All Versions
Latest Version
Avg Release Cycle
9 days
Latest Release
7 days ago

Changelog History
Page 1

  • v2.100.3

    December 03, 2019
    • The aspectRatio option to the attachments schema field type is now fully implemented. We always had this for selecting images, e.g. in our apostrophe-images-widgets module, but it is now also available when directly using an attachment schema field as a property of your own doc. You can also set crop: true to allow manual cropping in that case. This is a useful technique when including the image in a reusable media library does not make sense.
  • v2.100.2

    December 02, 2019
    • 🐎 Corrected a significant performance problem with the apostrophe-users:add command line task when thousands of users exist.
  • v2.100.1

    November 21, 2019
    • Must confirm when resetting password, since there are no do-overs if we do not have the email confirmation method available (with resetLegacyPassword: true) and since it's generally a pain not to have this.
    • 🛠 Fixed the "Reset TOTP authentication" feature of "Manage Users".
  • v2.100.0

    November 21, 2019
    • 🆕 New feature: Google Authenticator two-factor authentication (TOTP) support for Apostrophe accounts. Set the totp: true option of the apostrophe-login module. When enabled, users (including admins) are required to set up and complete authentication with Google Authenticator or a compatible TOTP app on their mobile device. On the user's next login they set up Google Authenticator; after that they must supply a code from Google Authenticator at each login. If a user loses their device, an admin can reset their access by editing that user via "Manage Users" and selecting "Reset TOTP 2-Factor Authentication." If the admin loses their device, they can use the new apostrophe-users:reset-totp command line task. Thanks to Michelin for making this work possible via Apostrophe Enterprise Support.
    • 🆕 New feature: resetLegacyPassword: true option for apostrophe-login. When the passwordRules and passwordMinLength options are present, enabling resetLegacyPassword permits the user to change their password right away at login time if it is correct, but does not meet your new standards for adequate passwords. This does not require receiving a confirmation email; if you are concerned by that, consider enabling passwordReset instead if you are willing to configure email delivery. Thanks to Michelin for making this work possible via Apostrophe Enterprise Support.
    • 🆕 New feature: resetKnownPassword: true option for apostrophe-login. When enabled, a currently logged-in user is permitted to change their own password without receiving an email, as long as they know their current password. This adds an additional admin bar item, which you may want to group. Thanks to Michelin for making this work possible via Apostrophe Enterprise Support.
    • 🐎 Performance: Apostrophe is now much faster when editing a piece with hundreds of areas in its schema. Thanks to Bharathkumar Chandrasekaran of Freshworks for his contributions to finding the solution.
    • 🐛 Bug fix: passwordRules and passwordMinLength no longer break support for new users created via apostrophe-passport who use single sign-on and do not have explicit passwords in Apostrophe.
    • ⚠ Developer warning: a module that implements a widget must have a name ending in -widgets or the editor will not work properly in the browser. We now display a warning.
    • 🔧 Developer warning: if the developer tries to configure piecesFilters for the pieces module, rather than the corresponding pieces-pages module, a warning is displayed.
    • 💻 UI fix: modal dialog box height corrected. Thanks to Paul Grieselhuber for this contribution.
    • 💻 UI fix: better Microsoft Edge support. Thanks to Denis Lysenko.
  • v2.99.0

