Releases: mozilla/addons-server
Releases Β· mozilla/addons-server
2025.06.12
This week's push hero is @diox
Previous Release: 2025.05.29
Blockers:
Cherry-picks:
Before we push:
Before we start:
Before we promote:
After we're done:
Addons-Frontend Changelog:
mozilla/addons-frontend@2025.05.29...2025.06.12
Addons Server Changelog:
What's Changed
Notable things shipping
- Send
requires_paymentfield to Cinder by @diox in #23515 - auto-resolve incoming reports where the addon version has been reviewed by @eviljeff in #23465
- Push delayed rejection date forward after second level approval by @diox in #23537
- Auto resolve forwarded jobs where all content has already been reviewed by @eviljeff in #23527
- Parse and store data collection permissions, behind a waffle switch by @diox in #23545
- Fix intermittent test failure TestRankingScenarios::test_scenario_promoted by @diox in #23551
- Expose new current_version after rejection in stakeholder email by @eviljeff in #23534
- Use specific, non-admin permission for 2nd level approval queue by @diox in #23538
Dependendabots
- Bump pytest from 8.3.5 to 8.4.0 in /requirements by @dependabot in #23536
- Bump ruff from 0.11.2 to 0.11.12 in /requirements by @dependabot in #23522
- Bump eslint from 9.23.0 to 9.28.0 by @dependabot in #23526
- Bump mozilla/addons-frontend from 2025.05.01 to 2025.05.29 by @dependabot in #23530
- Bump django-vite from 3.0.5 to 3.1.0 in /requirements by @dependabot in #23104
- Bump djangorestframework from 3.15.2 to 3.16.0 in /requirements by @dependabot in #23245
- Bump django-recaptcha from 4.0.0 to 4.1.0 in /requirements by @dependabot in #23246
- Bump django-extensions from 3.2.3 to 4.1 in /requirements by @dependabot in #23303
- Bump jsonschema-specifications from 2023.12.1 to 2025.4.1 in /requirements by @dependabot in #23368
- Bump python from
8582432to31a416dby @dependabot in #23467 - Bump drf-nested-routers from 0.94.1 to 0.94.2 in /requirements by @dependabot in #23455
- Bump django from 4.2.21 to 4.2.22 in /requirements by @dependabot in #23544
- Bump ruff from 0.11.12 to 0.11.13 in /requirements by @dependabot in #23549
- Bump requests from 2.32.3 to 2.32.4 in /requirements by @dependabot in #23555
- Bump addons-linter from 7.13.0 to 7.14.0 by @dependabot in #23539
- Bump django from 4.2.22 to 4.2.23 in /requirements by @dependabot in #23556
Full Changelog: 2025.05.29...2025.06.12
Contributors
diox, eviljeff, and dependabot
Assets 2
2025.05.29
This week's push hero is @KevinMind
Previous Release: 2025.05.15-1
Blockers:
Cherry-picks:
Before we push:
Before we start:
Before we promote:
After we're done:
Addons-Frontend Changelog:
mozilla/addons-frontend@2025.05.15...2025.05.29
Addons Server Changelog:
What's Changed
Notable things shipping
- drop support for AMO_ESCALATE and forwarded jobs by @eviljeff in #23338
- Drop Legacy Promoted Models by @chrstinalin in #23425
- Fix including policies text in emails of decisions coming from Cinder with notes by @diox in #23451
- Improvements to Discovery Addon Admin by @chrstinalin in #23457
- Add retry mechanism to health check and notification of recovery by @KevinMind in #23453
- Allow policies to be selected directly for reviewer tools actions by @eviljeff in #23437
- Display banned column in user admin changelist page by @diox in #23464
- Add auto generated model documentation to AMO docs by @KevinMind in #22483
- update ContentActionTargetAppealRemovalAffirmation template by @eviljeff in #23466
- Add distinct to search by promoted in discovery addons by @chrstinalin in #23477
