Skip to content
Compare
Choose a tag to compare

This is the official 2.3.0 release. There were no new enhancements or bug fixes introduced from release candidate 1 so the change log is essentially the same as v2.3.0.rc.1.

Compare
Choose a tag to compare
Pre-release

View Enhancements

  • Adds association error support via includeAssociations argument #1080 - [Nikolaj Frey]

Bug Fixes

  • onerror handler should increase user defined requestTimeout value #1056 - [Adam Chapman]
  • deletedAt should also respect timestamp mode (UTC) #1063 - [David Belanger]
  • Fixes No output from Debug() usage in plugin test cases #1061 - [Tom King]
  • Development mode will now properly return a 404 status if view not found #1067 - [Adam Cameron, Tom King]
  • 404 status now properly returned without URL rewriting #1067 - [Adam Cameron, Tom King]
  • Internal Docs in ACF2018 should now not display duplicate categories [Tom King]
  • Internal Docs search now resets itself properly on backspace with empty value #982 - [Brandon Shea, Tom King]
  • ValidatesConfirmationOf() now correctly enforces prescence of confirmation property #1070 - [Adam Cameron, Tom King]
  • resource()/resources() now allows empty only property to utilise as non-route parent #1083 - [Brian Ramsey]
  • Handle XSS Injection in development enviroment - [Michael Diederich]
  • Fix params bug in CLI API [#1106] - [Peter Amiri]

Miscellaneous

  • Update Docker Lucee Commandbox version to 5.2.0 - [Adam Chapman, Tom King]
  • Minor internal obselete reference to modelComponentPath removed - [Adam Chapman, Tom King]
  • Minor visual fix for long migration logs overflow in modal (scroll) - [Brian Ramsey]
  • Add test suite for Lucee and H2 Database to the GitHub Actions test suite. - [Peter Amiri]
  • On going changes to update the H2 drivers [#1107] - [Peter Amiri]
  • Fixes some syntax formating introduced by cfformat [#1111] - [Adam Chapman]
  • Minimum ColdFusion version is now ColdFusion (2018 release) Update 3 (2018,0,03,314033) / ColdFusion (2016 release) Update 10 (2016,0,10,314028) / ColdFusion 11 Update 18 (11,0,18,314030) #923 - [Michael Diederich]
  • Wheels save(allowExplicitTimestamps=true) doesn't produce the expected result [#1113] - [SebastienFCT]

Potentially Breaking Changes

  • Automatic Time Stamps: the deletedAt column was using the server's local time for the timestamp while createdAt / updatedAt were using the timestamp selected for the timestamp mode. The default for CFWheels' timestamp mode is UTC and therefore all future deletedAt timestamps will be in UTC unless you've changed the default. Please review any SQL that uses deletedAt for datetime comparison.
Compare
Choose a tag to compare

Controller Enhancements

  • Added the status argument to all render*() functions to force returning a specific HTTP status code #1025 - [Adam Chapman, Tom King]
  • CORS accessControlAllowOrigin can now match subdomain wildcards #1031 - [Tom King]

Model Enhancements

  • Experimental adapter for Oracle database - [Andrei B]
  • Added automaticValidations argument to the property method - [Per Djurner]
  • Support named second argument in findOneBy[Property]And[Property] and findAllBy[Property]And[Property] - [Per Djurner]
  • Support value argument in findOrCreateBy[Property] - [Per Djurner]
  • Minor fix for full null support - [Michael Diederich]

View Enhancements

  • Added the required argument to imageTag to suppress exceptions if using non-existent files #979 - [Adam Chapman, Michael Diederich]

Bug Fixes

  • Removed authenticity token id attribute to avoid non-unique id warnings in Chrome #953 - [Per Djurner]
  • Fixes regular expression bug when using the SQL IN operator #944 - [Adam Chapman, Per Djurner]
  • Display content in maintenance mode on newer Lucee versions #848 - [Per Djurner]
  • validatesUniquenessOf does not respect allowBlank #914 - [Adam Chapman]
  • Wheels.RouteNotFound Error page now escapes the arguments.path to prevent XSS attacks - [Michael Diederich]
  • buttonTo() now uses <button> internally instead of <input> allowing for html in content - #798 - [Tom Sucaet, Tom King, Per Djurner]
  • Minor SQL preview fix in GUI - #992 - [Brandon Shea, Tom King]

