v1.7.2

NebulaCMS v1.7.2

Release type: patch
Focus: Fix Inertia SPA plugin asset loading, duplicate ReactDOM instances, and MediaPicker form submission

Release commit: 71029418d39e9f608e737cbd4b475ff48f87924d

Summary

This patch release resolves several critical issues concerning client-side routing (Inertia SPA visits) on plugin pages, duplicate React DOM runtime instances in pre-built bundles, esbuild compilation target conflicts under modern Node.js environments, and accidental form submissions in the MediaPicker component.

Key Changes

• Dynamic SPA Asset Loading: Implemented dynamic script and style injection inside the Inertia page resolver to resolve the Plugin page not found error during client-side navigation.
• React DOM Runtime Shim: Created a ReactDOM shim (window.ReactDOM) to share the host's React DOM instance with plugin bundles, fixing Floating UI / Radix Select component crashes (flushSync error).
• Modern Node.js (Node 24) Dev Server Support: Configured Vite's esbuild and optimizeDeps target to esnext in vite.config.ts to prevent destructuring syntax down-compilation errors during local development.
• Accidental Form Submission Prevented: Fixed a bug in MediaPicker where action buttons default to submit triggers, causing premature form redirects when clicking on "Select Featured Image".
• UI/UX Form Enhancements: Enhanced responsiveness in MyFlashChangelogForm with improved breakpoints (lg: grid column classes) and made upload validation errors more user-friendly via toast notifications.

Upgrade notes

• Plugins: If you are using custom pre-built Inertia plugins, please rebuild them using the latest configurations to apply the shared ReactDOM shim and Prevent-Submit updates.
• Database: No database migrations are introduced in this release.

Full Changelog: https://github.com/AngkasaLabs/NebulaCMS/compare/v1.7.1...v1.7.2

v1.7.1

NebulaCMS v1.7.1

Release type: patch
Focus: Fix AppearanceContext sharing in pre-built Inertia plugins

Release commit: 66cffa4

Summary

This patch release fixes a critical production error (useAppearance must be used within an AppearanceProvider) that occurred when accessing pre-built Inertia.js plugins.

Both the core CMS and the pre-built plugins now share a single global AppearanceContext instance via the browser's window object, resolving the duplicate context instantiation issue.

Key Changes

• Fixed useAppearance Error: Shared the AppearanceContext instance globally via window.__NebulaCMS_AppearanceContext__ to prevent duplicate context instances from breaking pre-built plugin rendering.
• Updated Starter Plugin: Rebuilt the starter-inertia-prebuilt plugin assets to apply the context sharing fix.
• Version Bump: Updated the internal version to 1.7.1 in config/nebula.php.

Upgrade notes

• Plugins: If you have custom pre-built Inertia plugins that import @/contexts/appearance-context, please rebuild them using the latest build configuration to apply this fix.
• Database: No database migrations are introduced in this release.

Full Changelog: https://github.com/AngkasaLabs/NebulaCMS/compare/v1.7.0...v1.7.1

v1.7.0

NebulaCMS v1.7.0

Release type: minor
Focus: Pre-built Inertia.js plugin support for shared hosting

Release commit: 107ee2c

Summary

This minor release introduces first-class support for pre-built Inertia.js frontend plugins in NebulaCMS. Plugin authors can now ship compiled frontend assets directly inside their plugin packages, allowing React/Inertia-based admin plugins to work in environments without terminal or SSH access, including shared hosting.

This release also adds an official starter plugin that demonstrates the recommended structure for building shared-hosting-compatible prebuilt Inertia admin plugins.

