Skip to content
Permalink
master-v2
Switch branches/tags
Go to file
@brandonkelly
Latest commit f96801a Mar 6, 2020 History
3 contributors

Users who have contributed to this file

@brandonkelly @angrybrad @andris-sevcenko
6394 lines (5282 sloc) 505 KB

Release Notes for Craft CMS 2.x

2.9.2 - 2020-03-06

Security

  • Added the sameSiteCookieValue config setting. (#4462)

2.9.1 - 2020-02-06

Fixed

  • Fixed a bug where the mcrypt_compat library was accidentally removed. (#5602)

Changed

  • Updated the mcrypt_compat library to 1.0.11.

2.9.0 - 2020-01-31

Changed

  • Updated Yii to 1.1.22.

2.8.0.2 - 2019-12-19

Fixed

  • Fixed a PHP error that occurred when editing an element with a Matrix field that had a nested Number field on PHP 7.4. (#5353)

2.8.0.1 - 2019-12-16

Fixed

  • Fixed an error that occurred when editing a custom field. (#5343)

2.8.0 - 2019-12-14

Added

  • Added PHP 7.4 compatibility.

Changed

  • Craft now requires PHP 5.5 or later.
  • Updated Twig to 1.42.4.

2.7.10 - 2019-07-24

Security

  • The preserveExifData config setting is now also applied on image upload, not just on transform.

2.7.9 - 2019-06-18

Fixed

  • Fixed a bug where users could not assign additional user groups to their own account if their permission to do so was granted by another user group they belonged to.

Security

  • Craft now redacts potentially sensitive values from the console output when running in Dev Mode.

2.7.8 - 2019-04-02

Changed

  • Updated Yii to 1.1.21.
  • Updated PhpMailer to 5.2.27.
  • Updated Litemoji to 1.4.4.
  • Updated mcrypt_compat to 1.0.9.

2.7.7.3 - 2019-03-26

Fixed

  • Fixed a bug where you could get incorrect cookie values.

2.7.7.2 - 2019-03-25

Changed

  • Updated Yii to 1.1.20.4.

2.7.7.1 - 2019-03-25

Fixed

  • Fixed another bug where CSRF validation was broken on servers running PHP 5.x.

2.7.7 - 2019-03-23

Fixed

  • Fixed a bug where CSRF validation was broken on servers running PHP 5.x.

Changed

  • Updated Twig to 1.38.4.

2.7.6 - 2019-03-15

Fixed

  • Fixed a bug where IOHelper::cleanFilename() could return inconsistent results.

Changed

  • Objects can no longer be unserialized from cookies.
  • Update Yii to 1.1.20.2.

2.7.5 - 2019-02-15

Changed

  • Suspended users are no longer shown when viewing pending or locked users. (#3556)

Fixed

  • Fixed a SQL error that could occur when merging two elements together if MySQL was set to a case-sensitive collation. (#3539)
  • Fixed a bug where element indexes wouldn’t return to the previous sort selection after the search input was cleared. (#3548)
  • Fixed a bug where password-reset email send errors weren’t being properly reported on the login page if the preventUserEnumeration config setting was enabled.
  • Fixed a bug where Edit User pages weren’t reporting email send errors when the “Send password reset email” option was chosen. (#3549)
  • Fixed an error that would occur when calling RelationsService::saveRelations() if $targetIds contained any empty values. (#3850)

Security

  • Fixed XSS vulnerabilities.
  • URLs are no longer allowed in users’ first or last names.

2.7.4 - 2018-11-27

Fixed

  • Fixed a PHP error that could occur in some cases when calling CategoriesService::getAllGroupIds() and getAllGroups() when getGroupById() had been called previously with an invalid category group ID.

Security

  • Update jQuery File Upload to 9.28.0.

2.7.3 - 2018-10-23

Changed

  • Single sections’ entry types’ handles are now updated to match their section’s handle whenever the section is saved. (#2824)
  • Animated GIF thumbnails are no longer animated. (#3110)
  • Craft now throws an exception if an asset is uploaded successfully but its record can’t be saved.
  • Updated jQuery Touch Events to 2.0.0.
  • Updated Garnish to 0.1.29.

Fixed

  • Fixed a bug where the Dev Mode indicator strip wasn’t visible on Chrome/Windows when using a scaled display. (#3259)
  • Fixed bug where an error would be logged if IOHelper::clearFolder() was called on an empty folder.

2.7.2 - 2018-08-24

Changed

  • Updated Garnish to 0.1.27.

Fixed

  • Fixed a PHP error that occurred on servers running PHP 5.4 - 5.5.

