Releases: mozilla/addons-server
Releases Β· mozilla/addons-server
2025.10.30
This week's push hero is @eviljeff
Previous Release: 2025.10.16-1
Blockers:
Cherry-picks:
Before we push:
Before we start:
Disable DB replication because we have an expensive migration to run on the versions table. Support requested in https://mozilla-hub.atlassian.net/browse/SVCSE-3884
Before we promote:
After we're done:
Re-enable DB replication
Addons-Frontend Changelog:
mozilla/addons-frontend@2025.10.16...2025.10.30
Addons Server Changelog:
What's Changed
Notable things shipping
- handle celery.group results being a list by @eviljeff in #24021
- Convert the MISSING_DATA_COLLECTION_PERMISSIONS linter notice into an error for new add-ons by @willdurand in #24022
- Pass a boolean value to the --enable-data-collection-permissions linter CLI option by @willdurand in #24023
- Adds select All|None + expand/collapse to cinder jobs list on review page by @eviljeff in #24028
- Temporarily trust the MySQL apt repo since the MySQL GPG key has expired on 2025-10-22 by @willdurand in #24054
- Revert "Temporarily trust the MySQL apt repo since the MySQL GPG key has expired on 2025-10-22" by @willdurand in #24057
- Temporarily trust the MySQL apt repo since the MySQL GPG key has expired on 2025-10-22 by @willdurand in #24058
- migrations to drop MAD related columns from the database by @eviljeff in #24029
- Only enforce data collection for new add-ons uploaded via DevHub by @willdurand in #24053
- all successful developer appeals should prevent subsequent auto blocks by @eviljeff in #24052
- Update MySQL GPG key by @willdurand in #24059
- replace freezegun with time-machine by @eviljeff in #24020
- send related Addon entity data with Rating report by @eviljeff in #24043
Dependendabots
- Bump less from 4.4.1 to 4.4.2 by @dependabot[bot] in #24015
- Bump the google group across 1 directory with 4 updates by @dependabot[bot] in #23999
- Bump billiard from 4.2.1 to 4.2.2 in /requirements in the celery group by @dependabot[bot] in #23962
- Bump ruff from 0.12.4 to 0.13.3 in /requirements by @dependabot[bot] in #24001
- Bump addons-linter from 8.1.0 to 8.2.0 by @dependabot[bot] in #24042
- Bump mozilla/addons-frontend from 2025.10.02-1 to 2025.10.16-1 by @dependabot[bot] in #24040
- Bump pytest-env from 1.1.5 to 1.2.0 in /requirements by @dependabot[bot] in #24033
- Bump ruff from 0.13.3 to 0.14.0 in /requirements by @dependabot[bot] in #24025
- Bump addons-linter from 8.2.0 to 8.3.0 by @dependabot[bot] in #24049
- Bump the google group in /requirements with 2 updates by @dependabot[bot] in #24024
- Bump referencing from 0.36.2 to 0.37.0 in /requirements by @dependabot[bot] in #24045
- Bump tomli from 2.2.1 to 2.3.0 in /requirements by @dependabot[bot] in #24026
- Bump drf-spectacular-sidecar from 2025.9.1 to 2025.10.1 in /requirements by @dependabot[bot] in #23996
- Bump mmh3 from 5.1.0 to 5.2.0 in /requirements by @dependabot[bot] in #23745
- Bump addons-linter from 8.3.0 to 8.4.0 by @dependabot[bot] in #24060
- Bump vite from 6.3.6 to 6.4.1 by @dependabot[bot] in #24044
- Bump @rollup/plugin-babel from 6.0.4 to 6.1.0 by @dependabot[bot] in #24038
- Bump charset-normalizer from 3.4.3 to 3.4.4 in /requirements by @dependabot[bot] in #24047
- Bump feedparser from 6.0.11 to 6.0.12 in /requirements by @dependabot[bot] in #23904
