ยซ Changelog History


Firefly III v5.6.0 Release Notes

Release Date: 2021-09-17 // over 2 years ago

  • ๐Ÿš€ โš ๏ธ This release features new LDAP libraries. Your mileage may vary. Make sure you back up everything. Firefly III may accidentally create a new account for you instead of reusing the old one. There is no option for LDAP filters yet.

    ๐Ÿ“š Please refer to the documentation and support channels if you run into problems:

    โž• Added

    • A few new pages for the new v2 layout. Thanks @alex6480!
    • โž• Added a new currency, thanks @kasperkls02!
    • ๐Ÿ“š You can now manage loans and debts a little better, see also the documentation for help.
    • ๐Ÿ‘ Some screenshots are now in the GitHub repository for better management, thanks @Flightkick!
    • โšก๏ธ @LBreda has added a service worker and updated icons, thanks!

    ๐Ÿ”„ Changed

    • @hoshsadiq has added all PHP requirements to the composer file, thanks!
    • ๐Ÿ‘ A better cache routine for layout v2 pages.
    • โฌ†๏ธ All LDAP libraries have been upgraded.
    • ๐Ÿ†• New issue templates and help text for easier GitHub support.
    • First preparations for multi-administration and group membership options.
    • The search will return nothing if you submit invalid values, instead of everything.

    โœ‚ Removed

    • ๐Ÿšš All telemetry options have been removed.

    ๐Ÿ›  Fixed

    • Issue 4894 Bad number comparison
    • Issue 4987 Budgeted amount includes inactive budgets
    • Issue 4988 Can't select liability account from imported transactions
    • Issue 5042 HTTP 500 when creating Personal Access Token or OAuth Client
    • Various Sonarqube issues, thanks @hazma-fadil!
    • Correct menu display, thanks @vonsogt!
    • The IBAN validator will filter special characters.
    • In some cases, piggy banks would report being full or empty while this was not actually the case.
    • Various other bugs and minor issues.

    ๐Ÿ”’ Security

    • ๐Ÿ”‹ Feature to be able to rebuild Docker images and show security warnings in new builds.
    • CVE-2021-3663 A missing rate limiter makes brute-forcing the login easy.
    • ๐Ÿ”’ It also fixes CVE-2021-3728, CVE-2021-3729 and CVE-2021-3730, all variations of the same security vulnerability: some actions in Firefly III were vulnerable to CSRF.

    API

    • You can disable webhooks with an extra field in API submissions.
    • ๐Ÿ‘€ There is a static cron token (see .env.example) which is useful for Docker.
    • ๐Ÿ‘€ A better endpoint to move transactions around, see api-docs.firefly-iii.org.