Concrete 5 CMS v8.5.5 Release Notes
-
π New Features
- Let user specify the SMTP HELO/EHLO domain for their SMTP server (thanks mlocati)
Behavioral Improvements
- β Removed version from meta generator tag.
- β‘οΈ CKEditor updated to 4.15.0 (thanks mlocati)
- Page drafts are now viewable by the view page draft permission (thanks HMone23)
- β‘οΈ Updated list of UK counties (thanks Mesuva)
- β‘οΈ Update CKEditor from 4.15.0 to 4.15.1 (thanks mlocati)
- π Fix: make email log readable by decode quoted printable text (thanks hissy)
π Bug Fixes
- π Fixing bug where accidentally re-saving a theme preset layout (e.g. βLeft Sidebarβ) as a user preset would cause a site to become unresponsive.
- π Fixed bug where pages indexed through the CLI search index job werenβt indexed properly (thanks haeflimi)
- Page Selector attribute now properly searchable (thanks dimger)
- π· No longer fire event
execute_jobtwice (thanks deek87) - π Fixing error when rescanning a multilingual locale (thanks mlocati)
- π Fixed error or max execution timeout that can occur when logging out of multilingual websites (thanks hissy)
- π Fixed: [CKEDITOR] Error code: editor-element-conflict. (thanks mlocati)
- π Fixed error: No such file or directory error when editing an aliased block which is not editable (thanks mlocati)
- π Fix some issues when using tags on multilingual site (thanks hissy)
- π Fix duration of IP bans (they were supposed to last seconds but instead used the same value and in minutes) (thanks mlocati)
- π Fixed: Stacks don't update if caching is enabled (thanks hissy)
- π Correctly parse non-decimal IP addresses (thanks mlocati)
- π Fix: enable to send private message to all groups at once (thanks hissy)
- π Fixed: Redis cookie handler always use the session name as a prefix (thanks mlocati)
- π Fixed an error where 404 does not work in multi language cases under certain situations (thanks hissy)
- β¬οΈ More resilient upgrade routine when dealing with conflicting character sets in mysql (thanks mlocati)
- π Fix issue where a rich text field on a form block doesn't re-populate contents after submit (thanks Mesuva)
- π Fixed: Express Forms - CSV Export does not respect datetime format from config (thanks 1stthomas)
- π Fix bug: Express Form can generate same attribute keys for multiple attribute keys (thanks hissy)
- π Fixes filtering by multiple topic attributes on an item list (thanks hissy)
- Banned words with multibyte characters are now accurately detected (thanks hissy)
- π Use UserMessageException when invalid path traversal is detected (thanks mlocati)
- π Do not remove picture elements on rendering textarea attribute value (thanks hissy)
- π Fix "call to a member function overrideCollectionPermissions() on a non-object" in AreaAssignment (thanks mlocati)
π Security Fixes
- π Fixed CVE-2021-28145 XSS in Surveys fixed (thanks deek87)
- π Fixed CVE-2021-3111 Stored XSS on express entries H1 report 873474
β‘οΈ Developer Updates
- π Allow routes with optional arguments (thanks mlocati)