Added

• Pre-built Inertia Plugin Runtime: Added a runtime host and frontend shims for React, JSX runtime, and Inertia React so prebuilt plugin bundles can register pages dynamically at runtime.
• Dynamic Plugin Asset Resolution: Added PluginFrontendAssetRegistry to resolve plugin frontend assets from each plugin's own dist/manifest.json.
• Dedicated Plugin Asset Route: Added a secure route for serving compiled plugin frontend assets directly from plugin dist directories.
• Plugin Frontend Manifest Support: Extended the Plugin model with helpers to read frontend metadata, manifests, and entrypoints from plugin.json.
• Prebuilt Manifest Validation: Updated plugin requirement checks to validate frontend manifest requirements before plugin activation.
• Official Starter Plugin: Added starter-inertia-prebuilt as a built-in reference plugin for creating shared-hosting-friendly Inertia admin plugins.
• Automated Test Coverage: Added test coverage for plugin manifest parsing, asset resolution, asset serving, starter plugin compatibility, and prebuilt frontend validation.

Changed

• Blade App Shell: Updated the main Blade template to load plugin frontend assets based on the active Inertia page component instead of depending on the global Vite manifest alone.
• Inertia Page Resolution: Updated frontend page resolution so plugin pages can be loaded from the plugin runtime registry instead of source-based Vite discovery.
• Versioning: Bumped the internal NebulaCMS version to 1.7.0.

Upgrade notes

• Assets: Rebuild core frontend assets after pulling this release by running npm run build.
• Plugins: React/Inertia-based plugins should now ship their own compiled dist/manifest.json and frontend asset files.
• Starter Plugin: Use plugins/starter-inertia-prebuilt as the reference template for new prebuilt admin plugins.
• Database: No database migrations are introduced in this release.

Full Changelog: https://github.com/AngkasaLab/NebulaCMS/compare/v1.6.3...v1.7.0

v1.6.3

NebulaCMS v1.6.3

Release type: patch
Focus: Inertia.js non-Inertia response modal overlay fixes

Release commit: 2adf31eb342bfd9e32918dfe5d399f580c491e3d

Summary

This patch release resolves a critical user experience issue in Laravel Inertia where public Blade pages (such as the blog's homepage) were rendered inside a modal overlay (popup/iframe) on top of the admin dashboard or login page.

Fixed

• Logout & Profile Deletion Redirects: Changed controller redirects on logout (AuthenticatedSessionController) and profile deletion (ProfileController) from redirect('/') to Inertia::location('/') to trigger a clean full-page browser reload.
• Guest Auth Logo Links: Changed the logo links in guest authentication layouts (auth-simple, auth-split, auth-card) from Inertia <Link> to standard HTML <a> tags to prevent Inertia from attempting to fetch the Blade homepage via AJAX.
• Global Router Invalid Listener: Added a global invalid event listener in app.tsx to automatically redirect status 200 non-Inertia HTML responses, preventing any future Blade template pages from rendering in modal overlays.

Upgrade notes

• Assets: Rebuild frontend assets after pulling this release by running npm run build.
• Database: No database migrations are introduced in this release.

Full Changelog: v1.6.2...v1.6.3

v1.6.2

NebulaCMS v1.6.2

Release type: patch
Focus: TypeScript type-safety fixes, npm vulnerabilities resolution, and build target optimization

Release commit: d1fb4f0f3051391e3bb6dbc74279caa5a6fd3057

Summary

This patch release focuses on codebase stability and security. It resolves all remaining TypeScript compilation errors, cleans up unused compiler directives, and updates dependencies to eliminate all moderate, high, and critical security vulnerabilities.

Fixed

• TypeScript Type Safety: Resolved 16 type compiler errors across multiple frontend components (including headers, user menus, settings, and welcome pages) to prevent potential runtime null pointer crashes.
• Security Vulnerabilities: Upgraded dependencies to achieve 0 npm vulnerabilities. This includes upgrading concurrently to resolve a critical vulnerability in shell-quote, and overriding esbuild to 0.28.1 to bypass a high-severity remote code execution risk.
• Build Compilation Target: Configured the production build target as esnext in vite.config.ts to resolve compilation errors caused by destructuring transpilation in newer esbuild versions.

Upgrade notes

• Database: No database migrations are introduced in this release.
• Build: Run npm run build to verify the production compilation.
• Reported version: Should show 1.6.2 in Settings → System after upgrading.