Miscellaneous

  • Added the refresh url parameter for auto refreshing test framework html - #986 - [Adam Chapman]
  • Allow custom migrator templates by scanning the /migrator/templates directory - [Adam Chapman]
  • Minimum Lucee 5 version is now 5.3.2.77 - Tests added - [Michael Diederich]
  • Use http_x_forwarded_proto to determine if the application is running behind a loadbalancer that is performing SSL offloading - [Peter Amiri]
  • Allow the combination of url and params arguments with redirectTo - [Adam Chapman]
  • Fixed some variable scoping - [Michael Diederich]
  • Github Actions CI Pipeline - [Adam Chapman, Tom King]
  • Flash Cookie can now be disabled via set(flashStorage="none") #978 [Tom King]
  • processRequest() accepts a route param -#1030 - [Adam Chapman]
  • Migration files are written with 664 mode -#1034 - [Adam Chapman]
Compare
Choose a tag to compare

Bug Fixes

  • Fixed pagination order ambiguous column name exception - #980 [Adam Chapman, Mike Lange]
  • Renames findLast() to findLastOne() for lucee@5.3.5+92 upwards compatibility #988
Compare
Choose a tag to compare
Pre-release

Potentially breaking changes

(Or, just things to look out for...)

  • The new CFWheels internal GUI is more isolated and runs in it's own component: previously this was extending the developers main Controller.cfc which caused multiple issues. The migrator, test runner and routing GUIs have therefore all been re-written.
  • The plugins system behaviour no longer chains multiple functions of the same name as this was a major performance hit. It's recommended that plugin authors check their plugins to run on 2.1
  • HTTP Verb/Method switching is now no longer allowed via GET requests and must be performed via POST (i.e via _method)

Model Enhancements

  • Migrator now automatically manages the timestamp columns on addRecord() and updateRecord() calls - #852 [Charley Contreras]
  • Migrator correctly honors CFWheels Timestamp configuration settings (setUpdatedAtOnCreate, softDeleteProperty, timeStampMode, timeStampOnCreateProperty, timeStampOnUpdateProperty) - #852 [Charley Contreras]
  • MSSQL now uses NVARCHAR(max) instead of TEXT #896 [Reuben Brown]
  • Allow createdAt and updatedAt to be explicitly assigned using the allowExplicitTimestamps=true argument - #887 - [Adam Chapman]

Controller Enhancements

  • New set(flashAppend=true) option allows for appending of a Flash key instead of replacing - #855 - [Tom King]
  • flashMessages() now checks for an array of strings or just a string and outputs appropriately - #855 - [Tom King]
  • flashInsert() can now accept a one dimensional array - #855 - [Tom King]

Bug Fixes

  • Allow uppercase table names containing reserved substrings like OR and AND - #765 [Dmitry Yakhnov, Adam Chapman]
  • Calculated properties can now override an existing property - #764 [Adam Chapman, Andy Bellenie]
  • Filters are now correctly called if there is more than one after filter - #853 [Brandon Shea, Tom King, Adam Chapman]
  • Minor fix for duplicate debug output in the test suite - #176 [Adam Chapman, Tom King]
  • Convert handle to a valid variable name so it doesn't break when using dot notation - #846 [Per Djurner]
  • The validatesUniquenessOf() check now handles cases when duplicates already exist - #480 [Randall Meeker, Per Djurner]
  • validatesConfirmationOf() now has a caseSensitive argument to optionally perform a case sensitive comparison - #918 [Tom King]
  • sendFile() no longer expands an already expanded directory on ACF2016 - #873 [David Paul Belanger, Tom King, strubenstein]
  • Automatic database migrations onApplicationStart now correctly reference appropriate Application scope - #870 [Tom King]
  • usesLayout() now can be called more than once and properly respects the order called - #891 [David Paul Belanger]
  • Migrator MSSQL adapter now respects Time and Timestamp Column Types - #906 [Reuben Brown]
  • Automatic migrations fail on application start - #913 [Adam Chapman]
  • Default cacheFileChecking to true in development mode - [Adam Chapman, Steve Harvey]
  • Migrator columnNames list values are now trimmed - #919 [Adam Chapman]
  • Fixes bug when httpRequestData content is a JSON array - #926 [Adam Chapman]
  • When httpRequestData content is a JSON array, contents are now automatically added to params._json - #939 [Tom King]
  • Fixes bug where Migrator $execute() always appends semi-colon - #924 [Adam Chapman]
  • Fixes bug where model createdAt property is changed upon update - #927 [Brandon Shea, Adam Chapman]
  • Fixed silent application.wheels scope exception hampering autoMigrateDatabase - #957 [Adam Chapman, Tom King]

