Fixes #20239: Prevent shared mutable state in PluginMenuItem and PluginMenuButton

PluginMenuItem and PluginMenuButton classes used mutable class-level
defaults for `permissions` and `buttons` attributes, causing permission
leakage between instances when these attributes were modified without
explicit parameters.

Changed to initialize these attributes as fresh lists per instance in
__init__ when not explicitly provided, following standard Python pattern
for avoiding mutable default arguments.

.github/ISSUE_TEMPLATE/06-deprecation.yaml

@@ -1,26 +1,20 @@
 ---
-name: ⚠️ Deprecation
+name: 🗑️ Deprecation
 type: Deprecation
-description: Designation of a feature or behavior that will be removed in a future release
+description: The removal of an existing feature or resource
 labels: ["netbox", "type: deprecation"]
 body:
   - type: textarea
     attributes:
-      label: Deprecated Functionality
+      label: Proposed Changes
       description: >
-        Describe the feature(s) and/or behavior that is being flagged for deprecation.
-    validations:
-      required: true
-  - type: input
-    attributes:
-      label: Scheduled removal
-      description: In what future release will the deprecated functionality be removed?
+        Describe in detail the proposed changes. What is being removed?
     validations:
       required: true
   - type: textarea
     attributes:
       label: Justification
-      description: Please provide justification for the deprecation.
+      description: Please provide justification for the proposed change(s).
     validations:
       required: true
   - type: textarea

.github/ISSUE_TEMPLATE/07-feature_removal.yaml

@@ -1,20 +0,0 @@
----
-name: 🗑️ Feature Removal
-type: Removal
-description: The removal of a deprecated feature or resource
-labels: ["netbox", "type: removal"]
-body:
-  - type: input
-    attributes:
-      label: Deprecation Issue
-      description: Specify the issue in which this deprecation was announced.
-      placeholder: "#1234"
-    validations:
-      required: true
-  - type: textarea
-    attributes:
-      label: Summary of Changes
-      description: >
-        List all changes necessary to remove the deprecated feature or resource.
-    validations:
-      required: true

.github/workflows/codeql.yml

@@ -30,13 +30,13 @@ jobs:
       uses: actions/checkout@v4
 
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v4
+      uses: github/codeql-action/init@v3
       with:
         languages: ${{ matrix.language }}
         build-mode: ${{ matrix.build-mode }}
         config-file: .github/codeql/codeql-config.yml
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v4
+      uses: github/codeql-action/analyze@v3
       with:
         category: "/language:${{matrix.language}}"

.github/workflows/update-translation-strings.yml

@@ -34,7 +34,7 @@ jobs:
     - name: Set up Python
       uses: actions/setup-python@v5
       with:
-        python-version: 3.12
+        python-version: 3.11
 
     - name: Install system dependencies
       run: sudo apt install -y gettext

.gitignore

@@ -9,8 +9,7 @@ yarn-error.log*
 /netbox/netbox/configuration.py
 /netbox/netbox/ldap_config.py
 /netbox/local/*
-/netbox/media/*
-!/netbox/media/.gitkeep
+/netbox/media
 /netbox/reports/*
 !/netbox/reports/__init__.py
 /netbox/scripts/*

docs/features/change-logging.md

@@ -10,11 +10,9 @@ Change records are exposed in the API via the read-only endpoint `/api/extras/ob
 
 ## User Messages
 
-When creating, modifying, or deleting an object in NetBox, a user has the option of recording an arbitrary message (up to 200 characters) that will appear in the change record. This can be helpful to capture additional context, such as the reason for a change or a reference to an external ticket.
+!!! info "This feature was introduced in NetBox v4.4."
 
-When editing an object via the web UI, the "Changelog message" field appears at the bottom of the form. This field is optional. The changelog message field is available in object create forms, object edit forms, delete confirmation dialogs, and bulk operations.
-
-For information on including changelog messages when making changes via the REST API, see [Changelog Messages](../integrations/rest-api.md#changelog-messages).
+When creating, modifying, or deleting an object in NetBox, a user has the option of recording an arbitrary message that will appear in the change record. This can be helpful to capture additional context, such as the reason for the change.
 
 ## Correlating Changes by Request
 

docs/integrations/rest-api.md

@@ -610,7 +610,9 @@ http://netbox/api/dcim/sites/ \
 
 ## Changelog Messages
 
-Most objects in NetBox support [change logging](../features/change-logging.md), which generates a detailed record each time an object is created, modified, or deleted. Additionally, users can attach a message to the change record as well. This is accomplished via the REST API by including a `changelog_message` field in the object representation.
+!!! info "This feature was introduced in NetBox v4.4."
+
+Most objects in NetBox support [change logging](../features/change-logging.md), which generates a detailed record each time an object is created, modified, or deleted. Beginning in NetBox v4.4, users can attach a message to the change record as well. This is accomplished via the REST API by including a `changelog_message` field in the object representation.
 
