Bump version to 2026.6.0b0

Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: epenet <6771947+epenet@users.noreply.github.com>

homeassistant/components/backup/backup.py

@@ -11,7 +11,7 @@ from homeassistant.helpers.hassio import is_hassio
 
 from .agent import BackupAgent, LocalBackupAgent, OnProgressCallback
 from .const import DOMAIN, LOGGER
-from .models import AgentBackup, BackupNotFound, InvalidBackupFilename
+from .models import AgentBackup, BackupNotFound
 from .util import read_backup, suggested_filename
 
 
@@ -54,13 +54,7 @@ class CoreLocalBackupAgent(LocalBackupAgent):
             try:
                 backup = read_backup(backup_path)
                 backups[backup.backup_id] = (backup, backup_path)
-            except (
-                OSError,
-                TarError,
-                json.JSONDecodeError,
-                KeyError,
-                InvalidBackupFilename,
-            ) as err:
+            except (OSError, TarError, json.JSONDecodeError, KeyError) as err:
                 LOGGER.warning("Unable to read backup %s: %s", backup_path, err)
         return backups
 
@@ -128,14 +122,7 @@ class CoreLocalBackupAgent(LocalBackupAgent):
 
     def get_new_backup_path(self, backup: AgentBackup) -> Path:
         """Return the local path to a new backup."""
-        candidate = self._backup_dir / suggested_filename(backup)
-        # suggested_filename does not strip separators; refuse paths that would
-        # land outside the backup directory.
-        if candidate.parent != self._backup_dir:
-            raise InvalidBackupFilename(
-                f"Refusing to write outside {self._backup_dir}: {candidate}"
-            )
-        return candidate
+        return self._backup_dir / suggested_filename(backup)
 
     async def async_delete_backup(self, backup_id: str, **kwargs: Any) -> None:
         """Delete a backup file."""

homeassistant/components/backup/manager.py

@@ -1978,13 +1978,7 @@ class CoreBackupReaderWriter(BackupReaderWriter):
 
         try:
             backup = await async_add_executor_job(read_backup, temp_file)
-        except (
-            OSError,
-            tarfile.TarError,
-            json.JSONDecodeError,
-            KeyError,
-            InvalidBackupFilename,
-        ) as err:
+        except (OSError, tarfile.TarError, json.JSONDecodeError, KeyError) as err:
             LOGGER.warning("Unable to parse backup %s: %s", temp_file, err)
             raise
 

homeassistant/components/backup/util.py

@@ -6,7 +6,7 @@ import copy
 from dataclasses import dataclass, replace
 from io import BytesIO
 import json
-from pathlib import Path, PurePath, PureWindowsPath
+from pathlib import Path, PurePath
 from queue import SimpleQueue
 import tarfile
 import threading
@@ -34,7 +34,7 @@ from homeassistant.util.async_iterator import (
 from homeassistant.util.json import JsonObjectType, json_loads_object
 
 from .const import BUF_SIZE, LOGGER, SECURETAR_CREATE_VERSION
-from .models import AddonInfo, AgentBackup, Folder, InvalidBackupFilename
+from .models import AddonInfo, AgentBackup, Folder
 
 
 class DecryptError(HomeAssistantError):
@@ -109,13 +109,6 @@ def read_backup(backup_path: Path) -> AgentBackup:
         extra_metadata = cast(dict[str, bool | str], data.get("extra", {}))
         date = extra_metadata.get("supervisor.backup_request_date", data["date"])
 
-        name = cast(str, data["name"])
-        # The name is used to derive the on-disk filename via suggested_filename;
-        # reject anything that could escape the backup directory.
-        safe_name = PureWindowsPath(name).name
-        if safe_name != name or name in ("", ".", ".."):
-            raise InvalidBackupFilename(f"Invalid backup name: {name!r}")
-
         return AgentBackup(
             addons=addons,
             backup_id=cast(str, data["slug"]),
@@ -125,7 +118,7 @@ def read_backup(backup_path: Path) -> AgentBackup:
             folders=folders,
             homeassistant_included=homeassistant_included,
             homeassistant_version=homeassistant_version,
-            name=name,
+            name=cast(str, data["name"]),
             protected=cast(bool, data.get("protected", False)),
             size=backup_path.stat().st_size,
         )

