Concrete 5 CMS v8.5.5 Release Notes

  • πŸ†• New Features

    • Let user specify the SMTP HELO/EHLO domain for their SMTP server (thanks mlocati)

    Behavioral Improvements

    • βœ‚ Removed version from meta generator tag.
    • ⚑️ CKEditor updated to 4.15.0 (thanks mlocati)
    • Page drafts are now viewable by the view page draft permission (thanks HMone23)
    • ⚑️ Updated list of UK counties (thanks Mesuva)
    • ⚑️ Update CKEditor from 4.15.0 to 4.15.1 (thanks mlocati)
    • πŸ›  Fix: make email log readable by decode quoted printable text (thanks hissy)

    πŸ› Bug Fixes

    • πŸ›  Fixing bug where accidentally re-saving a theme preset layout (e.g. β€œLeft Sidebar”) as a user preset would cause a site to become unresponsive.
    • πŸ›  Fixed bug where pages indexed through the CLI search index job weren’t indexed properly (thanks haeflimi)
    • Page Selector attribute now properly searchable (thanks dimger)
    • πŸ‘· No longer fire event execute_job twice (thanks deek87)
    • πŸ›  Fixing error when rescanning a multilingual locale (thanks mlocati)
    • πŸ›  Fixed error or max execution timeout that can occur when logging out of multilingual websites (thanks hissy)
    • πŸ›  Fixed: [CKEDITOR] Error code: editor-element-conflict. (thanks mlocati)
    • πŸ›  Fixed error: No such file or directory error when editing an aliased block which is not editable (thanks mlocati)
    • πŸ›  Fix some issues when using tags on multilingual site (thanks hissy)
    • πŸ›  Fix duration of IP bans (they were supposed to last seconds but instead used the same value and in minutes) (thanks mlocati)
    • πŸ›  Fixed: Stacks don't update if caching is enabled (thanks hissy)
    • πŸ“œ Correctly parse non-decimal IP addresses (thanks mlocati)
    • πŸ›  Fix: enable to send private message to all groups at once (thanks hissy)
    • πŸ›  Fixed: Redis cookie handler always use the session name as a prefix (thanks mlocati)
    • πŸ›  Fixed an error where 404 does not work in multi language cases under certain situations (thanks hissy)
    • ⬆️ More resilient upgrade routine when dealing with conflicting character sets in mysql (thanks mlocati)
    • πŸ›  Fix issue where a rich text field on a form block doesn't re-populate contents after submit (thanks Mesuva)
    • πŸ›  Fixed: Express Forms - CSV Export does not respect datetime format from config (thanks 1stthomas)
    • πŸ›  Fix bug: Express Form can generate same attribute keys for multiple attribute keys (thanks hissy)
    • πŸ›  Fixes filtering by multiple topic attributes on an item list (thanks hissy)
    • Banned words with multibyte characters are now accurately detected (thanks hissy)
    • πŸ‘‰ Use UserMessageException when invalid path traversal is detected (thanks mlocati)
    • 🚚 Do not remove picture elements on rendering textarea attribute value (thanks hissy)
    • πŸ›  Fix "call to a member function overrideCollectionPermissions() on a non-object" in AreaAssignment (thanks mlocati)

    πŸ”’ Security Fixes

    • πŸ›  Fixed CVE-2021-28145 XSS in Surveys fixed (thanks deek87)
    • πŸ›  Fixed CVE-2021-3111 Stored XSS on express entries H1 report 873474

    ⚑️ Developer Updates

    • πŸ‘ Allow routes with optional arguments (thanks mlocati)