Full changelog

https://github.com/AngkasaLab/NebulaCMS/compare/v1.6.1...v1.6.2

v1.6.1

NebulaCMS v1.6.1

Release type: patch
Focus: installer network error and database reconnect fixes

Release commit: 5662e157d2c2cfc52d64f613f6920eeb6a6a8564

Summary

This patch release resolves a critical issue where the installation process could fail at the "Database migration & access roles" step with a "Cannot reach server: Failed to fetch" error.

Fixed

• Installer Network Retry: Added automatic retry logic with exponential backoff to the installer's AJAX calls to handle temporary server restarts caused by php artisan serve when it detects .env file changes (fixes #3).
• Database Reconfiguration & Cache Purge: Hardened the database reconnect logic during migration and seeding steps. It now properly flushes the Laravel cache driver and Spatie Permission cache to prevent stale configurations.

Upgrade notes

• Database: No database migrations are introduced in this release.
• Installation: If you previously had issues installing the application, pull this release and retry.

Full Changelog: v1.6.0...v1.6.1

v1.6.0

NebulaCMS v1.6.0

Release type: minor
Focus: Media picker, link management, rich text editor enhancements, post auto-save with preview links, and ESLint rule updates

Release commit: 98b7dafa21419d83f69e3f254b3de2343dc523f9

Summary

This release introduces a comprehensive media picking and management workflow in the admin panel, featuring reusable media library and link dialog components, drag-and-drop or paste image uploads, and URL validation. The rich text editor has been significantly enhanced with these integrated media and link tools.

Additionally, this release adds post auto-save preview links (utilizing Laravel signed URLs for secure draft previews), local draft persistence, and fixes frontend linting issues by aligning with React Hooks and ESLint rules.

Added

• Media Picker Endpoint: Added the admin.media.picker route and controller endpoint to filter, search, and paginate media folders and assets.
• Media & Link Dialogs: Created reusable MediaLibraryDialog and LinkDialog components for choosing assets and validating link destinations with URL sanitization.
• Rich Text Editor Upgrades: Integrated the image/media picker and link tools directly into the editor, along with native drag-and-drop or paste-to-upload support for images.
• Auto-Save Preview: Added secure draft preview links (via Laravel signed URLs) to the auto-save response, allowing authors to preview drafts before publishing.
• Test Suite: Added comprehensive feature tests covering the admin.media.picker endpoint and post auto-save preview signatures.

Changed

• Post Form Refactoring: Updated the post editor form (Form.tsx) to support the new media picker workflow, handle optional media properties, and prevent null pointer references.
• Auth & Bulk Actions Refactoring: Streamlined authentication facade usage and optimized bulk action routes for media files.
• ESLint & Code Quality: Resolved ESLint violations related to React Hooks rules and updated the ESLint configuration file (eslint.config.js).

Upgrade notes

• Database: No database migrations are introduced in this release.
• Configuration: The application version in config/nebula.php has been bumped to 1.6.0.
• Testing: Verify all new features and tests pass by running php artisan test.

Full changelog

https://github.com/AngkasaLab/NebulaCMS/compare/v1.5.0...v1.6.0

v1.5.0

NebulaCMS v1.5.0

Release type: minor
Focus: Headless API, plugin routing, admin navigation, plugin page loading, improved plugin page resolution, and public docs submodule

Release commit: 9092ddab87292a4d0e0a5a26f66b2af94717754d

Summary

This release introduces the first Headless API layer for NebulaCMS, covering pages, categories, tags, menus, and settings through dedicated API controllers and resources. It also expands the plugin system with plugin routing, admin navigation, and dynamic plugin page loading for Inertia-based admin pages.

On top of that, plugin frontend page resolution has been improved with safer lookup logic and clearer error handling. Documentation assets have also been reorganized to use a public docs submodule.

Added

• Headless API: Added API endpoints and resources for pages, categories, tags, menus, and settings.
• API test coverage: Added HeadlessApiTest to cover the new headless endpoints.
• Plugin routing: Added support for plugin-defined route configuration such as prefix, name prefix, and middleware.
• Plugin admin navigation: Added support for loading admin sidebar navigation items from plugin configuration.
• Plugin page loading: Added dynamic Inertia page resolution for plugin-provided admin pages.
• Plugin hooks: Added filter hook support for plugin route configuration and admin navigation items.
• TypeScript coverage: Extended TypeScript configuration and shared types to support plugin source files and plugin navigation data.