 For example, the following API request will create a new site and record a message in the resulting changelog entry:
 
@@ -626,7 +628,7 @@ http://netbox/api/dcim/sites/ \
 }'
 ```
 
-This approach works when creating, modifying, or deleting objects, either individually or in bulk. For more information about change logging, see [Change Logging](../features/change-logging.md).
+This approach works when creating, modifying, or deleting objects, either individually or in bulk.
 
 ## Uploading Files
 

netbox/core/api/serializers_/data.py

@@ -44,4 +44,3 @@ class DataFileSerializer(NetBoxModelSerializer):
             'id', 'url', 'display_url', 'display', 'source', 'path', 'last_updated', 'size', 'hash',
         ]
         brief_fields = ('id', 'url', 'display', 'path')
-        read_only_fields = ['path', 'last_updated', 'size', 'hash']

netbox/core/models/data.py

@@ -12,7 +12,7 @@ from django.core.validators import RegexValidator
 from django.db import models
 from django.urls import reverse
 from django.utils import timezone
-from django.utils.translation import gettext_lazy as _
+from django.utils.translation import gettext as _
 
 from netbox.constants import CENSOR_TOKEN, CENSOR_TOKEN_CHANGED
 from netbox.models import PrimaryModel
@@ -128,9 +128,7 @@ class DataSource(JobsMixin, PrimaryModel):
         # Ensure URL scheme matches selected type
         if self.backend_class.is_local and self.url_scheme not in ('file', ''):
             raise ValidationError({
-                'source_url': _("URLs for local sources must start with {scheme} (or specify no scheme)").format(
-                    scheme='file://'
-                )
+                'source_url': "URLs for local sources must start with file:// (or specify no scheme)"
             })
 
     def save(self, *args, **kwargs):

netbox/dcim/forms/mixins.py

@@ -140,6 +140,9 @@ class FrontPortFormMixin(forms.Form):
         widget=forms.SelectMultiple(attrs={'size': 8})
     )
 
+    port_mapping_model = PortMapping
+    parent_field = 'device'
+
     def clean(self):
         super().clean()
 
@@ -200,22 +203,3 @@ class FrontPortFormMixin(forms.Form):
                 using=connection,
                 update_fields=None
             )
-
-    def _get_rear_port_choices(self, parent_filter, front_port):
-        """
-        Return a list of choices representing each available rear port & position pair on the parent object (identified
-        by a Q filter), excluding those assigned to the specified instance.
-        """
-        occupied_rear_port_positions = [
-            f'{mapping.rear_port_id}:{mapping.rear_port_position}'
-            for mapping in self.port_mapping_model.objects.filter(parent_filter).exclude(front_port=front_port.pk)
-        ]
-
-        choices = []
-        for rear_port in self.rear_port_model.objects.filter(parent_filter):
-            for i in range(1, rear_port.positions + 1):
-                pair_id = f'{rear_port.pk}:{i}'
-                if pair_id not in occupied_rear_port_positions:
-                    pair_label = f'{rear_port.name}:{i}'
-                    choices.append((pair_id, pair_label))
-        return choices

netbox/dcim/forms/model_forms.py

@@ -1124,8 +1124,9 @@ class FrontPortTemplateForm(FrontPortFormMixin, ModularComponentTemplateForm):
         ),
     )
 
+    # Override FrontPortFormMixin attrs
     port_mapping_model = PortTemplateMapping
-    rear_port_model = RearPortTemplate
+    parent_field = 'device_type'
 
     class Meta:
         model = FrontPortTemplate
@@ -1136,14 +1137,13 @@ class FrontPortTemplateForm(FrontPortFormMixin, ModularComponentTemplateForm):
     def __init__(self, *args, **kwargs):
         super().__init__(*args, **kwargs)
 
-        # Populate rear port choices based on parent DeviceType or ModuleType
         if device_type_id := self.data.get('device_type') or self.initial.get('device_type'):
-            parent_filter = Q(device_type=device_type_id)
-        elif module_type_id := self.data.get('module_type') or self.initial.get('module_type'):
-            parent_filter = Q(module_type=module_type_id)
+            device_type = DeviceType.objects.get(pk=device_type_id)
         else:
             return
-        self.fields['rear_ports'].choices = self._get_rear_port_choices(parent_filter, self.instance)
+
