All Versions
309
Latest Version
Avg Release Cycle
12 days
Latest Release
371 days ago

Changelog History
Page 14

  • v2.92.0 Changes

    June 26, 2019

    βœ… Unit tests passing.

    βœ… Regression tests passing.

    • πŸ› Bug fix: an open redirect vulnerability has been fixed. It was possible to convince Apostrophe to redirect to a third-party website by appending an escaped URL with a trailing slash added at the end. Apostrophe's trailing-slash remover would then cause a redirect to the un-escaped version of the slug part of the URL. The fix removes all multiple-slash sequences from the slug part of the URL. Thanks to Bharath for reporting this issue.
    • πŸ› Bug fix: attempting to save a doc with a required array field without ever opening the array editor formerly caused strange behavior. You now get a standard indication that the field is required.
    • πŸ”‹ Feature: the method that supplies the choices for a dynamic select element may be a simple synchronous function, if desired. Formerly returning a promise (or using an async function) was mandatory.
    • πŸ”‹ Feature: apos.utils.post will now accept a FormData object as the data prameter. In this situation JSON encoding is not used. This may be used to easily submit file uploads with Apostrophe's CSRF protection and is supported at least back to IE11.

  • v2.91.1 Changes

    June 05, 2019

    βœ… Unit tests passing.

    βœ… Regression tests passing.

    • πŸ› Bug fix: the apos.utils.post method introduced in version 2.90.0 now correctly submits the CSRF header.

  • v2.91.0 Changes

    June 05, 2019
    • Feature: it is much easier to write sites with no jQuery, lodash, etc. on the front end. The apostrophe-lean-frontend module has been deprecated and its functionality has been merged into the core. All of the functionality of the apos.lean object is now available on the apos.utils object at all times. And if you set the lean: true option for the apostrophe-assets module, only lean JavaScript is pushed when logged out (assets pushed with when: 'lean', including the lean methods of apos.utils). This creates a migration path to a leaner frontend: developers can write NPM modules that rely only the lean apos.utils methods without worrying about whether they are present or not. Note that this is also the official frontend library for the forthcoming Apostrophe 3.x (Of course, as always, you can choose to push more code, use webpack, etc.)
    • πŸ› Bug fix: a regression introduced in 2.90.0 caused all uses of "Copy Page" to copy the home page. This is fixed.
    • πŸ› Bug fix: copying a page with custom fields now copies those fields properly.
    • πŸ› Bug fix: "Copy Page" now correctly copies parked page fields to the new, unparked page and then allows them to be edited for the new page.
    • πŸ› Bug fix: addressed browser errors that occurred when using an empty rich text toolbar. Unfortunately it is not possible to completely eliminate the ckeditor 4 toolbar when there are no tools present. This is due to a ckeditor bug.

    πŸ‘ Thanks to Michelin for making much of this work possible via Apostrophe Enterprise Support.

  • v2.90.0 Changes

    May 23, 2019

    βœ… Unit tests passing.

    βœ… Regression tests passing.

    • New feature: select schema fields now support dynamic choices. To use this feature, set choices to the name of a method of your module. Apostrophe will invoke that method on the fly to get the choices. Your method receives (req) and must return an array of choices. Your method can be an async function, or return a promise for the choices array. This means you can contact external APIs to obtain the choices. The choices array is in the same format as ever (objects with label and value properties). Note that if you just want to choose Apostrophe objects of various types, there is a better way: use joinByOne or joinByArray fields. Fields with dynamic choices do not support the showFields option.
    • πŸ†• New feature: checkboxes schema fields also support dynamic choices. The syntax is exactly the same as above. This allows multiple selection.
    • New feature: any select or checkboxes field in the schema of a widget can be moved to a compact select element that appears "in context" on the page, among the widget's controls. To do that, just set widgetControls: true in the schema field definition. If you wish, you can also set contextual: true so that the field no longer appears in the schema's editing dialog box. By default the field appears in both places. For space reasons, the interface for checkboxes is also powered by a select element, but you can add multiple choices by selecting the dropdown more than once. Each time you make a change via one of these fields, the widget is refreshed to show the impact of the change. You may use dynamic choices as described above.
    • πŸ†• New feature: the viewsFolderFallback option to apostrophe-templates may now be an array. Thanks to Amin Shazrin.
    • πŸ†• New feature: help has been added to the video widget explaining that what is needed is a URL to a YouTube or other oEmbed-friendly video.
    • πŸ†• New feature: you may now specify htmlHelp as a schema field option if you want to include simple markup, like links. The existing help option expects plaintext and escapes accordingly.
    • πŸ†• New feature: the req objects returned by apos.tasks.getReq and apos.tasks.getAnonReq now include a session object for broader compatibility with methods that expect a proper req. It is a plain object and does not remember anything beyond the lifetime of the req.
    • πŸ› Bug fix: copying the "Home" page works properly.
    • πŸ› Bug fix: the Apostrophe migrations progress meter no longer crashes if the operation reports more steps than the expected total.
    • πŸ› Bug fix: watch all inlined stylesheets for changes, not just those implicitly inlined due to the use of the css extension when pushing them.
    • πŸ› Bug fix: improved clearing of tooltips. Addresses various situations where a tooltip could linger on the screen.
    • ⚠ Developer warnings: warning at startup if your module tries to use "extends" rather than "extend" to extend another module.
    • 🍱 Developer warnings: warning at startup if your module attempts to "extend" apostrophe-assets or one of a few other core modules that are normally singletons, and probably should not ever have a competing instance under another name. Advice is given to write project level code for the module without extend, or to use improve when enhancing it via an npm module.

