This project adheres to Semantic Versioning.
4.11.9 (2021-08-24)
Fixed issues:
- #3340 Fix another undefined array key warning (bytehead)
- #3308 Fix undefined array keys (BugBuster1701)
4.11.8 (2021-08-12)
4.11.7 (2021-08-11)
Security fixes:
- Prevent privilege escalation with the form generator (CVE-2021-37627)
- Prevent PHP file inclusion via insert tags (CVE-2021-37626)
- Prevent XSS via HTML attributes in the back end (CVE-2021-35955)
4.11.6 (2021-08-04)
Fixed issues:
- #3253 Fix more invalid array access and missing null checks (m-vo)
- #3208 Always concatenate the 'image_container' class in figure.html.twig (m-vo)
- #3130 Add more null checks for DCA lang references (m-vo)
- #3123 Fix another invalid array access in ModuleProxy (m-vo)
- #3090 Allow empty content element translation key (leofeyer)
- #3098 Automatically inject container for tagged controllers (aschempp)
- #3087 Remove two superfluous labels (leofeyer)
- #3079 Fix another invalid array access (m-vo)
- #2931 Fix filtering for recurring events (fritzmg)
4.11.5 (2021-06-23)
Security fixes:
- Prevent XSS in the system log (CVE-2021-35210)
Fixed issues:
4.11.4 (2021-06-09)
Fixed issues:
- #3048 Fix another PHP 8 "undefined array key" issue (leofeyer)
- #2987 Add tests for the image studio macros (m-vo)
- #2937 Fix PHP 8 compat of DC_Table/Environment (rabauss)
- #3004 Fix an inconsistency in the routing functional tests (Toflar)
4.11.3 (2021-05-13)
Fixed issues:
- #2991 Enable "useSSL" by default unless the backend request is insecure (ausi)
- #2969 Fix more PHP 8 undefined array index errors (ausi)
- #2982 Add width/height attributes to the picture source (ausi)
- #2966 Update the functional tests section in README.md (ArndtZiegler)
- #2927 Use CSS to add the main headline separators (leofeyer)
- #2919 Prevent an 'Undefined array key "id"' warning in the clipboard (leofeyer)
- #2923 Fix more PHP 8 undefined array index errors (ausi)
- #2922 Fix another PHP 8 undefined array index error (ausi)
4.11.2 (2021-03-25)
Fixed issues:
- #2915 Fix the version 4.8.0 update (leofeyer)
- #2911 Fix more PHP 8 warnings (leofeyer)
- #2908 Add a command to debug the page controllers (aschempp)
- #2907 Manually override content composition for known legacy types (aschempp)
- #2902 Fix the list/explodes when the second variable can be null (leofeyer)
- #2858 Quote the "group" field in the UserCreateCommand statement (richardhj)
- #2706 Add support for namespaced DC drivers (Toflar)
- #2845 Always show all errors in the contao-setup binary (m-vo)
- #2843 Fix another illegal array access in System::getReferer() (m-vo)
- #2856 Fix the search query if there are no keywords (ausi)
4.11.1 (2021-03-04)
Fixed issues:
- #2785 Handle null arguments in the ContentCompositionListener (fritzmg)
- #2835 Fix an illegal object access in the Versions class (leofeyer)
- #2833 Use dependency injection for the InitializeController (aschempp)
- #2834 Allow passing an array of IDs to User::isMemberOf() (leofeyer)
- #2805 Fix an illegal array access in DC_Table when expanding the tree (m-vo)
- #2818 Fix the logout handler in Symfony 5 (fritzmg)
- #2794 Handle another illegal array access in the tl_page DCA (m-vo)
- #2788 Fix accessing Model\Collection instead of Model in ModuleFaqPage (m-vo)
- #2784 Correctly sort the pages if the URL suffix is empty (aschempp)
- #2806 Fix accessing an undefined variable (m-vo)
- #2796 Suggest using the contao-setup binary with @php prefix (m-vo)
- #2783 Correctly merge image size _defaults (m-vo)
- #2782 Fix the type casting for the FigureBuilder::enableLightbox() method (richardhj)
