bug: using 'null' value for attributes causes error. In rest.py, filter out any attributes that are set to 'None'. GET on an endpoint can return 'null' values when the attribute is unset. E.G. for a user: { "address": "baddy@example.com", "alternate_addresses": null, "last_login": "2026-03-18.05:57:09", "organisation": null, "password": null, "phone": null, "queries": [], "realname": "Fred Jones", "roles": "User", "timezone": null, "username": "badeggs" } But this json can not be submitted to a PUT or POST endpoint. The validators for passwords, strings, integers etc. don't expect a None value. This change handles attributes with "null" (None) values in json objects by filtering them from the python object before processing. The null value can't be used to unset an attribute via PUT or POST. The 'remove' action using the PATCH verb can unset the value. Also there appears to be some missing checks in the back_anydbm and rdbms_common files for the password type. All the other types have a check: value is not None and not isinstance(.....) but passwords only have the 'not isinstance(....)' part. Not sure why this was the case. Looking at commit history didn't make me think it was intentional.

--- a/CHANGES.txt	Wed Mar 18 11:11:03 2026 -0400
+++ b/CHANGES.txt	Wed Mar 18 17:24:14 2026 -0400
@@ -47,6 +47,13 @@
   page is selected. (John Rouillard)
 - code cleanup replace bare except: with except Exception:. (patch by
   Sense_wang (haosenwang1018) applied by John Rouillard)
+- handle "null" values in json objects sent to a rest endpoint by
+  filtering them from the object before processing. A "null" value
+  will not unset an attribute. The 'remove' action using the
+  PATCH verb can unset the value. Before this change "null" values
+  retrieved from the REST interface would cause errors when sent
+  using POST or PUT verbs. Also guard against password being set to
+  None. (John Rouillard)
 
 Features: