Remove exception tracebacks from failed tasks

   Tracebacks can expose sensitive information from an exception
   via the API. This change stops this behavior by only logging
   tracebacks and not storing them inside of tasks.

Author: aKlimau

.ci/assets/ci_constraints.txt

@@ -8,3 +8,7 @@ tablib!=3.6.0
 
 multidict!=6.3.0
 # This release failed the lower bounds test for some case sensitivity in CIMultiDict.
+
+
+azure-storage-blob!=12.28.*
+# Apperently does not work with current azurite.

.github/workflows/update_ci.yml

@@ -74,6 +74,37 @@ jobs:
         env:
           GH_TOKEN: "${{ secrets.RELEASE_TOKEN }}"
         continue-on-error: true
+      - uses: "actions/checkout@v4"
+        with:
+          fetch-depth: 0
+          path: "pulpcore"
+          ref: "3.100"
+
+      - name: "Run update"
+        working-directory: "pulpcore"
+        run: |
+          ../plugin_template/scripts/update_ci.sh --release
+
+      - name: "Create Pull Request for CI files"
+        uses: "peter-evans/create-pull-request@v6"
+        id: "create_pr_3_100"
+        with:
+          token: "${{ secrets.RELEASE_TOKEN }}"
+          path: "pulpcore"
+          committer: "pulpbot <pulp-infra@redhat.com>"
+          author: "pulpbot <pulp-infra@redhat.com>"
+          title: "Update CI files for branch 3.100"
+          branch: "update-ci/3.100"
+          base: "3.100"
+          delete-branch: true
+      - name: "Mark PR automerge"
+        working-directory: "pulpcore"
+        run: |
+          gh pr merge --rebase --auto "${{ steps.create_pr_3_100.outputs.pull-request-number }}"
+        if: "steps.create_pr_3_100.outputs.pull-request-number"
+        env:
+          GH_TOKEN: "${{ secrets.RELEASE_TOKEN }}"
+        continue-on-error: true
       - uses: "actions/checkout@v4"
         with:
           fetch-depth: 0
@@ -229,35 +260,4 @@ jobs:
         env:
           GH_TOKEN: "${{ secrets.RELEASE_TOKEN }}"
         continue-on-error: true
-      - uses: "actions/checkout@v4"
-        with:
-          fetch-depth: 0
-          path: "pulpcore"
-          ref: "3.95"
-
-      - name: "Run update"
-        working-directory: "pulpcore"
-        run: |
-          ../plugin_template/scripts/update_ci.sh --release
-
-      - name: "Create Pull Request for CI files"
-        uses: "peter-evans/create-pull-request@v6"
-        id: "create_pr_3_95"
-        with:
-          token: "${{ secrets.RELEASE_TOKEN }}"
-          path: "pulpcore"
-          committer: "pulpbot <pulp-infra@redhat.com>"
-          author: "pulpbot <pulp-infra@redhat.com>"
-          title: "Update CI files for branch 3.95"
-          branch: "update-ci/3.95"
-          base: "3.95"
-          delete-branch: true
-      - name: "Mark PR automerge"
-        working-directory: "pulpcore"
-        run: |
-          gh pr merge --rebase --auto "${{ steps.create_pr_3_95.outputs.pull-request-number }}"
-        if: "steps.create_pr_3_95.outputs.pull-request-number"
-        env:
-          GH_TOKEN: "${{ secrets.RELEASE_TOKEN }}"
-        continue-on-error: true
 ...

CHANGES.md

@@ -8,6 +8,44 @@
 
 [//]: # (towncrier release notes start)
 
+## 3.100.0 (2026-01-06) {: #3.100.0 }
+
+### REST API {: #3.100.0-rest-api }
+
+#### Features {: #3.100.0-rest-api-feature }
+
+- Adapted PulpImport/Export to allow update django-import-export==4.x.
+  [#5324](https://github.com/pulp/pulpcore/issues/5324)
+- Allow use of Django5 as well as Django4.
+  [#6988](https://github.com/pulp/pulpcore/issues/6988)
+
+#### Bugfixes {: #3.100.0-rest-api-bugfix }
+
+- Fixed file handle leak when content app access triggers downloads due to on_demand or streamed policy.
+  [#7157](https://github.com/pulp/pulpcore/issues/7157)
+
+#### Misc {: #3.100.0-rest-api-misc }
+
+- 
+
+### Plugin API {: #3.100.0-plugin-api }
+
+#### Removals {: #3.100.0-plugin-api-removal }
+
+- Removed the fallback for unserializable task return values.
+  Tasks resulting from an api action should use the corresponding serializer to produce useful output. Maintenance tasks should return nothing.
+  [#6079](https://github.com/pulp/pulpcore/issues/6079)
+
+### Pulp File {: #3.100.0-pulp-file }
+
+No significant changes.
+
+### Pulp Cert Guard {: #3.100.0-pulp-cert-guard }
+
+No significant changes.
+
+---
+
 ## 3.95.3 (2025-12-17) {: #3.95.3 }
 
 ### REST API {: #3.95.3-rest-api }

CHANGES/+db_encryption.docs

@@ -0,0 +1 @@
+Stopped leaking sensitive information of failures in the task API.

CHANGES/+improve-migration-err-msg.misc

@@ -0,0 +1,2 @@
+Added `modify_task` property to `ModifyRepositoryActionMixin` so plugin writers can override the
+task that Pulp calls.

CHANGES/+no-traceback-task.removal

@@ -6,6 +6,6 @@ class PulpCertGuardPluginAppConfig(PulpPluginAppConfig):
 
     name = "pulp_certguard.app"
     label = "certguard"
-    version = "3.96.0.dev"
+    version = "3.101.0.dev"
     python_package_name = "pulpcore"
     domain_compatible = True