Changed

• Inertia page resolver: Refactored frontend page resolution to support both core and plugin pages.
• Plugin error handling: Improved plugin page lookup logic with safer checks and clearer errors when a page cannot be found.
• Admin sidebar integration: Updated sidebar and navigation components to render plugin-provided admin menu items.
• Documentation structure: Switched public docs to a Git submodule-based workflow.

Upgrade notes

• Database: No new migrations are introduced in this release.
• Plugin compatibility: If you maintain custom plugins, you can now define route config, admin navigation, and plugin admin pages; verify custom plugin pages resolve correctly after upgrading.
• Docs checkout: If you work from source and need the docs locally, run git submodule update --init --recursive.
• Reported version: If NebulaCMS displays an application version in Settings → System, bump it to 1.5.0 before or together with the release tag.

Full changelog

https://github.com/AngkasaLab/NebulaCMS/compare/v1.4.0...v1.5.0

v1.4.0

NebulaCMS v1.4.0

Release type: minor
Focus: theme deactivation, nested settings support, color validation, requirement checker, settings schema, uninstall hooks, zip security, and ActivityLog updates

Release commit: d1c01ea3ab60c59925b8bfb37ef2b84ed1e05431

Summary

This release adds comprehensive theme management improvements including theme deactivation with before/after hooks, nested settings support using dot notation for both themes and plugins, and color field validation with hex color regex pattern. It also introduces theme requirement checker to validate theme dependencies, settings schema for structured theme configuration, and uninstall hooks for clean theme removal. ZIP security has been hardened with SecureZipInspector service. Additionally, Spatie ActivityLog has been updated to use the new submitEmptyLogs method and namespace structure.

Added

• Theme deactivation: Added deactivate method to ThemeController with before/after hooks via ThemeHooks class.
• Nested settings support: Implemented settings merge using dot notation for both themes and plugins in PluginController and ThemeController.
• Color validation: Added hex color regex pattern validation for color fields in theme settings.
• Theme requirement checker: New ThemeRequirementChecker service to validate theme dependencies.
• Settings schema: Added schema validation for theme settings.
• Uninstall hooks: Implemented uninstall hooks for themes with ThemeHooks class.
• ZIP security: New SecureZipInspector service for hardened ZIP upload validation.
• Activity log migration: Added migration for activity_log table.

Changed

• Theme organization: Moved theme hooks from PluginHooks to dedicated ThemeHooks class.
• ActivityLog method: Updated from dontLogEmptyChanges() to submitEmptyLogs() in Page and Post models.
• ActivityLog imports: Updated namespace structure for Spatie ActivityLog imports.
• Asset publishing: Added lock mechanism to prevent concurrent asset publishing operations.
• Dependencies: Updated composer dependencies including Spatie packages.

Upgrade notes

• Database: php artisan migrate (activity log table added).
• Theme compatibility: Existing themes should add uninstall.php and update theme.json with settings schema if using nested settings.
• Reported version: Should show 1.4.0 in Settings → System after this release.

Full changelog

v1.3.1...v1.4.0

v1.3.1

NebulaCMS v1.3.1

Release type: patch
Focus: fix CMS version not being read from config/nebula.php (System Update showed only “v”)

Release commit: e615c941bc2bce0d530d5212ddedf34abce8b272

Summary

A closing */ was missing in the CMS Version comment block in config/nebula.php, so the 'version' entry was accidentally commented out. That made config('nebula.version') null and the admin Settings → System Update page showed only the literal v prefix. This release restores a valid version key and bumps the reported CMS version to 1.3.1.

Fixed

• config/nebula.php: Close the CMS Version docblock before 'version' so nebula.version loads correctly and Current Version displays v1.3.1.

Upgrade notes

• Reported version: Should show 1.3.1 in Settings → System Update after deploying this release.
• No database or PHP requirement changes from v1.3.0.