3.8.10

• Fixed a “Double-instantiating a menu button on an element” console warning that occurred on pages with Matrix fields. (#6338)
• Fixed an error that could occur when running tests. (#13076)

4.4.9

• Volumes no longer validate if their field layout contains a field called extension, filename, height, kind, size, or width.
• It’s now possible for plugins to register errors to entries’ typeId, parentId, and authorId attributes. (#13138)
• Stack traces returned by craft\helpers\App::backtrace() now more closely resemble exception stack traces.
• “Element query executed before Craft is fully initialized” warnings now include a stack trace.
• Fixed a bug where queue-runner Ajax requests triggered on the front end weren’t getting closed before running the queue, potentially causing long front-end load delays.
• Fixed a bug where long element titles weren’t wrapping. (#13143)
• Fixed a user enumeration timing attack vulnerability.
• Fixed a SQL error that could occur when upgrading to Craft 4, if any matrixblocks table rows referenced nonexistent element IDs. (#13121)
• Fixed a SQL error that could occur when upgrading to Craft 4, if anything triggered an asset or volume query. (#13130)
• Fixed a SQL error that occurred when deleting a category group on PostgreSQL, when configured with a table prefix. (#13127)
• Fixed a bug where it was possible to query for elements with soft-deleted site IDs.
• Fixed a JavaScript error that could occur on the control panel login form.

3.8.9

• Volumes no longer validate if their field layout contains a field called extension, filename, height, kind, size, or width.
• Fixed a bug where queue-runner Ajax requests triggered on the front end weren’t getting closed before running the queue, potentially causing long front-end load delays.
• Fixed a bug where long element titles weren’t wrapping. (#13143)
• Fixed a user enumeration timing attack vulnerability.

4.4.8

• Category/tag/global set reference tags now map to entries, if no category groups/tag groups/global sets exist. (#13082)
• HTML Purifier now allows data-oembed-url attributes on div tags. (craftcms/ckeditor#80)
• Added craft\queue\Queue::EVENT_AFTER_EXEC_AND_RELEASE. (#13096)
• craft\services\Elements::propagateElements() now returns the element in the target site.
• A globally-defined element thumb loader is now available in the control panel via Craft.cp.elementThumbLoader.
• Fixed a bug where it was possible to select a disallowed volume as the Default Asset Location in Assets field settings. (#13072)
• Fixed a bug where it was possible to upload files to Assets fields outside of the allowed volumes, if the Default Upload Location was set to a disallowed volume. (#13072)
• Fixed an error that could occur if a Plain Text field had over 1,000,000 bytes. (#13083)
• Fixed a bug where relational field values weren’t yielding any results for event handlers immediately after a draft had been merged. (#13087)
• Fixed a bug where element labels could bleed out of their container. (#13099)
• Fixed an error that occurred if yii\web\UrlManager::addRules() was called on a console request. (#13109)
• Fixed a bug where it was possible to select the current folder as the target when moving a volume folder, resulting in the folder and its contents being lost. (#13118)
• Fixed an error that could occur when running tests. (#13076)
• Fixed an error that occured when sending the activation email for a new user, if there were any validation errors due to new group assignments. (#13060)
• Fixed a bug where the “Send an activation email now” user account checkbox was losing its value if there were any validation errors.
• Fixed an error that could occur when creating a database backup on MySQL and MariaDB. (#12996)
• Fixed a bug where Edit Category screens were including a Parent field, even if the category group’s Max Levels was set to 1. (#13097)
• Fixed a bug where the uploader’s user photo wasn’t always loading on Edit Asset pages.
• Fixed a bug where the “Delete for site” bulk element action was deleting disabled elements and drafts across all sites. (#13116)
• Fixed a bug where Entries and Categories fields with “Maintain hierarchy” enabled could lose relations to elements that didn’t exist in the primary site. (#13057)

3.8.8

• Fixed a bug where it was possible to select a disallowed volume as the Default Asset Location in Assets field settings. (#13072)
• Fixed a bug where it was possible to upload files to Assets fields outside of the allowed volumes, if the Default Asset Location was set to a disallowed volume. (#13072)
• Fixed an error that could occur if a Plain Text field had over 1,000,000 bytes. (#13083)
• Fixed a bug where relational field values weren’t yielding any results for event handlers immediately after a draft had been merged. (#13087)
• Fixed a bug where element labels could bleed out of their container. (#13099)
• Fixed an error that occurred if yii\web\UrlManager::addRules() was called on a console request. (#13109)
• Fixed a bug where it was possible to select the current folder as the target when moving a volume folder, resulting in the folder and its contents being lost. (#13118)
• Fixed a bug where custom field values weren’t getting saved for assets in the local temp upload location. (#12695)

4.4.7.1

• Locked the Yii 2 PSR Log Target library to 1.1.3 to avoid a PHP error that occurs on 1.1.4.

