All Versions
309
Latest Version
Avg Release Cycle
12 days
Latest Release
877 days ago
Changelog History
Page 9
Changelog History
Page 9
-
v2.111.3 Changes
August 26, 2020- When Apostrophe is running behind a proxy server like nginx, you can now instruct it to trust the
X-Forwarded-*
headers by passing thetrustProxy: true
option toapostrophe-express
. If Apostrophe is generatinghttp:
URLs when they should behttps:
, this is most likely what you need.
- When Apostrophe is running behind a proxy server like nginx, you can now instruct it to trust the
-
v2.111.2 Changes
September 19, 2020- ๐ Fixed a conflict between
express.static
and apostrophe's automatic removal of trailing slashes from possible page URLs. Apostrophe's intent in usingexpress.static
is only to deliver static assets. So we have made that intent clear by disabling theredirect
option ofexpress.static
, which attempts to add a trailing slash whenever a folder exists on disk by that name, resulting in an infinite redirect loop.
- ๐ Fixed a conflict between
-
v2.111.1 Changes
August 17, 2020- ๐ Fixed an incompatibility between apostrophe-workflow and MongoDB 4.4. Prior to version 4.4, MongoDB allowed a projection to contain both a parent property and one of its children, for instance
workflowLastCommitted
andworkflowLastCommitted.at
. Beginning with version 4.4 this causes an error, breaking the list view of pieces when workflow is present. For backwards compatibility, version 2.111.1 of Apostrophe now checks all projections coming from Apostrophe's cursors for this issue and removes the projection for the sub-property on the fly. This does not cause any compatibility issues of its own because projecting the parent always gives you the sub-property anyway.
- ๐ Fixed an incompatibility between apostrophe-workflow and MongoDB 4.4. Prior to version 4.4, MongoDB allowed a projection to contain both a parent property and one of its children, for instance
-
v2.111.0 Changes
August 12, 2020- ๐ง By popular request, "Add Widget" dropdown menus are better organized now, with support for categories of widgets. You can configure this optional feature like so:
apos.area(data.page, 'areaNameHere', { widgets: { ... you must configure your widgets as usual ... } widgetGroups: { 'Content': [ 'apostrophe-rich-text', 'apostrophe-images' ], 'Layout': [ 'one-column', 'two-column' ] } }
๐ง Every widget type you specify for
widgetGroups
must still be configured inwidgets
.If
widgetGroups
is not present the "add widget" dropdown menu will appear as it always did.- โ Removes the
aposBody
template macro, which was unused.
-
v2.110.1 Changes
August 12, 2020- โ Removes the
aposBody
template macro, which was unused.
- โ Removes the
-
v2.110.0 Changes
July 29, 2020- ๐ Security: added support for throttling login attempts. If you set the
throttle
option ofapostrophe-login
to{ allowedAttempts: 3, perMinutes: 1, lockoutMinutes: 1 }
, a user will be locked out and unable to try again for 1 minute after three failed login attempts in 1 minute. Thanks to Michelin for making this work possible via Apostrophe Enterprise Support. - Schemas: you may now set a regular expression to be used to validate any
string
schema field by setting thepattern
property of the schema field. Please note thatpattern
must be a string, not a regular expression literal. Otherwise it will only be validated on the server side, causing confusion for the user when it ๐ป is not reported on the browser side. You may also setpatternErrorMessage
to provide a clear explanation to the user when their input does not match. When settingpattern
as a string always remember to escape the\
character properly (you will often need two\
characters, for instance\\w
). To avoid Denial of Service attacks, take care to avoid evil regular expressions. - ๐ Security: added an
apostrophe-login:before
promise event which is emitted with(req)
before a login attempt is evaluated. If a handler throws a string as an error, that string is internationalized and displayed as a login error, otherwise login proceeds normally. This can be used to implement features like the newapostrophe-login-recaptcha
module, which you can install separately. - ๐ Security: to ease implementation of
apostrophe-login-recaptcha
, the login form now hasdata-apos-login-form
anddata-apos-login-submit-button
attributes on the appropriate elements. - ๐ Security: when requiring Google Authenticator or a similar app for login (TOTP), you may now limit the requirement to certain groups, by passing a setting like
totp: { groups: true }
to theapostrophe-login
module rather than justtotp: true
. Admins may then select which groups actually require TOTP by selecting it when editing the group (look at the permissions tab). In addition, the existingtotp
option has been added to the module documentation.
- ๐ Security: added support for throttling login attempts. If you set the
-
v2.109.0 Changes
July 15, 2020- โ Add heic-to-jpeg-middleware to support uploading
heic/heif
images (the standard format for recent iPhones/iPads). Many thanks to Gabriel L. Maljkovich for their contributions to the underlying middleware as well as the integration with Apostrophe. - โ Add CSS to maintain spacing of admin UI.
- โ Add heic-to-jpeg-middleware to support uploading
-
v2.108.1 Changes
July 01, 2020- ๐ Updates documentation of the
clonePermanent
utility method. - ๐ง The http response to dismissing a notification should not include any information about the mongodb connection. The response previously included relatively low-risk information, including the IP address of the MongoDB server but not enough to make an unauthorized connection when the MongoDB server and/or firewall are properly configured.
- ๐ Updates documentation of the
-
v2.108.0 Changes
June 17, 2020๐ UX improvement: if a piece type has the
contextual: true
option set and workflow is present, do not default published tofalse
. There is already a good opportunity to review before the public sees the piece afforded by workflow.๐ฏ If called with a scalar argument,
apos.utils.clonePermanent
now returns scalars (strings, booleans, numbers) as-is. This makes it easier to use the method when the argument might or might not be an object that requires cloning.
-
v2.107.2 Changes
June 10, 2020- ๐ Fixed a regression that caused difficulty saving array fields with
color
subfields in their schema. This regression was introduced in 2.107.0.
- ๐ Fixed a regression that caused difficulty saving array fields with