Bump to version 2.2.5 (#1354)

fsbraun · web-flow · commit c5c3bf29b815 · 2023-06-11T18:11:25.000+02:00
* Bump to version 2.2.5

* Update pre-commit: isort version
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -37,6 +37,6 @@ repos:
       - id: mixed-line-ending
 
   - repo: https://github.com/pycqa/isort
-    rev: 5.11.4
+    rev: 5.12.0
     hooks:
       - id: isort
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
@@ -2,6 +2,15 @@
 CHANGELOG
 =========
 
+2.2.5 (2023-06-11)
+==================
+
+* Security patch (https://github.com/django-cms/django-filer/pull/1352):
+  While admin options shown correctly represented the user rights, some admin
+  end-points were available directly. A staff user without any permissions
+  could browse the filer folder structure, list files in a folder, add files,
+  and move files and folders.
+
 2.2.4 (2023-01-13)
 ==================
 * Add Django 4.1 support
diff --git a/filer/__init__.py b/filer/__init__.py
@@ -13,6 +13,6 @@
  8. Publish the release and it will automatically release to pypi
 """
 
-__version__ = '2.2.4'
+__version__ = '2.2.5'
 
 default_app_config = 'filer.apps.FilerConfig'
