Releases: timber/timber
v2.2.0
2.2.0 (2024-05-15)
Features
- Upgrade Timber minimum requirements (PHP 8.1 / WordPress 6.2 / Twig 3.5) and testing (#2970) (a2f0f07)
- Introduce Rector to upgrade code for PHP 8.1 (#2977) (9edf999)
Bug Fixes
- Allow
Timber\PostExcerpt::read_more
to acceptbool
value (#2937) (85e2a32) - Fix a bug with URL check for avatars (#3002) (456c24e)
- Fix deprecation notice since twig 3.10 to now use
EscaperRuntime
instead ofEscaperExtension
(#2997) (295349b) - Fix problem when an empty ACF taxonomy relationship field transform loads all terms instead of none. (#2960) (f95b82a)
- Fix regression in image resize where crops with the default crop setting (#2998) (8090247)
- Fix typos in codebase (#2968) (e40ceb3)
- Improve doing_it_wrong messages for using deprecated parameters in
Timber::get_attachment()
andTimber::get_image()
(#2999) (e6cdf7e) - Remove security patch not needed in PHP 8 (#2983) (8a30865)
- Update admin notice for minimum required WordPress version (#3001) (66e92a5)
Miscellaneous Chores
- deps: bump lycheeverse/lychee-action from 1.9.3 to 1.10.0 (#2980) (dd34720)
- deps: bump tj-actions/changed-files from 42 to 44 (#2959) (66eabe2)
- Set proper return types on build methods (#2976) (6b72908)
- Update all links in the codebase and documentation to https (#2947) (05af54f)
Full changelog
Full Changelog: v2.1.0...v2.2.0
New Contributors
Become a sponsor
Do you love using Timber for your projects? Consider supporting us by becoming a sponsor. Your sponsorship helps us maintain & improve Timber for everyone! 💚🌲 Join the Timber family today.
v2.1.0
2.1.0 (2024-04-10)
Security fix
- Fix a security vulnerability where a file processed through Timber image operations could possibly execute arbitrary code in certain circumstances (13c6b0f).
Details
The vulnerability could be exploited if your website processes user file inputs (like a form upload) or sideloaded images directly with one of the Timber image operations like Resize, Letterbox, Retina, ToJpg or ToWebp without prior checks whether the uploaded files are really images. We couldn’t replicate the vulnerability in a default WordPress installation, where a user uploads files through the media library. But there could be cases where your website might be vulnerable if a user can upload files in another way.
Important
This vulnerability only exists for websites running on PHP 7.4.
Features
- Add new
timber/cache/transient_key
filter to cache methods for transient key used for caching (#2878) (b347677) - Add new
timber/image_helper/sideload_image/basename
filter for sideloaded images basename (e4ff72f) - Add new
timber/output/pre-cach
filter to$output
before it is cached (#2910) (d1356fd) - Add
User::is_current()
andUser::profile_link()
methods (#2924) (b048da8) - Add WordPress escaping functions via Twig filters (#2933) (a88aa00)
- Allow pagination object to be generated using
$prefs
only (99219a9) and (2834fd4) - Bump php-stubs/acf-pro-stubs to ^6.0 (ac17052)
- Update ECS config and apply standards (#2893) (71111e1)
Bug Fixes
- Add classes in
MenuItem
(#2905) (7e00eeb) - Allow overwrite of default avatar in comments. (#2786) (9c6e0e3), closes #2468
- Fix minor coding style issue in loader.php to make ECS happy (#2950) (6e8b6ab)
- Ignore
acf_get_field_type
void errors (441ef9e) - Make
PostIterator::last_post()
nullable (#2918) (064dde7) - Prevent unneeded blog switching in multisite env (#2781) (d81f995)
- Fix unnecessary lowercasing parameters in
Timber\URLHelper
(#2877) (664ea62) - Fix some file permissions in docs (#2842) (337d54d)
- Tests: Split test running for integrations (plugins) (#2904) (8d03809)
- Tests: Fix tests failing since Twig 3.8.0 (#2895) (f4a233e)
- Tests: Fix missing constants in static analysis test (ae50ccd)