- #2774 Do not use Kernel::$rootDir anymore (fritzmg)
4.11.0 (2021-02-17)
Fixed issues:
- #2763 Fix an illegal array access in BackendUser::navigation() (m-vo)
- #2764 Fix an illegal array access in DC_Table::reviseTables() (m-vo)
- #2766 Automatically prefix the back end attributes (leofeyer)
- #2752 Symlink highlight.php as highlight_php (leofeyer)
- #2743 Change the default URL suffix (leofeyer)
- #2732 Handle non-existing resources in the FigureRenderer (m-vo)
- #2731 Do not replace template data recursively when applying legacy template data (m-vo)
- #2704 Fix the rgxp=>httpurl implementation (leofeyer)
4.11.0-RC2 (2021-01-29)
Fixed issues:
- #2703 Correctly show fields with an input_field_callback (leofeyer)
- #2702 Register the SitemapController in the services.yml (leofeyer)
- #2701 Correctly match page controllers with absolute paths (aschempp)
- #2698 Handle root pages without hostname in the SitemapController (Toflar)
- #2694 Remove the legacy encryption logic (Toflar)
- #2693 Fix a wrong class reference in the Widget class (leofeyer)
- #2679 Fix yet another E_WARNING issue (leofeyer)
- #2662 Fix entity encoding in the figure insert tag (m-vo)
- #2661 Use type="url" for httpurl text fields (fritzmg)
4.11.0-RC1 (2021-01-18)
Security fixes:
- Prevent insert tag injection in forms (CVE-2020-25768)
New features:
- #2607 Add a "figure" insert tag (m-vo)
- #2297 Add a "httpurl" and a "custom" rgxp option (fritzmg)
- #2183 Use a binary instead of a Composer script handler (m-vo)
- #2501 Handle altering Twig bundle paths at runtime (m-vo)
- #2187 Support insert tags in Twig templates (m-vo)
- #1999 Add configuration options for the back end theme (rabauss)
- #2049 Drop the schema filter and adjust the schema generator (m-vo)
- #2293 Store the 2FA backup codes hashed (bytehead)
- #2072 Deprecate the Controller::addImageToTemplate() method (m-vo)
- #2232 Auto-configure doctrine.orm.mappings for app entities (m-vo)
- #1937 Allow rendering a figure inline from PHP templates (m-vo)
- #2438 Remove the CDN integration of MooTools and jQuery (Toflar)
- #2554 Support native transport and other mailer transport options (fritzmg)
- #1779 Allow overriding page title and description in FAQs (dmolineus)
- #1301 Add a "copy URL" button in the preview toolbar (simonreitinger)
- #2600 Remove the Composer script handler (leofeyer)
- #2593 Replace highlight.js with highlight.php (leofeyer)
- #1941 Make Contao compatible with Symfony 5.2 (leofeyer)
- #2568 Restore compatibility with E_WARNING (leofeyer)
- #2295 Dynamically fetch the sitemap XML files (Toflar)
- #2432 Use meaningful values for the "autocomplete" attributes (leofeyer)
- #2431 Remove the Google web fonts field from the page layout (leofeyer)
- #2421 Stop using the deprecated Doctrine methods (leofeyer)
- #2051 Allow editing Twig files in the template editor (m-vo)
- #2368 Add a createIfDeferred() method to the ImageResult class (m-vo)
- #2243 Allow defining default values for the contao.image.sizes config (m-vo)
- #2404 Remove the "add language" menu from the meta wizard (leofeyer)
Fixed issues:
- #2606 Fix another E_WARNING issue (leofeyer)
- #2605 Symlink the highlight.php styles folder (leofeyer)
- #2604 Update the CONTRIBUTORS.md (leofeyer)
- #2599 Fix more E_WARNING issues (leofeyer)
- #2595 Fix the OrderFieldMigration class (leofeyer)
- #2594 Fix two more E_WARNING issues (leofeyer)
- #2510 Add compatibility with terminal42/escargot version 1.0 (ausi)
- #2284 Replace phpunit/token-stream with nikic/php-parser (m-vo)