2.7.1 - 2018-08-23

Changed

  • Craft now throws an exception when validating a custom field that is missing its field type, rather than allowing a PHP error to occur.

Fixed

  • Fixed a PHP error that occurred when compiling templates with {% cache %} tags, on servers running PHP 7.2.

2.7.0 - 2018-07-31

Added

  • Added PHP 7.2 compatibility.
  • Added phpseclib/mcrypt_compat as a shim for Mcrypt compatibility for people running PHP 7.2+.

Changed

  • When uploading a file to an Assets field, Craft will automatically sort the file list to show the latest uploads first. (#2812)
  • Updated Twig to 1.35.4.
  • Updated Yii to 1.1.20.
  • Updated Garnish to 0.1.26.
  • Updated svg-sanitize to 0.9.0.
  • Updated LitEmoji to 1.4.1.

Fixed

  • Fixed a bug where Dropdown fields on an element index view could show an incorrect selected value in limited circumstances.
  • Fixed a bug where JsonHelper::sendJsonHeaders() was overriding the Cache-Control header even if it had already ben explicitly set. (craftcms/element-api#74)

2.6.3019 - 2018-06-29

Fixed

  • Fixed a bug where dropdowns in the Control Panel weren’t pre-selecting the correct value.

2.6.3018 - 2018-06-25

Changed

  • Updated Garnish to 0.1.24.
  • From now on the root folder for Local Asset Sources will be created, if it doesn't exist.
  • Leading/trailing whitespace characters are now stripped from element titles on save. (#3020)
  • The PHP Info utility no longer displays the original values for settings and only the current environment value. (#2990)

Fixed

  • Fixed a bug where Craft would show a nag alert in the Control Panel when the licensed edition wasn’t cached.
  • Fixed a bug where Dropdown fields could show an incorrect selected value in limited circumstances.
  • Fixed a PHP error that would occur when trying to access Asset Sources from the command line.

2.6.3017 - 2018-06-05

Changed

  • Improved the contrast of success and error notices in the Control Panel to meet WCAG AA requirements. (#2885)
  • Craft will no longer discard any preloaded elements when setting the with param on an ElementCriteriaModel, fixing a bug where disabled Matrix blocks could show up in Live Preview if any nested fields were getting eager-loaded. (#1576)
  • email.beforeSendEmail events now have a sent parameter, which can be set to true if a plugin has sent the email, and EmailService::sendEmail() should return true. (#2917)
  • Improved the performance of element queries when a lot of values were passed into a param, such as id, by using IN() and NOT IN() conditions when possible. (#2937)
  • Updated Redactor to 2.13.
  • Updated Garnish to 0.1.23.

2.6.3016 - 2018-05-15

Added

  • Added the preserveCmykColorspace config setting, which can be set to true to prevent images’ colorspaces from getting converted to sRGB on environments running ImageMagick.
  • Added the transformGifs config setting, which can be set to false to prevent GIFs from getting transformed or cleansed. (#2845)

Changed

  • Edit User pages will now warn editors when leaving the page with unsaved changes. (#2832)
  • Rich Text fields with the “Clean up HTML?” setting enabled now convert non-breaking spaces to normal spaces.
  • Error text is now orange instead of red. (#2885)
  • Updated Garnish to 0.1.22.

Removed

  • Removed ConfigService::getActivateAccountPath().
  • Removed ConfigService::getSetPasswordPath().
  • Removed ConfigService::getCpSetPasswordPath().

Fixed

  • Fixed an error that occurred when saving a Single entry over Ajax. (#2687)
  • Fixed a bug where the id param was ignored when used on an eager-loaded elements’ criteria. (#2717)
  • Fixed a bug where email verification links weren’t working for publicly-registered users if the registration form contained a Password field and the default user group granted permission to access the Control Panel.

2.6.3015 - 2018-04-06

Changed

  • Craft no longer displays an alert in the Control Panel if the currently installed edition is lower than the licensed edition.

Fixed

  • Fixed some UI issues with the upgrade modal.

2.6.3014 - 2018-04-04

Changed

  • Renamed the Personal edition to “Solo”.
  • Updated Redactor to 2.12.

Fixed

  • Fixed a bug where Rich Text fields weren’t respecting the toolbarFixed Redactor config option.
  • Fixed a bug where Rich Text fields would not honor the imageTag config setting when inserting an image.
  • Fixed a bug where the modifyAssetFilename hook was being run twice on asset upload. (#2624

Security

  • The preventUserEnumeration config setting is now applied to locked user accounts.
  • Fixed a bug where an exception could expose a partial server path in some circumstances.