homeassistant/components/frontend/manifest.json

@@ -21,5 +21,5 @@
   "integration_type": "system",
   "preview_features": { "winter_mode": {} },
   "quality_scale": "internal",
-  "requirements": ["home-assistant-frontend==20260429.4"]
+  "requirements": ["home-assistant-frontend==20260527.0"]
 }

homeassistant/components/tuya/const.py

@@ -939,6 +939,7 @@ class DPCode(StrEnum):
     TEMP_INDOOR = "temp_indoor"  # Indoor temperature in °C
     TEMP_SET = "temp_set"  # Set the temperature in °C
     TEMP_SET_F = "temp_set_f"  # Set the temperature in °F
+    TEMP_SETTING_QUICK_C = "temp_setting_quick_c"
     TEMP_UNIT_CONVERT = "temp_unit_convert"  # Temperature unit switching
     TEMP_VALUE = "temp_value"  # Color temperature
     TEMP_VALUE_V2 = "temp_value_v2"
@@ -992,6 +993,7 @@ class DPCode(StrEnum):
     WORK_POWER = "work_power"
     WORK_STATE = "work_state"
     WORK_STATE_E = "work_state_e"
+    WORK_TYPE = "work_type"
 
 
 @dataclass

homeassistant/components/tuya/select.py

@@ -19,6 +19,18 @@ from .entity import TuyaEntity
 # All descriptions can be found here. Mostly the Enum data types in the
 # default instructions set of each category end up being a select.
 SELECTS: dict[DeviceCategory, tuple[SelectEntityDescription, ...]] = {
+    DeviceCategory.BH: (
+        SelectEntityDescription(
+            key=DPCode.TEMP_SETTING_QUICK_C,
+            entity_category=EntityCategory.CONFIG,
+            translation_key="quick_heat_temperature",
+        ),
+        SelectEntityDescription(
+            key=DPCode.WORK_TYPE,
+            entity_category=EntityCategory.CONFIG,
+            translation_key="kettle_work_mode",
+        ),
+    ),
     DeviceCategory.CL: (
         SelectEntityDescription(
             key=DPCode.CONTROL_BACK_MODE,

homeassistant/components/tuya/strings.json

@@ -478,6 +478,15 @@
           "1": "Continuous working mode"
         }
       },
+      "kettle_work_mode": {
+        "name": "Work mode",
+        "state": {
+          "boiling_quick": "Quick boil",
+          "setting_quick": "Quick heat",
+          "temp_boiling": "Boil and keep warm",
+          "temp_setting": "Heat and keep warm"
+        }
+      },
       "led_type": {
         "name": "Light source type",
         "state": {
@@ -515,6 +524,16 @@
           "smart": "Smart"
         }
       },
+      "quick_heat_temperature": {
+        "name": "Quick heat temperature",
+        "state": {
+          "80": "80 °C",
+          "85": "85 °C",
+          "90": "90 °C",
+          "95": "95 °C",
+          "100": "100 °C"
+        }
+      },
       "record_mode": {
         "name": "Record mode",
         "state": {

homeassistant/const.py

@@ -15,7 +15,7 @@ if TYPE_CHECKING:
 APPLICATION_NAME: Final = "HomeAssistant"
 MAJOR_VERSION: Final = 2026
 MINOR_VERSION: Final = 6
-PATCH_VERSION: Final = "0.dev0"
+PATCH_VERSION: Final = "0b0"
 __short_version__: Final = f"{MAJOR_VERSION}.{MINOR_VERSION}"
 __version__: Final = f"{__short_version__}.{PATCH_VERSION}"
 REQUIRED_PYTHON_VER: Final[tuple[int, int, int]] = (3, 14, 2)

homeassistant/package_constraints.txt

@@ -39,7 +39,7 @@ habluetooth==6.7.9
 hass-nabucasa==2.2.0
 hassil==3.5.0
 home-assistant-bluetooth==2.0.0
-home-assistant-frontend==20260429.4
+home-assistant-frontend==20260527.0
 home-assistant-intents==2026.5.5
 httpx==0.28.1
 ifaddr==0.2.0

pylint/plugins/pylint_home_assistant/generated/mdi_icons.py

@@ -5,7 +5,7 @@ To update, run python3 -m script.hassfest
 
 from typing import Final
 
-FRONTEND_VERSION: Final[str] = "20260429.4"
+FRONTEND_VERSION: Final[str] = "20260527.0"
 