- When resolving multiple jobs in a reviewer action, record activity & notify owners once by @diox in #23459
- Squash migrations the right way by @KevinMind in #23458
- Fix urlparams() when a query has multiple values for a given key by @diox in #23478
- Expose when jobs were created / forwarded / requeued in review page by @diox in #23485
- Docker compose: Add 'start_period' to healthcheck for web and worker by @wagnerand in #23500
- Make add-ons in PromotedClass Partner pre-review by @wagnerand in #23497
- Handle version rejection appeals forwarded to legal by @eviljeff in #23484
- Remove 'dsa-appeals-review' waffle switch by @diox in #23506
Dependendabots
- Bump packaging from 24.2 to 25.0 in /requirements by @dependabot in #23351
- Bump pyparsing from 3.2.1 to 3.2.3 in /requirements by @dependabot in #23222
- Bump addons-linter from 7.11.0 to 7.13.0 by @dependabot in #23494
- Bump nginx from 1.27-bookworm@sha256:124b44bfc9ccd1f3cedf4b592d4d1e8bddb78b51ec2ed5056c52d3692baebc19 to sha256:5ed8fcc66f4ed123c1b2560ed708dc148755b6e4cbd8b943fab094f2c6bfa91e by @dependabot in #23354
- Bump pyuwsgi from 2.0.28.post1 to 2.0.29 in /requirements by @dependabot in #23375
- Bump setuptools from 75.8.0 to 78.1.1 in /requirements by @dependabot in #23481
- Bump pip from 25.0.1 to 25.1.1 in /requirements by @dependabot in #23418
- Bump memcached from 1.5.16 to 1.5.16 by @dependabot in #23384
- Bump typing-extensions from 4.12.2 to 4.13.2 in /requirements by @dependabot in #23302
- Bump yara-python from 4.5.1 to 4.5.2 in /requirements by @dependabot in #23416
- Bump stylelint from 16.17.0 to 16.19.1 by @dependabot in #23385
- Bump @eslint/compat from 1.2.8 to 1.2.9 by @dependabot in #23406
- Bump charset-normalizer from 3.4.1 to 3.4.2 in /requirements by @dependabot in #23403
- Bump mypy-extensions from 1.0.0 to 1.1.0 in /requirements by @dependabot in #23360
- Bump certifi from 2025.1.31 to 2025.4.26 in /requirements by @dependabot in #23376
Full Changelog: 2025.05.15...2025.05.29
Contributors
diox, eviljeff, and 4 other contributors
Assets 2
2025.05.15-1
This week's push hero is @diox
Previous Release: 2025.05.01-1
Blockers:
Cherry-picks:
Before we push:
Before we start:
Before we promote:
After we're done:
Addons-Frontend Changelog:
mozilla/addons-frontend@2025.05.01...2025.05.15
Addons Server Changelog:
What's Changed
Notable things shipping
- Ignore all decisions that originated from the api by @eviljeff in #23386
- Enable Partner Group for High Profile Rating by @chrstinalin in #23390
- prevent empty
job_idvalues -nullshould be the only empty value by @eviljeff in #23396 - Only consider active NHR when filtering for due date reasons by @diox in #23421
- Remove locales below 80% threshold by @diox in #23395
- Prepare Drop of Old Promotion Models by @chrstinalin in #23315
- Only Show Badged Promoted Groups in Devhub by @chrstinalin in #23372
- Expose the policy text for decisions in version|important-changes history by @eviljeff in #23401
- Re-order needs human review reasons, display them in the review queue for each add-on by @diox in #23426
- associate deny appeal version logs with original versions by @eviljeff in #23449
- Record
reasoningandprivate_notesseparately in Content Decisions by @diox in #23419 - Add runbooks with examples for localdev/dev/statistics by @KevinMind in #23286
Dependendabots
- Bump django from 4.2.20 to 4.2.21 in /requirements by @dependabot in #23433
- Bump vitest from 3.1.1 to 3.1.3 by @dependabot in #23422
- Bump vite from 6.2.6 to 6.3.5 by @dependabot in #23410
- Bump jsdom from 26.0.0 to 26.1.0 by @dependabot in #23310
