This project adheres to Semantic Versioning.
5.3.13 (2024-08-23)
Fixed issues:
- #7465 Fix the content element player start time (kllmanu)
- #7443 Show a warning if a personal data module allows to change the password (leofeyer)
- #7088 Add voters for content elements (aschempp)
- #7440 Generate a new session ID after a member has changed their password (leofeyer)
- #7235 Allow toggling fieldset states with keyboard actions (A11Y) (zoglo)
- #7428 Improve the web worker time limit (ausi)
- #7435 Restore the previous messages order in
DC_Table
(fritzmg) - #7439 Use
ERR.submit
in all DC forms (fritzmg) - #7367 Improve the visibility of the
.limit_toggler
in the back end (lukasbableck) - #7416 Encode mailto addresses in the markdown element (Toflar)
- #7407 Add the
DataContainer::getActiveRecord()
method (Toflar) - #7422 Prevent endless recursion when copying elements with children (ausi)
5.3.12 (2024-08-06)
Fixed issues:
- #7385 Clone content elements with all data (aschempp)
- #7411 Make sure to add the assets/files context to all image paths (leofeyer)
- #7397 Use
maxLines: Infinity
to automatically resize the ACE editor (leofeyer) - #7398 Make the theme icons forward compatible (leofeyer)
- #7382 Fix the double form submission script (leofeyer)
- #7376 Skip database backups if the remaining migrations will not be executed (fritzmg)
- #7381 Fix the padding of the main content area on mobile devices (leofeyer)
- #7374 Fix the z-index of the limit height toggle (leofeyer)
- #7364 Use the modified element when cloning (aschempp)
- #7358 Use the widget attributes to generate the DCA row (aschempp)
- #7348 Cleanup a leftover service argument (Toflar)
- #7343 Do not limit the number of download items (mpitz)
- #7327 Add the
:never
return type to methods that never return (aschempp) - #7319 Generate public URIs for automatically mounted adapters replacing symlinks (m-vo)
- #7320 Handle
.<ext>.twig
file extensions in DC_Folder (m-vo)
5.3.11 (2024-06-28)
Fixed issues:
- #7315 Fix the priority of the web worker and improve memory handling (Toflar)
- #7317 Fix missing submitter in form data (ausi)
- #7309 Fix infinite loop in
encore dev --watch
(zoglo)
5.3.10 (2024-06-25)
Fixed issues:
- #7300 Remove two leftover clearing DIVs (leofeyer)
- #7293 Prevent double form submission (ausi)
- #7294 Fix symlinked file not inside root directory (ausi)
- #7292 Evaluate scripts in Ajax form responses (ausi)
- #7296 Fix toggling nodes if there is no global operation (leofeyer)
- #7291 Fix drag and drop in the file manager (leofeyer)
- #7289 Skip sleeping in messenger web worker (ausi)
- #7055 Return to the list view after adding items to the clipboard (aschempp)
- #7287 Fix missing query parameters in the file insert tag (ausi)
- #7283 Use the translator language instead of the request language for the
iflng
andifnlng
insert tags (Toflar) - #7282 Check CSRF and private response after the session (ausi)
- #7270 Replace non-routable URLs with an empty string for the
{{link*}}
insert tags (fritzmg) - #7268 Initialize the Contao framework when working with opt-in tokens (aschempp)
- #7253 Rework the messenger integration (Toflar)
- #7262 Remove the process timeout in the
SuperviseWorkersCommand
(md-netdesign) - #6985 Undeprecate using
$model->classes
(aschempp) - #6991 Cache relative paths in the ContaoFilesystemLoader (m-vo)
- #7244 Replace insert tags when parsing widget templates (fritzmg)
- #7241 Use the original ID for nested fragments if available (aschempp)
- #7239 Fix more edge cases in the
HtmlAttributes
class (ausi) - #7228 Overwrite the page metadata before parsing the news article (lukasbableck)
- #7237 Fix an endless loop in the
DC_Folder::getParentFilemounts()
method (leofeyer) - #7225 Do not trigger the PHP
header()
deprecation for certain headers (fritzmg)
5.3.9 (2024-05-24)
Fixed issues:
- #7102 Invalidate the pagemounts cache in the back end access voter when duplicating a page (lukasbableck)
- #7197 Remove a redundant
strlen()
