Releases: craftcms/cms
Releases · craftcms/cms
3.8.10
4.4.9
- Volumes no longer validate if their field layout contains a field called
extension
,filename
,height
,kind
,size
, orwidth
. - It’s now possible for plugins to register errors to entries’
typeId
,parentId
, andauthorId
attributes. (#13138) - Stack traces returned by
craft\helpers\App::backtrace()
now more closely resemble exception stack traces. - “Element query executed before Craft is fully initialized” warnings now include a stack trace.
- Fixed a bug where queue-runner Ajax requests triggered on the front end weren’t getting closed before running the queue, potentially causing long front-end load delays.
- Fixed a bug where long element titles weren’t wrapping. (#13143)
- Fixed a user enumeration timing attack vulnerability.
- Fixed a SQL error that could occur when upgrading to Craft 4, if any
matrixblocks
table rows referenced nonexistent element IDs. (#13121) - Fixed a SQL error that could occur when upgrading to Craft 4, if anything triggered an asset or volume query. (#13130)
- Fixed a SQL error that occurred when deleting a category group on PostgreSQL, when configured with a table prefix. (#13127)
- Fixed a bug where it was possible to query for elements with soft-deleted site IDs.
- Fixed a JavaScript error that could occur on the control panel login form.
3.8.9
- Volumes no longer validate if their field layout contains a field called
extension
,filename
,height
,kind
,size
, orwidth
. - Fixed a bug where queue-runner Ajax requests triggered on the front end weren’t getting closed before running the queue, potentially causing long front-end load delays.
- Fixed a bug where long element titles weren’t wrapping. (#13143)
- Fixed a user enumeration timing attack vulnerability.
4.4.8
- Category/tag/global set reference tags now map to entries, if no category groups/tag groups/global sets exist. (#13082)
- HTML Purifier now allows
data-oembed-url
attributes ondiv
tags. (craftcms/ckeditor#80) - Added
craft\queue\Queue::EVENT_AFTER_EXEC_AND_RELEASE
. (#13096) craft\services\Elements::propagateElements()
now returns the element in the target site.- A globally-defined element thumb loader is now available in the control panel via
Craft.cp.elementThumbLoader
. - Fixed a bug where it was possible to select a disallowed volume as the Default Asset Location in Assets field settings. (#13072)
- Fixed a bug where it was possible to upload files to Assets fields outside of the allowed volumes, if the Default Upload Location was set to a disallowed volume. (#13072)
- Fixed an error that could occur if a Plain Text field had over 1,000,000 bytes. (#13083)
- Fixed a bug where relational field values weren’t yielding any results for event handlers immediately after a draft had been merged. (#13087)
- Fixed a bug where element labels could bleed out of their container. (#13099)
- Fixed an error that occurred if
yii\web\UrlManager::addRules()
was called on a console request. (#13109) - Fixed a bug where it was possible to select the current folder as the target when moving a volume folder, resulting in the folder and its contents being lost. (#13118)
- Fixed an error that could occur when running tests. (#13076)
- Fixed an error that occured when sending the activation email for a new user, if there were any validation errors due to new group assignments. (#13060)
- Fixed a bug where the “Send an activation email now” user account checkbox was losing its value if there were any validation errors.
- Fixed an error that could occur when creating a database backup on MySQL and MariaDB. (#12996)
- Fixed a bug where Edit Category screens were including a Parent field, even if the category group’s Max Levels was set to
1
. (#13097) - Fixed a bug where the uploader’s user photo wasn’t always loading on Edit Asset pages.
- Fixed a bug where the “Delete for site” bulk element action was deleting disabled elements and drafts across all sites. (#13116)
- Fixed a bug where Entries and Categories fields with “Maintain hierarchy” enabled could lose relations to elements that didn’t exist in the primary site. (#13057)
3.8.8
- Fixed a bug where it was possible to select a disallowed volume as the Default Asset Location in Assets field settings. (#13072)
- Fixed a bug where it was possible to upload files to Assets fields outside of the allowed volumes, if the Default Asset Location was set to a disallowed volume. (#13072)
- Fixed an error that could occur if a Plain Text field had over 1,000,000 bytes. (#13083)
- Fixed a bug where relational field values weren’t yielding any results for event handlers immediately after a draft had been merged. (#13087)
- Fixed a bug where element labels could bleed out of their container. (#13099)
- Fixed an error that occurred if
yii\web\UrlManager::addRules()
was called on a console request. (#13109) - Fixed a bug where it was possible to select the current folder as the target when moving a volume folder, resulting in the folder and its contents being lost. (#13118)
- Fixed a bug where custom field values weren’t getting saved for assets in the local temp upload location. (#12695)
4.4.7.1
- Locked the Yii 2 PSR Log Target library to 1.1.3 to avoid a PHP error that occurs on 1.1.4.
4.4.7
- Improved the control panel styling when the Debug Toolbar is enabled.