4.4.7

• Improved the control panel styling when the Debug Toolbar is enabled.
• The image transformer now verifies that transforms don’t exist if the index record is missing, before queuing up the transform generation, for local filesystems. (#13052)
• Added the --propagate-to and --set-enabled-for-site options to the resave/entries command.
• Craft’s bootstrap script now defines a CRAFT_ENVIRONMENT environment variable, as a safety measure for plugins that may be checking for it rather than Craft::$app->env.
• Added craft\helpers\ElementHelper::siteStatusesForElement().
• craft\elements\Asset::EVENT_BEFORE_DEFINE_URL now sends a craft\events\DefineAssetUrlEvent object, rather than craft\events\DefineUrlEvent. (#13018)
• craft\web\View::renderObjectTemplate() now trims the returned template output.
• Fixed a bug where users were “View other users’ drafts” section permissions weren’t being enforced for unpublished drafts.
• Fixed a bug where Matrix fields weren’t counting disabled blocks when enforcing their Min Blocks settings. (#13059)
• Fixed a bug where volume folder modals’ sidebars and content were being cut off. (#13074)
• Fixed a bug where element editors were showing provisional changes, even if the user didn’t have permission to save them.
• Fixed a bug where the control panel could be inaccessible if a mutex lock couldn’t be acquired for the queue. (#13052)
• Fixed a bug where it wasn’t possible to update a Matrix block on a revision without a new block ID being assigned. (#13064)
• Fixed a JavaScript error that could occur on field layout designers, if any tabs didn’t have any elements. (#13062)
• Fixed a bug where selecting an image with a transform within an asset selector modal wasn’t ever resolving.
• Fixed a PHP error that could occur if there was a problem sending a password-reset email. (#13070)
• Fixed a bug where users’ User Groups and Permissions settings were getting cleared in the UI when sending an activation email, if the email failed to send. (#13061)
• Fixed XSS vulnerabilities.
• Updated yii2-debug to 2.1.22. (#13058)

3.8.7

• Improved the control panel styling when the Debug Toolbar is enabled.
• Boolean config settings that are set to the strings 'true', 'false', or 'null' are now converted to true, false, and null. (#13063)
• craft\web\View::renderObjectTemplate() now trims the returned template output.
• Fixed a bug where the Entries index page was listing unpublished drafts created by other users, even if the current user didn’t have permission to edit them.
• Fixed a bug where Matrix fields weren’t counting disabled blocks when enforcing their Min Blocks settings. (#13059)
• Fixed a bug where volume folder modals’ sidebars and content were being cut off. (#13074)

4.4.6

• Content tab menus now reveal when a tab contains validation errors, and invalid tabs’ menu options get the same warning icon treatment as inline tabs do. (#12971)
• Selectize menus now expand upwards when there’s not ample space below them. (#12976)
• Element index bulk action spinners are now centered on the viewport. (#12972)
• All control panel errors are new presented via error notifications rather than browser alerts. (#13024)
• The up command now sets its default --isolated option value to true, and no longer creates a redundant mutex lock.
• Added craft\base\Element::EVENT_BEFORE_DEFINE_URL. (#13018)
• Added craft\utilities\AssetIndexes::volumes().
• craft\controllers\AssetIndexesController::actionStartIndexing() now cross-references the selected volumes with those allowed by craft\utilities\AssetIndexes::EVENT_LIST_VOLUMES event handlers. (#13039, #12819)
• Fixed a bug where Assets fields weren’t respecting their View Mode setting when viewing entry revisions. (#12948)
• Fixed a bug where asset pagination was broken when there was more than 100 subfolders. (#12969)
• Fixed a bug where entry index pages’ “Revision Notes” and “Last Edited By” columns weren’t getting populated for disabled entries. (#12981)
• Fixed a bug where assets were getting relocated to the root volume folder when renamed. (#12995)
• Fixed a bug where it wasn’t possible to preview entries on another domain when the system was offline. (#12979)
• Fixed a bug where users were able to access volumes they didn’t have permission to view via Assets fields. (#13006)
• Fixed a bug where zero-width spaces, invisible plus signs, and byte order marks weren’t getting stripped from sanitized asset filenames. (#13022)
• Fixed a bug where the Plugin Store wasn’t accurately reporting installed plugins’ license statuses. (#12986)
• Fixed a bug where the Plugin Store wasn’t handling 403 API responses for cart operations properly, once a cart had been handed off to Craft Console and assigned to an organization. (#12916)
• Fixed a bug where craft\helpers\FileHelper::absolutePath() wasn’t treating Windows file paths beginning drive letters as absolute. (craftcms/generator#16)
• Fixed a bug where it wasn’t possible to sort Categories fields with “Maintain hierarchy” disabled. (#10560)
• Fixed a bug where selectize inputs didn’t have a minimum width. (#12950)
• Fixed a bug where the wrong tab would appear to be initially selected after an autosave, if the selected tab had changed during the autosave. (#12960)
• Fixed a bug where it wasn’t possible to add a Dropdown field without a blank option to a global set. (#12965)
• Fixed a bug where automatically-added Matrix blocks (per the field’s Min Blocks setting) were getting discarded if no changes were made to them. (#12973)
• Fixed an error that could occur when installing Craft with an existing project config, if any image transforms were defined that didn’t specify the upscale property.
• Fixed a bug where nested folders in asset search results weren’t showing their relative path.
• Fixed a bug where admin tables’ default delete icon title text wasn’t getting translated. (#13030)
• Fixed a bug where it was possible to save a Local filesystem pointed at a system directory (e.g. the templates/ or vendor/ folders), which mitigates a potential RCE vulnerability.
• Fixed XSS vulnerabilities.