check (leofeyer) - #7223 Correctly set the status code of the fallback route to 404 (veronikaplenta)
- #7214 Make Twig 3.10.2 the minimum requirement (leofeyer)
- #7202 Fix the CSS class of legacy templates in new elements and modules (veronikaplenta)
5.3.8 (2024-05-07)
Fixed issues:
- #7195 Handle quoted columns names in the boolean fields migration (ausi)
- #7133 Skip permissions checks for child records (aschempp)
- #7192 Hide migrated news feeds in the navigation menu (leofeyer)
- #7189 Fix the
ParsedSequence::serialize()
method (ausi) - #7186 Allow
contao.insert_tag
tags without method and priority (fritzmg) - #7164 Do not use the deprecated
replaceInsertTags
hook (ausi) - #7175 Check access to
fieldsOfTable
for the file edit operation (aschempp) - #7149 Show all page types in the help wizard (leofeyer)
- #7145 Allow hyphens in custom legacy template names (fritzmg)
- #7151 Add the component style sheets before the user style sheets (leofeyer)
- #7049 Implode arrays recursively when showing undo records (leofeyer)
- #7168 Allow to move an error page within its root (aschempp)
- #7173 Correctly set the
defer
attribute for combined deferred scripts (ReneLuecking) - #7170 Use the new
onpalette_callback
to unset fields in the file manager (aschempp) - #7165 Fix invalid HTML markup in splash screens (bennyborn)
- #7154 Store enum fields in the DCA extractor cache (SeverinGloeckle)
- #7153 Fix non-existent "contao.image.image_factory" in FeedItem.php (stefansl)
- #7148 Disable the search index listener in the back end (Toflar)
- #7144 Fix the PHP subprocess call once again (Toflar)
- #7147 Catch the URL generator exception in the news insert tag (qzminski)
- #7146 Test the
deserialize
Twig filter (ausi) - #7139 Add a
deserialize
Twig filter (leofeyer)
5.3.7 (2024-04-19)
Fixed issues:
- #7089 Make the member group voter cacheable (aschempp)
- #7129 Make the
PhpTemplateProxyNode
class compatible with Twig 3.9 (ausi) - #7130 Fix the elements check in the
sectionwizard.js
script (qzminski) - #7127 Use
PhpSubprocess
instead ofProcess
in theProcessUtil
class (Toflar)
5.3.6 (2024-04-17)
Fixed issues:
- #7122 Ensure compatibility with Twig 3.9 (leofeyer)
- #7112 Handle empty strings in the
StringResolver
class (qzminski)
5.3.5 (2024-04-16)
Fixed issues:
- #7113 Fix the order of the media block in the text element markup (ausi)
- #7107 Use Encore to minify the SVG icons (leofeyer)
- #7071 Add the missing styles to the new table element (zoglo)
- #7106 Enable the
sortAttrs
option in the SVGO configuration (leofeyer) - #7017 Fix the elements check in the
modulewizard.js
script (qzminski) - #7073 Use
display: grid
in the image gallery preview (zoglo) - #7074 Initialize Handorgel on the element (zoglo)
- #7081 Add the missing
WysiwygStyleProcessor
autowiring alias (Toflar) - #7064 Also unset the
disable
,start
andstop
fields when an admin edits themselves (aschempp) - #7057 Cache SQL queries in the page type voter (aschempp)
- #7046 Fix some edge cases when parsing HTML style attributes (ausi)
5.3.4 (2024-04-09)
Security fixes:
- CVE-2024-28235: Session cookie disclosure in the crawler
- CVE-2024-28190: Cross site scripting in the file manager
- CVE-2024-28191: Insert tag injection via the form generator
- CVE-2024-28234: Insufficient BBCode sanitization
5.3.3 (2024-03-22)
Fixed issues:
- #7045 Fix a bug in
setIfExists()
with Stringable objects (ausi) - #7044 Fix double encoding/decoding in the
HtmlAttributes
class (ausi)
5.3.2 (2024-03-21)
New features:
Fixed issues:
- #7039 Revert the changes to the "file uploaded" check (fritzmg)
- #7032 Harden mime type handling in the
FilesystemItem
class (m-vo) - #7026 Show headlines in article teasers again (zoglo)
- #7006 Use the fragment registry in the
debug:fragments
command (bytehead) - #7031 Allow version 5 of lcobucci/jwt (leofeyer)
- #7027 Register theme templates in the global namespace, too (ausi)
- #7028 Enable collapsible fieldsets without storage (aschempp)
- #7021 Override the access decision strategy instead of the manager (aschempp)