- Tests: Use new filter in tests (c12e9af)
- Tests: Fix phpstan tests by (#2886)
- Docs: Simplify an if-check in the ACF docs (96d2874)
Miscellaneous Chores
- Add script descriptions in Composer file (#2951) (5785128)
- Add Timber authors (567475e)
- Create SECURITY.md (#2939) (be36065)
- Remove Lando config (#2899) (6fa8ffc)
- Update links in CONTRIBUTING.md (3b2c855)
- deps: bump lycheeverse/lychee-action from 1.8.0 to 1.9.1 (1ca79af)
- deps: bump lycheeverse/lychee-action from 1.9.1 to 1.9.3 (#2907) (eecfb03)
- deps: bump peter-evans/create-issue-from-file from 4 to 5 (#2906) (64703f8)
- deps: bump ramsey/composer-install from 2 to 3 (#2941) (97010c4)
- deps: bump tj-actions/changed-files from 39 to 42 (964f11a)
New Contributors
- @expedition-robin-martijn made their first contribution in #2877
- @rubas made their first contribution in #2918
- @jl-a made their first contribution in #2910
- @phasdev made their first contribution in #2863
- @ecupaio made their first contribution in #2945
- @jasalt made their first contribution in #2962
- @Sonicrrrr reported a security vulnerability. Thanks!
- @dependabot made their first contribution in #2885
- @github-actions made their first contribution in #2913
Full Changelog: 2.0.0...v2.1.0
1.24.1
Security fix
- Fix a security vulnerability where a file processed through Timber image operations could possibly execute arbitrary code in certain circumstances.
Details
The vulnerability could be exploited if your website processes user file inputs (like a form upload) or sideloaded images directly with one of the Timber image operations like Resize, Letterbox, Retina, ToJpg or ToWebp without prior checks whether the uploaded files are really images. We couldn’t replicate the vulnerability in a default WordPress installation, where a user uploads files through the media library. But there could be cases where your website might be vulnerable if a user can upload files in another way.
Important
This vulnerability only exists for websites running on PHP 7.4 or lower.
What’s changed
- Allow the
Timber\PostPreview::read_more
to accept a boolean value by @gerardo-rodriguez in #2578 - Fix tests failing with WordPress 6.4 by @gchtr in #2964
- Remove functionality that disabled updates via the dashboard for major and minor releases by @Levdbas in #2963
Contributors
- @Sonicrrrr reported the security vulnerability. Thanks!
- @gerardo-rodriguez made their first contribution in #2578
Full Changelog: 1.24.0...1.24.1
1.23.1
Security fix
- Fix a security vulnerability where a file processed through Timber image operations could possibly execute arbitrary code in certain circumstances.
Details
The vulnerability could be exploited if your website processes user file inputs (like a form upload) or sideloaded images directly with one of the Timber image operations like Resize, Letterbox, Retina, ToJpg or ToWebp without prior checks whether the uploaded files are really images. We couldn’t replicate the vulnerability in a default WordPress installation, where a user uploads files through the media library. But there could be cases where your website might be vulnerable if a user can upload files in another way.
Important
This vulnerability only exists for websites running on PHP 7.4 or lower.
What’s changed
- Fix tests failing with WordPress 6.4 by @gchtr in #2964
- Remove functionality that disabled updates via the dashboard for major and minor releases by @Levdbas in #2963
Contributors
- @Sonicrrrr reported the security vulnerability. Thanks!
Full Changelog: 1.23.0...1.23.1
1.24.0
Warning
Important information about Timber v1
With the release of Timber 2.0, we will not work on Timber v1 anymore. Please upgrade to Timber v2 as soon as you can.
