Releases: mozilla/addons-server
Releases · mozilla/addons-server
2026.02.19-2
Cherry-picked the following commits on top of https://github.com/mozilla/addons-server/releases/tag/2026.02.19-1:
2026.02.19-1
ae28def
This commit was signed with the committer’s verified signature.
willdurand
William Durand
Cherry-picked the following commits on top of https://github.com/mozilla/addons-server/releases/tag/2026.02.19:
Full Changelog: 2026.02.19...2026.02.19-1
2026.02.19
This week's push hero is @diox
Previous Release: 2026.02.05-1
Blockers:
Cherry-picks:
Before we push:
Before we start:
Before we promote:
After we're done:
Addons-Frontend Changelog:
mozilla/addons-frontend@2026.02.05...2026.02.19
Addons Server Changelog:
What's Changed
Notable things shipping
- reviewer tools listing content approval and rejection by @eviljeff in #24386
- Display metadata and link to detail page in scanner admin query results by @diox in #24387
- Fix fake FxA user auth for local environments by @diox in #24419
- Remove broken urlconf_decorator - it hasn't worked in 10 years by @diox in #24421
- Update elasticsearch client libraries to 8.x by @diox in #24370
- Fix CSP in admin to allow django's jsi18n admin view as a script by @diox in #24422
- Increase uwsgi buffer-size in local environments to match prod by @diox in #24438
- Replace last_content_review_pass with content_review_status by @eviljeff in #24437
- Fix admin CSP: need to use SITE_URL, not INTERNAL_SITE_URL in admin CSP by @diox in #24446
- Add links to user admin page in reviewer tools review & developer profile pages by @diox in #24425
- Add actions to block add-ons / view authors in scanner results admin by @diox in #24424
- Allow developer requests for new content review by @eviljeff in #24420
- Add yara-x behind a waffle switch by @willdurand in #24439
- Developer can request a new listing content review via the API by @eviljeff in #24454
- Add links to authors of add-ons in blocklist submission page by @diox in #24459
- Add a new group for the service accounts created for the scanners by @willdurand in #24462
- Additional confusable characters by @diox in #24468
- Allow scanners to run asynchronously and send their results later by @willdurand in #24447
Dependendabots
- Bump django from 4.2.27 to 4.2.28 in /requirements by @dependabot[bot] in #24412
- Bump protobuf from 6.33.4 to 6.33.5 in /requirements by @dependabot[bot] in #24404
- Bump sentry-sdk from 2.50.0 to 2.51.0 in /requirements by @dependabot[bot] in #24415
- Bump cssselect from 1.3.0 to 1.4.0 in /requirements by @dependabot[bot] in #24417
- Bump globals from 17.1.0 to 17.2.0 by @dependabot[bot] in #24413
- Bump wcwidth from 0.5.0 to 0.5.2 in /requirements by @dependabot[bot] in #24423
- Bump zod from 3.24.2 to 4.3.6 by @dependabot[bot] in #24391
- Bump myst-parser from 4.0.1 to 5.0.0 in /requirements by @dependabot[bot] in #24352
- Bump cryptography from 46.0.3 to 46.0.4 in /requirements by @dependabot[bot] in #24416
- Bump knip from 5.82.1 to 5.83.0 by @dependabot[bot] in #24443
- Bump addons-linter from 9.6.0 to 9.7.0 by @dependabot[bot] in #24440
- Bump globals from 17.2.0 to 17.3.0 by @dependabot[bot] in #24434
- Bump stylelint from 17.0.0 to 17.1.0 by @dependabot[bot] in #24430
- Bump @eslint/compat from 2.0.1 to 2.0.2 by @dependabot[bot] in #24427
- Bump babel from 2.17.0 to 2.18.0 in /requirements by @dependabot[bot] in #24428
- Bump cryptography from 46.0.4 to 46.0.5 in /requirements by @dependabot[bot] in #24448
- Bump @babel/preset-env from 7.28.6 to 7.29.0 by @dependabot[bot] in #24426
