_version tables.
Addons Server Changelog:
Full Changelog: 2025.04.03...2025.04.17-2
Contributors
KevinMind
Assets 2
2025.04.17-1
This week's push hero is @KevinMind
Previous Release: 2025.04.17
Blockers:
Cherry-picks:
Before we push:
Before we start:
Before we promote:
After we're done:
- Notify #addons channel that promoted_addon and promoted_approval tables are no longer being written to and that redash dashboards need to be updated to use promoted_addon_promotion and promoted_version tables.
Addons-Frontend Changelog:
Addons Server Changelog:
Contributors
KevinMind
Assets 2
2025.04.17
This week's push hero is @KevinMind
Previous Release: 2025.04.03-1
Blockers:
Cherry-picks:
Before we push:
Before we start:
Before we promote:
After we're done:
Addons-Frontend Changelog:
Addons Server Changelog:
What's Changed
Notable things shipping
- Log when an admin deletes/undeletes a collection through the admin by @diox in #23228
- Add validation for DOCKER_* variables: by @KevinMind in #23236
- Write Promoted Information to New Models by @chrstinalin in #23216
- Bump check locales completion rate to 70% by @diox in #23261
- Limit height of notes for reviewers and replies in review page, add scroll by @diox in #23267
- Link Extension Workshop for Markdown Field Syntax by @chrstinalin in #23260
- Fix broken statistics dashboard. (Enable no-undef and no-reassign-const eslint rules) by @KevinMind in #23274
- email stakeholders when a promoted signed version is rejected by @eviljeff in #23270
- Bring back max-width on review page history comments/notes to prevent text overflow by @diox in #23287
- add GCP token file to dockerignore by @fkiriakos07 in #23293
- Revert ./stats/js/stats files closer to original state before vite migration by @KevinMind in #23290
- load stats_overview before stats_stats by @KevinMind in #23294
- rm dsa-appeals-review waffle switch; always offer and handle appeals by @eviljeff in #23259
- support placeholder values in Policy text by @eviljeff in #23249
- Add Partner Promoted Group by @chrstinalin in #23269
- Update blocklist docs by @KevinMind in #23248
- Remove 3rd party dependencies from health_check by @KevinMind in #23300
- Update language on DSA Ignore abuse report template by @wagnerand in #23309
- Allow Multiple Promoted Groups by @chrstinalin in #23268
- Update Elasticsearch local image to 8.x, enable compatibility mode by @diox in #23299
- Remove duplicate entry for github-actions in .dependabot.yml by @willdurand in #23320
- Add PromotedGroupAdmin by @chrstinalin in #23321
Dependendabots
- Bump mozilla/addons-frontend from 2025.03.20-1 to 2025.04.03 by @dependabot in #23330
- Bump vite from 6.2.4 to 6.2.6 by @dependabot in #23297
- Bump addons-linter from 7.9.0 to 7.10.0 by @dependabot in #23326
- Bump @vitest/eslint-plugin from 1.1.38 to 1.1.42 by @dependabot in #23307
Full Changelog: 2025.04.03...2025.04.17
Contributors
diox, willdurand, and 6 other contributors
Assets 2
2025.04.03-1
This week's push hero is @KevinMind
Previous Release: 2025.04.03
Blockers:
Cherry-picks:
5301926
82f4981
0291b62
fc21d6d
Before we push:
Before we start:
Before we promote:
After we're done:
Addons-Frontend Changelog:
Addons Server Changelog:
Full Changelog: 2025.04.03...2025.04.03-1
Contributors
KevinMind
Assets 2
2025.04.03
This week's push hero is @diox
Previous Release: 2025.03.20-1
Blockers:
Cherry-picks:
Before we push:
Before we start:
Before we promote:
After we're done:
./manage.py waffle_switch enable_dev_experience_survey on./manage.py promote_by_firefox_themes./manage.py backfill_reviewactionreasons_for_delayed_rejections./manage.py sync_promoted_addons
Addons-Frontend Changelog:
mozilla/addons-frontend@2025.03.20-1...2025.04.03
Addons Server Changelog:
What's Changed
Notable things shipping
- Read Promoted Group Information Via Models by @chrstinalin in #23082
- Use MinimalUserProfileSerializer for AccountViewSet for non-developers by @eviljeff in #23192
- Check If Promoted Is Array in AddonSerializers by @chrstinalin in #23191
- Migrate remaining files to vite by @KevinMind in #23180
- Refactor UsageTier to avoid exceptions being raised in the admin by @diox in #23197
- Replace drf-yasg with drf_specatcular and make swagger enable-able in production via environment variable by @KevinMind in #22478
- Remove legacy less processing by @KevinMind in #23181
- Enhance health check workflows and scripts by @KevinMind in #23190
- add linter for workflows by @KevinMind in #23193
- Make "Cancel and Disable Version" behave like Disable Version ; remove "Cancel Review Request" by @diox in #23215
- Deactivate jitter for Cinder tasks we're retrying by @diox in #23210
- Correct PromotedGroup Approvals by @chrstinalin in #23218
- Use relative path resolution and manually include static assets in vite's module graph. by @KevinMind in #23209
- Prevent creation of PromotedAddonVersion for PromotedApproval with null application_id; added corresponding test case. by @KevinMind in #23217
- Add short format to enable/disable version activity logs by @diox in #23225
- Add command to give "By Firefox" badge to themes with "Firefox" as author by @diox in #23224
- Merge /services/__heartbeat and /services/monitor.json by @KevinMind in #23233
- Add ESLint + StyleLint + Knip (with all rules disabled) by @KevinMind in #23229
- Use primary db in promote_by_firefox_themes and promoted models sync in general by @diox in #23237
- Styling improvements and better organization of the healtcheck message by @KevinMind in #23238
- drop minimal-profile-has-all-fields-shim from api/v5 by @eviljeff in #23223
- Fix intermittent test failure TestSessionIDAuthentication.test_invalid_user_other_user by @diox in #23239
- Show all possible reasons for NeedsHumanReview in review queue filter UI by @diox in #23234
- mimimal -> minimal for v3 API_GATE by @eviljeff in #23253
- backfill ReviewActionReason and CinderPolicy for expired rejections by @eviljeff in #23235
- Mark swagger as experimental by @KevinMind in #23254
- Use sha hashes for docker images, update through dependabot by @diox in #23250
Dependendabots
- Bump sentry-sdk from 1.35.0 to 2.23.1 in /requirements by @dependabot in #23186
- Bump ruff from 0.9.10 to 0.11.2 in /requirements by @dependabot in #23212
- Bump vitest from 3.0.7 to 3.1.1 by @dependabot in #23242
- Bump vite from 6.2.0 to 6.2.4 by @dependabot in #23243
Full Changelog: 2025.03.20...2025.04.03
Contributors
diox, eviljeff, and 3 other contributors