All Versions
286
Latest Version
Avg Release Cycle
11 days
Latest Release
50 days ago
Changelog History
Page 1
Changelog History
Page 1
-
v3.17.0 Changes
March 31, 2022β Adds
- π Full support for the
object
field type, which works just likearray
but stores just one sub-object as a property, rather than an array of objects. - π» To help find documents that reference related ones via
relationship
fields, implement backlinks of related documents by adding arelatedReverseIds
field to them and keeping it up to date. There is no UI based on this feature yet but it will permit various useful features in the near future. - β Adds possibility for modules to extend the webpack configuration.
- β Adds possibility for modules to add extra frontend bundles for scss and js. This is useful when the
ui/src
build would otherwise be very large due to code used on rarely accessed pages. - Loads the right bundles on the right pages depending on the page template and the loaded widgets. Logged-in users have all the bundles on every page, because they might introduce widgets at any time.
- π Fixes deprecation warnings displayed after running
npm install
, for dependencies that are directly included by this package.
π Fixes
- π Apostrophe's webpack build now works properly when developing code that imports module-specific npm dependencies from
ui/src
orui/apos
when usingnpm link
to develop the module in question. - The
es5: true
option to@apostrophecms/asset
works again.
- π Full support for the
-
v3.16.1 Changes
March 21, 2022π Fixes
- π Fixes a bug in the new
Cache-Control
support introduced by 3.16.0 in which we get the logged-out homepage right after logging in. This issue only came into play if the new caching options were enabled.
- π Fixes a bug in the new
-
v3.16.0 Changes
March 18, 2022β Adds
- π Offers a simple way to set a Cache-Control max-age for Apostrophe page and GET REST API responses for pieces and pages. See the documentation for more information.
- β API keys and bearer tokens "win" over session cookies when both are present. Since API keys and bearer tokens are explicitly added to the request at hand, it never makes sense to ignore them in favor of a cookie, which is implicit. This also simplifies automated testing.
- β
data-apos-test=""
selectors for certain elements frequently selected in QA tests, such asdata-apos-test="adminBar"
. - Offer a simple way to set a Cache-Control max-age for Apostrophe page and GET REST API responses for pieces and pages.
- π To speed up functional tests, an
insecurePasswords
option has been added to the login module. This option is deliberately named to discourage use for any purpose other than functional tests in which repeated password hashing would unduly limit performance. Normally password hashing is intentionally difficult to slow down brute force attacks, especially if a database is compromised.
π Fixes
POST
ing a new child page with_targetId: '_home'
now works properly in combination with_position: 'lastChild'
.
-
v3.15.0 Changes
March 02, 2022β Adds
- β Adds throttle system based on username (even when not existing), on initial login route. Also added for each late login requirement, e.g. for 2FA attempts.
-
v3.14.2 Changes
February 27, 2022- π Hotfix: fixed a bug introduced by 3.14.1 in which non-parked pages could throw an error during the migration to fix replication issues.
-
v3.14.1 Changes
February 25, 2022- π Hotfix: fixed a bug in which replication across locales did not work properly for parked pages configured via the
_children
feature. A one-time migration is included to reconnect improperly replicated versions of the same parked pages. This runs automatically, no manual action is required. Thanks to justyna1 for identifying the issue.
- π Hotfix: fixed a bug in which replication across locales did not work properly for parked pages configured via the
-
v3.14.0 Changes
February 22, 2022β Adds
- π» To reduce complications for those implementing caching strategies, the CSRF protection cookie now contains a simple constant string, and is not recorded in
req.session
. This is acceptable because the real purpose of the CSRF check is simply to verify that the browser has sent the cookie at all, which it will not allow a cross-origin script to do. - π As a result of the above, a session cookie is not generated and sent at all unless
req.session
is actually used or a user logs in. Again, this reduces complications for those implementing caching strategies. - π When logging out, the session cookie is now cleared in the browser. Formerly the session was destroyed on the server side only, which was sufficient for security purposes but could create caching issues.
- π Uses
express-cache-on-demand
lib to make similar and concurrent requests on pieces and pages faster. - π Frontend build errors now stop app startup in development, and SCSS and JS/Vue build warnings are visible on the terminal console for the first time.
π Fixes
- π Fixed a bug when editing a page more than once if the page has a relationship to itself, whether directly or indirectly. Widget ids were unnecessarily regenerated in this situation, causing in-context edits after the first to fail to save.
- β‘οΈ Pages no longer emit double
beforeUpdate
andbeforeSave
events. - When the home page extends
@apostrophecms/piece-page-type
, the "show page" URLs for individual pieces should not contain two slashes before the piece slug. Thanks to MartΓ Bravo for the fix. - π Fixes transitions between login page and
afterPasswordVerified
login steps. - π Frontend build errors now stop the
@apostrophecms/asset:build
task properly in production. - β
start
replaced withflex-start
to address SCSS warnings. - π Dead code removal, as a result of following up on JS/Vue build warnings.