+        # Populate rear port choices
+        self.fields['rear_ports'].choices = self._get_rear_port_choices(device_type, self.instance)
 
         # Set initial rear port mappings
         if self.instance.pk:
@@ -1152,6 +1152,27 @@ class FrontPortTemplateForm(FrontPortFormMixin, ModularComponentTemplateForm):
                 for mapping in PortTemplateMapping.objects.filter(front_port_id=self.instance.pk)
             ]
 
+    def _get_rear_port_choices(self, device_type, front_port):
+        """
+        Return a list of choices representing each available rear port & position pair on the device type, excluding
+        those assigned to the specified instance.
+        """
+        occupied_rear_port_positions = [
+            f'{mapping.rear_port_id}:{mapping.rear_port_position}'
+            for mapping in device_type.port_mappings.exclude(front_port=front_port.pk)
+        ]
+
+        choices = []
+        for rear_port in RearPortTemplate.objects.filter(device_type=device_type):
+            for i in range(1, rear_port.positions + 1):
+                pair_id = f'{rear_port.pk}:{i}'
+                if pair_id not in occupied_rear_port_positions:
+                    pair_label = f'{rear_port.name}:{i}'
+                    choices.append(
+                        (pair_id, pair_label)
+                    )
+        return choices
+
 
 class RearPortTemplateForm(ModularComponentTemplateForm):
     fieldsets = (
@@ -1598,9 +1619,6 @@ class FrontPortForm(FrontPortFormMixin, ModularDeviceComponentForm):
         ),
     )
 
-    port_mapping_model = PortMapping
-    rear_port_model = RearPort
-
     class Meta:
         model = FrontPort
         fields = [
@@ -1611,12 +1629,13 @@ class FrontPortForm(FrontPortFormMixin, ModularDeviceComponentForm):
     def __init__(self, *args, **kwargs):
         super().__init__(*args, **kwargs)
 
-        # Populate rear port choices
         if device_id := self.data.get('device') or self.initial.get('device'):
-            parent_filter = Q(device=device_id)
+            device = Device.objects.get(pk=device_id)
         else:
             return
-        self.fields['rear_ports'].choices = self._get_rear_port_choices(parent_filter, self.instance)
+
+        # Populate rear port choices
+        self.fields['rear_ports'].choices = self._get_rear_port_choices(device, self.instance)
 
         # Set initial rear port mappings
         if self.instance.pk:
@@ -1625,6 +1644,27 @@ class FrontPortForm(FrontPortFormMixin, ModularDeviceComponentForm):
                 for mapping in PortMapping.objects.filter(front_port_id=self.instance.pk)
             ]
 
+    def _get_rear_port_choices(self, device, front_port):
+        """
+        Return a list of choices representing each available rear port & position pair on the device, excluding those
+        assigned to the specified instance.
+        """
+        occupied_rear_port_positions = [
+            f'{mapping.rear_port_id}:{mapping.rear_port_position}'
+            for mapping in device.port_mappings.exclude(front_port=front_port.pk)
+        ]
+
+        choices = []
+        for rear_port in RearPort.objects.filter(device=device):
+            for i in range(1, rear_port.positions + 1):
+                pair_id = f'{rear_port.pk}:{i}'
+                if pair_id not in occupied_rear_port_positions:
+                    pair_label = f'{rear_port.name}:{i}'
+                    choices.append(
+                        (pair_id, pair_label)
+                    )
+        return choices
+
 
 class RearPortForm(ModularDeviceComponentForm):
     fieldsets = (

netbox/dcim/graphql/filter_mixins.py

@@ -38,15 +38,6 @@ class ScopedFilterMixin:
 
 @dataclass
 class ComponentModelFilterMixin:
-    _site: Annotated['SiteFilter', strawberry.lazy('dcim.graphql.filters')] | None = (
-        strawberry_django.filter_field(name='site')
-    )
-    _location: Annotated['LocationFilter', strawberry.lazy('dcim.graphql.filters')] | None = (
-        strawberry_django.filter_field(name='location')
-    )
-    _rack: Annotated['RackFilter', strawberry.lazy('dcim.graphql.filters')] | None = (
-        strawberry_django.filter_field(name='rack')
-    )
     device: Annotated['DeviceFilter', strawberry.lazy('dcim.graphql.filters')] | None = strawberry_django.filter_field()
     device_id: ID | None = strawberry_django.filter_field()