- Bump proto-plus from 1.27.0 to 1.27.1 in /requirements by @dependabot[bot] in #24445
- Bump pytest-split from 0.10.0 to 0.11.0 in /requirements by @dependabot[bot] in #24444
- Bump wrapt from 2.0.1 to 2.1.1 in /requirements by @dependabot[bot] in #24442
- Bump pyjwt from 2.10.1 to 2.11.0 in /requirements by @dependabot[bot] in #24436
- Bump jquery-ui from 1.14.1 to 1.14.2 by @dependabot[bot] in #24418
- Bump rich from 14.3.1 to 14.3.2 in /requirements by @dependabot[bot] in #24435
- Bump wcwidth from 0.5.2 to 0.5.3 in /requirements by @dependabot[bot] in #24431
- Bump dennis from 1.1.0 to 1.2.0 in /requirements by @dependabot[bot] in #24453
- Bump glob from 13.0.0 to 13.0.1 by @dependabot[bot] in #24452
- Bump asgiref from 3.11.0 to 3.11.1 in /requirements by @dependabot[bot] in #24451
- Bump stylelint from 17.1.0 to 17.1.1 by @dependabot[bot] in #24450
- Bump ipython from 9.9.0 to 9.10.0 in /requirements by @dependabot[bot] in #24429
- Bump pillow from 12.1.0 to 12.1.1 in /requirements by @dependabot[bot] in #24455
- Bump setuptools from 80.9.0 to 80.10.2 in /requirements by @dependabot[bot] in #24398
- Bump pip from 26.0 to 26.0.1 in /requirements by @dependabot[bot] in #24457
- Bump knip from 5.83.0 to 5.83.1 by @dependabot[bot] in #24465
- Bump grpcio from 1.76.0 to 1.78.0 in /requirements by @dependabot[bot] in #24461
- Bump sentry-sdk from 2.51.0 to 2.52.0 in /requirements by @dependabot[bot] in #24456
- Bump mysql from 8.0 to 8.0 by @dependabot[bot] in #24287
- Bump pycparser from 2.23 to 3.0 in /requirements by @dependabot[bot] in #24383
- Bump markdown from 3.10.1 to 3.10.2 in /requirements by @dependabot[bot] in #24475
- Bump dockerflow from 2024.4.2 to 2026.1.26 in /requirements by @dependabot[bot] in #24405
- Bump addons-linter from 9.7.0 to 9.8.0 by @dependabot[bot] in #24470
- Bump parso from 0.8.5 to 0.8.6 in /requirements by @dependabot[bot] in #24472
Full Changelog: 2026.02.05...2026.02.19
Contributors
diox, willdurand, and 2 other contributors
Assets 2
2026.02.05-1
2026.02.05
This week's push hero is @diox
Previous Release: 2026.01.22-2
Blockers:
Cherry-picks:
Before we push:
Before we start:
Before we promote:
After we're done:
- Apply webservices-infra plan from PR
Addons-Frontend Changelog:
mozilla/addons-frontend@2026.01.22...2026.02.05
Addons Server Changelog:
What's Changed
Notable things shipping
- Generate service accounts when registering scanner webhooks by @willdurand in #24325
- Prefer fxa_id over email when logging in, while allowing multiple accounts to have the same email by @diox in #24326
- docs: update private docs to run customs as a scanner by @willdurand in #24318
- Fix formatted scanner column in django admin by @willdurand in #24351
- Alter field api_key on scannerwebhook to have a max length of 255 chars by @willdurand in #24357
- Fix user admin page slowness for users with lots of activities by @diox in #24349
- Treat 201 and 202 responses as successful when calling webhooks by @willdurand in #24359
- docs: describe how to write new Node.js based scanners by @willdurand in #24358
- Use HMAC-SHA256 auth scheme when calling webhooks by @willdurand in #24342
- Improve NARC homoglyph handling and use faster/more powerful regex module by @diox in #24369
- Replace django-extended-choices with python/django Enum classes by @eviljeff in #24360
- Prevent listed versions submissions while the listing is rejected by @diox in #24367
- add support for Approve marking listing content as approved by @eviljeff in #24366
