framework/CHANGELOG.md
Sami Mazouz 243bc139b0
chore: changelog
Signed-off-by: Sami Mazouz <sychocouldy@gmail.com>
2023-01-10 15:22:17 +01:00

69 KiB

Changelog

v1.6.3

Fixed

  • Post mentions can be used to read any post on the forum without access control (ab1c868b978e8b0d09a5d682c54665dae17d0985).
  • Notifications can leak restricted content (d0a2b95dca57d3dae9a0d77b610b1cb1d0b1766a).
  • Any user including unactivated can reply in public discussions whose first post was permanently deleted (12f14112a0ecd1484d97330b82beb2a145919015).
  • (subscriptions) Post notifications not getting access checked (e5f05166a0).

v1.6.2

Fixed

v1.6.1

Fixed

  • JS dependencies update breaks utilities.

v1.6.0

Fixed

  • (approval) posts approved for deleted users error (b5874a0)
  • (regression) bad import (5f2d7fb)
  • akismet fails when the extension is not on a version (45d9121)
  • apply flex for AppearancePage colors input [#3651]
  • groupmentions have poor contrast on some backgrounds [#3672]
  • larastan v1 incompatible with phpstan v1.9.0 [#3665]
  • package manager failures not showing alerts [#3647]
  • password reset leaks user existence [#3616]
  • statistics previous period chart is unclear [#3654]

Changed

  • (package-manager) config composer to use web php version (fd19645)
  • (package-manager) set min core version and add warning (31c3cfc)
  • (statistics) prepare v1.5.1 (dc215ab)
  • Apply fixes from StyleCI (267f675)
  • Fix tag discussion count decreased by 2 when hiding before deleting [#3660]
  • Log migration path when up/down keys are missing [#3664]
  • Make it possible to extend SetupScript [#3643]
  • Setup PHPStan Level 5 [#3553]
  • yarn format (c5c312d)
  • add missing last period to custom date ranges [#3661]
  • add priorities to profile settings page [#3657]
  • allow specifying php extensions in workflow (b0b47a0)
  • format js (06963df)
  • group mentions [#3658]
  • remove styleci from changelog (b2fa28e)
  • set flarum version to dev for 1.6.0 (fc743ba)
  • throw an exception when no serializer is provided to the controller [#3614]

Added

  • (statistics) support for custom date ranges [#3622]
  • Allow additional login params, Introduce LogInValidator [#3670]
  • Allow additional reset password params, introduce ForgotPasswordValidator [#3671]
  • add statistics chart export button [#3662]
  • allow specifying extensions when installing an instance [#3655]
  • contrast util with yiq calculator [#3652]
  • customizable session driver [#3610]
  • replace ColorPreviewInput for GroupModal color input [#3650]
  • send notifications of a new reply when post is approved [#3656]

v1.5.0

Fixed

  • (a11y) add accessible labels to notification grid options [#3520]
  • (a11y) present post streams as feeds [#3522]
  • (a11y) set aria-busy when editing a post stream item [#3521]
  • (compilation) versioner not inject into compilers [#3589]
  • (mentions) accessing id of null user relation [#3618]
  • (subscriptions) add missing table prefix for filter gambit [#3599]
  • (tags) use default index sortmap [#3615]
  • Move guzzle requirement to core [#3544]
  • MyISAM tables for extensions during installation (75aaef7, f926c58)
  • Set the translator locale to user preference for email notifications [#3525]
  • $events property declared dynamically [#3598]
  • core settings header has no priority (33bf228)
  • html entities shown raw in page title [#3542]
  • incorrect centring of deleted user avatars in notification list [#3569]
  • intellisense imports defaulting to absolute path from src folder [#3549]
  • minor backward compatible fix for php 8.1 in st_replace (07b2f86)
  • post query wildcard selection causes ambiguity [#3621]
  • potential static caching memory exhaustion [#3548]
  • prepare release workflow has invalid layout (70e483d)
  • remove deprecation warning for decoding null values (590639f)
  • replace .fa() mixin usage with .fas() [#3537]
  • return type hint static is php 8+ (b01b75e)
  • sticky nav content displays below post stream [#3575]
  • titles positioned wrongly with custom header height [#3550]
  • typo in error message (1a189f4)
  • unread notifications are globally cached between users. [#3543]
  • update workflow name (628c281)
  • user has wrong discussion read status [#3591]