- π» To reduce complications for those implementing caching strategies, the CSRF protection cookie now contains a simple constant string, and is not recorded in
-
v3.13.0 Changes
February 04, 2022β Adds
- β Additional requirements and related UI may be imposed on native ApostropheCMS logins using the new
requirements
feature, which can be extended in modules thatimprove
the@apostrophecms/login
module. These requirements are not imposed for single sign-on logins via@apostrophecms/passport-bridge
. See the documentation for more information. - β Adds latest Slovak translation strings to SK.json in
i18n/
folder. Thanks to Michael Huna for the contribution. - π Verifies
afterPasswordVerified
requirements one by one when emitting done event, allows to manage errors ans success before to go to the next requirement. Stores and validate each requirement in the token. Checks the newaskForConfirmation
requirement option to go to the next step when emitting done event or waiting for the confirm event (in order to manage success messages). Removes support forafterSubmit
for now.
π Fixes
- β
Decodes the testReq
param
property inserveNotFound
. This fixes a problem where page titles using diacritics triggered false 404 errors. - 0οΈβ£ Registers the default namespace in the Vue instance of i18n, fixing a lack of support for un-namespaced l10n keys in the UI.
- β Additional requirements and related UI may be imposed on native ApostropheCMS logins using the new
-
v3.12.0 Changes
January 21, 2022β Adds
- β Adds latest Slovak translation strings to SK.json in
i18n/
folder - π It is now best practice to deliver namespaced i18n strings as JSON files in module-level subdirectories of
i18n/
named to match the namespace, e.g.i18n/ourTeam
if the namespace isourTeam
. This allows base class modules to deliver phrases to any namespace without conflicting with those introduced at project level. Thei18n
option is now deprecated in favor of the newi18n
module format section, which is only needed ifbrowser: true
must be specified for a namespace. - π§ Brought back the
nestedModuleSubdirs
feature from A2, which allows modules to be nested in subdirectories ifnestedModuleSubdirs: true
is set inapp.js
. As in A2, module configuration (including activation) can also be grouped in amodules.js
file in such subdirectories.
π Fixes
- π Fixes minor inline documentation comments.
- π» UI strings that are not registered localization keys will now display properly when they contain a colon (
:
). These were previously interpreted as i18next namespace/key pairs and the "namespace" portion was left out. - π Fixes a bug where changing the page type immediately after clicking "New Page" would produce a console error. In general, areas and checkboxes now correctly handle their value being changed to
null
by the parent schema after initial startup of theAposInputArea
orAposInputCheckboxes
component. - π It is now best practice to deliver namespaced i18n strings as JSON files in module-level subdirectories of
i18n/
named to match the namespace, e.g.i18n/ourTeam
if the namespace isourTeam
. This allows base class modules to deliver phrases to any namespace without conflicting with those introduced at project level. Thei18n
option is now deprecated in favor of the newi18n
module format section, which is only needed ifbrowser: true
must be specified for a namespace. - β Removes the
@apostrophecms/util
module template helperindexBy
, which was using a lodash method not included in lodash v4. - Removes an unimplemented
csrfExceptions
module section cascade. Use thecsrfExceptions
option of any module to set an array of URLs excluded from CSRF protection. More information is forthcoming in the documentation. - π Fix
[Object Object]
in the console when warningA permission.can() call was made with a type that has no manager
is printed.
π Changes
- π Temporarily removes
npm audit
from our automated tests because of a sub-dependency of vue-loader that doesn't actually cause a security vulnerability for apostrophe.
- β Adds latest Slovak translation strings to SK.json in
-
v3.11.0 Changes
January 06, 2022β Adds
- Apostrophe now extends Passport's
req.login
to emit anafterSessionLogin
event from the@apostrophecms:login
module, withreq
as an argument. Note that this does not occur at all for login API calls that return a bearer token rather than establishing an Express session.
π Fixes
- Apostrophe's extension of
req.login
now accounts for thereq.logIn
alias and the skippableoptions
parameter, which is relied upon in somepassport
strategies. - π§ Apostrophe now warns if a nonexistent widget type is configured for an area field, with special attention to when
-widget
has been erroneously included in the name. For backwards compatibility this is a startup warning rather than a fatal error, as sites generally did operate successfully otherwise with this type of bug present.
π Changes
- π Unpins
vue-click-outside-element
the packaging of which has been fixed upstream. - β Adds deprecation note to
__testDefaults
option. It is not in use, but removing would be a minor BC break we don't need to make. - π Allows test modules to use a custom port as an option on the
@apostrophecms/express
module. - β Removes the code base pull request template to instead inherit the organization-level template.
- β Adds
npm audit
back to the test scripts.
- Apostrophe now extends Passport's