- Bump pycparser from 2.22 to 2.23 in /requirements by @dependabot[bot] in #23901
- Bump globals from 16.3.0 to 16.4.0 by @dependabot[bot] in #23899
- Bump wcwidth from 0.2.13 to 0.2.14 in /requirements by @dependabot[bot] in #23971
- Bump @vitest/eslint-plugin from 1.3.16 to 1.3.20 by @dependabot[bot] in #24048
- Bump @babel/preset-env from 7.27.2 to 7.28.3 by @dependabot[bot] in #23802
- Bump pyparsing from 3.2.3 to 3.2.5 in /requirements by @dependabot[bot] in #23959
- Bump markupsafe from 3.0.2 to 3.0.3 in /requirements by @dependabot[bot] in #23986
- Bump drf-yasg from 1.21.10 to 1.21.11 in /requirements by @dependabot[bot] in #23985
- Bump dotenv from 16.4.7 to 17.2.3 by @dependabot[bot] in #23992
- Bump parsy from 2.1 to 2.2 in /requirements by @dependabot[bot] in #23909
- Bump pyyaml from 6.0.2 to 6.0.3 in /requirements by @dependabot[bot] in #23979
- Bump drf-nested-routers from 0.94.2 to 0.95.0 in /requirements by @dependabot[bot] in #23896
- Bump django-cors-headers from 4.7.0 to 4.9.0 in /requirements by @dependabot[bot] in #23953
- Bump markdown from 3.8.2 to 3.9 in /requirements by @dependabot[bot] in #23880
- Bump grpcio from 1.74.0 to 1.75.1 in /requirements by @dependabot[bot] in #23982
- Bump knip from 5.64.2 to 5.66.0 by @dependabot[bot] in #24061
- Bump asgiref from 3.9.1 to 3.10.0 in /requirements by @dependabot[bot] in #24005
- Bump knip from 5.66.0 to 5.66.1 by @dependabot[bot] in #24074
- Bump eslint from 9.37.0 to 9.38.0 by @dependabot[bot] in #24067
- Bump @vitest/eslint-plugin from 1.3.20 to 1.3.23 by @dependabot[bot] in #24065
Full Changelog: 2025.10.16...2025.10.30
Contributors
willdurand, eviljeff, and dependabot
Assets 2
2025.10.16-1
This week's push hero is @eviljeff
Previous Release: 2025.10.16
Blockers:
Cherry-picks:
ca0cdd3
mozilla/addons-frontend@6f1da4f
Before we push:
Before we start:
- deploy customs to prod https://github.com/mozilla-sre-deploy/deploy-amo/actions/runs/18535215363
Before we promote:
After we're done:
Addons-Frontend Changelog:
mozilla/addons-frontend@2025.10.02-1...2025.10.16-1
Addons Server Changelog:
What's Changed
Notable things shipping
- rm Kevin from push hero list in draft_release.yml by @eviljeff in #23977
- Fix deletion of ScannerQueryRule with a lot of results by @diox in #23978
- create missing migrations by @eviljeff in #23973
- Remove dead JavaScript code and strings from statistics by @diox in #23975
- rm MAD scanner by @eviljeff in #23991
- Remove 'What are daily users?' link/popup in stats page by @willdurand in #24019
- Add exclusion of promoted to Scanner[Query]Rules and add admin filter by @eviljeff in #24013
- Add additional filters to scanner query rules/results by @diox in #23984
Dependendabots
- Bump django from 4.2.24 to 4.2.25 in /requirements by @dependabot[bot] in #23974
- Bump addons-linter from 8.0.0 to 8.1.0 by @dependabot[bot] in #23983
- Bump eslint from 9.32.0 to 9.37.0 by @dependabot[bot] in #24012
- Bump @vitest/eslint-plugin from 1.1.42 to 1.3.16 by @dependabot[bot] in #24011
- Bump rhysd/actionlint from 1.7.7 to 1.7.8 by @dependabot[bot] in #24010
- Bump knip from 5.46.2 to 5.64.2 by @dependabot[bot] in #24003
- Bump mozilla/addons-frontend from 2025.09.04-1 to 2025.10.02-1 by @dependabot[bot] in #23990
- Bump stylelint from 16.24.0 to 16.25.0 by @dependabot[bot] in #23998
- Bump mozilla/autograph from 7.5.2 to 7.5.3 by @dependabot[bot] in #23965