     name: FilterLookup[str] | None = strawberry_django.filter_field()

netbox/dcim/models/modules.py

@@ -259,13 +259,11 @@ class Module(TrackingModelMixin, PrimaryModel, ConfigContextModel):
         module_bays = []
         modules = []
         while module:
-            module_module_bay = getattr(module, "module_bay", None)
-            if module.pk in modules or (module_module_bay and module_module_bay.pk in module_bays):
+            if module.pk in modules or module.module_bay.pk in module_bays:
                 raise ValidationError(_("A module bay cannot belong to a module installed within it."))
             modules.append(module.pk)
-            if module_module_bay:
-                module_bays.append(module_module_bay.pk)
-            module = module_module_bay.module if module_module_bay else None
+            module_bays.append(module.module_bay.pk)
+            module = module.module_bay.module if module.module_bay else None
 
     def save(self, *args, **kwargs):
         is_new = self.pk is None

netbox/dcim/signals.py

@@ -211,16 +211,12 @@ def sync_cached_scope_fields(instance, created, **kwargs):
     for model in (Prefix, Cluster, WirelessLAN):
         qs = model.objects.filter(**filters)
 
-        # Bulk update cached fields to avoid O(N) performance issues with large datasets.
-        # This does not trigger post_save signals, avoiding spurious change log entries.
-        objects_to_update = []
         for obj in qs:
             # Recompute cache using the same logic as save()
             obj.cache_related_objects()
-            objects_to_update.append(obj)
-
-        if objects_to_update:
-            model.objects.bulk_update(
-                objects_to_update,
-                ['_location', '_site', '_site_group', '_region']
-            )
+            obj.save(update_fields=[
+                '_location',
+                '_site',
+                '_site_group',
+                '_region',
+            ])

netbox/dcim/views.py

@@ -1845,7 +1845,6 @@ class ModuleTypeBulkEditView(generic.BulkEditView):
 class ModuleTypeBulkRenameView(generic.BulkRenameView):
     queryset = ModuleType.objects.all()
     filterset = filtersets.ModuleTypeFilterSet
-    field_name = 'model'
 
 
 @register_model_view(ModuleType, 'bulk_delete', path='delete', detail=False)

netbox/extras/api/serializers_/configcontexts.py

@@ -28,7 +28,7 @@ class ConfigContextProfileSerializer(PrimaryModelSerializer):
     )
     data_file = DataFileSerializer(
         nested=True,
-        required=False
+        read_only=True
     )
 
     class Meta:
@@ -143,7 +143,7 @@ class ConfigContextSerializer(OwnerMixin, ChangeLogMessageSerializer, ValidatedM
     )
     data_file = DataFileSerializer(
         nested=True,
-        required=False
+        read_only=True
     )
 
     class Meta:

netbox/extras/constants.py

@@ -4,17 +4,6 @@ from extras.choices import LogLevelChoices
 # Custom fields
 CUSTOMFIELD_EMPTY_VALUES = (None, '', [])
 
-# ImageAttachment
-IMAGE_ATTACHMENT_IMAGE_FORMATS = {
-    'avif': 'image/avif',
-    'bmp': 'image/bmp',
-    'gif': 'image/gif',
-    'jpeg': 'image/jpeg',
-    'jpg': 'image/jpeg',
-    'png': 'image/png',
-    'webp': 'image/webp',
-}
-
 # Template Export
 DEFAULT_MIME_TYPE = 'text/plain; charset=utf-8'
 

netbox/extras/forms/model_forms.py

@@ -9,7 +9,6 @@ from django.utils.translation import gettext_lazy as _
 from core.forms.mixins import SyncedDataMixin
 from core.models import ObjectType
 from dcim.models import DeviceRole, DeviceType, Location, Platform, Region, Site, SiteGroup
-from extras.constants import IMAGE_ATTACHMENT_IMAGE_FORMATS
 from extras.choices import *
 from extras.models import *
 from netbox.events import get_event_type_choices
@@ -785,11 +784,8 @@ class ImageAttachmentForm(forms.ModelForm):
         fields = [
             'image', 'name', 'description',
         ]
-        # Explicitly set 'image/avif' to support AVIF selection in Firefox
-        widgets = {
-            'image': forms.ClearableFileInput(
-                attrs={'accept': ','.join(sorted(set(IMAGE_ATTACHMENT_IMAGE_FORMATS.values())))}
-            ),
+        help_texts = {
+            'name': _("If no name is specified, the file name will be used.")
         }
 
 

netbox/extras/tests/test_api.py

@@ -1,5 +1,4 @@
 import datetime