- Clean narc rules using regex module now that what's the task is using by @diox in #24380
- Automatically hard-block add-ons an user is an author of when banning them by @diox in #24356
- Add filter by webhook scanners in the scanner results Django admin by @willdurand in #24374
- Stop requiring wheel anymore by @diox in #24395
- Add a migration to duplicate the customs scanner rules for webhook by @willdurand in #24373
- move addon_important_change to a property of the activity _LOG class by @eviljeff in #24396
- Remove unused cachetools dependency by @diox in #24409
- Make NARC rules configurable by @diox in #24388
Dependendabots
- Bump vitest from 4.0.16 to 4.0.17 by @dependabot[bot] in #24339
- Bump eslint-plugin-prettier from 5.5.4 to 5.5.5 by @dependabot[bot] in #24348
- Bump knip from 5.80.2 to 5.81.0 by @dependabot[bot] in #24347
- Bump google-cloud-storage from 3.7.0 to 3.8.0 in /requirements in the google group by @dependabot[bot] in #24346
- Bump lodash from 4.17.21 to 4.17.23 by @dependabot[bot] in #24350
- Bump drf-yasg from 1.21.11 to 1.21.12 in /requirements by @dependabot[bot] in #24355
- Bump prettier from 3.7.4 to 3.8.0 by @dependabot[bot] in #24353
- Bump elasticsearch from 7.17.12 to 7.17.13 in /requirements by @dependabot[bot] in #24345
- Bump tomli from 2.3.0 to 2.4.0 in /requirements by @dependabot[bot] in #24340
- Bump sphinx-rtd-theme from 3.0.2 to 3.1.0 in /requirements by @dependabot[bot] in #24343
- Bump wheel from 0.45.1 to 0.46.2 in /requirements by @dependabot[bot] in #24361
- Bump ruff from 0.14.11 to 0.14.13 in /requirements by @dependabot[bot] in #24365
- Bump addons-linter from 9.4.0 to 9.5.0 by @dependabot[bot] in #24364
- Bump drf-yasg from 1.21.12 to 1.21.14 in /requirements by @dependabot[bot] in #24363
- Bump stylelint and stylelint-config-standard by @dependabot[bot] in #24362
- Bump knip from 5.81.0 to 5.82.0 by @dependabot[bot] in #24371
- Bump django-csp from 3.8 to 4.0 in /requirements by @dependabot[bot] in #23572
- Bump knip from 5.82.0 to 5.82.1 by @dependabot[bot] in #24375
- Bump certifi from 2025.11.12 to 2026.1.4 in /requirements by @dependabot[bot] in #24314
- Bump prettier from 3.8.0 to 3.8.1 by @dependabot[bot] in #24381
- Bump markdown from 3.10 to 3.10.1 in /requirements by @dependabot[bot] in #24384
- Bump ruff from 0.14.13 to 0.14.14 in /requirements by @dependabot[bot] in #24390
- Bump pyparsing from 3.3.1 to 3.3.2 in /requirements by @dependabot[bot] in #24379
- Bump sentry-sdk from 2.49.0 to 2.50.0 in /requirements by @dependabot[bot] in #24378
- Bump drf-spectacular-sidecar from 2025.12.1 to 2026.1.1 in /requirements by @dependabot[bot] in #24305
- Bump globals from 17.0.0 to 17.1.0 by @dependabot[bot] in #24392
- Bump vitest from 4.0.17 to 4.0.18 by @dependabot[bot] in #24389
- Bump packaging from 25.0 to 26.0 in /requirements by @dependabot[bot] in #24385
- Bump pip from 25.3 to 26.0 in /requirements by @dependabot[bot] in #24401
- Bump protobuf from 4.25.8 to 6.33.4 in /requirements by @dependabot[bot] in #24408
- Bump rich from 14.2.0 to 14.3.1 in /requirements by @dependabot[bot] in #24400
- Bump addons-linter from 9.5.0 to 9.6.0 by @dependabot[bot] in #24402
- Bump wcwidth from 0.2.14 to 0.5.0 in /requirements by @dependabot[bot] in #24406
Full Changelog: 2026.01.22...2026.02.05
Contributors
diox, willdurand, and 2 other contributors
Assets 2
2026.01.22-2
Cherry-picked eb50f7c on top of https://github.com/mozilla/addons-server/releases/tag/2026.01.22-1
2026.01.22-1
e9564e4
This commit was signed with the committer’s verified signature.
