Firefly III v5.6.0 Release Notes
Release Date: 2021-09-17 // over 2 years ago-
๐ โ ๏ธ This release features new LDAP libraries. Your mileage may vary. Make sure you back up everything. Firefly III may accidentally create a new account for you instead of reusing the old one. There is no option for LDAP filters yet.
๐ Please refer to the documentation and support channels if you run into problems:
โ Added
- A few new pages for the new v2 layout. Thanks @alex6480!
- โ Added a new currency, thanks @kasperkls02!
- ๐ You can now manage loans and debts a little better, see also the documentation for help.
- ๐ Some screenshots are now in the GitHub repository for better management, thanks @Flightkick!
- โก๏ธ @LBreda has added a service worker and updated icons, thanks!
๐ Changed
- @hoshsadiq has added all PHP requirements to the composer file, thanks!
- ๐ A better cache routine for layout v2 pages.
- โฌ๏ธ All LDAP libraries have been upgraded.
- ๐ New issue templates and help text for easier GitHub support.
- First preparations for multi-administration and group membership options.
- The search will return nothing if you submit invalid values, instead of everything.
โ Removed
- ๐ All telemetry options have been removed.
๐ Fixed
- Issue 4894 Bad number comparison
- Issue 4987 Budgeted amount includes inactive budgets
- Issue 4988 Can't select liability account from imported transactions
- Issue 5042 HTTP 500 when creating Personal Access Token or OAuth Client
- Various Sonarqube issues, thanks @hazma-fadil!
- Correct menu display, thanks @vonsogt!
- The IBAN validator will filter special characters.
- In some cases, piggy banks would report being full or empty while this was not actually the case.
- Various other bugs and minor issues.
๐ Security
- ๐ Feature to be able to rebuild Docker images and show security warnings in new builds.
- CVE-2021-3663 A missing rate limiter makes brute-forcing the login easy.
- ๐ It also fixes CVE-2021-3728, CVE-2021-3729 and CVE-2021-3730, all variations of the same security vulnerability: some actions in Firefly III were vulnerable to CSRF.
API
- You can disable webhooks with an extra field in API submissions.
- ๐ There is a static cron token (see
.env.example
) which is useful for Docker. - ๐ A better endpoint to move transactions around, see api-docs.firefly-iii.org.