-import hashlib
 
 from django.contrib.contenttypes.models import ContentType
 from django.urls import reverse
@@ -8,7 +7,7 @@ from rest_framework import status
 
 from core.choices import ManagedFileRootPathChoices
 from core.events import *
-from core.models import DataFile, DataSource, ObjectType
+from core.models import ObjectType
 from dcim.models import Device, DeviceRole, DeviceType, Manufacturer, Rack, Location, RackRole, Site
 from extras.choices import *
 from extras.models import *
@@ -732,51 +731,6 @@ class ConfigContextProfileTest(APIViewTestCases.APIViewTestCase):
         )
         ConfigContextProfile.objects.bulk_create(profiles)
 
-    def test_update_data_source_and_data_file(self):
-        """
-        Regression test: Ensure data_source and data_file can be assigned via the API.
-
-        This specifically covers PATCHing a ConfigContext with integer IDs for both fields.
-        """
-        self.add_permissions(
-            'core.view_datafile',
-            'core.view_datasource',
-            'extras.view_configcontextprofile',
-            'extras.change_configcontextprofile',
-        )
-        config_context_profile = ConfigContextProfile.objects.first()
-
-        # Create a data source and file
-        datasource = DataSource.objects.create(
-            name='Data Source 1',
-            type='local',
-            source_url='file:///tmp/netbox-datasource/',
-        )
-        # Generate a valid dummy YAML file
-        file_data = b'profile: configcontext\n'
-        datafile = DataFile.objects.create(
-            source=datasource,
-            path='dir1/file1.yml',
-            last_updated=now(),
-            size=len(file_data),
-            hash=hashlib.sha256(file_data).hexdigest(),
-            data=file_data,
-        )
-
-        url = self._get_detail_url(config_context_profile)
-        payload = {
-            'data_source': datasource.pk,
-            'data_file': datafile.pk,
-        }
-        response = self.client.patch(url, payload, format='json', **self.header)
-        self.assertHttpStatus(response, status.HTTP_200_OK)
-
-        config_context_profile.refresh_from_db()
-        self.assertEqual(config_context_profile.data_source_id, datasource.pk)
-        self.assertEqual(config_context_profile.data_file_id, datafile.pk)
-        self.assertEqual(response.data['data_source']['id'], datasource.pk)
-        self.assertEqual(response.data['data_file']['id'], datafile.pk)
-
 
 class ConfigContextTest(APIViewTestCases.APIViewTestCase):
     model = ConfigContext
@@ -858,51 +812,6 @@ class ConfigContextTest(APIViewTestCases.APIViewTestCase):
         rendered_context = device.get_config_context()
         self.assertEqual(rendered_context['bar'], 456)
 
-    def test_update_data_source_and_data_file(self):
-        """
-        Regression test: Ensure data_source and data_file can be assigned via the API.
-
-        This specifically covers PATCHing a ConfigContext with integer IDs for both fields.
-        """
-        self.add_permissions(
-            'core.view_datafile',
-            'core.view_datasource',
-            'extras.view_configcontext',
-            'extras.change_configcontext',
-        )
-        config_context = ConfigContext.objects.first()
-
-        # Create a data source and file
-        datasource = DataSource.objects.create(
-            name='Data Source 1',
-            type='local',
-            source_url='file:///tmp/netbox-datasource/',
-        )
-        # Generate a valid dummy YAML file
-        file_data = b'context: config\n'
-        datafile = DataFile.objects.create(
-            source=datasource,
-            path='dir1/file1.yml',
-            last_updated=now(),
-            size=len(file_data),
-            hash=hashlib.sha256(file_data).hexdigest(),
-            data=file_data,
-        )
-
-        url = self._get_detail_url(config_context)
-        payload = {
-            'data_source': datasource.pk,
-            'data_file': datafile.pk,
-        }
-        response = self.client.patch(url, payload, format='json', **self.header)
-        self.assertHttpStatus(response, status.HTTP_200_OK)
-
-        config_context.refresh_from_db()
-        self.assertEqual(config_context.data_source_id, datasource.pk)
-        self.assertEqual(config_context.data_file_id, datafile.pk)
