Releases: forkcms/forkcms
Releases · forkcms/forkcms
5.12.0
Fixed:
- Core: Fix redirecting in parseWidget #3513
- Core: Make privacy consent dialog scrollable on mobile #3507
- Core: Make the old session clean-up method timezone aware #3511
- Core: Move the apple touch icon to the theme #3512
- Pages: Allow the use of install in a page title #3533
- Pages: Skip empty images while copying a page #3545
Security:
- Core: Fix Open Redirect issue #3547
Added:
Changed:
5.11.1
Fixed:
- Core: Add missing aria attributes on form errors #3485
- Core: Fix adding links on images in ckeditor #3478
- Core: Fix database env variables not resolving before checking installed module #3502
- Core: Update packages #3500 #3482 #3483 #3489 #3490 #3492
- Blog: Fix translation in wordpress import page #3484
- Pages: Fix default breadcrumb style #3487
Security:
All these security issues require access to the backend before they can be exploited.
- Core: Fix xss bug in multiple select box #3501
- Authentication: Intercept a redirect to a different domain on login using // at the start of the queryparameter #3494
- Authentication: Reauthenticate a user after password change to log out other sessions #3493
- Blog: Prevent sql injection in the backend through bulk action marking comments as spam #3497
- Extensions: Prevent xss in the backend in the theme and module detail page through the description #3499
- FormBuilder: Prevent sql injection in the backend through bulk deletion of submitted data #3495
- Locale: Prevent sql injection in the backend through export of translations #3498
- Tags: Prevent sql injection in the backend through bulk deletion of tags #3496
5.11.0
Fixed:
- Core: Fix array offset error for canonical url in meta #3411
- Core: Fix deleting cookies #3440
- Core: Fix encoding problem with generating urls #3429
- Core: Fixed GenarteUrl to allow Backend Locale #3423
- Core: Update packages #3452 #3447 #3448 #3451 #3435 #3437 #3439 #3408 #3427 #3469 #3467 #3465 #3462 #3461 #3459
- Core: Update the placeholder image URLs #3463
- ContentBlocks: Fix mapping old content blocks when copying pages #3442
- Docs: Put code in code block #3407
- Docs: Update old screenshots #3210 #3412
- Locale: Fixed exporting XML truncated by a few bytes
- Locale: Fixed truncated locale XML export #3470
- MediaLibrary: Fix image preview #3434
- MediaLibrary: Fix item preview in the editor #3450
- Page: Duplicate page image when copying a page to a different locale #3438
- Pages: Revert usertemplates fix since it is broken because of the nex security fixes #3460
- Search: Fix search total for short terms #3441
Security:
- Core: Fix xss issue in spoon form #3453
- Core: Prevent CSRF logout in the backend #3471
- Core: SpoonLibrary expects the charset to be in lowercase, otherwise some xss protections fail #3455
- MediaLibrary: Fix xss in mediaitem type movie id on edit #3406
Added:
- Core: Add support for Google reCAPTCHA v3 #3409
- FormBuilder: Copy forms and their widgets when making a language copy #3445
- MediaLibrary: Add support for svg #3424 #3432
Changed:
5.10.0
Fixed:
- Core: Fix double encoding in spoon library #3400
- Core: Fix files not loading on some apache servers #3361
- Core: Update packages #3398 #3394 #3386 #3385 #3382 #3364
- Blog: Fix broken thumbnail in the backend #3360
- Pages: Fix usertemplates #3371 #3365
Security:
- Authentication: Fix xss in redirect url #3355 #3353
- MediaLibrary: Fix xss in media item title #3401
- MediaLibrary: Fix xss in video ids #3402
- Search: Fix xss in search referrer #3387
- Spoon: Fix xss in form input files #3357
Added:
- Core: Add canonical URL to SEO tab #3188
- Core: Add CLI command to install a module #3323
- Core: Throw an event when the session id changes #3377
- MediaLibrary: Add edit button to media item within a form #3192
- MediaLibrary: Added a search box to the media library #3189
- Pages: Make it possible to set an id in a usertemplate #3166
Changed:
5.9.3
Fixed
- Core: Update packages #3332 #3329 #3328 #3325 #3282 #3269
- Github: Add badge for security issues #3315
- Github: Make sure we test all supported php versions #3254
- Github: Remove duplicate github issue reporting system #3288
- Groups: Excape new reserverd keywords in mysal #3264
- Locale: Clarify that html in translations is not considered a security issue #3270
- Pages: Duplicate user template images when copying page #3320
- Pages: Rebuild page cache when changing url #3319
Security
5.9.2
Fixed:
- Core: Add composer v2 support #3205
- Core: Allow switching in the backend to a language that is disabled in the frontend #3202
- Core: Bugfix consent dialog #3226
- Core: Filter on empty levels #3176
- Core: Fix permission check for god user #3201
- Core: Only copy the text and not the html when editing a value in a datagrid #3203
- Core: Pin xdebug v2 for PHP 7.1 support #3246
- Core: Prevent floating elements from covering the recaptcha badge #3204
- Core: Replace & to && #3194
- Core: Set cache policy for woff2 #3212
- Core: Update packages #3247 3221 3220 3197 3183 3182 3242 3245 3169
- Core: Upgrade phpstan #3227
- Github: Add slack icon to Readme #3209
- Github: Codecov should wait for 3 reports #3213
- Github: Fix scrutinizer & coverage upload #3208
- Github: Move from Travis to GitHub Actions #3175
- Github: Move github repo files to .github dir #3172
- Github: Use github actions badge on readme #3214
- Installer: Add some missing permissions to the admin group during installation #3200
- Location: Fix copying location widgets to another locale when there are no widgets #3199
- MediaGalleries: Fix fade of slickslider clashing with bootstrap 4 #3168
- MediaLibrary: Always require a media item to have a title #3190
- Pages: Fix background images of usertemplates #3165
- Pages: Fix error when adding pages as a non god user #3181
- Pages: Translate the test usertemplate to English #3198
5.9.1
5.9.0
5.9.0 (2020-08-17)
Fixed
- Core: Add missing use statement to Theme.php #3162
- Core: Update vendors #3153 #3154 #3155 #3156 #3161
- MediaLibrary: Fix rotation of images based on exif and strip metadata #3152
- MediaLibrary: Skip default photo cropping if unchecked #3151
Added
- Core: Add GDPR concent dialog #3048
- Core: Add Google Tag Manager #3047
- Core: Add Portuguese locale #2431
- Pages: Add css class to a menu link #3116
- Pages: Cross language link overview #3117
Changed
5.8.3
Fixed:
- Core: Optimise vendor images #3143
- Core: Show the correct error when adding invalid custom slugs #3145
- Core: Stop hard caching redirects #3094
- Core: Update vendors #3136 #3111 #3119
- DX: Fix docker build #3121
- DX: Fix typo in pull request templates #3140
- MediaGalleries: Fix text being truncated #3139
- MediaLibrary: Fix uploading big files #3146
Security:
5.8.2
5.8.2 (2020-05-12)
Fixed:
- Core: Fix upscale cropping #3079
- Core: Remove last slash in url after hreflang #3080
- Core: Update composer packages #3078 #3077 #3076
- Docs: Fix MailChimp Url #3083
- Docs: Typo in Headline #3082
- Docs: Update old docs link, with the new one #3085
- Pages: Fix notice when deleting page #3074
- Pages: Use single quotes for background images #3067
Security:
- Core: Bump jquery from 3.4.1 to 3.5.0 #3089