Changed

  • (approval, likes) use subscribers [#3577]
  • (package-manager) last tweaks before beta tag (335c602)
  • (statistics) add release notes for 1.4.1 (f4ace73)
  • (statistics) rewrite for performance on very large communities [#3531]
  • (statistics) split timed data into per-model XHR requests [#3601]
  • (tags) Replace event helper with event dispatcher [#3570]
  • Add loading="lazy" attribute for avatars [#3578]
  • Create CODEOWNERS (6e48a03)
  • MyISAM tables for extensions during installation" (f128190)
  • convert AlertManager IndexPage and UserPage components to TS [#3536]
  • convert Badge Checkbox and Navigation components to TS [#3532]
  • convert core modals to TypeScript [#3515]
  • convert page components to TypeScript [#3538]
  • debug line slipped in while rebasing a PR [#3580]
  • don't pass password field between auth modals [#3626]
  • fix github issue templates (d3e456a)
  • format code (4954621)
  • getting the release workflow in (5530400)
  • link logo at the top with the official website [#3552]
  • prevent running both push and pull_request actions at the same time [#3597]
  • refactor prefix matrix and add MySQL 8.0 & PHP 7.3 to workflows [#3595]
  • relying on a third-party for avatar URL tests is unreliable [#3586]
  • require guzzle 6 or 7 (46b3b7a)
  • split FA imports into separate Less file for easy overriding [#3535]
  • unify JS actions into one (rewritten flarum/action-build) [#3573]
  • update version constant during cycle 22 (d864405)
  • use isCollapsed instead of rangeCount [#3581]
  • use github issue template forms [#3526]

Added

  • (likes) Add likes tab to user profile [#3528]
  • (likes) Option to prevent users liking their own posts [#3534]
  • (modals) support stacking modals, remove bootstrap modals dependency [#3456]
  • (subscriptions) add option to send notifications when not caught up [#3503]
  • Add custom class for email confirmation alert [#3584]
  • Admin debug mode warning [#3590]
  • Delete all notifications [#3529]
  • Queue package manager commands [#3418]
  • Restart the queue worker after cache clearing, ext enable/disable, save settings [#3565]
  • add createTableIfNotExists migration helper [#3576]
  • add new workflow for generating release meta (0901e59)
  • clear password & email tokens when appropriate [#3567]
  • discussion UTF-8 slug driver [#3606]
  • expose assets base url to frontend forum model [#3566]
  • extender to add custom less variables [#3530]
  • publish assets on admin dashboard cache clear [#3564]
  • throttle email change, email confirmation, and password reset endpoints. [#3555]

1.4.0

Added

Changed

Fixed

1.3.1

Changed

Fixed

1.3.0

From v1.2.1 on all bundled Flarum extensions and flarum/core are merged into one monorepo. As a result of this, the full code diff linked above
looks rather complex and messy compared to the full list of changes made for this release.

Added

Changed

Fixed

1.2.1

Fixed

  • Don't escape single quotes in discussion title meta tags (60600f4d2b)

1.2.0

Added

Changed

Fixed

Deprecated

1.1.1

Fixed

  • Performance issue with very large communities.

1.1.0

Added

Changed

Fixed

Code Contributors

@lhsazevedo, @Ornanovitch, @pierres, @the-turk, @iPurpl3x

Issue Reporters

@uamv, @dannyuk1982, @BurnNoticeSpy, @haarp, @peopleinside, @matteocontrini

1.0.4

Fixed

1.0.3

Changed

Fixed

1.0.2

Fixed

  • Critical XSS vulnerability

1.0.1

Fixed

1.0.0

Added

Changed

Fixes

Removed

0.1.0-beta.16

Added

Changed

Fixed

Removed

Deprecated

0.1.0-beta.15

Added

Changed

Fixed

Removed

Deprecated

0.1.0-beta.14.1

Fixed

0.1.0-beta.14

Added

Changed

Fixed

Removed

  • Flarum\Event\AbstractConfigureRoutes event class
  • Flarum\Event\ConfigureApiRoutes event class
  • Flarum\Event\ConfigureForumRoutes event class
  • Flarum\Console\Event\Configuring event class
  • Flarum\Event\ConfigureModelDates event class
  • Flarum\Event\ConfigureLocales event class
  • Flarum\Event\ConfigureModelDefaultAttributes event class
  • Flarum\Event\GetModelRelationship event class
  • Flarum\User\Event\BioChanged event class
  • Flarum\Database\MigrationServiceProvider moved into Flarum\Database\DatabaseServiceProvider
  • Unused admin/components/Widget component (admin/component/DashboardWidget should be used instead)
  • Mandrill mail driver (bca833d3f1)

Deprecated

0.1.0-beta.13

Added

  • Console extender (#2057)
  • CSRF extender (#2095)
  • Event extender (#2097)
  • Mail extender (#2012)
  • Model extender (#2100)
  • Posts by users that started a discussion now have the CSS class .Post--by-start-user
  • PHPUnit 8 compatibility
  • Composer 2 compatibility
  • Permission groups can now be hidden (#2129)
  • Confirmation popup when hiding or deleting posts (#2135)