- #7016 Fix a PHP 8 warning in the
tl_article.getActiveLayoutSections()
method (qzminski) - #7008 Fix the traceable access decision manager (aschempp)
- #7007 Return to the list view after adding items to the clipboard (aschempp)
- #6996 Use voters for theme permissions (aschempp)
- #7002 Add the user access voter (aschempp)
- #6993 Fix the front end module permissions (aschempp)
- #7005 Make the
ParentAccessTrait::hasAccessToParent()
method private (aschempp) - #7003 Improve permission error message for DCA actions (aschempp)
- #6968 Set the email message priority to "high" (Toflar)
- #6995 Disable background workers if they are not supported (Toflar)
- #6952 Convert protocol-relative URLs in the string resolver (aschempp)
5.3.1 (2024-03-08)
New features:
Fixed issues:
- #6982 Cache
Image::getHtml()
to speed up the tree view (Toflar) - #6963 Fix the newsfeed migration (aschempp)
- #6916 Use
Model::findById()
instead ofModel::findByPk()
(leofeyer) - #6960 Show the route configuration in the news feed page (aschempp)
- #6969 Fix the
dotenv:dump
command (aschempp) - #6979 Allow using insert tags in image
alt
andtitle
attributes (leofeyer) - #6975 Deprecate inheriting CSS classes in nested elements (aschempp)
- #6978 Use
UrlUtil::makeAbsolute()
when converting relative URLs (leofeyer) - #6961 Fix a type error in the login module (aschempp)
- #6956 Use
attrs().mergeWith()
in Twig templates (leofeyer) - #6962 Make sure the
.env.local.php
is loaded correctly (Toflar) - #6953 Fix double inheritance of legacy templates in Twig (ausi)
- #6950 Correctly register the
AutoRefreshTemplateHierarchyListener
(m-vo) - #6951 Fix that the guests migration only migrates one field at a time (aschempp)
- #6943 Correctly generate the URLs to subscribe to comments (leofeyer)
- #6946 Improve the performance of the database dumper (Toflar)
- #6944 Correctly check if a "jump to" page is set when generating event feeds (leofeyer)
- #6919 Make full authentication optional in the personal data module (leofeyer)
- #6941 Handle unicode strings in insert tag flags (ausi)
- #6938 Add a button to the "invalid request token" template (leofeyer)
- #6939 Correctly implement the
ImageFactoryInterface
(leofeyer) - #6936 Fix the Twig loader infrastructure (m-vo)
- #6927 Use files instead of
data:
resources to avoid breaking CSP (leofeyer) - #6925 Only make string URL absolute if it does not have a scheme (aschempp)
- #6917 Fix two CSS issues (leofeyer)
5.3.0 (2024-02-16)
Fixed issues:
- #6854 Handle routing exceptions during news and event URL generation (fritzmg)
- #6900 Improve logging of request parameters (aschempp)
- #6898 Add
type="button"
to the accordion toggler (fritzmg) - #6895 Fix the column name in the "remember me" migration (aschempp)
- #6893 Move adding the schema.org data to the
_download.html.twig
component (leofeyer) - #6889 Correctly cache Contao translations that only exist as Symfony translations (fritzmg)
- #6890 Always allow the "read" action in the front end modules voter (bezin)
- #6880 Correctly handle dark icons in
data-icon
anddata-icon-disabled
(zoglo)
5.3.0-RC4 (2024-02-12)
New features:
- #6814 Allow adding a source to multiple CSP directives at once (aschempp)
- #6858 Remove the
@internal
flag from the backup manager (Toflar)
Fixed issues:
- #6882 Make the commands lazy again (leofeyer)
- #6852 Fix the
TemplateOptionsListener
(fritzmg) - #6867 Correctly initialize multiple accordions on the same page (leofeyer)
- #6861 Hide the trail in the SERP preview if no URL can be generated (leofeyer)
- #6856 Add the "toggle visibility" button for articles and content elements again (aschempp)
- #6857 Fix the "remember me" migration (leofeyer)
- #6855 Cast the template identifier to string (leofeyer)
5.3.0-RC3 (2024-02-05)
New features:
- #6819 Focus the first input/textarea after duplicating a wizard row (leofeyer)
- #6436 Add a global Twig variable with Contao state (aschempp)
- #6742 Add a basic entity for zero-width whitespaces (aschempp)
