Skip to content

Releases: Cockpit-HQ/Cockpit

v2.14.0

Choose a tag to compare

@aheinze aheinze released this 30 Mar 12:16
  • Improve KISS components
  • MongoLite: Restrict query callbacks ($func, $fn, $f, $where, direct criteria callbacks) to anonymous closures only
  • Improve logging utility: validate log type and enhance context handling
  • Add support for custom ACL permission expression (via ScriptLite)
  • Content: Add meta.computed ScriptLite support for save-time computed fields
  • Fix Bucket path traversal vulnerability
  • Enhance SVG file handling during uploads
  • Improve Thumbhash class with enhanced validation and error handling
  • MongoLite: Optimize sorting performance
  • Content: Validate and enforce ACL permissions on $lookup stages in aggregate pipeline
  • Harden session cookie handling: enforce HttpOnly, auto-detect Secure, validate SameSite, and support configurable cookie params via session.cookie
  • Sanitize display values in field-select and field-tags components to prevent XSS

v2.13.5

Choose a tag to compare

@aheinze aheinze released this 09 Mar 03:10

Cockpit

  • Add support for PHP 8.5+ compatible custom SQLite functions (IndexLite lib)
  • Add identi.callback.data event trigger
  • MongoLite: Refactor equality checks with matchesDirectValue helper method
  • Add ScriptLite lib to support run sandboxed ECMA Script subset code
  • MongoLite Aggregation Optimizer: Escape identifiers and JSON paths to ensure safe usage in SQL queries
  • Tower: Prevent shell injection by using Process array form
  • Fix stored XSS vulnerability in user profile twofa.secret field

v2.13.4

Choose a tag to compare

@aheinze aheinze released this 29 Jan 00:26
  • Remove ReflectionMethod::setAccessible() calls (deprecated since PHP >=v8.5)
  • Fix deprecated non-canonical cast usage
  • Add a dry-run option to the CLI update command and add logging to the update process
  • Refactor MongoLite + add support for more MongoDB aggregation operators
  • Fix the possibility to delete files outside of Cockpit as super admin
  • Fix Async code generation

v2.13.3

Choose a tag to compare

@aheinze aheinze released this 09 Jan 22:07
  • Micro performance improvements by explicitly marking global functions in a namespace context
  • Add --translate option to app:i18n:create command and refactor string extraction
  • Improve JSON viewer dialog
  • Enhance DotEnv parsing to support quoted, multiline, and typed values, and improve variable resolution with circular reference detection.
  • Improve SVG sanitization on upload
  • Fix vulnerabilities in MongoLite QueryOptimizer and content aggregation api @DQH1

Thanks to DQH1 for responsibly reporting critical security issues.

v2.13.2

Choose a tag to compare

@aheinze aheinze released this 31 Dec 17:04
  • Fix Updater view
  • Add support for multiple mailer accounts
  • Add possibility to set parent folder for an asset folder
  • Fix GraphQL error when field definition is missing multiple property
  • Add system:fix-mongolite-collection-json command to fix malformed JSON entries in a MongoLite collection

v2.13.1

Choose a tag to compare

@aheinze aheinze released this 26 Dec 16:29
  • Fix kiss-cover helper class #294

v2.13.0

Choose a tag to compare

@aheinze aheinze released this 21 Dec 22:56
  • Add system mailer test functionality
  • Clean up inactive worker PIDs
  • Add query optimizer to MongoLite
  • Make IndexLite more compatible with Meilisearch
  • Add group filtering to app search results
  • Upgrade TipTap to v3
  • Add parallel job processing to worker using the parallel extension if available
  • Fix App.utils.selectAsset causing MongoDB error with empty filter
  • Add parallel batch execution method to Async helper
  • Add FrankenPHP worker mode support
  • Fix PHP v8.5 MongoLite database compatibility by using Pdo\Sqlite if available.
  • Add initial RTL support

v2.12.1

Choose a tag to compare

@aheinze aheinze released this 26 Oct 20:51
  • Fix Identi module usage with spaces
  • Fix video preview in assets manager spotlight
  • Improve RedisLite and ESQL lib
  • Fix missing fixToHeight method for image api
  • Add image assets preset support
  • Fix nested _id filtering (mongodb)
  • Enhance field-object component to support strict JSON mode
  • Enhance field-boolean component with integer mode support
  • Update Uppy.js from v4 to v5
  • Fix missing _id on assets folder creation (mongodb)

v2.12.0

Choose a tag to compare

@aheinze aheinze released this 01 Aug 09:51
  • Trigger additional app.user.logout.after on user logout
  • Improve IndexLite lib
  • Improve MongoLite compatibility with MongoDB
  • Add chart.js lib + vue-chart component
  • Add lightweight SQL pdo wrapper ESQL lib
  • Add Identi module to enable OAuth based logins - sponsored by @unchainedshop
  • Add custom folder icon support in assets manager
  • Add assets.before.remove event
  • Added an experimental feature to filter content based on the attributes of its linked items. This allows for more granular queries using the @{fieldname.property} syntax, such as @author.name: 'Ozzy'

v2.11.4

Choose a tag to compare

@aheinze aheinze released this 01 Jul 17:03
  • Assets: add video transcoding helper function
  • Assets: Improved HTTP caching when output parameter o is used (image api)
  • Add color picker functionality to wysiwyg field
  • Escape user-provided data to prevent XSS vulnerabilities in views (admin ui).
  • Add config setting tower.disabled to disable tower in admin ui
  • Update Vue to v3.5.17