Changed

  • Updated less.php dependency version to 3.0
  • Updated JS dependencies
  • All notifications and other emails now processed through the queue, if enabled (#978, #1928, #1931, #2096)
  • Simplified uploads, removing need to store intermediate files (#2117)
  • Improved date handling for dates older than 1 year (#2034)
  • Linting and automatic formatting for JS (#2099)
  • Translation files from Language Packs are only loaded for extensions that are enabled (#2020)
  • PHP extenders' properties are now private instead of protected, intentionally making it harder to extend these classes (#1958)
  • Preparation for upgrading Laravel components to 5.8 and then 6.0 (#2055, #2117)
  • Allowed permission checks based on model classes in addition to instances (#1977)

Fixed

  • Users can no longer restore discussions hidden by admins (#2037)
  • Issues of the Modal not showing or auto hiding (#1504, #1813, #2080)
  • Columnar layout on admin extensions page was broken in Firefox (#2029, #2111)
  • Non-dismissible modals could still be dismissed using the ESC key (#1917)
  • New discussions were added to the discussion list above unread sticky posts (#1751, #1868)
  • New discussions not visible to users when using Pusher (#2076, #2077)
  • Permission icons were aligned unevenly in admin permissions list (#2016, #2018)
  • Notification bubble not inversed on mobile with colored header (#1983, #2109)
  • Post stream scrubber clicks jumped back to first post (#1945)
  • Loading state of Switch toggle component was hard to see (#2039, #1491)
  • Flarum\Extend\Middleware: The methods insertBefore() and insertAfter() did not work as described (#2063, #2084)

Removed

  • Support for PHP 7.1 (#2014)
  • Zend compatibility bridge (#2010)
  • SES mail support (#2011)
  • Backward compatibility layer for Flarum\Mail\DriverInterface, new methods from beta.12 are now required
  • Flarum\Util\Str helper class
  • Flarum\Event\ConfigureMiddleware event

Deprecated

  • Flarum\Event\AbstractConfigureRoutes event class
  • Flarum\Event\ConfigureApiRoutes event class
  • Flarum\Event\ConfigureForumRoutes event class
  • Flarum\Event\ConfigureLocales event class

0.1.0-beta.12

Added

  • Full support for PHP 7.4 (#1980)
  • Mail settings: Configure region for the Mailgun driver (#1834, #1850)
  • Mail settings: Alert admins about incomplete settings (#1763, #1921)
  • New permission that allows users to post without throttling (#1255, #1938)
  • Basic transliteration of discussion "slugs" / pretty URLs (#194, #1975)
  • User profiles: Render basic content on server side (#1901)
  • New extender for configuring middleware (#1919, #1952, #1957, #1971)
  • New extender for configuring error handling (#1781, #1970)
  • Automated tests for PHP extenders to guarantee their backwards compatibility

Changed

  • Profile URLs for non-existing users properly return HTTP 404 (#1846, #1901)
  • Confirmation email subject no longer contains the forum title (#1613)
  • Improved error handling during Flarum's early boot phase (#1607)
  • Updated deprecated "Zend" libraries to their new "Laminas" equivalents (#1963)

Fixed

  • Update page did not work when installed in subdirectories (#1947)
  • Avatar upload did not work in IE11 / Edge (#1125, #1570)
  • Translation fallback was ignored for client-rendered pages (#1774, #1961)
  • The success alert when posting replies was invisible (#1976)

0.1.0-beta.11.1

Fixed

  • Saving custom css in admin failed (#1946)

0.1.0-beta.11

Added

  • Comments have an additional class Post--by-actor when posted by the user (#1927)

Changed

  • Improved support for URL identification during installation (#1861)
  • KeyboardNavigatable now has a callback ability (#1922)
  • Links are no longer opened with target _blank but in the same window (#859)
  • Links now have nofollow ugc by default as their rel attribute (#859, #1884)
  • Improved performance of the full text gambit when searching for users (#1877)
  • The Queue implementation is now available under its Illuminate contract

Fixed

  • No error handling was possible in the console/cli (#1789)
  • Enable scrollbars in log in modals so it fits for GitHub (#1716)
  • Reduce log in modal for SSO so it fits for Facebook (#1727)
  • Deleting discussions permanently did not delete its posts (#1909)
  • Fixed the queue:restart command (#1932)
  • Deleted posts were visible to all visitors (#1827)
  • Old avatars weren't being deleted when replaced (#1918)
  • The search performance regression was reverted (#1764)
  • No profile background could be set for remote images (#445)
  • Back button sends to home even though it could actually go back (#1942)
  • Debug button no longer visible (#1687)
  • Modals on smaller screens use the whole width of the page

