All Versions
74
Latest Version
Avg Release Cycle
24 days
Latest Release
1127 days ago
Changelog History
Page 1
Changelog History
Page 1
-
v4.7.7 Changes
February 15, 2021- ๐ fix weird error in integration tests - eb860c0
- ๐ fix: check prototype property access in strict-mode (#1736) - b6d3de7
- ๐ fix: escape property names in compat mode (#1736) - f058970
- ๐จ refactor: In spec tests, use expectTemplate over equals and shouldThrow (#1683) - 77825f8
- โ chore: start testing on Node.js 12 and 13 - 3789a30
(POSSIBLY) BREAKING CHANGES:
- ๐ the changes from version 4.6.0 now also apply in when using the compile-option "strict: true". Access to prototype properties is forbidden completely by default, specific properties or methods can be allowed via runtime-options. See #1633 for details. If you are using Handlebars as documented, you should not be accessing prototype properties from your template anyway, so the changes should not be a problem for you. Only the use of undocumented features can break your build.
That is why we only bump the patch version despite mentioning breaking changes.
-
v4.7.6 Changes
April 03, 2020Chore/Housekeeping:
- โ #1672 - Switch cmd parser to latest minimist (@dougwilson
Compatibility notes:
- โช Restored Node.js compatibility
-
v4.7.5 Changes
April 02, 2020Chore/Housekeeping:
- โช ~Node.js version support has been changed to v6+~ Reverted in 4.7.6
Compatibility notes:
- โช ~Node.js < v6 is no longer supported~ Reverted in 4.7.6
-
v4.7.3 Changes
February 05, 2020Chore/Housekeeping:
- #1644 - Download links to aws broken on handlebarsjs.com - access denied (@Tea56)
- ๐ Fix spelling and punctuation in changelog - d78cc73
๐ Bugfixes:
- โ Add Type Definition for Handlebars.VERSION, Fixes #1647 - 4de51fe
- ๐ฆ Include Type Definition for runtime.js in Package - a32d05f
Compatibility notes:
- No incompatibilities are to be expected
-
v4.7.2 Changes
January 13, 2020๐ Bugfixes:
- ๐ fix: don't wrap helpers that are not functions - 9d5aa36, #1639
๐ Chore/Build:
- chore: execute saucelabs-task only if access-key exists - a4fd391
Compatibility notes:
- No breaking changes are to be expected
-
v4.7.1 Changes
January 12, 2020๐ Bugfixes:
- ๐ fix: fix log output in case of illegal property access - f152dfc
- ๐ fix: log error for illegal property access only once per property - 3c1e252
Compatibility notes:
- no incompatibilities are to be expected.
-
v4.7.0 Changes
January 10, 2020๐ Features:
- 0๏ธโฃ feat: default options for controlling proto access - 7af1c12, #1635
- This makes it possible to disable the prototype access restrictions added in 4.6.0
- an error is logged in the console, if access to prototype properties is attempted and denied and no explicit configuration has taken place.
Compatibility notes:
- no compatibilities are expected
- 0๏ธโฃ feat: default options for controlling proto access - 7af1c12, #1635
-
v4.6.0 Changes
January 08, 2020๐ Features:
- feat: access control to prototype properties via whitelist (#1633)- d03b6ec
๐ Bugfixes:
- ๐ fix(runtime.js): partials compile not caching (#1600) - 23d58e7
๐ Chores, docs:
- ๐จ various refactorings and improvements to tests - d7f0dcf, 187d611, d337f40
- ๐ modernize the build-setup
- use prettier to format and eslint to verify - c40d9f3, 8901c28, e97685e, 1f61f21
- use nyc instead of istanbul to collect coverage - 164b7ff, 1ebce2b
- update build code to use modern javascript and make it cleaner - 14b621c, 1ec1737, 3a5b65e, dde108e, 04b1984, 587e7a3
- restructur build commands - e913dc5,
- ๐ eslint rule changes - ac4655e, dc54952
- โก๏ธ Update (C) year in the LICENSE file - d1fb07b
- chore: try to fix saucelabs credentials (#1627) -
- โก๏ธ Update readme.md with updated links (#1620) - edcc84f
๐ฅ BREAKING CHANGES:
- 0๏ธโฃ access to prototype properties is forbidden completely by default, specific properties or methods can be allowed via runtime-options. See #1633 for details. If you are using Handlebars as documented, you should not be accessing prototype properties from your template anyway, so the changes should not be a problem for you. Only the use of undocumented features can break your build.
That is why we only bump the minor version despite mentioning breaking changes.
-
v4.5.3 Changes
November 18, 2019๐ Bugfixes:
- ๐ fix: add "no-prototype-builtins" eslint-rule and fix all occurences - f7f05d7
- ๐ fix: add more properties required to be enumerable - 1988878
๐ Chores / Build:
- ๐ fix: use !== 0 instead of != 0 - c02b05f
- โ add chai and dirty-chai and sinon, for cleaner test-assertions and spies, deprecate old assertion-methods - 93e284e, 886ba86, 0817dad, 93516a0
๐ Security:
- The properties
__proto__
,__defineGetter__
,__defineSetter__
and__lookupGetter__
have been added to the list of "properties that must be enumerable". If a property by that name is found and not enumerable on its parent, it will silently evaluate toundefined
. This is done in both the compiled template and the "lookup"-helper. This will prevent new Remote-Code-Execution exploits that have been published recently.
Compatibility notes:
- ๐ Due to the security-fixes. The semantics of the templates using
__proto__
,__defineGetter__
,__defineSetter__
and__lookupGetter__
in the respect that those expression now returnundefined
rather than their actual value from the proto. - The semantics have not changed in cases where the properties are enumerable, as in:
{ __proto__: 'some string' }
- The change may be breaking in that respect, but we still only increase the patch-version, because the incompatible use-cases are not intended, undocumented and far less important than fixing Remote-Code-Execution exploits on existing systems.