Fixed issues:
- #6851 Rewrite
Controller::getParentEntries()
(ausi) - #6833 Handle dynamic parent tables in the
Controller::getParentEntries()
method (leofeyer) - #6843 Fix relative front end preview links (aschempp)
- #6840 Keep login module errors (aschempp)
- #6838 Fix the article content voter (aschempp)
- #6841 Remove obsolete hardcoded configuration in the page registry (aschempp)
- #6835 Do not require full authentication in the "change password" module (leofeyer)
- #6803 Fix the referrer URL if elements are moved inside a nested element (leofeyer)
- #6839 Fix routes with parameters in the SERP widget (aschempp)
- #6831 Correctly set the target path in the login module (leofeyer)
- #6830 Fix the order of the content elements (aschempp)
- #6805 Correctly handle denied access in the firewall (aschempp)
- #6815 Drop the custom "remember me" implementation (aschempp)
- #6807 Improve the debug message for
FigureBuilder
link attributes (aschempp) - #6809 Mark
$secret
as sensitive parameter (aschempp) - #6794 Fix ptable for copyAll and cutAll (ausi)
5.3.0-RC2 (2024-01-26)
New features:
- #6738 Add a Twig function to generate content URLs (aschempp)
- #6719 Support CSP on WYSIWYG editors like TinyMCE (Toflar)
Fixed issues:
- #6788 Use the content URL generator in the redirect page controller (aschempp)
- #6775 Remove the
@internal
flag from the HTTP cache subscribers (leofeyer) - #6758 Improve how headlines can be adjusted in Twig (m-vo)
- #6747 Increase the
z-index
of the jump targets (zoglo) - #6767 Use the
inputUnit
widget for the section headline field (leofeyer) - #6743 Use autoconfiguration where possible (leofeyer)
- #6761 Limit the CSP header size to avoid server errors (Toflar)
- #6760 Correctly set the link title and text in the downloads controller (fritzmg)
- #6759 Normalize the Twig CSP method names (fritzmg)
- #6744 Fix the "delete files" button in the file manager (aschempp)
- #6740 Add the
TemplateTrait::inlineStyle()
method (fritzmg) - #6737 Properly assign parameters to
contao.crawl.escargot.factory
(zoglo) - #6736 Unify the deprecation messages (leofeyer)
5.3.0-RC1 (2024-01-18)
New features:
- #6606 Generate newsletter URLs using the content URL generator (aschempp)
- #6597 Generate FAQ URLs using the content URL generator (aschempp)
- #6604 Generate news URLs using the content URL generator (aschempp)
- #6607 Generate event URLs using the content URL generator (aschempp)
- #6596 Implement the content URL generator (aschempp)
- #6631 Add the ability to set Content Security Policies (fritzmg)
- #6672 Add a Stimulus controller to handle scrolling in the back end (zoglo)
- #6392 Implement the redirect page as page controller (fritzmg)
- #5424 Add a description list content element (aschempp)
- #6215 Add canonical links to news and events (aschempp)
- #6675 Add the page permission voters (aschempp)
- #6232 Implement front end module permissions (bezin)
- #6646 Add an image size voter (aschempp)
- #6584 Add enum support for DCAs and models (SeverinGloeckle)
- #6683 Add more database indexes (Toflar)
- #6650 Decouple the calendar, FAQ and news bundles from the comments bundle (zoglo)
- #6639 Allow adding a "lost password" page to the login module (zoglo)
- #6529 Add the DNS mapping migration (fritzmg)
- #5810 Add a VFS decorator that supports user permissions (m-vo)
- #6605 Optimize the MySQL indexes (leofeyer)
- #6652 Sort options by key if they use language references (leofeyer)
- #6558 Inline the CSS from a newsletter template before sending (leofeyer)
- #6626 Add a modern content slider element (leofeyer)
- #6673 Properly name the worker supervision cron (Toflar)
- #6669 Use the
attributes_callback
to make the logout redirect mandatory (aschempp) - #6661 Add a z-index to the limit toggler (zoglo)
- #6668 Sync the logic to generate multiple aliases (aschempp)
- #6516 Implement worker supervision (Toflar)
- #6651 Do not load style sheets lazily by default (leofeyer)
- #6648 Add a modern accordion element (leofeyer)