0.1.0-beta.10

Added

  • Initial queue support: Infrastructure for offloading long-running tasks (e.g. email sending) to background workers (#1773)
  • Notifications can now be marked as read without visiting a discussion (#151)
  • SEO: The discussion list now has a rel="canonical" meta tag, preventing duplicate content (#1134, #1814)
  • The "Edit User" permission can now be edited in the UI (#1845)
  • New status message and redirect after user deletion (#1750, #1777)
  • Errors in Flarum's boot process are now presented with more detailed information (#1607)

Changed

  • Better, more detailed and extensible error handling (#1641, #1843)
  • Error pages in debug mode now return the same HTTP status codes as in production (#1648)
  • Tweak HTTP status codes for authentication / authorization errors (#1854)
  • Already-used links from account activation emails now show a better error message (#1337)

Fixed

  • Security vulnerabilities in dependencies
  • Performance: High CPU usage when scrolling in a discussion (#1222)
  • Special characters crashed the search (#1498)
  • Missing declarations for language and text direction in HTML output (#1772)
  • Private messages were counted in user post counts (#1695)
  • Extensions could not change the forum's default page (#1819)
  • API requests authenticated using access tokens needed to provide a CSRF token (#1828)
  • Accessibility: Screenreaders did not read the "Back to discussion list" link (#1835)

0.1.0-beta.9

Added

  • New hasPermission() helper method for Group objects (9684fbc)
  • Expose supported mail drivers in IoC container (208bad3)
  • More test for some API endpoints (1670590)
  • The Formatter\Rendering event now receives the HTTP request instance as well (0ab9fac)
  • More and better validation in installer UIs
  • Check and enforce minimum MariaDB (7ff9a90)
  • Revert publication of assets when installation fails (ed9591c)
  • Benefit from Laravel's database reconnection logic in long-running tasks (e0becd0)
  • The "vendor path" (where Composer dependencies can be found) can now be configured (5e1680c)

Changed

  • Performance: Actually cache translations on disk (0d16fac)
  • Allow per-site extenders to override extension extenders (ba594de)
  • Do not resolve objects from the IoC container (in service providers and extenders) until they are actually used
  • Replace event subscribers (that resolve objects from the IoC container) with listeners (that resolve lazily)
  • Use custom service provider for Mail component (ac5e26a)
  • Update to Laravel 5.7, revert custom logic for building database index names
  • Refactored installer, extracted Installation class and pipeline for reuse in CLI and web installers (790d5be)
  • Use whitelist for enabling pre-installed extensions during installation (4585f03)
  • Update minimum MySQL version (7ff9a90)

Fixed

  • Signing up via OAuth providers was broken (67f9375)
  • Group badges were overlapping (16eb1fa)
  • API: Endpoint for uninstalling extensions returned an error (c761802)
  • Documentation links in installer were outdated (b58380e)
  • Event posts where counted when aggregating user posts (671fdec)
  • Admins could not reset user passwords (c67fb2d)
  • Several down migrations were invalid
  • Validation errors on reset password page resulted in HTTP 404 (4611abe)
  • is:unread gambit generated an invalid query (e17bb0b)
  • Entire forum was breaking when the custom_less setting was missing from the database (bf2c5a5)
  • Dropdown icon was not showing in user card when on user page (12fdfc9)
  • Requests were missing the original* attributes, which broke installations in subfolders (56fde28)
  • Special characters such as % and _ could return incorrect results (ee3640e)
  • FontAwesome component package changed paths in version 5.9.0 (5eb69e1)
  • Some server environments had problems accessing the system-wide tmp path for storing JS file maps (54660eb)
  • Content length of posts.content was not migrated to mediumText in 2017 (590b311)
  • An error occurred when going to the previous route if there was no previous route found (985b87da)

Removed

  • php flarum install --defaults - this was meant to be used in our old development VM (44c9109)
  • Obsolete id attributes in JSON-API responses (ecc3b5e and 7a44086)

0.1.0-beta.8.1

Fixed

  • Fix live output in migrate:reset command (f591585)
  • Fix search with database prefix (7705a2b)
  • Fix invalid join time of admin user created by installer (57f73c9)
  • Ensure InnoDB engine is used for all tables (fb6b51b, 6370f7e)
  • Fix dropping foreign keys in down migrations (57d5846)
  • Fix discussion list scroll position not being maintained when hero is not visible (40dc6ac)
  • Fix empty meta description tag (88e43cc)
  • Remove empty attributes on <html> tag (796b577)