@ssddanbrown ssddanbrown released this Jan 12, 2019 · 10 commits to master since this release

Security - During the release cycle for Version v0.25 it was found that page content includes could leak their content as preview text to users that don’t have permission to view the included content. It’s recommended to re-save any pages that included other page content that’s restricted to ensure included text is not shown in page preview text.

Requirements Change - Minimum required version of PHP has changed from 7.0.0 to 7.0.5.

Configuration Change - The .env option GRAVATAR_URL=false has been replaced by AVATAR_URL=false.

Full List of Changes

  • Added Ukrainian translations. Thanks to @Mant1kor. (#1183)
  • Added German informal translations. Thanks to @ezzra. (#1159, #890)
  • Updated Polish translations. Thanks to @vasiliev123. (#1180)
  • Updated Spanish translation formatting. Thanks to @moucho. (#1197)
  • Added proper escaping to LDAP authentication variables. (#1163)
  • Added anchor links to user profile sections and added "Register" to header for guest users. Thanks to @qianmengnet. (#1146)
  • Added configurable timeout for file & image uploads. Thanks to @Abijeet. (#1133, #876)
  • Added system to prevent the last admin from removing themselves as an admin. (#1124)
  • Added link to manage users in header if user has permission to do so but does not have permission to change system settings. Thanks to @cw1998. (#1119, #1110)
  • Added support for custom avatar provider. Thanks to @Vinrobot. (#1111)
  • Added option to disable LDAPS Certificate Validation. Thanks to @christophert. (#1065)
  • Added testing coverage to user avatar fetching. (#1193)
    (#1096)
  • Updated times in page exports to use absolute time formats instead of relative formats.
  • Updated "Move" operations so that "Delete" permissions are required on the item being moved. (#1200)
  • Updated page preview/search system to prevent leaks in included content when permissions are set on included content. (#1178)
  • Re-enabled missing plaintext copies on system-generated emails. (#1182)
  • Improved 'SQL' code block highlighting. (#1181)
  • Simplified ".env.example" file and created full example version. (#1205)
  • Fixed WYSIWYG editor issue that could reset cursor position on code block click. (#1162).
Assets 2