CHANGELOG.md

Changelog

This project adheres to Semantic Versioning.

5.1.11 (2023-08-01)

Fixed issues:

• #6263 Ensure absolute URLs in the PageRedirect class (leofeyer)
• #6253 Correctly set the link title in the hyperlink controller (leofeyer)
• #6254 Ensure the PID in the favorites listener is an integer (leofeyer)
• #6201 Favorites voter must not grant access (aschempp)
• #6210 Decode HTML entities in feed item titles (bezin)
• #6183 Unset PID for copy button callbacks (aschempp)
• #6230 Set the correct type on model ID (aschempp)
• #6225 Skip type error when trying to assign DCA label to string (aschempp)
• #6242 Replace the token in the storage for front end authentication (ausi)

5.1.10 (2023-07-25)

Security fixes:

• CVE-2023-36806: Cross site scripting in widgets with units

5.1.9 (2023-07-10)

Fixed issues:

• #6178 Correctly encode URLs in the sitemap (aschempp)
• #6173 Increase Symfony filesystem dependency version (ausi)
• #6177 Remove field permissions on favorites table (aschempp)

5.1.8 (2023-06-21)

Fixed issues:

• #6136 Log the bad credentials exception in the security channel (bytehead)
• #6147 Support vimeo unlisted video privacy hash (ausi)
• #6083 Skip insert tags when converting relative URLs (leofeyer)
• #6093 Fix a typo in the _download component (fritzmg)
• #6112 Allow saving serialized strings in DC_File again (zoglo)

5.1.7 (2023-05-25)

Fixed issues:

• #6076 Add a title to the collapsed element button (aschempp)
• #6046 Improve the main navigation hover style (aschempp)
• #6047 Pass the ID to getCurrentRecord() in "override all" mode (leofeyer)
• #5998 Fix the list and table wizards in news and events (leofeyer)

5.1.6 (2023-05-03)

Fixed issues:

• #5989 Hide fields that are not to be displayed in the undo details (leofeyer)

5.1.5 (2023-05-02)

Fixed issues:

• #6000 Add a double encoding setting to the HtmlAttributes class (ausi)
• #5980 Unwrap response exceptions thrown while rendering a template (m-vo)
• #5981 Use the title instead of the filename in the download component (m-vo)

5.1.4 (2023-04-25)

Security fixes:

• CVE-2023-29200: Directory traversal in the file manager

Fixed issues:

• #5988 Harden the file manager against directory traversal attacks (ausi)

5.1.3 (2023-04-19)

Fixed issues:

• #5963 Correctly count the skipped recipients (leofeyer)
• #5964 Add the header.svg and settings.svg icons again (leofeyer)
• #5946 Load the default language when generating the calendar feeds (leofeyer)
• #5960 Prevent double slashes in version URLs (leofeyer)
• #5949 Add the "adjustDca" load callback to tl_news_archive again (leofeyer)
• #5941 Do not treat subdirectories of Twig namespace roots as template paths (m-vo)
• #5922 Correctly pass null values in findBy queries (ausi)

5.1.2 (2023-04-04)

Fixed issues:

• #5921 Fix bug in Hybrid::generate() with missing ID (ausi)
• #5919 Add a unit test for invalid files to the ImagesController (m-vo)
• #5916 Filter non-image files in the ImagesController (leofeyer)
• #5906 Handle null in the html.html.twig template (fritzmg)
• #5897 Handle basic entities in the SERP preview (leofeyer)
• #5900 Allow using basic entities in texts (heimseiten)
• #5895 Allow using basic entities in headlines (leofeyer)
• #5804 Add the missing data container permission checks (aschempp)
• #5885 Always allow toggling a field that is not excluded (aschempp)

5.1.1 (2023-03-16)

Fixed issues:

• #5788 Add the TokenDeauthenticatedListener (bytehead)
• #5870 Explicitly set the legacy template in the TwoFactorController (m-vo)
• #5857 Fix the split button alignment (leofeyer)
• #5819 Surround the togglePassword images with a button (cliffparnitzky)
• #5840 Fix deleting multiple records (Toflar)
• #5838 Add missing type hints to translation classes (ausi)
• #5821 Remove tl_settings.doNotCollapse (aschempp)
• #5828 Return BinaryFileResponse when handling downloads (m-vo)
• #5780 Fix PHPUnit deprecation warnings (m-vo)
• #5803 Move the favorites voter to the correct namespace (aschempp)