 MDI_ICONS: Final[set[str]] = {
     "ab-testing",

pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "homeassistant"
-version = "2026.6.0.dev0"
+version = "2026.6.0b0"
 license = "Apache-2.0"
 license-files = ["LICENSE*", "homeassistant/backports/LICENSE*"]
 description = "Open-source home automation platform running on Python 3."

requirements_all.txt

@@ -1266,7 +1266,7 @@ hole==0.9.0
 holidays==0.97
 
 # homeassistant.components.frontend
-home-assistant-frontend==20260429.4
+home-assistant-frontend==20260527.0
 
 # homeassistant.components.conversation
 home-assistant-intents==2026.5.5

tests/components/backup/test_manager.py

@@ -2088,36 +2088,6 @@ async def test_receive_backup_path_traversal(
     assert resp.status == 400
 
 
-@pytest.mark.parametrize(
-    "name",
-    [
-        "/absolute/path",
-        "../parent",
-        "with/slash",
-    ],
-)
-async def test_receive_backup_rejects_unsafe_inner_name(
-    hass: HomeAssistant,
-    hass_client: ClientSessionGenerator,
-    name: str,
-) -> None:
-    """Test receive backup rejects an inner name that would escape the backup dir."""
-    await setup_backup_integration(hass)
-    client = await hass_client()
-
-    backup = replace(TEST_BACKUP_ABC123, name=name)
-    with patch(
-        "homeassistant.components.backup.manager.read_backup",
-        return_value=backup,
-    ):
-        resp = await client.post(
-            "/api/backup/upload?agent_id=backup.local",
-            data={"file": StringIO("test")},
-        )
-
-    assert resp.status == 400
-
-
 async def test_receive_backup_busy_manager(
     hass: HomeAssistant,
     hass_client: ClientSessionGenerator,

tests/components/backup/test_util.py

@@ -14,7 +14,6 @@ import pytest
 import securetar
 
 from homeassistant.components.backup import DOMAIN, AddonInfo, AgentBackup, Folder
-from homeassistant.components.backup.models import InvalidBackupFilename
 from homeassistant.components.backup.util import (
     DecryptedBackupStreamer,
     EncryptedBackupStreamer,
@@ -159,37 +158,6 @@ def test_read_backup(backup_json_content: bytes, expected_backup: AgentBackup) -
         assert backup == expected_backup
 
 
-@pytest.mark.parametrize(
-    "name",
-    [
-        "/absolute/path",
-        "../parent",
-        "with/slash",
-        "with\\backslash",
-        "C:\\drive\\path",
-        "",
-        ".",
-        "..",
-    ],
-)
-def test_read_backup_rejects_unsafe_name(name: str) -> None:
-    """Test that read_backup rejects names that could escape the backup directory."""
-    backup_json_content = (
-        b'{"compressed":true,"date":"2024-12-02T07:23:58.261875-05:00","homeassistant":'
-        b'{"exclude_database":true,"version":"2024.12.0.dev0"},"name":"'
-        + name.encode().replace(b"\\", b"\\\\")
-        + b'","protected":true,"slug":"455645fe","type":"partial","version":2}'
-    )
-    mock_path = Mock()
-    mock_path.stat.return_value.st_size = 1234
-
-    with patch("homeassistant.components.backup.util.tarfile.open") as mock_open_tar:
-        tar_ctx = mock_open_tar.return_value.__enter__.return_value
-        tar_ctx.extractfile.return_value.read.return_value = backup_json_content
-        with pytest.raises(InvalidBackupFilename):
-            read_backup(mock_path)
-
-
 @pytest.mark.parametrize(
     ("backup", "password", "validation_result", "expected_messages"),
     [

