Concrete 5 CMS v8.5.4 Release Notes

Release Date: 2020-06-09 // about 2 months ago
  • πŸ› Bug Fixes

    • πŸ›  Fixing update errors that can happen (Update causes exception): #8729 (thanks mlocati)
    • πŸ›  Fix certain occasions where editing pages would result in composer being unable to load blocks. Fixes error β€œUnable to load block into composer” (Note: this will fix the issue for pages going forward, but existing pages with this error will not be resolved.)

    βž• Additional Functionality Present in 8.5.3 not described in previous release notes

    πŸ†• New Features (Note: some of these are present in 8.5.3)

    • βž• Added the ability to copy, paste, import and export style customizer settings at the page level (thanks mlocati)
    • βž• Added new public identifier property to express entries; you can use this identifier to relate entries to each other, or within custom API requests in such a way that it can’t be guessed.
    • βž• Added a new Group custom attribute type for use with Express.
    • βž• Added the ability to specify file storage locations at the file folder level (thanks marvinde)
    • βž• Added the ability to send private messages to all users in a specific group.
    • CSV files exported from Express objects now containing association data.
    • βž• Added the ability to show/hide survey results in the survey block.
    • βž• Added a console command to export express entities.
    • βž• Added the ability to require associations be selected in Express forms.
    • βš™ Running the reindex search all function will now reindex all Express entities and entries as well.

    Behavioral Improvements (Note: some of these are present in 8.5.3)

    • πŸ‘Œ Improvements to code quality, speed and efficiency (thanks mlocati)
    • πŸ‘Œ Improvements to file importer code quality, better sanitization of problematic SVGs on upload. (thanks mlocati)
    • πŸ‘€ Much improved address attribute logic and presentation for non North American countries/provinces/states – see #7943 (thanks ahukkanen)
    • We now refresh the file manager after changing properties (thanks marvinde)

    Developer Improvements (Note: some of these are present in 8.5.3)

    • βž• Added coding style guideline sniffer using phpcs directly into the concrete5 console (thanks mlocati)
    • ♻️ Refactored file importer, added support for pre and post processors (thanks mlocati)
    • πŸ‘ Generalizes IP Blocking, making it easier for developers to add support for blocking IPs based on custom actions (thanks mlocati)
    • πŸ“¦ Cleanup and improvements to the c5πŸ“¦pack command (thanks mlocati)

Previous changes from v8.5.3

  • πŸ†• New Features

    • βž• Added the ability to display the version status on the results page of a Page Search (thanks biplobice)
    • βž• Added the ability to log API requests via a Dashboard setting (thanks Kaapiii)
    • βž• Add phone and email to social links (thanks mlocati)
    • πŸ‘ The YouTube Video block now supports lazy loading. (Thanks MrKarlDilkington)

    Behavioral Improvements

    • 🚚 Moves the custom block template selector from the advanced tab to buttons (thanks Mesuva)
    • YouTube block: Delete 'show video infomation' option and change option name of showing related videos (thanks yuuminakazawa)
    • Return a response object instead of exiting after saving a block (thanks mlocati)
    • πŸ›  Fixed: We don't have to generate thumbnails if the image is in the private storage location (thanks hissy)
    • πŸ›  Fixed potential errors that could result when adding invalid regular expressions into the Google authentication type whitelist/blacklist (thanks mlocati)
    • 🚚 When you uncheck β€œinclude attribute in search index” then the columns will be fully removed from the search indexing tables (thanks mlocati)
    • ⚑️ Update OAuth password check to use PasswordHasher class (thanks Mesuva)
    • CKEditor: turn off 'Edit Source' before submit (thanks mlocati)
    • πŸ›  Fix issue with sitemap generation in multilingual sites (thanks dimger)
    • concrete5 handle the session garbage collection if a server isn’t going to do it (thanks mlocati)
    • Select Multiple now works from within the file manager again (thanks deek87)
    • ⏱ When the user opens "Schedule Publishing" dialog, show a warning message if there is another scheduled version (thanks hissy)
    • βž• Add "Cancel Scheduled Publish" button in "Publish Pending" dialog (thanks hissy)
    • πŸ‘‰ Show a logout view to logged in users on the login page
    • 🌲 More logging during OAuth attach/detach attempts.
    • βž• Added a unique page ID class to each page for page targeting (thanks Shahroq)
    • βž• Added a blacklist of file extensions to ensure that developers can’t easily add PHP to a list of uploadable file types (thanks mlocati)
    • πŸ‘Œ Improves to logout speed under certain circumstances (thanks kkyusuke)
    • πŸ‘ Calendar block height set to auto for better display in small width areas (thanks nakazanaka)
    • πŸ›  Fixed: getUserAccessEntityObjects returns guest if no session found (thanks biplobice)
    • The Refresh Token grant is now available for OAuth2 APIs (thanks kkyusuke)
    • πŸ‘‰ Use local date time format in CSV (thanks hissy)
    • πŸ™‹ Faster and safer duplication of FAQ/Image Slider blocks (thanks mlocati)
    • βž• Added an exception in case there's no template file to render (thanks iampedropiedade)
    • βž• Added raw and samesite options to cookie (thanks iampedropiedade)
    • πŸ‘Œ Improve distinction between log severity icons (thanks JohnTheFish)