5.1.0 (2023-02-16)

Fixed issues:

• #5760 Do not deep merge messenger workers (Toflar)
• #5762 Fix header notification color (ausi)

5.1.0-RC3 (2023-02-09)

5.1.0-RC2 (2023-01-27)

Fixed issues:

• #5704 Do not require overwriting the console path (leofeyer)
• #5714 Use the HTML sanitizer component as Twig filter (ausi)
• #5697 Fix the module wizard (leofeyer)
• #5703 Fix the Gulp watch task (fritzmg)
• #5702 Make $consolePath a required argument (leofeyer)
• #5695 Use two different icons for light and dark mode (leofeyer)
• #5691 Correctly toggle the favorites menu group (leofeyer)
• #5687 Move the dark mode toggle to the header bar (leofeyer)
• #5689 Make console_path a general Contao configuration (Toflar)
• #5690 Fix the icons when toggling structures in dark mode (leofeyer)

5.1.0-RC1 (2023-01-13)

New features:

• #4847 Add a new feed reader implementation (bezin)
• #5682 Allow to pass an array of allowed attributes to Input::stripTags() (leofeyer)
• #5672 Add more back end grid classes (leofeyer)
• #5673 Add an attributes_callback for DCA fields (aschempp)
• #5671 Allow a minimum amount of workers for autoscaling (Toflar)
• #3694 Add the URI and page ID to log entries (SeverinGloeckle)
• #5427 Check the administrator e-mail address (fritzmg)
• #5405 Introduce background workers (Toflar)
• #5631 Implement a dark scheme toggle (aschempp)
• #5368 Enable the login rate limit (bytehead)
• #5598 Also minify the core.js and mootao.js scripts with Webpack (leofeyer)
• #5031 Add a dark mode for the back end (leofeyer)
• #4936 Support the native date input type for text fields in the form generator (fritzmg)
• #5307 Add a confirmation message to forms and provide Ajax out of the box (qzminski)
• #4898 Add error handling to the form data processing (rabauss)
• #5425 Allow sorting DCA fields ascending and descending (aschempp)
• #5417 Add a button to copy multiple records and paste them multiple times (aschempp)
• #5591 Remove localconfig.disableCron in favor of a new zero config approach (Toflar)
• #5602 Adjust the name of the default guests group (leofeyer)
• #5116 Add the MemberActivationMailEvent (fritzmg)
• #5478 Add the #[\SensitiveParameter] attribute (ausi)
• #5371 Allow to set the locale in Template::trans (fritzmg)
• #5609 Improve the content elements view (leofeyer)
• #5607 Use CSS variables for all colors and CSS classes instead of inline styles (leofeyer)
• #5592 Add a favorites menu in the back end (leofeyer)
• #5594 Also add the new "idempotent actions" logic to DC_Folder (leofeyer)
• #5406 Add stimulus controllers in the back end (aschempp)
• #5554 Add support for async CLI cron jobs (Toflar)
• #5461 Disable the request token check for idempotent actions (aschempp)
• #5364 Allow defining a default search field (leofeyer)
• #5403 Add a user option to not collapse content elements (aschempp)
• #5379 Use sendfile for local files downloads (m-vo)
• #5359 Change the default value for tl_layout.viewport (leofeyer)
• #5347 Add a markdown help text (leofeyer)
• #5304 Add a lock overlay for protected articles (leofeyer)

Fixed issues:

• #5683 Fix the skippable cronjobs (fritzmg)
• #5680 Add isRequired() for desired_size and max settings on workers (Toflar)
• #5679 Add a default value for the worker "min" configuration (Toflar)
• #5670 Do not add the request token to idempotent actions (leofeyer)
• #5666 Skip cron execution for minutely cron and messenger cron in web scope (Toflar)
• #5653 Fix the tree indentation (leofeyer)
• #5652 Only hide the dark/light theme icons via CSS (leofeyer)
• #5647 Ensure Doctrine connections are closed after message handling (Toflar)
• #5646 Use enumNode instead of custom validation (Toflar)
• #5597 Correctly open and close tree nodes if there is a filter (leofeyer)
• #5593 Fix the aria-hidden attribute in the tips.js file (leofeyer)