- Bump pillow from 11.1.0 to 11.2.1 in /requirements by @dependabot in #23313
- Bump less from 4.2.2 to 4.3.0 by @dependabot in #23278
- Bump pytz from 2025.1 to 2025.2 in /requirements by @dependabot in #23221
- Bump mozilla/addons-frontend from 2025.04.17 to 2025.05.01 by @dependabot in #23413
- Bump drf-yasg from 1.21.8 to 1.21.10 in /requirements by @dependabot in #23152
- Bump drf-spectacular from 0.27.2 to 0.28.0 in /requirements by @dependabot in #23201
- Bump glob from 11.0.1 to 11.0.2 by @dependabot in #23364
- Bump iniconfig from 2.0.0 to 2.1.0 in /requirements by @dependabot in #23196
- Bump attrs from 25.1.0 to 25.3.0 in /requirements by @dependabot in #23167
- Bump proto-plus from 1.25.0 to 1.26.1 in /requirements by @dependabot in #23156
- Bump python from
a866731to8582432by @dependabot in #23382
Full Changelog: 2025.05.01...2025.05.15-1
Contributors
diox, eviljeff, and 3 other contributors
Assets 2
2025.05.15
This week's push hero is @diox
Previous Release: 2025.05.01-1
Blockers:
Cherry-picks:
Before we push:
Before we start:
Before we promote:
After we're done:
Addons-Frontend Changelog:
mozilla/addons-frontend@2025.05.01...2025.05.15
Addons Server Changelog:
What's Changed
Notable things shipping
- Ignore all decisions that originated from the api by @eviljeff in #23386
- Enable Partner Group for High Profile Rating by @chrstinalin in #23390
- prevent empty
job_idvalues -nullshould be the only empty value by @eviljeff in #23396 - Only consider active NHR when filtering for due date reasons by @diox in #23421
- Remove locales below 80% threshold by @diox in #23395
- Prepare Drop of Old Promotion Models by @chrstinalin in #23315
- Only Show Badged Promoted Groups in Devhub by @chrstinalin in #23372
- Expose the policy text for decisions in version|important-changes history by @eviljeff in #23401
- Re-order needs human review reasons, display them in the review queue for each add-on by @diox in #23426
- associate deny appeal version logs with original versions by @eviljeff in #23449
- Record
reasoningandprivate_notesseparately in Content Decisions by @diox in #23419 - Add runbooks with examples for localdev/dev/statistics by @KevinMind in #23286
Dependendabots
- Bump django from 4.2.20 to 4.2.21 in /requirements by @dependabot in #23433
- Bump vitest from 3.1.1 to 3.1.3 by @dependabot in #23422
- Bump vite from 6.2.6 to 6.3.5 by @dependabot in #23410
- Bump jsdom from 26.0.0 to 26.1.0 by @dependabot in #23310
- Bump pillow from 11.1.0 to 11.2.1 in /requirements by @dependabot in #23313
- Bump less from 4.2.2 to 4.3.0 by @dependabot in #23278
- Bump pytz from 2025.1 to 2025.2 in /requirements by @dependabot in #23221
- Bump mozilla/addons-frontend from 2025.04.17 to 2025.05.01 by @dependabot in #23413
- Bump drf-yasg from 1.21.8 to 1.21.10 in /requirements by @dependabot in #23152
- Bump drf-spectacular from 0.27.2 to 0.28.0 in /requirements by @dependabot in #23201
- Bump glob from 11.0.1 to 11.0.2 by @dependabot in #23364
- Bump iniconfig from 2.0.0 to 2.1.0 in /requirements by @dependabot in #23196
- Bump attrs from 25.1.0 to 25.3.0 in /requirements by @dependabot in #23167
- Bump proto-plus from 1.25.0 to 1.26.1 in /requirements by @dependabot in #23156
- Bump python from
a866731to8582432by @dependabot in #23382
Full Changelog: 2025.05.01...2025.05.15
Contributors
diox, eviljeff, and 3 other contributors
Assets 2
2025.05.01-1
Off-band release
This week's push hero is @eviljeff
Previous Release: 2025.05.01
Cherry-picks:
Before we push:
Before we start:
Before we promote:
After we're done:
Contributors
eviljeff
Assets 2
2025.05.01