-        self.assertEqual(response.data['data_source']['id'], datasource.pk)
-        self.assertEqual(response.data['data_file']['id'], datafile.pk)
-
 
 class ConfigTemplateTest(APIViewTestCases.APIViewTestCase):
     model = ConfigTemplate

netbox/extras/utils.py

@@ -10,7 +10,6 @@ from taggit.managers import _TaggableManager
 
 from netbox.context import current_request
 
-from .constants import IMAGE_ATTACHMENT_IMAGE_FORMATS
 from .validators import CustomValidator
 
 __all__ = (
@@ -79,7 +78,7 @@ def image_upload(instance, filename):
     """
     upload_dir = 'image-attachments'
     default_filename = 'unnamed'
-    allowed_img_extensions = IMAGE_ATTACHMENT_IMAGE_FORMATS.keys()
+    allowed_img_extensions = ('bmp', 'gif', 'jpeg', 'jpg', 'png', 'webp')
 
     # Normalize Windows paths and create a Path object.
     normalized_filename = str(filename).replace('\\', '/')

netbox/ipam/forms/filtersets.py

@@ -538,7 +538,7 @@ class VLANFilterForm(TenancyFilterForm, PrimaryModelFilterSetForm):
         FieldSet('qinq_role', 'qinq_svlan_id', name=_('Q-in-Q/802.1ad')),
         FieldSet('tenant_group_id', 'tenant_id', name=_('Tenant')),
     )
-    selector_fields = ('filter_id', 'q', 'group_id')
+    selector_fields = ('filter_id', 'q', 'site_id')
     region_id = DynamicModelMultipleChoiceField(
         queryset=Region.objects.all(),
         required=False,

netbox/ipam/forms/model_forms.py

@@ -372,8 +372,8 @@ class IPAddressForm(TenancyForm, PrimaryModelForm):
                     'virtual_machine_id': instance.assigned_object.virtual_machine.pk,
                 })
 
-        # Disable object assignment fields if the IP address is designated as primary or OOB
-        if self.initial.get('primary_for_parent') or self.initial.get('oob_for_parent'):
+        # Disable object assignment fields if the IP address is designated as primary
+        if self.initial.get('primary_for_parent'):
             self.fields['interface'].disabled = True
             self.fields['vminterface'].disabled = True
             self.fields['fhrpgroup'].disabled = True

netbox/ipam/models/ip.py

@@ -940,13 +940,6 @@ class IPAddress(ContactsMixin, PrimaryModel):
                     _("Cannot reassign IP address while it is designated as the primary IP for the parent object")
                 )
 
-            # can't use is_oob_ip as self.assigned_object might be changed
-            if hasattr(original_parent, 'oob_ip') and original_parent.oob_ip_id == self.pk:
-                if parent != original_parent:
-                    raise ValidationError(
-                        _("Cannot reassign IP address while it is designated as the OOB IP for the parent object")
-                    )
-
         # Validate IP status selection
         if self.status == IPAddressStatusChoices.STATUS_SLAAC and self.family != 6:
             raise ValidationError({

netbox/netbox/graphql/filters.py

@@ -3,7 +3,7 @@ from typing import TYPE_CHECKING
 
 import strawberry_django
 from strawberry import ID
-from strawberry_django import ComparisonFilterLookup, FilterLookup
+from strawberry_django import FilterLookup
 
 from core.graphql.filter_mixins import ChangeLoggingMixin
 from extras.graphql.filter_mixins import CustomFieldsFilterMixin, JournalEntriesFilterMixin, TagsFilterMixin
@@ -23,7 +23,7 @@ __all__ = (
 
 @dataclass
 class BaseModelFilter:
-    id: ComparisonFilterLookup[ID] | None = strawberry_django.filter_field()
+    id: FilterLookup[ID] | None = strawberry_django.filter_field()
 
 
 class ChangeLoggedModelFilter(ChangeLoggingMixin, BaseModelFilter):

netbox/netbox/navigation/menu.py

@@ -232,7 +232,7 @@ VPN_MENU = Menu(
             label=_('L2VPNs'),
             items=(
                 get_model_item('vpn', 'l2vpn', _('L2VPNs')),
-                get_model_item('vpn', 'l2vpntermination', _('L2VPN Terminations')),
+                get_model_item('vpn', 'l2vpntermination', _('Terminations')),
             ),
         ),
         MenuGroup(

netbox/netbox/ui/panels.py

@@ -164,7 +164,7 @@ class ObjectAttributesPanel(ObjectPanel, metaclass=ObjectAttributesPanelMeta):
         """
         label = name[:1].upper() + name[1:]
         label = label.replace('_', ' ')
-        return _(label)
+        return label
 
     def get_context(self, context):
         # Determine which attributes to display in the panel based on only/exclude args