- Bump @eslint/compat from 1.3.2 to 1.4.0 by @dependabot[bot] in #23970
- Bump pytest from 8.4.1 to 8.4.2 in /requirements by @dependabot[bot] in #23881
- Bump django-dbbackup from 4.3.0 to 5.0.0 in /requirements by @dependabot[bot] in #23861
- Bump django-debug-toolbar from 4.4.6 to 6.0.0 in /requirements by @dependabot[bot] in #23746
- Bump stylelint-config-standard from 37.0.0 to 39.0.1 by @dependabot[bot] in #24004
Full Changelog: 2025.10.02...2025.10.16-1
Contributors
diox, willdurand, and 2 other contributors
Assets 2
2025.10.16
This week's push hero is @eviljeff
Previous Release: 2025.10.02-1
Blockers:
Cherry-picks:
Before we push:
Before we start:
Before we promote:
After we're done:
Addons-Frontend Changelog:
mozilla/addons-frontend@2025.10.02-1...2025.10.16
Addons Server Changelog:
What's Changed
Notable things shipping
- rm Kevin from push hero list in draft_release.yml by @eviljeff in #23977
- Fix deletion of ScannerQueryRule with a lot of results by @diox in #23978
- create missing migrations by @eviljeff in #23973
- Remove dead JavaScript code and strings from statistics by @diox in #23975
- rm MAD scanner by @eviljeff in #23991
- Remove 'What are daily users?' link/popup in stats page by @willdurand in #24019
- Add exclusion of promoted to Scanner[Query]Rules and add admin filter by @eviljeff in #24013
- Add additional filters to scanner query rules/results by @diox in #23984
Dependendabots
- Bump django from 4.2.24 to 4.2.25 in /requirements by @dependabot[bot] in #23974
- Bump addons-linter from 8.0.0 to 8.1.0 by @dependabot[bot] in #23983
- Bump eslint from 9.32.0 to 9.37.0 by @dependabot[bot] in #24012
- Bump @vitest/eslint-plugin from 1.1.42 to 1.3.16 by @dependabot[bot] in #24011
- Bump rhysd/actionlint from 1.7.7 to 1.7.8 by @dependabot[bot] in #24010
- Bump knip from 5.46.2 to 5.64.2 by @dependabot[bot] in #24003
- Bump mozilla/addons-frontend from 2025.09.04-1 to 2025.10.02-1 by @dependabot[bot] in #23990
- Bump stylelint from 16.24.0 to 16.25.0 by @dependabot[bot] in #23998
- Bump mozilla/autograph from 7.5.2 to 7.5.3 by @dependabot[bot] in #23965
- Bump @eslint/compat from 1.3.2 to 1.4.0 by @dependabot[bot] in #23970
- Bump pytest from 8.4.1 to 8.4.2 in /requirements by @dependabot[bot] in #23881
- Bump django-dbbackup from 4.3.0 to 5.0.0 in /requirements by @dependabot[bot] in #23861
- Bump django-debug-toolbar from 4.4.6 to 6.0.0 in /requirements by @dependabot[bot] in #23746
- Bump stylelint-config-standard from 37.0.0 to 39.0.1 by @dependabot[bot] in #24004
Full Changelog: 2025.10.02...2025.10.16
Contributors
diox, willdurand, and 2 other contributors
Assets 2
2025.10.02-1
This week's push hero is @eviljeff
Previous Release: 2025.10.02
Blockers:
Cherry-picks:
Before we push:
Before we start:
Before we promote:
After we're done:
- Deploy new version of customs https://github.com/mozilla-sre-deploy/deploy-amo/actions/runs/18133088390
Addons-Frontend Changelog:
mozilla/addons-frontend@2025.09.18...2025.10.02-1
Addons Server Changelog:
What's Changed
Notable things shipping
- Add 7 days cooldown to dependabot by @diox in #23917
- Only send API key user part in email, not string representation of object by @diox in #23933
- ci: only persist credentials for the locales job on the main branch by @willdurand in #23934
