Apostrophe2 changelog

Changelog History

Page 12

• v2.101.0 Changes

  December 14, 2019

  • ⚡️ Due to npm audit security vulnerability warnings and the end of upstream support, the 2.x version of the mongodb npm module (the driver we used to connect to MongoDB, not MongoDB itself) can no longer be responsibly used in Apostrophe. Therefore we have replaced it with the new emulate-mongo-2-driver module, which strives to match the interface of the MongoDB driver version 2.x while acting as a wrapper for the official, supported MongoDB driver version 3.x. This has been tested in many projects. Therefore no code changes should be required for your project to npm update to version 2.101.0. However if you encounter incompatibilities, most likely in driver features not used in Apostrophe, please contribute additional wrappers and test coverage to emulate-mongo-2-driver. Another option is to use apostrophe-db-mongo-3-driver, which allows you to use the 3.x driver API directly and also provides a findWithProjection collection method as a migration path for quickly patching legacy code.
  • 👍 The def property of schema fields associated with specific page types is now displayed in the editor when creating new pages. Thanks to Michelin for making this work possible via Apostrophe Enterprise Support.
  • A schema field named fields can now be included in a projection without surprising behavior.
  • EPS (.eps) files are now accepted as Apostrophe attachments and categorized in the office group, meaning they can be uploaded as "files."
  • The aspectRatio option, when specified directly for attachment schema field properties, now implies permission to crop as forced center-cropping differed from what we do when applying aspect ratios to image widgets.
  • 💻 Cross-browser fix for the back button when using our page-refresh-free AJAX features for browsing pieces. Thanks to sergiodop92 for this fix.

• v2.100.3 Changes

  December 03, 2019

  • The aspectRatio option to the attachments schema field type is now fully implemented. We always had this for selecting images, e.g. in our apostrophe-images-widgets module, but it is now also available when directly using an attachment schema field as a property of your own doc. You can also set crop: true to allow manual cropping in that case. This is a useful technique when including the image in a reusable media library does not make sense.

• v2.100.2 Changes

  December 02, 2019

  • 🐎 Corrected a significant performance problem with the apostrophe-users:add command line task when thousands of users exist.

• v2.100.1 Changes

  November 21, 2019

  • Must confirm when resetting password, since there are no do-overs if we do not have the email confirmation method available (with resetLegacyPassword: true) and since it's generally a pain not to have this.
  • 🛠 Fixed the "Reset TOTP authentication" feature of "Manage Users".

• v2.100.0 Changes

  November 21, 2019

  • 🆕 New feature: Google Authenticator two-factor authentication (TOTP) support for Apostrophe accounts. Set the totp: true option of the apostrophe-login module. When enabled, users (including admins) are required to set up and complete authentication with Google Authenticator or a compatible TOTP app on their mobile device. On the user's next login they set up Google Authenticator; after that they must supply a code from Google Authenticator at each login. If a user loses their device, an admin can reset their access by editing that user via "Manage Users" and selecting "Reset TOTP 2-Factor Authentication." If the admin loses their device, they can use the new apostrophe-users:reset-totp command line task. Thanks to Michelin for making this work possible via Apostrophe Enterprise Support.
  • 🆕 New feature: resetLegacyPassword: true option for apostrophe-login. When the passwordRules and passwordMinLength options are present, enabling resetLegacyPassword permits the user to change their password right away at login time if it is correct, but does not meet your new standards for adequate passwords. This does not require receiving a confirmation email; if you are concerned by that, consider enabling passwordReset instead if you are willing to configure email delivery. Thanks to Michelin for making this work possible via Apostrophe Enterprise Support.
  • 🆕 New feature: resetKnownPassword: true option for apostrophe-login. When enabled, a currently logged-in user is permitted to change their own password without receiving an email, as long as they know their current password. This adds an additional admin bar item, which you may want to group. Thanks to Michelin for making this work possible via Apostrophe Enterprise Support.
  • 🐎 Performance: Apostrophe is now much faster when editing a piece with hundreds of areas in its schema. Thanks to Bharathkumar Chandrasekaran of Freshworks for his contributions to finding the solution.
  • 🐛 Bug fix: passwordRules and passwordMinLength no longer break support for new users created via apostrophe-passport who use single sign-on and do not have explicit passwords in Apostrophe.
  • ⚠ Developer warning: a module that implements a widget must have a name ending in -widgets or the editor will not work properly in the browser. We now display a warning.
  • 🔧 Developer warning: if the developer tries to configure piecesFilters for the pieces module, rather than the corresponding pieces-pages module, a warning is displayed.
  • 💻 UI fix: modal dialog box height corrected. Thanks to Paul Grieselhuber for this contribution.
  • 💻 UI fix: better Microsoft Edge support. Thanks to Denis Lysenko.