In Timber v2, Composer is the only supported installation method. We are unable to continue releasing or supporting Timber as a plugin on WordPress.org. We advise everyone to switch to the Composer based install of Timber 1 as a first step.
For more information and a list of additional resources, please visit this #2804.
Bugfixes
- Fixed dynamic properties warnings in PHP 8.2 by @trsteel88 in #2860
- Fixed a type error when a WebP image can’t be generated by @marleylinku in #2865
New Contributors
- @trsteel88 made their first contribution in #2860
- @marleylinku made their first contribution in #2865
Full Changelog: 1.23.0...1.24.0
2.0.0
Timber 2.0 is a big update. There are a lot of breaking changes. You need to thoroughly test your websites in your local development environment before update your live websites.
You can install Timber 2.0 by following the Installation Guide. When installing Timber through Composer, you need to require the 2.0.0
version:
composer require timber/timber:^2.0
Documentation
In case you find errors, please open an issue. In case you’re stuck or have questions, create a discussion.
What’s new in Timber 2.0
For information on what’s new in Timber 2.0, follow the Upgrade Guide.
Dropping plugin support
Timber 2.0 is not available as a WordPress plugin anymore, but will only be available as a Composer package. If you’re still using the plugin version of Timber 1.0, you might want to switch to the Composer version first. You can find more information about this in the following links:
- Announcement: Dropping support for the plugin version of Timber
- Guide: How do I switch over from the plugin version to the Composer based version of Timber?
The overall goals of Timber 2.0 include:
- Making Timber’s functions and methods more consistent.
- Making Timber easier to handle and extend.
- Refactoring how Timber Core works under the hood to improve compatibility with WordPress Core and be ready for future challenges.
- Making Timber more compatible with other plugins.
High-level changes include:
- Compatibility with the newest version of PHP.
- A newer, streamlined API for accessing Posts, Terms, Users, Comments and Menus.
- An upgraded Context.
- A new Attachment class for WordPress attachments that are not images.
- A big update for how fetching meta values works.
- Better integration with the WordPress Date and Time functionality.
- Better options to control and extend Twig.
- Class Maps for a more loosely coupled way to extend Timber with your own Post, Term, User, Menu, MenuItem, and Comment objects.
- No more direct instantiation of the classes mentioned above. Use Class Maps instead.
- New PostCollectionInterface for a unified way to deal with various lists of posts.
- An updated WP-CLI integration.
- A new way to add your own Integrations for Timber.
What’s changed since 2.0.0-rc.1
Here’s what’s changed since the last 2.0.0-rc.1 release. (Full Changelog: 2.0.0-rc.1...2.0.0)
Changes
- 2.x Revert final constructors by @gchtr in #2827
- Renamed the
master
branch to1.x
and made2.x
the default branch.
Bugfixes
- Site overwrite magic __call method by @Levdbas in #2798
- Consider
fields
value when returning terms from query by @jrathert in #2806 - Initialize typed properties correctly in
ExternalImage::build()
by @jrathert in #2818 and @nlemoine in #2825
Documentation
- Add documentation and plugin notice about the end of the plugin version by @Levdbas in #2800
- Add note about installing the release candidate by @gchtr in #2796
- Add drop support notice to issue template by @nlemoine in #2810
- Add note about PostsIterator and removal of timber/class/posts_iterator filter by @gchtr in #2835
- Update v2 caching docs by @Levdbas in #2797
- Fix Attachment size doc block by @nlemoine in #2824
- Explained theme path, link and URI helpers in Cheatsheet by @Levdbas in #2787
- Updated plugin support part by @Levdbas in #2805
- Changing functions section references
$filters
instead of$functions
by @niclm in #2799
Become a sponsor
Do you love using Timber for your projects? Consider supporting us by becoming a sponsor. Your sponsorship helps us maintain & improve Timber for everyone! 💚🌲 Join the Timber family today.
Deprecating Plugin Version
This release coincides with the final version to the WordPress.org site. To streamline future support and upgrades, the Timber Team is focused on Composer as the formal release channel.