- Make various fields in django admin read-only by @wagnerand-moz in #23926
- Collect and expose where held decisions originate by @eviljeff in #23935
- Remove dependabot cooldown for docker/docker-compose/github-actions by @diox in #23938
- Fix NARC scanning for add-ons w/ multiple authors including one with display_name=None by @diox in #23943
- Update prod locales - drop id, enable ro. by @eviljeff in #23936
- Revert "Bump mozilla/addons-frontend from 2025.09.04-1 to 2025.09.19" by @diox in #23945
- Run scanner query rules using replica, not primary db by @diox in #23944
- set NHR when we're rolling back to unreviewed by @eviljeff in #23921
- Normalize emails before restricting them automatically in a scanner action by @diox in #23947
- Update DEV_AGREEMENT_CHANGE_FALLBACK following policies update by @wagnerand in #23769
- Add is_signed to django admin FileInline by @wagnerand-moz in #23946
- tidy up and add more django admin permissions by @eviljeff in #23942
- Fix versions not being flagged for review after 2nd level approval requeue by @diox in #23948
- Fix potential IntegrityError exception in EmailUserRestriction admin by @diox in #23956
Dependendabots
- Bump mozilla/addons-frontend from 2025.09.04-1 to 2025.09.19 by @dependabot[bot] in #23939
- Bump addons-linter from 7.20.0 to 8.0.0 by @dependabot[bot] in #23949
New Contributors
- @wagnerand-moz made their first contribution in #23926
Full Changelog: 2025.09.18...2025.10.02-1
Contributors
diox, willdurand, and 4 other contributors
Assets 2
2025.10.02
This week's push hero is @eviljeff
Previous Release: 2025.09.18
Blockers:
Cherry-picks:
Before we push:
Before we start:
Before we promote:
After we're done:
- Deploy customs 5.4.1
Addons-Frontend Changelog:
mozilla/addons-frontend@2025.09.18...2025.10.02-1
Addons Server Changelog:
What's Changed
Notable things shipping
- Add 7 days cooldown to dependabot by @diox in #23917
- Only send API key user part in email, not string representation of object by @diox in #23933
- ci: only persist credentials for the locales job on the main branch by @willdurand in #23934
- Make various fields in django admin read-only by @wagnerand-moz in #23926
- Collect and expose where held decisions originate by @eviljeff in #23935
- Remove dependabot cooldown for docker/docker-compose/github-actions by @diox in #23938
- Fix NARC scanning for add-ons w/ multiple authors including one with display_name=None by @diox in #23943
- Update prod locales - drop id, enable ro. by @eviljeff in #23936
- Revert "Bump mozilla/addons-frontend from 2025.09.04-1 to 2025.09.19" by @diox in #23945
- Run scanner query rules using replica, not primary db by @diox in #23944
- set NHR when we're rolling back to unreviewed by @eviljeff in #23921
- Normalize emails before restricting them automatically in a scanner action by @diox in #23947
- Update DEV_AGREEMENT_CHANGE_FALLBACK following policies update by @wagnerand in #23769
- Add is_signed to django admin FileInline by @wagnerand-moz in #23946
- tidy up and add more django admin permissions by @eviljeff in #23942
- Fix versions not being flagged for review after 2nd level approval requeue by @diox in #23948
- Fix potential IntegrityError exception in EmailUserRestriction admin by @diox in #23956
Dependendabots
- Bump mozilla/addons-frontend from 2025.09.04-1 to 2025.09.19 by @dependabot[bot] in #23939
