All Versions
286
Latest Version
Avg Release Cycle
11 days
Latest Release
50 days ago

Changelog History
Page 1

  • v3.17.0 Changes

    March 31, 2022

    βž• Adds

    • πŸ“„ Full support for the object field type, which works just like array but stores just one sub-object as a property, rather than an array of objects.
    • πŸ’» To help find documents that reference related ones via relationship fields, implement backlinks of related documents by adding a relatedReverseIds field to them and keeping it up to date. There is no UI based on this feature yet but it will permit various useful features in the near future.
    • βž• Adds possibility for modules to extend the webpack configuration.
    • βž• Adds possibility for modules to add extra frontend bundles for scss and js. This is useful when the ui/src build would otherwise be very large due to code used on rarely accessed pages.
    • Loads the right bundles on the right pages depending on the page template and the loaded widgets. Logged-in users have all the bundles on every page, because they might introduce widgets at any time.
    • πŸ›  Fixes deprecation warnings displayed after running npm install, for dependencies that are directly included by this package.

    πŸ›  Fixes

    • πŸ— Apostrophe's webpack build now works properly when developing code that imports module-specific npm dependencies from ui/src or ui/apos when using npm link to develop the module in question.
    • The es5: true option to @apostrophecms/asset works again.
  • v3.16.1 Changes

    March 21, 2022

    πŸ›  Fixes

    • πŸ›  Fixes a bug in the new Cache-Control support introduced by 3.16.0 in which we get the logged-out homepage right after logging in. This issue only came into play if the new caching options were enabled.
  • v3.16.0 Changes

    March 18, 2022

    βž• Adds

    • πŸ“š Offers a simple way to set a Cache-Control max-age for Apostrophe page and GET REST API responses for pieces and pages. See the documentation for more information.
    • βœ… API keys and bearer tokens "win" over session cookies when both are present. Since API keys and bearer tokens are explicitly added to the request at hand, it never makes sense to ignore them in favor of a cookie, which is implicit. This also simplifies automated testing.
    • βœ… data-apos-test="" selectors for certain elements frequently selected in QA tests, such as data-apos-test="adminBar".
    • Offer a simple way to set a Cache-Control max-age for Apostrophe page and GET REST API responses for pieces and pages.
    • 🐎 To speed up functional tests, an insecurePasswords option has been added to the login module. This option is deliberately named to discourage use for any purpose other than functional tests in which repeated password hashing would unduly limit performance. Normally password hashing is intentionally difficult to slow down brute force attacks, especially if a database is compromised.

    πŸ›  Fixes

    • POSTing a new child page with _targetId: '_home' now works properly in combination with _position: 'lastChild'.
  • v3.15.0 Changes

    March 02, 2022

    βž• Adds

    • βž• Adds throttle system based on username (even when not existing), on initial login route. Also added for each late login requirement, e.g. for 2FA attempts.
  • v3.14.2 Changes

    February 27, 2022
    • πŸš‘ Hotfix: fixed a bug introduced by 3.14.1 in which non-parked pages could throw an error during the migration to fix replication issues.
  • v3.14.1 Changes

    February 25, 2022
    • πŸš‘ Hotfix: fixed a bug in which replication across locales did not work properly for parked pages configured via the _children feature. A one-time migration is included to reconnect improperly replicated versions of the same parked pages. This runs automatically, no manual action is required. Thanks to justyna1 for identifying the issue.
  • v3.14.0 Changes

    February 22, 2022

    βž• Adds

    • πŸ’» To reduce complications for those implementing caching strategies, the CSRF protection cookie now contains a simple constant string, and is not recorded in req.session. This is acceptable because the real purpose of the CSRF check is simply to verify that the browser has sent the cookie at all, which it will not allow a cross-origin script to do.
    • πŸ”Š As a result of the above, a session cookie is not generated and sent at all unless req.session is actually used or a user logs in. Again, this reduces complications for those implementing caching strategies.
    • πŸ”’ When logging out, the session cookie is now cleared in the browser. Formerly the session was destroyed on the server side only, which was sufficient for security purposes but could create caching issues.
    • πŸ‘‰ Uses express-cache-on-demand lib to make similar and concurrent requests on pieces and pages faster.
    • πŸ— Frontend build errors now stop app startup in development, and SCSS and JS/Vue build warnings are visible on the terminal console for the first time.

