All Versions
Latest Version
Avg Release Cycle
12 days
Latest Release
567 days ago

Changelog History
Page 9

  • v2.111.3 Changes

    August 26, 2020
    • When Apostrophe is running behind a proxy server like nginx, you can now instruct it to trust the X-Forwarded-* headers by passing the trustProxy: true option to apostrophe-express. If Apostrophe is generating http: URLs when they should be https:, this is most likely what you need.
  • v2.111.2 Changes

    September 19, 2020
    • ๐Ÿ›  Fixed a conflict between express.static and apostrophe's automatic removal of trailing slashes from possible page URLs. Apostrophe's intent in using express.static is only to deliver static assets. So we have made that intent clear by disabling the redirect option of express.static, which attempts to add a trailing slash whenever a folder exists on disk by that name, resulting in an infinite redirect loop.
  • v2.111.1 Changes

    August 17, 2020
    • ๐Ÿ›  Fixed an incompatibility between apostrophe-workflow and MongoDB 4.4. Prior to version 4.4, MongoDB allowed a projection to contain both a parent property and one of its children, for instance workflowLastCommitted and Beginning with version 4.4 this causes an error, breaking the list view of pieces when workflow is present. For backwards compatibility, version 2.111.1 of Apostrophe now checks all projections coming from Apostrophe's cursors for this issue and removes the projection for the sub-property on the fly. This does not cause any compatibility issues of its own because projecting the parent always gives you the sub-property anyway.
  • v2.111.0 Changes

    August 12, 2020
    • ๐Ÿ”ง By popular request, "Add Widget" dropdown menus are better organized now, with support for categories of widgets. You can configure this optional feature like so:
    apos.area(, 'areaNameHere', {
      widgets: { ... you must configure your widgets as usual ... }
      widgetGroups: {
        'Content': [ 'apostrophe-rich-text', 'apostrophe-images' ],
        'Layout': [ 'one-column', 'two-column' ]

    ๐Ÿ”ง Every widget type you specify for widgetGroups must still be configured in widgets.

    If widgetGroups is not present the "add widget" dropdown menu will appear as it always did.

    • โœ‚ Removes the aposBody template macro, which was unused.
  • v2.110.1 Changes

    August 12, 2020
    • โœ‚ Removes the aposBody template macro, which was unused.
  • v2.110.0 Changes

    July 29, 2020
    • ๐Ÿ”’ Security: added support for throttling login attempts. If you set the throttle option of apostrophe-login to { allowedAttempts: 3, perMinutes: 1, lockoutMinutes: 1 }, a user will be locked out and unable to try again for 1 minute after three failed login attempts in 1 minute. Thanks to Michelin for making this work possible via Apostrophe Enterprise Support.
    • Schemas: you may now set a regular expression to be used to validate any string schema field by setting the pattern property of the schema field. Please note that pattern must be a string, not a regular expression literal. Otherwise it will only be validated on the server side, causing confusion for the user when it ๐Ÿ’ป is not reported on the browser side. You may also set patternErrorMessage to provide a clear explanation to the user when their input does not match. When setting pattern as a string always remember to escape the \ character properly (you will often need two \ characters, for instance \\w). To avoid Denial of Service attacks, take care to avoid evil regular expressions.
    • ๐Ÿ”’ Security: added an apostrophe-login:before promise event which is emitted with (req) before a login attempt is evaluated. If a handler throws a string as an error, that string is internationalized and displayed as a login error, otherwise login proceeds normally. This can be used to implement features like the new apostrophe-login-recaptcha module, which you can install separately.
    • ๐Ÿ”’ Security: to ease implementation of apostrophe-login-recaptcha, the login form now has data-apos-login-form and data-apos-login-submit-button attributes on the appropriate elements.
    • ๐Ÿ“š Security: when requiring Google Authenticator or a similar app for login (TOTP), you may now limit the requirement to certain groups, by passing a setting like totp: { groups: true } to the apostrophe-login module rather than just totp: true. Admins may then select which groups actually require TOTP by selecting it when editing the group (look at the permissions tab). In addition, the existing totp option has been added to the module documentation.
  • v2.109.0 Changes

    July 15, 2020
    • โž• Add heic-to-jpeg-middleware to support uploading heic/heif images (the standard format for recent iPhones/iPads). Many thanks to Gabriel L. Maljkovich for their contributions to the underlying middleware as well as the integration with Apostrophe.
    • โž• Add CSS to maintain spacing of admin UI.
  • v2.108.1 Changes

    July 01, 2020
    • ๐Ÿ“š Updates documentation of the clonePermanent utility method.
    • ๐Ÿ”ง The http response to dismissing a notification should not include any information about the mongodb connection. The response previously included relatively low-risk information, including the IP address of the MongoDB server but not enough to make an unauthorized connection when the MongoDB server and/or firewall are properly configured.
  • v2.108.0 Changes

    June 17, 2020
    • ๐Ÿ‘€ UX improvement: if a piece type has the contextual: true option set and workflow is present, do not default published to false. There is already a good opportunity to review before the public sees the piece afforded by workflow.

    • ๐Ÿ‘ฏ If called with a scalar argument, apos.utils.clonePermanent now returns scalars (strings, booleans, numbers) as-is. This makes it easier to use the method when the argument might or might not be an object that requires cloning.

  • v2.107.2 Changes

    June 10, 2020
    • ๐Ÿ›  Fixed a regression that caused difficulty saving array fields with color subfields in their schema. This regression was introduced in 2.107.0.