- Bump addons-linter from 7.20.0 to 8.0.0 by @dependabot[bot] in #23949
New Contributors
- @wagnerand-moz made their first contribution in #23926
Full Changelog: 2025.09.18...2025.10.02
Contributors
diox, willdurand, and 4 other contributors
Assets 2
2025.09.18
This week's push hero is @KevinMind @diox
Previous Release: 2025.09.04
Blockers:
Cherry-picks:
Before we push:
Before we start:
Before we promote:
After we're done:
enable rollback waffle switch
./manage.py waffle_switch version-rollback on
Addons-Frontend Changelog:
mozilla/addons-frontend@2025.09.04...2025.09.18-2
Addons Server Changelog:
Contributors
diox and KevinMind
Assets 2
2025.09.04
This week's push hero is @eviljeff
Previous Release: 2025.08.29-1
Blockers:
Cherry-picks:
Before we push:
Before we start:
Before we promote:
After we're done:
Addons-Frontend Changelog:
mozilla/addons-frontend@2025.08.07...2025.09.04
Addons Server Changelog:
What's Changed
Notable things shipping
- Handle additional homoglyphs by @diox in #23850
- allow addons viewer permission holder to download disabled files by @eviljeff in #23846
- Bump minimum should match for trigrams in search to 75% by @diox in #23852
- Add NARC to available scanners for ScannerQueryRule by @diox in #23851
- Allow product pages to be noindex'ed temporarily by @willdurand in #23853
- Expose add-on listing info to the django admin by @willdurand in #23866
- Fix default_locale erroneously set to lowercase for spanish add-ons&collections by @diox in #23865
Full Changelog: 2025.08.29...2025.09.04
Contributors
diox, willdurand, and eviljeff
Assets 2
2025.08.29-1
This week's push hero is @diox
Previous Release: 2025.08.21-2
What's Changed
Notable things shipping
- Remove "Not Promoted" from PromotedGroup by @chrstinalin in #23818
- Apply more aggressive normalization to trademark checks and NARC by @diox in #23833
- update version rollback messaging by @eviljeff in #23761
- Allow scanner rule definition to wrap if necessary in readonly view by @diox in #23823
- Display narc scanner results in review page by @diox in #23840
- increase REVIEWER_DELAYED_REJECTION_PERIOD_DAYS_DEFAULT to 30 by @eviljeff in #23841
- Pass homoglyph variants of names to trademark checks and NARC by @diox in #23842
- Handle additional homoglyphs #23850
Full Changelog: 2025.08.21-2...2025.08.29-1
Contributors
diox, eviljeff, and chrstinalin
Assets 2
2025.08.29
This week's push hero is @diox
Previous Release: 2025.08.21-2
What's Changed
Notable things shipping
- Remove "Not Promoted" from PromotedGroup by @chrstinalin in #23818
- Apply more aggressive normalization to trademark checks and NARC by @diox in #23833
- update version rollback messaging by @eviljeff in #23761
- Allow scanner rule definition to wrap if necessary in readonly view by @diox in #23823
- Display narc scanner results in review page by @diox in #23840
- increase REVIEWER_DELAYED_REJECTION_PERIOD_DAYS_DEFAULT to 30 by @eviljeff in #23841
- Pass homoglyph variants of names to trademark checks and NARC by @diox in #23842
Full Changelog: 2025.08.21-2...2025.08.29
Contributors
diox, eviljeff, and chrstinalin
Assets 2
2025.08.21-2
- Call run_action() even on initial match when scanning for narc outside auto_approve #23820
- Allow automated disable&block action to be appealed (and handle such appeals) #23832
Full Changelog: 2025.08.21...2025.08.21-2