2.6.3013 - 2018-03-23

Removed

  • Removed support for transferring a Craft license to the current domain. (Domain transfers can be done from Craft ID now.)
  • Removed support for transferring a Commerce license to the current Craft license, or unregistering a Commerce license from the current Craft license. (Plugin license registration can be done from Craft ID now.)

Fixed

  • Fixed a PHP error that could occur on case-sensitive file systems when loading RSS feeds. (#2514)
  • Fixed a PHP error that would occur when trying to use POP as an email protocol in Settings → Email in the Control Panel.
  • Fixed a PHP error that would occur when trying to delete an Asset with an ID that didn't exist.
  • Fixed a bug where any URL segments that only contained the number 0 were ignored, on paginated requests.

2.6.3012 - 2018-02-27

Changed

  • Craft now throws an exception if it detects that a max_input_vars error occurred. (#876)
  • Improved styles to support 5 levels of nested user permissions. (#2467)

Fixed

  • Fixed a bug where entry version data was not including newly-created Matrix block IDs, so they would be re-created from scratch when loading the version. (#2498)
  • Fixed an error that could occur if an email template included any Twig filters with a single underscore.
  • Fixed a bug where lightswitch inputs could trigger a change event when they didn’t actually change. (#2494)

2.6.3011 - 2018-02-21

Changed

  • Reverted the fix to (#2433) as it broke backwards compatibility.

Fixed

  • Fixed an error that occurred when displaying run charts in some cases.

2.6.3010 - 2018-02-20

Changed

  • The Control Panel now sets the origin-when-cross-origin referrer policy. (#2436)
  • Rich Text fields no longer parse reference tags that aren’t within a href or src attribute when displaying their form input, so the tags don’t get lost when the element is re-saved. (#1643)

Fixed

  • Fixed a bug where run charts (e.g. the New Users widget) would always show zero results if MySQL wasn’t configured with time zone data. (#2433)
  • Fixed a bug where the New Users widget would show 8 days worth of data when its Date Range setting was set to “Last 7 days” or “Last week”.
  • Fixed a bug where the New Users widget could be missing some data if the browser time zone wasn’t the same as the system time zone.

2.6.3009 - 2018-02-13

Added

  • Added StringHelper::encenc() and decdec().
  • Added the |encenc Twig filter.

Changed

  • The first column on user index tables is now labeled “User”, and there are now always dedicated “Username” and “Email” columns available. (#2417)

Fixed

  • Fixed a bug where Craft would not save newly-assigned license keys if a craft/config/license.key file existed, even if it didn’t contain a valid license key.
  • Fixed a bug where the “Save” button wasn’t visible on custom field layout tabs on Edit User pages.
  • Fixed a bug where Craft would issue unsaved data warnings when leaving edit pages, if the form data had been modified from the jQuery(document).ready() event. (#2428)

Security

  • Email passwords are now encrypted in email settings forms.

2.6.3008 - 2018-02-06

Changed

  • The Edit User page now shows the Permissions tab for users that have the “Assign user groups” permission, even if they don’t have the “Assign user permissions” permission.
  • Users with the “Assign user groups” permission no longer need explicit permission to assign a user group, if they already belong to it. (#2087)
  • Matrix blocks’ “Delete” option is now listed before all of the “New [Block Type] above” options. (#2400)

2.6.3007 - 2018-01-31

Fixed

  • Fixed some jQuery deprecation errors in the Control Panel.
  • Fixed a bug where Control Panel panes with sidebars weren’t expanding to the height of their content. (#2379)

2.6.3006 - 2018-01-30

Changed

  • Updated jQuery to 3.3.1 and added the jQuery Migrate plugin to maintain backwards compatibility with jQuery 2.
  • Tab and field names in Field Layout Designers are no longer displayed in all-uppercase. (#2360)
  • Fields in Field Layout Designers now have tool tips that reveal their handles. (#2360)
  • Asset thumbnails can now only be generated on Control Panel requests by logged-in users.
  • The Control Panel now prevents referrer information from being sent when following links, on supporting browsers.
  • Links within the Control Panel that point to a different hostname now open in a new window. (#1206)

Fixed

  • Fixed a bug where Tags fields weren’t getting any spacing between their field labels and inputs. (#2361)
  • Fixed a bug where Tags fields were encoding special characters on tag creation, and double/triple-encoding tag names in the UI. (#2369)
  • Fixed a bug where Craft might not delete elements for locales that they no longer support if Dev Mode is enabled.