netbox/project-static/dist/graphiql/plugin-explorer-style.css

@@ -1 +1 @@
-.docExplorerWrap{height:unset!important;min-width:unset!important;width:unset!important}.docExplorerWrap svg{display:unset}.doc-explorer-title{font-size:var(--font-size-h2);font-weight:var(--font-weight-medium)}.doc-explorer-rhs{display:none}.graphiql-explorer-root{font-family:var(--font-family-mono)!important;font-size:var(--font-size-body)!important;padding:0!important}.graphiql-explorer-root>div>div{padding-top:var(--px-16);border-color:hsla(var(--color-neutral),var(--alpha-background-heavy))!important}.graphiql-explorer-root>div{overflow:auto!important}.graphiql-explorer-root input{background:unset}.graphiql-explorer-root select{border:1px solid hsla(var(--color-neutral),var(--alpha-secondary));border-radius:var(--border-radius-4);margin:0 var(--px-8);padding:var(--px-4)var(--px-6);background:hsl(var(--color-base))!important;color:hsl(var(--color-neutral))!important}.toolbar-button{all:unset;cursor:pointer;margin-left:var(--px-6);color:hsl(var(--color-primary));line-height:0!important;font-size:var(--font-size-h3)!important}.graphiql-explorer-slug .toolbar-button,.graphiql-explorer-graphql-arguments .toolbar-button{font-size:inherit!important}.graphiql-explorer-graphql-arguments input{min-width:2rem;line-height:0}.graphiql-explorer-actions{border-color:hsla(var(--color-neutral),var(--alpha-background-heavy))!important}
+.docExplorerWrap{height:unset!important;min-width:unset!important;width:unset!important}.docExplorerWrap svg{display:unset}.doc-explorer-title{font-size:var(--font-size-h2);font-weight:var(--font-weight-medium)}.doc-explorer-rhs{display:none}.graphiql-explorer-root{font-family:var(--font-family-mono)!important;font-size:var(--font-size-body)!important;padding:0!important}.graphiql-explorer-root>div>div{border-color:hsla(var(--color-neutral),var(--alpha-background-heavy))!important;padding-top:var(--px-16)}.graphiql-explorer-root input{background:unset}.graphiql-explorer-root select{background:hsl(var(--color-base))!important;border:1px solid hsla(var(--color-neutral),var(--alpha-secondary));border-radius:var(--border-radius-4);color:hsl(var(--color-neutral))!important;margin:0 var(--px-8);padding:var(--px-4) var(--px-6)}.graphiql-operation-title-bar .toolbar-button{line-height:0;margin-left:var(--px-8);color:hsla(var(--color-neutral),var(--alpha-secondary, .6));font-size:var(--font-size-h3);vertical-align:middle}.graphiql-explorer-graphql-arguments input{line-height:0}.graphiql-explorer-actions{border-color:hsla(var(--color-neutral),var(--alpha-background-heavy))!important}

netbox/project-static/netbox-graphiql/package.json

@@ -6,7 +6,7 @@
   "license": "Apache-2.0",
   "private": true,
   "dependencies": {
-    "@graphiql/plugin-explorer": "4.0.6",
+    "@graphiql/plugin-explorer": "3.2.6",
     "graphiql": "4.1.2",
     "graphql": "16.12.0",
     "js-cookie": "3.0.5",

netbox/project-static/yarn.lock

@@ -294,10 +294,10 @@
     react-compiler-runtime "19.1.0-rc.1"
     zustand "^5"
 
-"@graphiql/plugin-explorer@4.0.6":
-  version "4.0.6"
-  resolved "https://registry.yarnpkg.com/@graphiql/plugin-explorer/-/plugin-explorer-4.0.6.tgz#bec1207dc27334914590ab31f46c2e944bbf4ebf"
-  integrity sha512-TppIi92YPER3v70nlF01KTQrq9AiYqkZicSd1hpU7aqGmbqw/pLwBNLUEcfENBoJtw574Qxjswb01+GaYK0Tzw==
+"@graphiql/plugin-explorer@3.2.6":
+  version "3.2.6"
+  resolved "https://registry.npmjs.org/@graphiql/plugin-explorer/-/plugin-explorer-3.2.6.tgz"
+  integrity sha512-MXzG/zVNzZfes4Em253bHyAbD/lwwAZkPKvxCAQkjz0i3dtcv4uF3D8iqJ7214iu3SCphbORYZZUC93fik1yew==
   dependencies:
     graphiql-explorer "^0.9.0"
 

netbox/users/forms/model_forms.py

@@ -123,7 +123,7 @@ class UserTokenForm(forms.ModelForm):
     token = forms.CharField(
         label=_('Token'),
         help_text=_(
-            'Tokens must be at least 40 characters in length. <strong>Be sure to record your token</strong> prior to '
+            'Tokens must be at least 40 characters in length. <strong>Be sure to record your key</strong> prior to '
             'submitting this form, as it will no longer be accessible once the token has been created.'
         ),
         widget=forms.TextInput(

netbox/users/models/tokens.py

@@ -69,7 +69,7 @@ class Token(models.Model):
     write_enabled = models.BooleanField(