willdurand
William Durand
Cherry-picked 0fe6ca0 on top of https://github.com/mozilla/addons-server/releases/tag/2026.01.22
2026.01.22
This week's push hero is @eviljeff
Previous Release: 2026.01.08
Blockers:
Cherry-picks:
Before we push:
Before we start:
Before we promote:
After we're done:
- Deploy mozilla/webservices-infra#9094 to prod (already should have been deployed to dev/stage)
Addons-Frontend Changelog:
Addons Server Changelog:
Contributors
eviljeff
Assets 2
2026.01.08
This week's push hero is @diox
Previous Release: 2025.12.15
Blockers:
Cherry-picks:
Before we push:
Before we start:
Before we promote:
After we're done:
- run a full ES reindex
Addons-Frontend Changelog:
mozilla/addons-frontend@2025.12.11...2026.01.08
Addons Server Changelog:
What's Changed
Notable things shipping
- Upgrade to Python 3.13 by @diox in #24235
- drop logic that routes some abuse reports to reviewers directly by @eviljeff in #24240
- Adjust documentation about JWT reuse by @diox in #24243
- Compute hotness even if previous week is 0 by @diox in #24246
- Remove old Promoted group constants by @eviljeff in #24236
- drop localized strings from reviewer tools by @eviljeff in #24251
- Add command to fake cinder webhook request in local environments by @diox in #24245
Dependendabots
- Bump prettier from 3.7.3 to 3.7.4 by @dependabot[bot] in #24237
- Bump knip from 5.71.0 to 5.72.0 by @dependabot[bot] in #24249
- Bump pytest from 9.0.1 to 9.0.2 in /requirements by @dependabot[bot] in #24248
- Bump @vitest/eslint-plugin from 1.5.1 to 1.5.2 by @dependabot[bot] in #24247
- Bump knip from 5.72.0 to 5.73.0 by @dependabot[bot] in #24255
- Bump google-cloud-storage from 3.6.0 to 3.7.0 in /requirements in the google group by @dependabot[bot] in #24254
- Bump knip from 5.73.0 to 5.73.3 by @dependabot[bot] in #24257
- Bump knip from 5.73.3 to 5.73.4 by @dependabot[bot] in #24266
- Bump @eslint/js from 9.39.1 to 9.39.2 by @dependabot[bot] in #24263
- Bump less from 4.4.2 to 4.5.1 by @dependabot[bot] in #24262
- Bump django-admin-rangefilter from 0.13.3 to 0.13.5 in /requirements by @dependabot[bot] in #24260
- Bump ruff from 0.14.7 to 0.14.9 in /requirements by @dependabot[bot] in #24258
- Bump sentry-sdk from 2.46.0 to 2.47.0 in /requirements by @dependabot[bot] in #24241
- Bump networkx from 3.6 to 3.6.1 in /requirements by @dependabot[bot] in #24253
- Bump eslint from 9.39.1 to 9.39.2 by @dependabot[bot] in #24259
- Bump jsdom from 27.2.0 to 27.3.0 by @dependabot[bot] in #24252
- Bump mysql from 8.0 to 8.0 by @dependabot[bot] in #24269
Full Changelog: 2025.12.11...2026.01.08
Contributors
diox, eviljeff, and dependabot
Assets 2
2025.12.15
faed3e6
This commit was signed with the committer’s verified signature.
willdurand
William Durand
Full Changelog: 2025.12.11...2025.12.15