    πŸ› Bug Fixes

    • πŸ›  Fixed inability to save blocks or do much of anything on Chrome 83 (relates to Chrome 83 behavioral change) (thanks bikerdave)
    • πŸ›  Fixing not sending password to RedisArray in session and cache drivers (thanks deek87)
    • πŸ›  Fixed bug where unnecessary localized stacks are generated when adding stacks to a multilingual site (thanks hissy)
    • πŸ›  Fixed: 8.5.2 - Chunked file uploads generate multiple files in the backend (thanks ahukkanen)
    • πŸ›  Fix flat sitemap in the trash view (thanks hamzaouibacha)
    • πŸ›  Fixed: Given a calendar event that was starting yesterday and ends tomorrow. It's a strange behavior if this event doesn't show up today in the calendars "events list" block (thanks core77)
    • πŸ›  Fixed multiple issues with user groups (thanks deek87)
    • Failed to upload avatar on user account page because of ccm_token error (thanks deek87)
    • πŸ›  Fix file manager issue with number of items per page (thanks biplobice)
    • πŸ›  Fixed: Thumbnails broken for storage locations outside web root (thanks hissy)
    • πŸ›  Fixed: Unable to detach google account at My Account page due to null exception (thanks deek87)
    • πŸ›  Fixed inability to move multiple pages at once in certain situations (thanks wordish)
    • Unable to paste the screenshot into content block (thanks deek87)
    • πŸ›  Fixed: Failing block validation denies any further access to that block if you cancel editing (thanks jlucki)
    • πŸ›  Fix user-selector events firing more than once (thanks deek87)
    • πŸ›  Fixed: CSS of Free-Form Layouts (or 'Custom Layouts') isn't loaded if the visitor is not logged in (thanks Ruud-Zuiderlicht)
    • πŸ›  Fixed inability to insert a link in Rich Text editor custom attributes in the Dashboard context (thanks mlocati)
    • πŸ›  Fixed XSS issue where admin could insert tags into image slider titles.
    • πŸ›  Fix error caused by invalid sort direction.
    • πŸ— Build youtube embed url with the league url class to fix issues when malicious admin uses invalid URLs.
    • πŸ›  Fixed: [Bug] Single pages lose their path if location is resaved in sitemap or composer. (thanks dimger)
    • πŸ“± [Fix] Image block hover option doesn't work for responsive images using the picture tag (thanks biplobice)
    • πŸ›  Fixed error when the sortBy column isn't exists on the advanced search result (thanks biplobice)
    • πŸ›  Fixed: Setup on Child Pages updates all pages of the type, not the type / template combination (thanks danklassen)
    • πŸ›  Fixed: getUserAccessEntityObjects returns guest if no session found (thanks deek87)
    • πŸ›  Fixed: The folder name is null when you create it with name '0' (thanks biplobice)
    • πŸ›  Fix setting the emails subject a second time with an undefined variable (thanks Kaapiii)
    • πŸ›  Fixed: 404 does not work in multi language case (thanks Kaapiii)
    • πŸ›  Fixed: CKEDITOR errors shown in console (thanks mlocati)
    • BC Fix: Make it so routes can echo their output (thanks mlocati)
    • Fix token error on flag_conversation_message (thanks guyasyou)
    • πŸ›  Fix document library block error when file node type is other than File or FileFolder (thanks biplobice)
    • πŸ›  Fixed: Unable to save layout if it contains a Form block (thanks mlocati)
    • πŸ›  Fix Fix initializing country/province link (thanks mlocati)
    • πŸ‘» Avoid exception on express attribute form during certain edge cases (thanks biplobice)