tests/components/tuya/snapshots/test_select.ambr

@@ -5637,6 +5637,128 @@
     'state': 'low',
   })
 # ---
+# name: test_platform_setup_and_discovery[select.smart_kettle_quick_heat_temperature-entry]
+  EntityRegistryEntrySnapshot({
+    'aliases': list([
+      None,
+    ]),
+    'area_id': None,
+    'capabilities': dict({
+      'options': list([
+        '85',
+        '90',
+      ]),
+    }),
+    'config_entry_id': <ANY>,
+    'config_subentry_id': <ANY>,
+    'device_class': None,
+    'device_id': <ANY>,
+    'disabled_by': None,
+    'domain': 'select',
+    'entity_category': <EntityCategory.CONFIG: 'config'>,
+    'entity_id': 'select.smart_kettle_quick_heat_temperature',
+    'has_entity_name': True,
+    'hidden_by': None,
+    'icon': None,
+    'id': <ANY>,
+    'labels': set({
+    }),
+    'name': None,
+    'object_id_base': 'Quick heat temperature',
+    'options': dict({
+    }),
+    'original_device_class': None,
+    'original_icon': None,
+    'original_name': 'Quick heat temperature',
+    'platform': 'tuya',
+    'previous_unique_id': None,
+    'suggested_object_id': None,
+    'supported_features': 0,
+    'translation_key': 'quick_heat_temperature',
+    'unique_id': 'tuya.s5ah3novtabe4tfdhbtemp_setting_quick_c',
+    'unit_of_measurement': None,
+  })
+# ---
+# name: test_platform_setup_and_discovery[select.smart_kettle_quick_heat_temperature-state]
+  StateSnapshot({
+    'attributes': ReadOnlyDict({
+      'friendly_name': 'Smart Kettle Quick heat temperature',
+      'options': list([
+        '85',
+        '90',
+      ]),
+    }),
+    'context': <ANY>,
+    'entity_id': 'select.smart_kettle_quick_heat_temperature',
+    'last_changed': <ANY>,
+    'last_reported': <ANY>,
+    'last_updated': <ANY>,
+    'state': '85',
+  })
+# ---
+# name: test_platform_setup_and_discovery[select.smart_kettle_work_mode-entry]
+  EntityRegistryEntrySnapshot({
+    'aliases': list([
+      None,
+    ]),
+    'area_id': None,
+    'capabilities': dict({
+      'options': list([
+        'setting_quick',
+        'boiling_quick',
+        'temp_setting',
+        'temp_boiling',
+      ]),
+    }),
+    'config_entry_id': <ANY>,
+    'config_subentry_id': <ANY>,
+    'device_class': None,
+    'device_id': <ANY>,
+    'disabled_by': None,
+    'domain': 'select',
+    'entity_category': <EntityCategory.CONFIG: 'config'>,
+    'entity_id': 'select.smart_kettle_work_mode',
+    'has_entity_name': True,
+    'hidden_by': None,
+    'icon': None,
+    'id': <ANY>,
+    'labels': set({
+    }),
+    'name': None,
+    'object_id_base': 'Work mode',
+    'options': dict({
+    }),
+    'original_device_class': None,
+    'original_icon': None,
+    'original_name': 'Work mode',
+    'platform': 'tuya',
+    'previous_unique_id': None,
+    'suggested_object_id': None,
+    'supported_features': 0,
+    'translation_key': 'kettle_work_mode',
+    'unique_id': 'tuya.s5ah3novtabe4tfdhbwork_type',
+    'unit_of_measurement': None,
+  })
+# ---
+# name: test_platform_setup_and_discovery[select.smart_kettle_work_mode-state]
+  StateSnapshot({
+    'attributes': ReadOnlyDict({
+      'friendly_name': 'Smart Kettle Work mode',
+      'options': list([
+        'setting_quick',
+        'boiling_quick',
+        'temp_setting',
+        'temp_boiling',
+      ]),
+    }),
+    'context': <ANY>,
+    'entity_id': 'select.smart_kettle_work_mode',
+    'last_changed': <ANY>,
+    'last_reported': <ANY>,
+    'last_updated': <ANY>,
+    'state': 'setting_quick',
+  })
+# ---
 # name: test_platform_setup_and_discovery[select.smart_odor_eliminator_pro_odor_elimination_mode-entry]
   EntityRegistryEntrySnapshot({
     'aliases': list([