You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Added\n- Configuration publishing for module-specific configs\n- Plugins config: php artisan vendor:publish --tag=cms-plugins-config\n- Themes config: php artisan vendor:publish --tag=cms-themes-config\n- Updates config: php artisan vendor:publish --tag=cms-updates-config\n### Changed\n- Moved developer documentation to docs/developer/ directory\n- SKIPPED_TESTS.md → docs/developer/Skipped-Tests.md\n- COVERAGE.md → docs/developer/Test-Coverage.md\n- Updated documentation to reflect PHP 8.2 and Laravel 12 requirements\n### Fixed\n- Replaced deprecated mime_content_type() with finfo_file() in PluginManager\n- Fixed code style inconsistency in PluginManager exception handling\n- Documented all skipped tests with explanations\n### Removed\n- V1_RELEASE_CHECKLIST.md - internal development tracking file\n## [1.0.0-beta1] - 2024-12-21\n### Added\n- Core Updates Module with automatic update checking and management\n- GitHub, GitLab, and Custom JSON update source support\n- Version-specific update downloads with prerelease filtering\n- Automatic backup creation before updates with rollback capability\n- ZIP extraction with nested directory handling\n- Path validation and security checks in backup operations\n- Comprehensive error logging during update operations\n- Artisan commands: check-for-update, perform-update, rollback-update\n- Plugin System foundation (experimental)\n- Plugin model with activation/deactivation tracking\n- Plugin manager for lifecycle management\n- Plugin update manager integration\n- Plugin validation and installation exceptions\n- Theme System foundation (experimental)\n- Theme manager with theme discovery\n- Theme activation mechanism\n- JSON manifest validation\n- Comprehensive input sanitization throughout codebase\n- Applied sanitizeText() and sanitizeInt() to all user inputs\n- Protected database queries from SQL injection\n- Validated and sanitized all controller inputs\n- Type declarations for improved IDE support\n- Added Builder type hints to all Eloquent scope methods\n- Added return type declarations across models\n- Improved parameter type hints in managers and services\n- Database seeders for default data\n- RolesTableSeeder (Admin, Editor, User roles)\n- PermissionsTableSeeder (content, user, settings, system permissions)\n- SettingsTableSeeder (site configuration defaults)\n- Exception hierarchy with base CMSFrameworkException\n- ValidationException for validation errors\n- NotFoundException for missing resources\n- UnauthorizedException for authorization failures\n- All module exceptions now extend CMSFrameworkException\n- Comprehensive documentation\n- API documentation structure (docs/api/README.md)\n- Route registry (docs/routes.md)\n- Relationship documentation (docs/relationships.md)\n- Helper functions reference (docs/helpers.md)\n- Exception handling guide (docs/exceptions.md)\n- Skipped tests documentation (now at docs/developer/Skipped-Tests.md)\n- Improved .gitattributes for cleaner package distribution\n### Changed\n- License changed from GPL-3.0-or-later to MIT for better framework compatibility\n- Standardized all @since annotations to 1.0.0 (removed premature 2.0.0 references)\n- Configuration system improvements\n- Fixed publish tag from artisanpack-package-config to cms-framework-config\n- Corrected config validation to use artisanpack.cms-framework.user_model\n- Updated error messages to reflect actual file paths\n- Code style improvements (74% PHPCS error reduction)\n- Fixed spacing issues in declare(strict_types = 1) statements\n- Fixed reference operator spacing in closures\n- Improved array alignment and formatting\n- Fixed Yoda conditions for comparison safety\n### Fixed\n- Configuration validation mismatch between publish tag, file path, and config key\n- Test configuration (fixed config key from cms-framework to artisanpack.cms-framework)\n- Progress bar in update command (removed misleading fake progress)\n- glob() error handling for backup operations\n- Path traversal security issues in backup ZIP creation\n- JSON parsing errors in UpdateCheckerFactory\n- Doctrine/DBAL deprecation warnings in migrations\n- 706 code style violations (reduced from 941 to 235 errors)\n- Input sanitization security vulnerabilities across multiple modules\n- Unskipped 2 notification tests (role-based notification functionality now fully tested)\n### Security\n- Added comprehensive input sanitization using ArtisanPackUI Security package\n- Sanitized all user inputs before database operations\n- Protected against XSS attacks with proper output escaping\n- Validated file paths to prevent directory traversal\n- Enhanced authorization with proper policy enforcement\n- Improved error handling to prevent information disclosure\n### Breaking Changes\n- Configuration file publish tag changed to cms-framework-config\n- Configuration structure now uses artisanpack.cms-framework instead of cms-framework\n- All @since 2.0.0 annotations changed to @since 1.0.0\n### Known Limitations\n- Plugin system is experimental - full lifecycle hooks not yet implemented\n- Theme system is experimental - asset compilation and child themes pending\n- 4 plugin-related tests remain skipped (documented in docs/developer/Skipped-Tests.md)\n- Test coverage report requires Xdebug/PCOV (recommended for CI/CD)\n- 235 PHPCS code style warnings remain (mostly spacing and false positives)
