5.12.0

Fixed:

• Core: Fix redirecting in parseWidget #3513
• Core: Make privacy consent dialog scrollable on mobile #3507
• Core: Make the old session clean-up method timezone aware #3511
• Core: Move the apple touch icon to the theme #3512
• Pages: Allow the use of install in a page title #3533
• Pages: Skip empty images while copying a page #3545

Security:

• Core: Fix Open Redirect issue #3547

Added:

• CLI: Reset password CLI command #3491
• Profiles: Autocomplete attributes #3508#3548

Changed:

• Core: Added PHP8 support and bumped minimum to 7.4 #3538
• Core: Switched to symfony 4.4 #3538

5.11.1

Fixed:

• Core: Add missing aria attributes on form errors #3485
• Core: Fix adding links on images in ckeditor #3478
• Core: Fix database env variables not resolving before checking installed module #3502
• Core: Update packages #3500 #3482 #3483 #3489 #3490 #3492
• Blog: Fix translation in wordpress import page #3484
• Pages: Fix default breadcrumb style #3487

Security:

All these security issues require access to the backend before they can be exploited.

• Core: Fix xss bug in multiple select box #3501
• Authentication: Intercept a redirect to a different domain on login using // at the start of the queryparameter #3494
• Authentication: Reauthenticate a user after password change to log out other sessions #3493
• Blog: Prevent sql injection in the backend through bulk action marking comments as spam #3497
• Extensions: Prevent xss in the backend in the theme and module detail page through the description #3499
• FormBuilder: Prevent sql injection in the backend through bulk deletion of submitted data #3495
• Locale: Prevent sql injection in the backend through export of translations #3498
• Tags: Prevent sql injection in the backend through bulk deletion of tags #3496

5.11.0

Fixed:

• Core: Fix array offset error for canonical url in meta #3411
• Core: Fix deleting cookies #3440
• Core: Fix encoding problem with generating urls #3429
• Core: Fixed GenarteUrl to allow Backend Locale #3423
• Core: Update packages #3452 #3447 #3448 #3451 #3435 #3437 #3439 #3408 #3427 #3469 #3467 #3465 #3462 #3461 #3459
• Core: Update the placeholder image URLs #3463
• ContentBlocks: Fix mapping old content blocks when copying pages #3442
• Docs: Put code in code block #3407
• Docs: Update old screenshots #3210 #3412
• Locale: Fixed exporting XML truncated by a few bytes
• Locale: Fixed truncated locale XML export #3470
• MediaLibrary: Fix image preview #3434
• MediaLibrary: Fix item preview in the editor #3450
• Page: Duplicate page image when copying a page to a different locale #3438
• Pages: Revert usertemplates fix since it is broken because of the nex security fixes #3460
• Search: Fix search total for short terms #3441

Security:

• Core: Fix xss issue in spoon form #3453
• Core: Prevent CSRF logout in the backend #3471
• Core: SpoonLibrary expects the charset to be in lowercase, otherwise some xss protections fail #3455
• MediaLibrary: Fix xss in mediaitem type movie id on edit #3406

Added:

• Core: Add support for Google reCAPTCHA v3 #3409
• FormBuilder: Copy forms and their widgets when making a language copy #3445
• MediaLibrary: Add support for svg #3424 #3432

Changed:

• DX: Only run tests once on PR #3468
• Test: Minor database optimalisation #3443

5.10.0

Fixed:

• Core: Fix double encoding in spoon library #3400
• Core: Fix files not loading on some apache servers #3361
• Core: Update packages #3398 #3394 #3386 #3385 #3382 #3364
• Blog: Fix broken thumbnail in the backend #3360
• Pages: Fix usertemplates #3371 #3365

Security:

• Authentication: Fix xss in redirect url #3355 #3353
• MediaLibrary: Fix xss in media item title #3401
• MediaLibrary: Fix xss in video ids #3402
• Search: Fix xss in search referrer #3387
• Spoon: Fix xss in form input files #3357

Added:

• Core: Add canonical URL to SEO tab #3188
• Core: Add CLI command to install a module #3323
• Core: Throw an event when the session id changes #3377
• MediaLibrary: Add edit button to media item within a form #3192
• MediaLibrary: Added a search box to the media library #3189
• Pages: Make it possible to set an id in a usertemplate #3166