Miscellaneous

  • Added the ability to pass &lock=false in the URL for when reload requests won't work due to locking - [Per Djurner]
  • Basic 302 redirects now available in mapper via redirect argument for GET/PUT/PATCH/POST/DELETE - #847 - [Tom King]
  • .[format] based routes can now be turned off in resources() and resource() via mapFormat=false - #899 - [Tom King]
  • mapFormat can now be set as a default in mapper() for all child resources() and resource() calls - #899 - [Tom King]
  • HEAD requests are now aliased to GET requests #860 - [Tom King]
  • Added the includeFilters argument to the processRequest function for skipping execution of filters during controller unit tests - [Adam Chapman]
  • Added the useIndex argument to finders for adding table index hints #864 - [Adam Chapman]
  • HTTP Verb/Method switching is now no longer allowed via GET requests and must be performed via POST #886 - [Tom King]
  • CORS Header Access-Control-Allow-Origin can now be set either via a simple value or list in accessControlAllowOrigin() #888 [Tom King]
  • CORS Header Access-Control-Allow-Methods can now be set via accessControlAllowMethods(value) #888 [Tom King]
  • CORS Header Access-Control-Allow-Credentials can now be turned on via accessControlAllowCredentials(true); #888 [Tom King]
  • accessControlAllowMethodsByRoute() now allows for automatic matching of available methods for a route and sets CORS Header Access-Control-Allow-Methods appropriately #888 [Tom King]
  • CORS Header can now be set via accessControlAllowHeaders(value) #888 [Tom King]
  • Performance Improvement: Scanning of Models and Controllers #917 [Adam Chapman]
  • Added the authenticityToken() function for returning the raw CSRF authenticity token #925 [Adam Chapman]
  • Adds enablePublicComponent, enableMigratorComponent,enablePluginsComponent enviroment settings to completely disable those features #926 [Tom King]
  • New CFWheels Internal GUI #931 [Tom King]
  • pluginRunner() now removed in favour of 1.x plugin behaviour for performance purposes #916 [Core Team]
  • Adds validateTestPackageMetaData environment setting for skipping test package validation on large test suites #950 [Adam Chapman]
  • Added aliases for migrator.TableDefinition functions to allow singular variant of the columnNames property #922 [Sébastien FOCK CHOW THO]
  • onAbort is now supported via events/onabort.cfm #962 [Brian Ramsey]
Compare
Choose a tag to compare

Security Release

It is strongly recommended to update to CFWheels 2.0.2 if you are running either 2.0.0 or 2.0.1. This issue does not affect 1.x releases. This release introduces a potentially breaking change, so you are encouraged to test your application appropriately before deploying.

Potential Breaking Changes

  • Blank strings in SQL are no longer converted to null
Compare
Choose a tag to compare

Bug Fixes

  • Fixes reload links on application test suite page.
  • Set dbname in cfdbinfo calls when using custom database connection string.
  • Fixes humanize() function.
  • Enables the rel attribute for stylesheetlinkTag().
  • Returning a NULL value from a query with NULL support enabled no longer throws an error.
  • Accessing a route with incorrect verb now provides a more useful error message.
  • Fixed bug with arrays in URLs.
  • startFormTag now properly applies the method attribute.
  • Incompatible plugin notice now ignores patch releases unless specified.
Compare
Choose a tag to compare

Bug Fixes

  • Made humanize() keep spaces in input.
  • Added spatial datatypes for MySQL.
  • Scope variable to avoid object being returned as NULL.
  • Include "MariaDB" in database check connection string.
  • Fixes MySQL attempts to insert nulls for blank strings.
Compare
Choose a tag to compare

Bug Fixes

  • Support passing in encode="attributes" to submitTag(), buttonTag(), paginationLinks(), checkBoxTag(), and checkBox() - #816 [Per Djurner, Tom King]
  • Support passing in encode="attributes" to date helpers - #818 [Per Djurner]
Compare
Choose a tag to compare
Pre-release

Model Enhancements

  • Added global setting (createMigratorTable) for creating migrations table - #796 [Adam Chapman, Per Djurner]

View Enhancements

  • Use association to create automatic property labels on belongsTo() - #618 [Andy Bellenie, Chris Peters]
  • The output of all view helpers is now encoded by default - #777 [Per Djurner]

Controller Enhancements

  • Added global setting (allowCorsRequests) for allowing CORS requests to go through - #623 [Chris Peters, David Belanger, Per Djurner, Tom King]

Bug Fixes

  • Support CSRF in buttonTo() - #808 [Per Djurner, Tom King]
  • Fix encoding on buttonTo() - #798 [Per Djurner]
  • Fix error when creating default table for migrations - #791 [Adam Chapman, Per Djurner]
  • Fix so calling usesLayout() in Controller.cfc does not affect layout of internal CFWheels pages - #793 [Adam Chapman, Per Djurner]
  • Fix slow performance of findAll - #806 [Andy Bellenie]

Breaking Changes

  • Minimum version when running Lucee 5 is now 5.2.1.9 (can be disabled with the disableEngineCheck setting).
  • Minimum version when running ACF 2016 is now 2016,0,04,302561 (can be disabled with the disableEngineCheck setting).
  • includePartial() now requires the partial and query arguments to be set (if using a query)