    • πŸ”’ HackerOne security fixes (thanks mlocati)
    • πŸ›  Fix error on submitting workflow request to a deleted user (thanks hissy)
    • πŸ›  Fix height/width of edit folder permissions dialog (thanks deek87)
    • ⚑️ php 7.2 fix for updating a conversation message (thanks danklassen)
    • Replying to a conversation does not clear editor (thanks danklassen)
    • 🏁 Don't check POSIX permissions of API public key on Windows (thanks mlocati)
    • πŸ›  Fixing draggable zone on filemanager to only accept file/folder nodes (thanks deek87)
    • πŸ›  Fixed: Currently in version 8.5.x sites that have been upgraded from 5.7 sites, you can no longer replace files (thanks deek87)
    • πŸ›  Fixed upgrading from 5.7 under certain database circumstances (thanks mlocati)
    • πŸ›  Fix wrong translatable strings placeholders (thanks mlocati)
    • πŸ›  Fixed: Loading malformed html into a content block does some funky stuff (thanks mlocati)
    • πŸ›  Fix H1 report 753567 (thanks hissy)
    • Aliases are now shown in the Dashboard menu (thanks Ruud-Zicherlicht)
    • πŸ“¦ make c5:package:uninstall --trash not throw exception if there wasn't a problem (thanks nklatt)
    • πŸ›  Fix: Creating folders in the file manager doesn't create them in the right place
    • πŸ›  Fixed: Deleting a Form block instance for an Existing Express Entity Form can delete the original entity (thanks dimger)
    • Avoid error on save page list block options with empty custom topic node (thanks hissy)
    • πŸ›  FIxed bug in alphabetizing multilingual sections (thanks biplobice)
    • πŸ›  Fixed bug where public date/time page property wasn’t being properly validated if it was marked as required in a composer form (thanks matt9mg)
    • πŸ›  Fixed potential YouTube block exception (thanks matt9mg)
    • πŸ›  Fixed: select filterByAttribute can return all results (thanks matt9mg)
    • πŸ›  Fixed order of parameters in some implode() methods (thanks shahroq)
    • πŸ›  Fixed PHP errors raised when calling View::action() method of an attribute (thanks mlocati)
    • πŸ›  Fixed certain block type errors in advanced permissions and stacks (thanks mlocati)
    • πŸ›  Fixed: CLI update fails if there is a package dependency such as MultiStep Workflow add-on

    Developer Improvements

    • πŸ‘ Allow nested containers in custom theme layout presets (thanks jneijt)
    • πŸ‘ Allow the AuthorFormatter class to be overridden (thanks danklassen)
    • ⚑️ Update concrete5 Translation Library (thanks mlocati)
    • Code cleanup and improvements (thanks mlocati)
    • [Fix] Config command with env option (thanks biplobice)
    • πŸ“¦ Correctly set express entity package reference during import (thanks olsgreen)
    • βž• Added new buildRedirect method for easily creating redirects that honor the framework middleware from within controller methods (thanks mlocati)
    • ⬆️ We now test installation and upgrades within Docker in our unit test suite (thanks mlocati)
    • ⚑️ Update punic to 3.5.1 (thanks mlocati)
    • βž• Add the ability to easily inject custom Config drivers (loaders/saves) and implement Redis drivers.
    • πŸ›  Fix phpdoc of the \Concrete\Core\Form\Service\Validation::test() (thanks biplobice)
    • πŸ›  Fixed bug where update process wouldn’t use the interface LongRunningMigrationInterface to increase timeout (thanks mlocati)
    • βž• Add ForeignKeyFixer and c5:database:foreignkey:fix CLI command (thanks mlocati)