This week's push hero is @eviljeff
Previous Release: 2025.04.17-2
Blockers:
Cherry-picks:
Before we push:
Before we start:
Before we promote:
After we're done:
Addons-Frontend Changelog:
mozilla/addons-frontend@2025.04.17...2025.05.01
Addons Server Changelog:
What's Changed
Notable things shipping
- Record which versions were affected when force disabling/enabling add-ons by @diox in #23308
- Enable swagger on dev by @KevinMind in #23332
- migrate PrimaryHero model to use addon instead of promoted_addon in a migration safe way by @KevinMind in #23333
- allow multiple ContentDecision to link to CinderJob; etc by @eviljeff in #23301
- Update 0055_fill_cinderjob_fk_on_decision.py by @eviljeff in #23339
- Correct approved_applications_for() by @chrstinalin in #23337
- fix Expression injection in Actions by @odaysec in #23358
- Fix broken settings import in review_reports command by @diox in #23371
- Allow selecting "AMO_CLOSED_NO_ACTION" policies when resolving jobs in reviewer tools by @diox in #23369
- Hide Strategic and Notable groups from the API by @chrstinalin in #23373
- Update PrimaryHero to Drop promoted_addon field and Add Null Constraint by @chrstinalin in #23391
- allow null CinderJob.job_id by @eviljeff in #23387
- Don't inherit due date and/or NeedsHumanReview for ABUSE_ADDON_VIOLATION/CINDER_ESCALATION by @diox in #23343
Dependendabots
- Bump addons-linter from 7.10.0 to 7.11.0 by @dependabot in #23340
- Bump mozilla/addons-frontend from 2025.04.03@sha256:7e69b592cd2e47290c1cbf3f9251553359aed57e5b5d8c50fa6fb93145104de0 to sha256:649541aa871dda9e5befcc9b036c94e99b1fecee5ce26128d960eb2d601f0529 by @dependabot in #23353
- Bump the google group across 1 directory with 2 updates by @dependabot in #23317
- Bump asttokens from 2.4.1 to 3.0.0 in /requirements by @dependabot in #22907
- Bump executing from 2.1.0 to 2.2.0 in /requirements by @dependabot in #23017
- Bump responses from 0.25.6 to 0.25.7 in /requirements by @dependabot in #23159
- Bump decorator from 5.1.1 to 5.2.1 in /requirements by @dependabot in #23103
- Bump cryptography from 44.0.1 to 44.0.2 in /requirements by @dependabot in #23131
- Bump cssselect from 1.2.0 to 1.3.0 in /requirements by @dependabot in #23151
- Bump googleapis-common-protos from 1.69.1 to 1.70.0 in /requirements by @dependabot in #23314
- Bump @eslint/compat from 1.2.7 to 1.2.8 by @dependabot in #23257
- Bump eslint-plugin-prettier from 5.2.5 to 5.2.6 by @dependabot in #23263
- Bump pytest-django from 4.10.0 to 4.11.1 in /requirements by @dependabot in #23271
- Bump prompt-toolkit from 3.0.50 to 3.0.51 in /requirements by @dependabot in #23319
- Bump markdown from 3.7 to 3.8 in /requirements by @dependabot in #23312
- Bump lxml from 5.3.1 to 5.4.0 in /requirements by @dependabot in #23361
New Contributors
Full Changelog: 2025.04.17...2025.05.01
Contributors
diox, eviljeff, and 4 other contributors
Assets 2
2025.04.17-2
964bd82
This commit was signed with the committerβs verified signature.
willdurand
William Durand
This week's push hero is @KevinMind
Previous Release: 2025.04.17-1
Blockers:
Cherry-picks:
Before we push:
Before we start:
Before we promote:
After we're done:
- IMMEDIATELY run the task triggering a data migration for primary hero migrating
promoted_addontoaddon
- Run the task in a web pod
celery -A olympia.amo.celery:app call olympia.hero.tasks.sync_primary_hero_addon- Notify #addons channel that promoted_addon and promoted_approval tables are no longer being written to and that redash dashboards need to be updated to use promoted_addon_promotion and promoted_version tables.
