redimp/otterwiki v2.20.0

on GitHub

Security Fixes

• Add CSRF protection via SameSite=Lax cookies and Flask-WTF tokens (5bea252 by @onovy).
  This is controlled by WTF_CSRF_ENABLED which defaults to True and
  WTF_CSRF_TIME_LIMIT which defaults to 86400.
• Make password reset tokens single-use, disable remember-me on reset (75152f6 by @onovy).
• Escape mermaid code block content to prevent XSS (1747d89 by @onovy).
• Add security response headers (3682750 by @onovy).
• Remove ambiguous |safe from commit message rendering in templates (c60420f by @onovy).
• Prevent account enumeration via generic recovery messages (7ded053 by @onovy).

Features

• Add configuration options for CSRF protection (73e5516).
• Make security response headers configurable (62cebe6).

Bug Fixes

• Store HOME_PAGE in preferences on update, see #439 (ccd1a54).
• Fix font-size for <pre> and <code> elements (c0086dd).
• Ensure empty SERVER_NAME is set to None (2e2c793).

Dependencies

• Bump pygments from 2.18.0 to 2.20.0 (f744ed8 by @onovy).
• Bump pygments from 2.19.2 to 2.20.0 (4ac8e38 by @dependabot).

Compare with v2.19.0