With the upcoming release of Timber 2.0, we will not release a 2.0 version and beyond as a plugin, but only as a Composer package. We advise everyone to switch to the Composer based install as soon as possible.
Switching to the Composer based version
- Announcement: Dropping support for the plugin version of Timber
- Guide: How do I switch over from the plugin version to the Composer based version of Timber?
- Backstory: Why we are dropping support for the plugin in the first place
- GitHub issue: Roadmap for Timber 2.0
What's Changed
- Improve GitHub pull request template by @gchtr in #2641
- Update bug report template and CODEOWNERS by @gchtr in #2711
- Add Erik to Contributors List by @jarednova in #2735
- Fix PHPDoc typo by @LogicEveryWhere in #2709
- Add sponsorship information to Readme by @gchtr in #2777
- doc: Add drop support notice to issue template by @nlemoine in #2810
- Add documentation and plugin notice about the end of the plugin version by @Levdbas in #2800
- Workflow: fix path to guide by @Levdbas in #2823
New Contributors
- @LogicEveryWhere made their first contribution in #2709
Full Changelog: 1.22.1...1.23.0
2.0.0 – Release Candidate 1
This is the first Release Candidate of the new Timber 2.0 version. Please test this version thoroughly. In case you find errors, please open an issue. In case you have questions, create a discussion.
If you want to stay updated on the next steps, subscribe to Roadmap for Timber 2.0.
You can try out the next Timber version by following the Installation Guide. When installing Timber through Composer, you need to require the 2.0.0-rc.1
version:
composer require timber/timber:2.0.0-rc.1
What’s changed
Here’s what’s changed since the last 2.0.0-beta.2 release. For information on what's new in version 2.0, please see the Upgrade Guide
Changes
Removals
- Remove audio & video methods from
Post
by @nlemoine in #2750 - Remove unused private property by @nlemoine in #2751
- Remove unused param from
Timber\Term::build()
by @gchtr in #2754
Bug fixes
- Fix
PostFactory::is_image
incorrectly usingwp_check_filetype
by @stayallive in #2730 - Fix custom field test by @nlemoine in #2749
- Fix PHPStan issues on level 2 by @gchtr in #2668
- Fix a bug when
the_post
hook runs twice on each post in a loop by @gchtr in #2756 - Fix a bug when
|time_ago
didn’t consider timezones correctly by @gchtr in #2758 - Fix URLHelper methods
is_local
andis_external
by @mcaskill in #2767 - Fix implicit conversion from float to int by @gchtr in #2775
- Add check to image create functions by @Levdbas in #2780
Documentation
- Add @api tag to Helper by @Levdbas in #2746
- Fix PHPDoc typo by @LogicEveryWhere in #2709
- Update property and method docblocks in Theme.php. by @Levdbas in #2744
- Fix some small issues in Getting Started docs by @gchtr in #2761
- Cleanup todo in code by @gchtr in #2757
- Link checker report fixes by @Levdbas in #2747
Testing and tools
- Fix MariaDB in automatic tests by @gchtr in #2776
- Fix some Coding Standard issues by @gchtr in #2779
- Fix skipped tests by @gchtr in #2760
- Coding Standards: improve imports by @nlemoine in #2700
- Fix: phpstan issues & use fully qualified imports by @nlemoine in #2783
New Contributors
- @stayallive made their first contribution in #2730
- @LogicEveryWhere made their first contribution in #2709
Full Changelog: 2.0.0-beta.2...2.0.0-rc.1
Become a sponsor
Do you love using Timber for your projects? Consider supporting us by becoming a sponsor. Your sponsorship helps us maintain & improve Timber for everyone! 💚🌲 Join the Timber family today.
2.0.0 - Beta 2
This is the second beta of the new Timber 2.0 version. A release candidate should follow before summer. If you want to stay updated on the next steps, then subscribe to the Roadmap for Timber 2.0 issue.