- The image transformer now verifies that transforms don’t exist if the index record is missing, before queuing up the transform generation, for local filesystems. (#13052)
- Added the
--propagate-to
and--set-enabled-for-site
options to theresave/entries
command. - Craft’s bootstrap script now defines a
CRAFT_ENVIRONMENT
environment variable, as a safety measure for plugins that may be checking for it rather thanCraft::$app->env
. - Added
craft\helpers\ElementHelper::siteStatusesForElement()
. craft\elements\Asset::EVENT_BEFORE_DEFINE_URL
now sends acraft\events\DefineAssetUrlEvent
object, rather thancraft\events\DefineUrlEvent
. (#13018)craft\web\View::renderObjectTemplate()
now trims the returned template output.- Fixed a bug where users were “View other users’ drafts” section permissions weren’t being enforced for unpublished drafts.
- Fixed a bug where Matrix fields weren’t counting disabled blocks when enforcing their Min Blocks settings. (#13059)
- Fixed a bug where volume folder modals’ sidebars and content were being cut off. (#13074)
- Fixed a bug where element editors were showing provisional changes, even if the user didn’t have permission to save them.
- Fixed a bug where the control panel could be inaccessible if a mutex lock couldn’t be acquired for the queue. (#13052)
- Fixed a bug where it wasn’t possible to update a Matrix block on a revision without a new block ID being assigned. (#13064)
- Fixed a JavaScript error that could occur on field layout designers, if any tabs didn’t have any elements. (#13062)
- Fixed a bug where selecting an image with a transform within an asset selector modal wasn’t ever resolving.
- Fixed a PHP error that could occur if there was a problem sending a password-reset email. (#13070)
- Fixed a bug where users’ User Groups and Permissions settings were getting cleared in the UI when sending an activation email, if the email failed to send. (#13061)
- Fixed XSS vulnerabilities.
- Updated yii2-debug to 2.1.22. (#13058)
3.8.7
- Improved the control panel styling when the Debug Toolbar is enabled.
- Boolean config settings that are set to the strings
'true'
,'false'
, or'null'
are now converted totrue
,false
, andnull
. (#13063) craft\web\View::renderObjectTemplate()
now trims the returned template output.- Fixed a bug where the Entries index page was listing unpublished drafts created by other users, even if the current user didn’t have permission to edit them.
- Fixed a bug where Matrix fields weren’t counting disabled blocks when enforcing their Min Blocks settings. (#13059)
- Fixed a bug where volume folder modals’ sidebars and content were being cut off. (#13074)
4.4.6
- Content tab menus now reveal when a tab contains validation errors, and invalid tabs’ menu options get the same warning icon treatment as inline tabs do. (#12971)
- Selectize menus now expand upwards when there’s not ample space below them. (#12976)
- Element index bulk action spinners are now centered on the viewport. (#12972)
- All control panel errors are new presented via error notifications rather than browser alerts. (#13024)
- The
up
command now sets its default--isolated
option value totrue
, and no longer creates a redundant mutex lock. - Added
craft\base\Element::EVENT_BEFORE_DEFINE_URL
. (#13018) - Added
craft\utilities\AssetIndexes::volumes()
. craft\controllers\AssetIndexesController::actionStartIndexing()
now cross-references the selected volumes with those allowed bycraft\utilities\AssetIndexes::EVENT_LIST_VOLUMES
event handlers. (#13039, #12819)- Fixed a bug where Assets fields weren’t respecting their View Mode setting when viewing entry revisions. (#12948)
- Fixed a bug where asset pagination was broken when there was more than 100 subfolders. (#12969)
- Fixed a bug where entry index pages’ “Revision Notes” and “Last Edited By” columns weren’t getting populated for disabled entries. (#12981)
- Fixed a bug where assets were getting relocated to the root volume folder when renamed. (#12995)
- Fixed a bug where it wasn’t possible to preview entries on another domain when the system was offline. (#12979)
- Fixed a bug where users were able to access volumes they didn’t have permission to view via Assets fields. (#13006)
- Fixed a bug where zero-width spaces, invisible plus signs, and byte order marks weren’t getting stripped from sanitized asset filenames. (#13022)
- Fixed a bug where the Plugin Store wasn’t accurately reporting installed plugins’ license statuses. (#12986)
- Fixed a bug where the Plugin Store wasn’t handling 403 API responses for cart operations properly, once a cart had been handed off to Craft Console and assigned to an organization. (#12916)
- Fixed a bug where
craft\helpers\FileHelper::absolutePath()
wasn’t treating Windows file paths beginning drive letters as absolute. (craftcms/generator#16) - Fixed a bug where it wasn’t possible to sort Categories fields with “Maintain hierarchy” disabled. (#10560)
- Fixed a bug where selectize inputs didn’t have a minimum width. (#12950)
- Fixed a bug where the wrong tab would appear to be initially selected after an autosave, if the selected tab had changed during the autosave. (#12960)
- Fixed a bug where it wasn’t possible to add a Dropdown field without a blank option to a global set. (#12965)
- Fixed a bug where automatically-added Matrix blocks (per the field’s Min Blocks setting) were getting discarded if no changes were made to them. (#12973)
- Fixed an error that could occur when installing Craft with an existing project config, if any image transforms were defined that didn’t specify the
upscale
property. - Fixed a bug where nested folders in asset search results weren’t showing their relative path.
- Fixed a bug where admin tables’ default delete icon title text wasn’t getting translated. (#13030)
- Fixed a bug where it was possible to save a Local filesystem pointed at a system directory (e.g. the
templates/
orvendor/
folders), which mitigates a potential RCE vulnerability. - Fixed XSS vulnerabilities.