Addons Server Changelog:
Full Changelog: 2025.04.03...2025.04.17-2
Contributors
KevinMind
Assets 2
2025.04.17-1
This week's push hero is @KevinMind
Previous Release: 2025.04.17
Blockers:
Cherry-picks:
Before we push:
Before we start:
Before we promote:
After we're done:
- Notify #addons channel that promoted_addon and promoted_approval tables are no longer being written to and that redash dashboards need to be updated to use promoted_addon_promotion and promoted_version tables.
Addons-Frontend Changelog:
Addons Server Changelog:
Contributors
KevinMind
Assets 2
2025.04.17
This week's push hero is @KevinMind
Previous Release: 2025.04.03-1
Blockers:
Cherry-picks:
Before we push:
Before we start:
Before we promote:
After we're done:
Addons-Frontend Changelog:
Addons Server Changelog:
What's Changed
Notable things shipping
- Log when an admin deletes/undeletes a collection through the admin by @diox in #23228
- Add validation for DOCKER_* variables: by @KevinMind in #23236
- Write Promoted Information to New Models by @chrstinalin in #23216
- Bump check locales completion rate to 70% by @diox in #23261
- Limit height of notes for reviewers and replies in review page, add scroll by @diox in #23267
- Link Extension Workshop for Markdown Field Syntax by @chrstinalin in #23260
- Fix broken statistics dashboard. (Enable no-undef and no-reassign-const eslint rules) by @KevinMind in #23274
- email stakeholders when a promoted signed version is rejected by @eviljeff in #23270
- Bring back max-width on review page history comments/notes to prevent text overflow by @diox in #23287
- add GCP token file to dockerignore by @fkiriakos07 in #23293
- Revert ./stats/js/stats files closer to original state before vite migration by @KevinMind in #23290
- load stats_overview before stats_stats by @KevinMind in #23294
- rm dsa-appeals-review waffle switch; always offer and handle appeals by @eviljeff in #23259
- support placeholder values in Policy text by @eviljeff in #23249
- Add Partner Promoted Group by @chrstinalin in #23269
- Update blocklist docs by @KevinMind in #23248
- Remove 3rd party dependencies from health_check by @KevinMind in #23300
- Update language on DSA Ignore abuse report template by @wagnerand in #23309
- Allow Multiple Promoted Groups by @chrstinalin in #23268
- Update Elasticsearch local image to 8.x, enable compatibility mode by @diox in #23299
- Remove duplicate entry for github-actions in .dependabot.yml by @willdurand in #23320
- Add PromotedGroupAdmin by @chrstinalin in #23321
Dependendabots
- Bump mozilla/addons-frontend from 2025.03.20-1 to 2025.04.03 by @dependabot in #23330
- Bump vite from 6.2.4 to 6.2.6 by @dependabot in #23297
- Bump addons-linter from 7.9.0 to 7.10.0 by @dependabot in #23326
- Bump @vitest/eslint-plugin from 1.1.38 to 1.1.42 by @dependabot in #23307
Full Changelog: 2025.04.03...2025.04.17
Contributors
diox, willdurand, and 6 other contributors
Assets 2
2025.04.03-1
This week's push hero is @KevinMind
Previous Release: 2025.04.03
Blockers:
Cherry-picks:
5301926
82f4981
0291b62
fc21d6d
Before we push:
Before we start:
Before we promote:
After we're done:
Addons-Frontend Changelog:
Addons Server Changelog:
Full Changelog: 2025.04.03...2025.04.03-1
Contributors
KevinMind