You can try out the next Timber version by following the Installation Guide. When installing Timber through Composer, you need to require the 2.0.0-beta.2
version:
composer require timber/timber:2.0.0-beta.2
In case you find errors, please open an issue. In case you have questions, create a discussion.
What’s changed
Here’s what’s changed since the last 2.0.0-beta.1 release.
Merged in from 1.x
- Upgrade Twig to support PHP 8.0/8.1 by @gchtr in #2640
- Add PHP 8.0/8.1 to Timber 1.x matrix by @nlemoine in #2638
- Ensure Twig 3.x is not installed by @rmens in #2679
New features
Bugfixes and cleanup
- User can args by @kshaner in #2632
- Fix post get all meta when one value is null by @gustavo-roganti in #2643
- Fix bug with nextpage block by @gchtr in #2673
- Fix AcfIntegration by @nlemoine in #2692
- Fix User entity by @nlemoine in #2690
- Fix
get_term_link()
compatibility inTimber\Term
by @mcaskill in #2701 - Fix
can_edit()
permission checks for Term, User, Comment and Menu classes by @gchtr in #2676 - Fix bug when Timber\Theme encoding breaks Timber caching by @gchtr in #2675
- Fix post preview by @nlemoine in #2712
- Fix Menu theme locations array to enforce string or integers by @mcaskill in #2707
- Fix exported files by @szepeviktor in #2650
- Fix some coding standard issues by @gchtr in #2648
- Fix PHPStan issues on level 0 by @gchtr in #2659
- Fix PHPStan issues on level 1 by @gchtr in #2667
- Fix menu item compatibility with WPML by @mcaskill in #2705
- Fix iterable case by @nlemoine in #2715
- Clean init by @nlemoine in #2714
- Add
AllowDynamicProperties
attribute by @mcaskill in #2698 - Make Timber\Request not implement Timber\CoreInterface by @gchtr in #2631
- Improve scheme detection and take advantage of WP native functions by @nlemoine in #2720
- Update .gitignore by @gchtr in #2649
- Update Timber\Post::get_info() to work with a post data array only by @gchtr in #2674
Removals
- Remove
Timber\Request
class by @gchtr in #2683 - Remove unused
Term::get_term_from_query()
function by @gchtr in #2664 - Remove unneeded
Timber\Image::is_image()
method by @gchtr in #2669 - Remove string helpers by @nlemoine in #2719
Testing and tools
- Add tests for PHP 8.2 by @nlemoine in #2691
- Run tests with lowest dependencies by @nlemoine in #2665
- Update PHPStan setup by @gchtr in #2630
- Fix side effects with tests involving themes by @gchtr in #2703
- Use assertSame instead of assertEquals for certain values by @gchtr in #2670
- Remove deprecation warning from tests by @nlemoine in #2663
Documentation
- Fix hint about Co-Authors Plus in Upgrade Guide by @gchtr in #2684
- Fix 404 link to setup guide by @NReilingh in #2732
- Update descriptions for compile and render methods by @gchtr in #2677
- Make comment neutral by @Levdbas in #2713
- Update broken links in documentation by @Levdbas in #2743
New Contributors
- @kshaner made their first contribution in #2632
- @gustavo-roganti made their first contribution in #2643
- @rmens made their first contribution in #2679
- @mcaskill made their first contribution in #2701
- @NReilingh made their first contribution in #2732
Full Changelog: 2.0.0-beta.1...2.0.0-beta.2
Become a sponsor
Do you love using Timber for your projects? Consider supporting us by becoming a sponsor. Your sponsorship helps us maintain & improve Timber for everyone! 💚🌲 Join the Timber family today.
Fix Twig version when installing Timber with Composer
What's Changed
- Fixed a bug when Twig version 3 was accidentally installed when installing Timber through Composer, by @rmens in #2679.
Full Changelog: 1.22.0...1.22.1