  • v2.89.1 Changes

    May 13, 2019

    βœ… Unit tests passing.

    βœ… Regression tests passing.

    • getSchemaOptions method no longer throws inappropriate errors when the alternate form of apos.area or apos.singleton is used. Bug introduced in 2.89.0.
    • The CSRF cookie is once again always reset on each request, to ensure no discrepancy between the session (and session cookie) lifespan and the CSRF cookie lifespan. This does not force sessions to exist unnecessarily, it just ensures CSRF errors do not mysteriously begin to appear in long-idle sessions, or when making cross-domain locale switches via the editing interface in apostrophe-workflow.
    • 🍱 Edits to raw .css files once again trigger less-middleware to recognize a change has occurred and avoid sending a stale cached file in development. When .css (rather than .less) assets are pushed inline, which is necessary to match the behavior we formerly received from clean-css and avoid crashes on CSS that the LESS parser cannot handle, we now monitor them for changes ourselves and "touch" the master LESS file to help the less-middleware module figure out that they have been changed.

    πŸ‘€ Thanks to Michelin for making this work possible via Apostrophe Enterprise Support. Your organization can also take advantage of the opportunity to fund development of the features you would like to see as well as receiving fast, personal support from Apostrophe's core development team.

  • v2.89.0 Changes

    May 01, 2019

    βœ… Unit tests passing.

    βœ… Regression tests passing.

    • Many significant improvements to make crashes and restarts less likely.
    • The most frequently used methods now sanity-check their arguments and invoke their callback, or as appropriate, if they are not valid. This replaces many full-process crashes with polite 500 errors.
    • πŸ†• New, safer and easier alternatives to self.route:
      • self.apiRoute, which accepts a next function that can be passed either an error, or (null, value), where value is an object to be sent to the browser with a status: 'ok' property automatically added β€” the convention for APIs in Apostrophe 2.x. In addition, errors reported to next are converted to status properties and/or logged gracefully, including more complete information about where the error took place for easier debugging. Most core routes have been refactored to use it. This approach extends Express 4.0's concept of error handlers with the ability to handle success as well. You can still use res if you need to, for instance to issue a redirect.
      • self.renderRoute, which accepts a next function that can be passed either an error that will be mapped to an appropriate HTTP status code, or (null, { template: 'templateName', data: { ... props for the template ... }). The named template is rendered with self.render, and any exceptions thrown are caught properly and logged as errors without a process crash β€” unlike what frequently happened before in such routes.
      • self.htmlRoute, similar to renderRoute but it does not render the markup for you; instead you pass markup as the second argument to next(). Useful if you are rendering by some means other than self.render.
    • 🚚 For template errors, a great deal of redundant error logging has been removed.
    • πŸ”¨ Introduced apos.utils.warnDevOnce, refactored some existing warnings to use it, and added a call for CSRF errors to help developers understand what these mean.
    • New trace feature to help debug crashes in Apostrophe's startup process. Try: APOS_TRACE_STARTUP=1 node app

    πŸ‘€ Thanks to Michelin for making this work possible via Apostrophe Enterprise Support. Your organization can also take advantage of the opportunity to fund development of the features you would like to see as well as receiving fast, personal support from Apostrophe's core development team.

  • v2.88.1 Changes

    April 25, 2019

    βœ… Unit tests passing.

    βœ… Regression tests passing.

    • πŸ›  Fix: widgets are not lost when dragged to a different area.
    • πŸ›  Fix: widgets are not duplicated when dragged to a different area.
    • πŸ›  Fix: area save operations now use a lock to avoid lost information if several requests are made simultaneously for different areas, as can happen when dragging a widget between areas, which modifies both.
    • πŸ›  Fix: widgets can be edited again after being dragged, without a page refresh.
    • πŸ›  Fix: the "purple screen of death" error page now has a 500 status code, not 200.

  • v2.88.0 Changes

    April 23, 2019

    βœ… Unit tests passing.

    βœ… Regression tests passing.

    • 0️⃣ An optional improvement to eliminate the use of session storage for most site visitors. By default, Apostrophe creates a session for every site visitor, even an anonymous visitor, to provide full CSRF protection. You may now optionally disable this for anonymous visitors:
    modules: {
  'apostrophe-express': {
    csrf: {
      disableAnonSession: true
    }
  }
}

    When you do this, anonymous visitors receive only basic CSRF protection based on a known header value and the fact that the Same Origin Policy does not allow requests to be made by JavaScript unless the page is on the proper site.