         verbose_name=_('write enabled'),
         default=True,
-        help_text=_('Permit create/update/delete operations using this token')
+        help_text=_('Permit create/update/delete operations using this key')
     )
     # For legacy v1 tokens, this field stores the plaintext 40-char token value. Not used for v2.
     plaintext = models.CharField(
@@ -213,9 +213,6 @@ class Token(models.Model):
     def clean(self):
         super().clean()
 
-        if self.version == TokenVersionChoices.V2 and not settings.API_TOKEN_PEPPERS:
-            raise ValidationError(_("Unable to save v2 tokens: API_TOKEN_PEPPERS is not defined."))
-
         if self._state.adding:
             if self.pepper_id is not None and self.pepper_id not in settings.API_TOKEN_PEPPERS:
                 raise ValidationError(_(

netbox/users/tests/test_models.py

@@ -1,10 +1,9 @@
 from datetime import timedelta
 
 from django.core.exceptions import ValidationError
-from django.test import TestCase, override_settings
+from django.test import TestCase
 from django.utils import timezone
 
-from users.choices import TokenVersionChoices
 from users.models import User, Token
 from utilities.testing import create_test_user
 
@@ -95,15 +94,6 @@ class TokenTest(TestCase):
         token.refresh_from_db()
         self.assertEqual(token.description, 'New Description')
 
-    @override_settings(API_TOKEN_PEPPERS={})
-    def test_v2_without_peppers_configured(self):
-        """
-        Attempting to save a v2 token without API_TOKEN_PEPPERS defined should raise a ValidationError.
-        """
-        token = Token(version=TokenVersionChoices.V2)
-        with self.assertRaises(ValidationError):
-            token.clean()
-
 
 class UserConfigTest(TestCase):
 

netbox/utilities/forms/widgets/modifiers.py

@@ -1,8 +1,6 @@
 from django import forms
 from django.utils.translation import gettext_lazy as _
 
-from utilities.forms.widgets.apiselect import APISelect, APISelectMultiple
-
 __all__ = (
     'FilterModifierWidget',
     'MODIFIER_EMPTY_FALSE',
@@ -96,37 +94,9 @@ class FilterModifierWidget(forms.Widget):
         # to the original widget before rendering
         self.original_widget.attrs.update(self.attrs)
 
-        # For APISelect/APISelectMultiple widgets, temporarily clear choices to prevent queryset evaluation
-        original_choices = None
-        if isinstance(self.original_widget, (APISelect, APISelectMultiple)):
-            original_choices = self.original_widget.choices
-
-            # Only keep selected choices to preserve current selection in HTML
-            if value:
-                values = value if isinstance(value, (list, tuple)) else [value]
-
-                if hasattr(original_choices, 'queryset'):
-                    queryset = original_choices.queryset
-                    selected_objects = queryset.filter(pk__in=values)
-                    # Build minimal choice list with just the selected values
-                    self.original_widget.choices = [
-                        (obj.pk, str(obj)) for obj in selected_objects
-                    ]
-                else:
-                    self.original_widget.choices = [
-                        choice for choice in original_choices if choice[0] in values
-                    ]
-            else:
-                # No selection - render empty select element
-                self.original_widget.choices = []
-
         # Get context from the original widget
         original_context = self.original_widget.get_context(name, value, attrs)
 
-        # Restore original choices if we modified them
-        if original_choices is not None:
-            self.original_widget.choices = original_choices
-
         # Build our wrapper context
         context = super().get_context(name, value, attrs)
         context['widget']['original_widget'] = original_context['widget']

scripts/git-hooks/pre-commit

@@ -0,0 +1,16 @@
+#!/bin/sh
+# TODO: Remove this file in NetBox v4.3
+# This script has been maintained to ease transition to the pre-commit tool.
+
+exec 1>&2
+
+EXIT=0
+RED='\033[0;31m'
+YELLOW='\033[0;33m'
+NOCOLOR='\033[0m'
+
+printf "${YELLOW}The pre-commit hook script is obsolete. Please use pre-commit instead:${NOCOLOR}\n"
+printf "  pip install pre-commit\n"
+printf "  pre-commit install${NOCOLOR}\n"
+
+exit 1