    πŸ›  Fixes

    • πŸ›  Fixed a bug when editing a page more than once if the page has a relationship to itself, whether directly or indirectly. Widget ids were unnecessarily regenerated in this situation, causing in-context edits after the first to fail to save.
    • ⚑️ Pages no longer emit double beforeUpdate and beforeSave events.
    • When the home page extends @apostrophecms/piece-page-type, the "show page" URLs for individual pieces should not contain two slashes before the piece slug. Thanks to MartΓ­ Bravo for the fix.
    • πŸ›  Fixes transitions between login page and afterPasswordVerified login steps.
    • πŸ— Frontend build errors now stop the @apostrophecms/asset:build task properly in production.
    • ⚠ start replaced with flex-start to address SCSS warnings.
    • πŸ— Dead code removal, as a result of following up on JS/Vue build warnings.
  • v3.13.0 Changes

    February 04, 2022

    βž• Adds

    • βž• Additional requirements and related UI may be imposed on native ApostropheCMS logins using the new requirements feature, which can be extended in modules that improve the @apostrophecms/login module. These requirements are not imposed for single sign-on logins via @apostrophecms/passport-bridge. See the documentation for more information.
    • βž• Adds latest Slovak translation strings to SK.json in i18n/ folder. Thanks to Michael Huna for the contribution.
    • 🚚 Verifies afterPasswordVerified requirements one by one when emitting done event, allows to manage errors ans success before to go to the next requirement. Stores and validate each requirement in the token. Checks the new askForConfirmation requirement option to go to the next step when emitting done event or waiting for the confirm event (in order to manage success messages). Removes support for afterSubmit for now.

    πŸ›  Fixes

    • βœ… Decodes the testReq param property in serveNotFound. This fixes a problem where page titles using diacritics triggered false 404 errors.
    • 0️⃣ Registers the default namespace in the Vue instance of i18n, fixing a lack of support for un-namespaced l10n keys in the UI.
  • v3.12.0 Changes

    January 21, 2022

    βž• Adds

    • βž• Adds latest Slovak translation strings to SK.json in i18n/ folder
    • πŸ—„ It is now best practice to deliver namespaced i18n strings as JSON files in module-level subdirectories of i18n/ named to match the namespace, e.g. i18n/ourTeam if the namespace is ourTeam. This allows base class modules to deliver phrases to any namespace without conflicting with those introduced at project level. The i18n option is now deprecated in favor of the new i18n module format section, which is only needed if browser: true must be specified for a namespace.
    • πŸ”§ Brought back the nestedModuleSubdirs feature from A2, which allows modules to be nested in subdirectories if nestedModuleSubdirs: true is set in app.js. As in A2, module configuration (including activation) can also be grouped in a modules.js file in such subdirectories.

    πŸ›  Fixes

    • πŸ›  Fixes minor inline documentation comments.
    • πŸ’» UI strings that are not registered localization keys will now display properly when they contain a colon (:). These were previously interpreted as i18next namespace/key pairs and the "namespace" portion was left out.
    • πŸ›  Fixes a bug where changing the page type immediately after clicking "New Page" would produce a console error. In general, areas and checkboxes now correctly handle their value being changed to null by the parent schema after initial startup of the AposInputArea or AposInputCheckboxes component.
    • πŸ—„ It is now best practice to deliver namespaced i18n strings as JSON files in module-level subdirectories of i18n/ named to match the namespace, e.g. i18n/ourTeam if the namespace is ourTeam. This allows base class modules to deliver phrases to any namespace without conflicting with those introduced at project level. The i18n option is now deprecated in favor of the new i18n module format section, which is only needed if browser: true must be specified for a namespace.
    • βœ‚ Removes the @apostrophecms/util module template helper indexBy, which was using a lodash method not included in lodash v4.
    • Removes an unimplemented csrfExceptions module section cascade. Use the csrfExceptions option of any module to set an array of URLs excluded from CSRF protection. More information is forthcoming in the documentation.
    • πŸ›  Fix [Object Object] in the console when warning A permission.can() call was made with a type that has no manager is printed.

    πŸ”„ Changes

    • πŸ”’ Temporarily removes npm audit from our automated tests because of a sub-dependency of vue-loader that doesn't actually cause a security vulnerability for apostrophe.
  • v3.11.0 Changes

    January 06, 2022

    βž• Adds

    • Apostrophe now extends Passport's req.login to emit an afterSessionLogin event from the @apostrophecms:login module, with req as an argument. Note that this does not occur at all for login API calls that return a bearer token rather than establishing an Express session.

    πŸ›  Fixes

    • Apostrophe's extension of req.login now accounts for the req.logIn alias and the skippable options parameter, which is relied upon in some passport strategies.
    • πŸ”§ Apostrophe now warns if a nonexistent widget type is configured for an area field, with special attention to when -widget has been erroneously included in the name. For backwards compatibility this is a startup warning rather than a fatal error, as sites generally did operate successfully otherwise with this type of bug present.

    πŸ”„ Changes

    • πŸ›  Unpins vue-click-outside-element the packaging of which has been fixed upstream.
    • βž• Adds deprecation note to __testDefaults option. It is not in use, but removing would be a minor BC break we don't need to make.
    • πŸ‘ Allows test modules to use a custom port as an option on the @apostrophecms/express module.
    • βœ‚ Removes the code base pull request template to instead inherit the organization-level template.
    • βž• Adds npm audit back to the test scripts.