Changed:

• Core: Improve GDPR consent dialog #3372
• Github: No codecov annotations in PR's #3378
• Github: Upgrade to native dependabot #3384

5.9.3

Fixed

• Core: Update packages #3332 #3329 #3328 #3325 #3282 #3269
• Github: Add badge for security issues #3315
• Github: Make sure we test all supported php versions #3254
• Github: Remove duplicate github issue reporting system #3288
• Groups: Excape new reserverd keywords in mysal #3264
• Locale: Clarify that html in translations is not considered a security issue #3270
• Pages: Duplicate user template images when copying page #3320
• Pages: Rebuild page cache when changing url #3319

Security

• Core: Security fixes #3351
• Locale: Fix xss in translation datagrid #3314
• Spoon: Fix css bug in Spoon Library #3316

5.9.2

Fixed:

• Core: Add composer v2 support #3205
• Core: Allow switching in the backend to a language that is disabled in the frontend #3202
• Core: Bugfix consent dialog #3226
• Core: Filter on empty levels #3176
• Core: Fix permission check for god user #3201
• Core: Only copy the text and not the html when editing a value in a datagrid #3203
• Core: Pin xdebug v2 for PHP 7.1 support #3246
• Core: Prevent floating elements from covering the recaptcha badge #3204
• Core: Replace & to && #3194
• Core: Set cache policy for woff2 #3212
• Core: Update packages #3247 3221 3220 3197 3183 3182 3242 3245 3169
• Core: Upgrade phpstan #3227
• Github: Add slack icon to Readme #3209
• Github: Codecov should wait for 3 reports #3213
• Github: Fix scrutinizer & coverage upload #3208
• Github: Move from Travis to GitHub Actions #3175
• Github: Move github repo files to .github dir #3172
• Github: Use github actions badge on readme #3214
• Installer: Add some missing permissions to the admin group during installation #3200
• Location: Fix copying location widgets to another locale when there are no widgets #3199
• MediaGalleries: Fix fade of slickslider clashing with bootstrap 4 #3168
• MediaLibrary: Always require a media item to have a title #3190
• Pages: Fix background images of usertemplates #3165
• Pages: Fix error when adding pages as a non god user #3181
• Pages: Translate the test usertemplate to English #3198

5.9.1

Fixed

Pages: Fix non god users not being able to save pages #3163

5.9.0

5.9.0 (2020-08-17)

Fixed

• Core: Add missing use statement to Theme.php #3162
• Core: Update vendors #3153 #3154 #3155 #3156 #3161
• MediaLibrary: Fix rotation of images based on exif and strip metadata #3152
• MediaLibrary: Skip default photo cropping if unchecked #3151

Added

• Core: Add GDPR concent dialog #3048
• Core: Add Google Tag Manager #3047
• Core: Add Portuguese locale #2431
• Pages: Add css class to a menu link #3116
• Pages: Cross language link overview #3117

Changed

• Core: Change CSV implementation #3160
• Profiles: Make max amount of display name changes dynamic #3102

5.8.3

Fixed:

• Core: Optimise vendor images #3143
• Core: Show the correct error when adding invalid custom slugs #3145
• Core: Stop hard caching redirects #3094
• Core: Update vendors #3136 #3111 #3119
• DX: Fix docker build #3121
• DX: Fix typo in pull request templates #3140
• MediaGalleries: Fix text being truncated #3139
• MediaLibrary: Fix uploading big files #3146

Security:

• Core: Fix xss bugs in the backend #3093 #3137
• Core: Improve csrf checks in the backend #3123 #3138 #3124 #3132 #3135

5.8.2

5.8.2 (2020-05-12)

Fixed:

• Core: Fix upscale cropping #3079
• Core: Remove last slash in url after hreflang #3080
• Core: Update composer packages #3078 #3077 #3076
• Docs: Fix MailChimp Url #3083
• Docs: Typo in Headline #3082
• Docs: Update old docs link, with the new one #3085
• Pages: Fix notice when deleting page #3074
• Pages: Use single quotes for background images #3067

Security:

• Core: Bump jquery from 3.4.1 to 3.5.0 #3089