    🐎 For performance reasons the largest sites will likely find this to be a valuable option.

    • πŸš€ apos.global.findGlobal now officially supports returning a promise. This was an unofficial side effect in earlier releases that ceased to work in recent releases.

    • πŸš€ Updated the version of moment that ships on the front end to the latest minor release.

    • ⚠ Eliminated unnecessary arrangeFields warnings. apostrophe-groups is set up properly, the trash field no longer generates warnings when workflow is active, and reverse joins no longer generate warnings as they have no editing UI.

    • πŸ›  null values were able to crash the schema converters for strings, integers and floats when those fields were required. This has been fixed.

  • v2.87.0 Changes

    April 10, 2019

    βœ… Unit tests passing.

    βœ… Regression tests passing.

    • πŸ‘― Tooltips have been added to improve the editor experience. For instance, tooltips appear on hover for the "up," "down," "clone" and "trash" buttons when working with areas.
    • Building on the performance work in version 2.86.0, all ensureIndex calls have been moved to the migrate startup phase and can thus be skipped with APOS_NO_MIGRATE=1. Note that as with the other recent changes, this means that if your site is always run with APOS_NO_MIGRATE=1, including at the time the database is created, it is imperative that you run node app apostrophe-migrations:migrate at least once. If your database starts out in a dev environment and is later moved to a production environment, or you use stagecoach or a similar deployment tool that guarantees migrations are run on all code deployments (and you should definitely do that), then this will not be an issue.
    • πŸ— Building on the support for namespaced npm modules as apostrophe modules added in 2.86.0, the testModule: true flag used to test apostrophe in the context of an npm module like apostrophe-workflow can now be used in a namespaced npm module. Thanks to AurΓ©lien Wolz for this contribution.

    πŸ‘ Thanks to Michelin for making much of this work possible through Apostrophe Enterprise Support.

  • v2.86.0 Changes

    April 03, 2019

    βœ… Unit tests passing.

    βœ… Regression tests passing.

    • πŸ”§ Apostrophe now supports namespaced NPM modules as apostrophe modules. This allows NPM private modules to be used to deliver, for instance, an apostrophe piece type, page type or widget type. Here is an example of valid configuration:
    require('apostrophe', {
  modules: {
    // ordinary npm module
    'apostrophe-blog': {},
    // namespaced npm module
    '@somenamespace/somemodule': {}
  }
}

    // in lib/modules/@somenamespace/somemodule/index.js
module.exports = {
  nifty: true
};
    • πŸ’… In addition, modules may be namespaced NPM-style inside a bundle. You will need to use a subdirectory structure, as seen above. As a best practice, you should only use this for module names you would have to publish to npm if the bundle feature did not exist. The "lead module" of the bundle should be in the same npm namespace.
    • If you are using the partial feature of addColumn with your pieces, you can now accept piece as a second argument. For bc, the value of that particular column property is still the first argument.
    • ⬆️ All of Apostrophe's "sanity-checking" database operations at startup, plus all Apostrophe migrations, now execute during a new migrate startup phase. This phase emits the apostrophe:migrate promise event. This phase occurs immediately after afterInit is invoked for modules, but before it is invoked for the global afterInit hook, if any. This change ensures there is a "sane" database before any interaction with the site takes place, and means that developers no longer have to remember to run apostrophe-migrations:migrate when upgrading during development.
    • You can also suppress these database operations at startup completely by setting the APOS_NO_MIGRATE environment variable to 1, or by passing the migrate: false top-level option to Apostrophe. In this case, these operations all occur only when the apostrophe-migrations:migrate command line task is run. This option saves a great deal of startup time for the enterprise customers with the largest databases. Thus the best practice in production is the same as ever: run node app apostrophe-migrations:migrate before launching the new version of the app. In addition, you may set APOS_NO_MIGRATE=1 in your production environment to save valuable startup time, especially during process restarts, etc.
    • Apostrophe now always instructs less to import CSS (not LESS) files inline. This is necessary because CleanCSS, which we no longer use, formerly automatically did it and without it import paths are incorrect. Thanks to Fredrik Ekelund for this fix.
    • πŸ‘€ UX improvement: if you edit a page, then follow a link from that page, and then click the "back" button, you should see your changes intact without the need to click "Refresh" thanks to the use of cachebusting headers. Thanks to Fredrik Ekelund for recommending an approach to the problem.
    • πŸ› Bug fix: if your site startup or migration task invokes multiple time-consuming operations you'll now see a progress meter for each one, not just the first.
    • ⚠ To save space and make sure developers don't just tune out, the warning about fields not properly arranged into tabs now appears at startup just for the first such module, unless you pass --all-unarranged-fields to get more information.

    πŸ‘ Thanks to Michelin for making many of these features possible through Apostrophe Enterprise Support.