• v2.99.0 Changes

  October 30, 2019

  • Optional password complexity rules. You may set passwordMinLength to a number of your choice. You may also set passwordRules to an array of rule names. Those available by default are noSlashes, noSpaces, mixedCase, digits, and noTripleRepeats. To block existing passwords that don't meet this standard, you should also set passwordRulesAtLoginTime: true. Additional password rules may be registered by calling apos.login.addPasswordRule('name', { test: fn, message: 'error message' }). The function will receive the password and must return true if it is acceptable. Thanks to Michelin for making this work possible via Apostrophe Enterprise Support.
  • 🐎 apos.utils.attachmentUrl has been added to lean mode. It works exactly like apos.attachments.url, which is not available in lean mode, with one exception: to avoid adding more overhead to lean mode, the default size is the original. So you must take care to specify the size option for performance when working with images.
  • ⚡️ When an in-page edit is made and an area is updated as a result, the update method of the appropriate module is now called, rather than apos.docs.update. This allows for beforeSave, etc. to fire in this situation. Thanks to Kalia Martin of swiss4ward for this contribution.
  • 🛠 Apostrophe now provides a res.rawRedirect method, which performs a redirect without adding the sitewide prefix. On sites without a prefix it is equivalent to res.redirect. This is useful when working with a URL that is already prefixed, such as the _url property of a page or piece.
  • ⚡️ Using the groups option to apostrophe-users together with a very large database can lead to slow startup because the groups are found by title, and title is not an indexed field. You may now specify the slug for each group in the array, in which case they are found by slug instead, which is an optimized query. However most very large sites would be better off removing the groups option and allowing groups to be managed flexibly via the admin bar.
  • 👍 apos.tasks.getReq now provides more simulated i18n support.
  • 🛠 The occasional but irritating "not blessed" bug when editing content on the page has been fixed via a new "reinforced blessing" mechanism.

• v2.98.1 Changes

  October 21, 2019

  • 👀 When selecting pages for a join, you are now permitted to choose any page you have access to view. This was never intended to be locked down to pages you can edit. For instance, you should be able to link to any page you can see when editing a navigation widget. Thanks to Freshworks for making this fix possible via Apostrophe Enterprise Support.
  • Beginning with this version we are whitelisting npm audit advisories that are not relevant to Apostrophe. Specifically, advisory 1203 has no bearing on Apostrophe because end users cannot specify collection names to MongoDB via Apostrophe.

• v2.98.0 Changes

  October 11, 2019

  • 🐛 Bug fix: the sendPage method now emits the apostrophe-pages:beforeSend promise event no matter which module is calling self.sendPage. This was always the intention, as shown by the fact that the legacy pageBeforeSend method is called. The purpose of sendPage has always been to allow a custom route to render a page exactly as Apostrophe normally does, and that includes calling all apostrophe-pages:beforeSend handlers.
  • 🐛 Bug fix: the title field is now required in the apostrophe-users module. Thanks to Jose Garcia of swiss4ward.
  • 📦 The apostrophe-templates module now has an internal i18n method intended to be overridden by those who want to monitor and/or alter static internationalization results. This will be used by the forthcoming apostrophe-i18n-debugger module. You don't need to call this method, you can use the standard i18n helpers.

• v2.97.2 Changes

  October 03, 2019

  • 📚 All i18n helpers are now available in templates, not just the __ helper. See the i18n module documentation for more information. Test coverage was added to ensure this remains in place.
  • UX improvements in "reorganize" (Manage Pages).
  • contributing.md now points to the apostrophecms Discord chat community for live community help, rather than Gitter, which has been retired.

• v2.97.1 Changes

  September 26, 2019

  • 🚑 Hotfix for a potential Denial Of Service issue reported by NPM. A user with login privileges could eventually exhaust available memory by submitting thousands of batch job requests.

• « First
• ‹ Prev
• 8
• 9
• 10
• 11
• 12
• 13
• 14
• 15
• 16
• Next ›
• Last »