# HG changeset patch
# User Marcin Kuzminski <marcin@rhodecode.com>
# Date 2017-11-23 12:44:15
# Node ID d5c3a51145519af05b140e6a2d91a2d8468e9836
# Parent  6dd0541601b7e6f11e4bf8d1b04cb0022aa7ec3b
# Parent  c7255a09b8b6bd2843974bf5aaca38c4ceb9ec11

release: merge back stable branch into default

diff --git a/.hgtags b/.hgtags
--- a/.hgtags
+++ b/.hgtags
@@ -26,3 +26,4 @@ 0a6821cbd6b0b3c21503002f88800679fa35ab63
 434ad90ec8d621f4416074b84f6e9ce03964defb v4.10.2
 68baee10e698da2724c6e0f698c03a6abb993bf2 v4.10.3
 00821d3afd1dce3f4767cc353f84a17f7d5218a1 v4.10.4
+22f6744ad8cc274311825f63f953e4dee2ea5cb9 v4.10.5
diff --git a/docs/release-notes/release-notes-4.10.5.rst b/docs/release-notes/release-notes-4.10.5.rst
new file mode 100644
--- /dev/null
+++ b/docs/release-notes/release-notes-4.10.5.rst
@@ -0,0 +1,55 @@
+|RCE| 4.10.5 |RNS|
+------------------
+
+Release Date
+^^^^^^^^^^^^
+
+- 2017-11-23
+
+
+New Features
+^^^^^^^^^^^^
+
+
+
+General
+^^^^^^^
+
+- dependencies: pin against rhodecode-tools 0.13.1. Fixes a cleanup-repos bug.
+
+
+Security
+^^^^^^^^
+
+- Pull requests: security(low), check for permissions on exposure of repo-refs.
+  Prevents exposure of branches/tags on private repositories.
+- Metatags: limit the scope of url => metatag to http, https and / links.
+  Prevents possible JS injection in those types of links which is unsafe.
+
+
+Performance
+^^^^^^^^^^^
+
+
+
+Fixes
+^^^^^
+
+
+- Emails: fixed validation of emails with whitespace in them.
+- Repo groups: fix bad route redirect on check if user tried to revoke
+  permissions on himself.
+- Comments: place the left over comments (outdated/misplaced) to the left or
+  right pane in side-by-side diff.
+- Comments: allow to properly initialize outdated comments that are still attached.
+  Fixes a problem when outdated TODO notes couldn't be properly resolved.
+- Diffs: fixed problem with rendering no newline at the end of file markers.
+  In case of unified diff that would show incorrect diffs in rare cases.
+- Settings: fix potential 500 problem on bad data passed in.
+
+
+Upgrade notes
+^^^^^^^^^^^^^
+
+- Fixes regression in nested repository groups update. No upgrade problems should
+  be expected
diff --git a/docs/release-notes/release-notes.rst b/docs/release-notes/release-notes.rst
--- a/docs/release-notes/release-notes.rst
+++ b/docs/release-notes/release-notes.rst
@@ -9,6 +9,7 @@ Release Notes
 .. toctree::
    :maxdepth: 1
 
+   release-notes-4.10.5.rst
    release-notes-4.10.4.rst
    release-notes-4.10.3.rst
    release-notes-4.10.2.rst
diff --git a/rhodecode/model/forms.py b/rhodecode/model/forms.py
--- a/rhodecode/model/forms.py
+++ b/rhodecode/model/forms.py
@@ -142,7 +142,7 @@ def UserForm(localizer, edit=False, avai
         active = v.StringBoolean(if_missing=False)
         firstname = v.UnicodeString(strip=True, min=1, not_empty=False)
         lastname = v.UnicodeString(strip=True, min=1, not_empty=False)
-        email = All(v.Email(not_empty=True), v.UniqSystemEmail(localizer, old_data))
+        email = All(v.UniqSystemEmail(localizer, old_data), v.Email(not_empty=True))
         extern_name = v.UnicodeString(strip=True)
         extern_type = v.UnicodeString(strip=True)
         language = v.OneOf(available_languages, hideList=False,
@@ -228,10 +228,7 @@ def RegisterForm(localizer, edit=False, 
         active = v.StringBoolean(if_missing=False)
         firstname = v.UnicodeString(strip=True, min=1, not_empty=False)
         lastname = v.UnicodeString(strip=True, min=1, not_empty=False)
-        email = All(
-            v.Email(not_empty=True),
-            v.UniqSystemEmail(localizer, old_data),
-            v.UnicodeString(strip=True, min=3))
+        email = All(v.UniqSystemEmail(localizer, old_data), v.Email(not_empty=True))
 
         chained_validators = [v.ValidPasswordsMatch(localizer)]
     return _RegisterForm