    October 30, 2019
    • Optional password complexity rules. You may set passwordMinLength to a number of your choice. You may also set passwordRules to an array of rule names. Those available by default are noSlashes, noSpaces, mixedCase, digits, and noTripleRepeats. To block existing passwords that don't meet this standard, you should also set passwordRulesAtLoginTime: true. Additional password rules may be registered by calling apos.login.addPasswordRule('name', { test: fn, message: 'error message' }). The function will receive the password and must return true if it is acceptable. Thanks to Michelin for making this work possible via Apostrophe Enterprise Support.
    • 🐎 apos.utils.attachmentUrl has been added to lean mode. It works exactly like apos.attachments.url, which is not available in lean mode, with one exception: to avoid adding more overhead to lean mode, the default size is the original. So you must take care to specify the size option for performance when working with images.
    • ⚡️ When an in-page edit is made and an area is updated as a result, the update method of the appropriate module is now called, rather than This allows for beforeSave, etc. to fire in this situation. Thanks to Kalia Martin of swiss4ward for this contribution.
    • 🛠 Apostrophe now provides a res.rawRedirect method, which performs a redirect without adding the sitewide prefix. On sites without a prefix it is equivalent to res.redirect. This is useful when working with a URL that is already prefixed, such as the _url property of a page or piece.
    • ⚡️ Using the groups option to apostrophe-users together with a very large database can lead to slow startup because the groups are found by title, and title is not an indexed field. You may now specify the slug for each group in the array, in which case they are found by slug instead, which is an optimized query. However most very large sites would be better off removing the groups option and allowing groups to be managed flexibly via the admin bar.
    • 👍 apos.tasks.getReq now provides more simulated i18n support.
    • 🛠 The occasional but irritating "not blessed" bug when editing content on the page has been fixed via a new "reinforced blessing" mechanism.
  • v2.98.1

    October 21, 2019
    • 👀 When selecting pages for a join, you are now permitted to choose any page you have access to view. This was never intended to be locked down to pages you can edit. For instance, you should be able to link to any page you can see when editing a navigation widget. Thanks to Freshworks for making this fix possible via Apostrophe Enterprise Support.
    • Beginning with this version we are whitelisting npm audit advisories that are not relevant to Apostrophe. Specifically, advisory 1203 has no bearing on Apostrophe because end users cannot specify collection names to MongoDB via Apostrophe.
  • v2.98.0

    October 11, 2019
    • 🐛 Bug fix: the sendPage method now emits the apostrophe-pages:beforeSend promise event no matter which module is calling self.sendPage. This was always the intention, as shown by the fact that the legacy pageBeforeSend method is called. The purpose of sendPage has always been to allow a custom route to render a page exactly as Apostrophe normally does, and that includes calling all apostrophe-pages:beforeSend handlers.
    • 🐛 Bug fix: the title field is now required in the apostrophe-users module. Thanks to Jose Garcia of swiss4ward.
    • 📦 The apostrophe-templates module now has an internal i18n method intended to be overridden by those who want to monitor and/or alter static internationalization results. This will be used by the forthcoming apostrophe-i18n-debugger module. You don't need to call this method, you can use the standard i18n helpers.
  • v2.97.2

    October 03, 2019
    • 📚 All i18n helpers are now available in templates, not just the __ helper. See the i18n module documentation for more information. Test coverage was added to ensure this remains in place.
    • UX improvements in "reorganize" (Manage Pages).
    • now points to the apostrophecms Discord chat community for live community help, rather than Gitter, which has been retired.
  • v2.97.1

    September 26, 2019
    • 🚑 Hotfix for a potential Denial Of Service issue reported by NPM. A user with login privileges could eventually exhaust available memory by submitting thousands of batch job requests.
  • v2.97.0

    September 25, 2019
    • 🚀 The simplified APOS_BUNDLE=1 feature for asset deployment in the cloud now uses the actual tar utility when extracting assets locally, rather than the tar npm module, as a blocking bug was encountered and the actual utility is faster.
    • 👌 Improved support for subclasses of apostrophe-rich-text-widgets. These now receive the same CSS UX considerations and store their content under the appropriate widget name. This opens the door to the new tiptap option offered by the latest release of apostrophe-tiptap-rich-text-widgets, which can be used to selectively enable or disable the use of tiptap as an alternative to CKEditor for some subclasses but not others.
    • 🍱 Low-level support for namespacing asset themes. By default this has no effect, however if getThemeName is overridden to return a theme name then asset masters, minified assets, bundles in the collection, etc. all get namespaced to play side by side with other themes used by other apos objects in the same project. Meant for use with apostrophe-multisite, this is not equivalent to a Wordpress or Drupal theme as such.
    • 🚚 The widget editor's afterShow method takes no callback; removed an invocation that did not make sense. Thanks to Amin Shazrin for this contribution.
    • 👌 Improved sizing for video widgets. This is now based on the parent element. Also added empty alt tag to the placeholder image as a hint not to read it aloud.

    👍 Thanks to Michelin for making much of this work possible via Apostrophe Enterprise Support.