- #6615 Automatic login for cross-domain preview links (aschempp)
- #6643 Add a voter for tl_newsletter_recipients (aschempp)
- #6642 Add a voter for tl_undo (aschempp)
- #6638 Add the onpalette_callback (aschempp)
- #6553 Automatically enable the Strict Transport Security (HSTS) header (Toflar)
- #6620 Rename "childs" to "children" (leofeyer)
- #6521 Nested content elements (ausi)
- #6469 Add more security voters (leofeyer)
- #6614 Sort the tables in the database backup (de-es)
- #6603 Unify the deprecation messages (leofeyer)
- #6594 Remove column from articles URL (aschempp)
- #6353 Add a tab menu to jump to palette sections (leofeyer)
- #6583 Make Symfony 6.4 the minimum version (leofeyer)
- #6569 Show the back end header on scroll-up (leofeyer)
- #6557 Make the back end header sticky on all devices (leofeyer)
- #6551 Use the picker to select article target in news and calendar (aschempp)
- #6518 Populate
contao_
Symfony translations into$GLOBALS['TL_LANG']
(fritzmg) - #6527 Rewrite tree mode toggling to Stimulus controller (aschempp)
- #6303 Implement a global "expand/collapse elements" button (aschempp)
- #6533 Register a web processor to add log extras (aschempp)
- #6528 Automatically generate the global operations (aschempp)
- #6206 Make the downloads controller more flexible for own sources (Toflar)
- #6494 Automatically translate the default maintenance template (Toflar)
- #6515 Log failed messages in the back end (Toflar)
- #6485 Add schema.org support to the virtual file system (Toflar)
- #6513 Automatically load routes in app controllers (aschempp)
- #6465 Allow to re-use the ProcessUtil data (Toflar)
- #6496 Add the event end date to the schema.org data (leofeyer)
- #6506 Add a maximum duration for the back end crawler (leofeyer)
- #6495 Make the back end crawler configurable (leofeyer)
- #6497 Wrap the news date and author in a template block (leofeyer)
- #6498 Replace insert tag flags based on the context (leofeyer)
- #6477 Clean up a TODO (Toflar)
- #6429 Deprecate the
MergeHttpHeadersListener
class (leofeyer) - #6446 Rename the
templates/_new
folder totemplates/twig
(leofeyer) - #6404 Remove the BC layers in the
ContaoCache
class (fritzmg) - #6386 Deprecate the
System::setCookie()
method (Toflar) - #6236 Allow array for page parameters (aschempp)
- #6337 Upgrade the Symfony contracts (leofeyer)
- #6338 Remove the "roave/better-reflection" dependency (leofeyer)
- #6336 Make doctrine/dbal 3.6 the minimum version (leofeyer)
- #6339 Upgrade doctrine/collections and doctrine/persistence (leofeyer)
- #6335 Make Symfony 6.3 the minimum version (leofeyer)
- #6289 Set auto password hasher for all user classes (fritzmg)
- #6324 Always set the
JSON_THROW_ON_ERROR
flag (leofeyer) - #6157 Use createElementNS for namespaced XML elements (ausi)
Fixed issues:
- #6723 Introduce
TemplateTrait
to fix missing method inWidget
(fritzmg) - #6718 Fix edit-all operation if records can only be deleted (aschempp)
- #6714 Fix the missing icon for DCA operations again (aschempp)
- #6708 Remove the
contao.downloadable_files
parameter (leofeyer) - #6707 Correctly set the ptable for copy and cut actions (ausi)
- #6676 Use the
_attributes
suffix in the accordion template (leofeyer) - #6670 Fetch visible root trail record from database (aschempp)
- #6665 Only check the first record to be restored (aschempp)
- #6645 Move ptable logic from tl_content to DC_Table (ausi)
- #6641 Fix missing
ptabe
forsaveNcreate
andsaveNduplicate
(ausi) - #6636 Vote on the current token in the voters (aschempp)
- #6628 Fix DCA voters not checking module and parent update access (aschempp)
- #6627 Fix favorites voter not voting on current record (aschempp)
- #6595 Deprecate the
PageModel::getPreviewUrl()
method (aschempp) - #6600 Check for parameter existence (Toflar)
- #6590 Move the
ModelMetadataTrait
to the correct namespace (leofeyer) - #6598 Do not smooth-scroll on devices with reduced motion (aschempp)
- #6530 Also remove global operations in bundles (aschempp)