2.6.3005 - 2018-01-23

Changed

  • Users’ field layouts can now have multiple tabs. (#892)
  • Assets fields now fail validation if a file was not uploaded successfully.

Fixed

  • Fixed a bug where replacing an Asset file would not delete the existing file in some cases.

2.6.3004 - 2018-01-16

Added

  • Added the onBeforeAuthenticate event. (#1161)
  • Added support for most Emoji characters in Plain Text fields, for servers running PHP 5.4 or later. (#1753)
  • Added LitEmoji 1.3.

Changed

  • Redactor’s toolbar is not fixed anymore. (#1745)

2.6.3003 - 2018-01-09

Fixed

  • Fixed some unexpected behavior when deleting a Matrix block for a field that had recently been made translatable. (#2245)
  • Fixed a bug where the Settings → Users → Fields page wasn’t warning users when leaving the page with unsaved changes. (#2265)
  • Fixed a bug where Dropdown and Radio Buttons fields were displaying their selected option’s value, rather than label, in element index tables. (#2282)
  • Fixed attribute:* and -attribute:* search queries when the default subRight search term option was enabled. (#2270)
  • Fixed a bug where native <select> menu options weren’t getting white backgrounds in Firefox or Internet Explorer on Windows 7 when using a Classic theme with a custom window color. (#2272)

2.6.3002 - 2018-01-02

Fixed

  • Fixed a bug where password reset URL prompts were showing the macOS keyboard shortcut on Windows computers. (#2258)
  • Fixed an error that broke Edit Entry HUDs.

2.6.3001 - 2018-01-02

Changed

  • URL patterns defined in craft/config/routes.php can now begin with a verb (e.g. POST some/path) to restrict the route to a specific request type.
  • Edit Entry pages for entries without a user-defined title now show the Title field anyway if it has any validation errors. (#2242)
  • Updated Twig to 1.35.0.
  • Updated SimplePie to 1.5.1.
  • Updated PEL to 0.9.6.
  • Updated svg-sanitize to 0.8.2.

Fixed

  • Fixed a bug where a PHP error could occur when accessing Category elements through a console command.
  • Fixed a bug where some IOHelper methods could create a folder with zero permission under specific circumstances.
  • Fixed some unexpected behavior when deleting a Matrix block for a field that had recently been made translatable, if the owner element hadn’t been resaved yet. (#2245)

Security

  • Fixed a Remote Code Execution vulnerability for people that have permissions to upload Assets in the Control Panel.
  • Fixed a vulnerability where image cleansing was not working for uploaded JPG files under specific conditions.

2.6.3000 - 2017-12-07

Changed

  • Craft.MatrixInput JavaScript objects are now accessible via $('.matrix').data('matrix'). (#2156)

Fixed

  • Fixed a race condition that could cause a PHP error when quickly saving multiple tasks.
  • Fixed a bug where ArrayHelper::stringToArray('0') would return an empty array instead of array('0'). (#2144)
  • Improved the performance of some queries to the templatecaches tables.

Security

  • Fixed a vulnerability that made it possible to access sensitive files.

2.6.2999 - 2017-11-29

Fixed

  • Fixed PHP 5.3 compatibility.

2.6.2998 - 2017-11-28

Changed

  • <select> inputs in the Control Panel now get the same custom styling in Firefox and IE/Edge that Chrome and Safari get.
  • Updated PhpMailer to 5.2.26.
  • Improved the performance of some queries to the templatecaches tables when the globally cache tag parameter was used with large amounts of data. (#2110)
  • Plugin settings values are now run through ModelHelper::packageAttributeValue() before getting saved, so things like DateTime objects get converted to JSON-safe values before getting JSON-encoded. (#2114)

Fixed

  • Fixed a bug where Craft would think that Rich Text field values had changed, even when they hadn’t, when leaving an edit page. (#2098)
  • Fixed a bug where Assets fields with large thumbnails were overlapping the following field in element editor HUDs. (#1802)
  • Fixed a bug where uppercase non-ASCII characters were not getting converted to their correct ASCII equivalents for element slugs, if the limitAutoSlugsToAscii config setting was enabled. (#2096)
  • Fixed a bug where Craft would re-install updates after reverting them.

Security

  • Fixed an XSS vulnerability in the Control Panel.

2.6.2997 - 2017-11-08

Fixed

  • Fixed a bug where Craft was saving entries when attempting to switch the entry type.

2.6.2996 - 2017-11-08

Added

  • Added UserGroupsService::getAssignableGroups().
  • Added UserPermissionsService::getAssignablePermissions().

Changed

  • The “Assign user groups and permissions” permission has now been split into “Assign user permissions” and “Assign user groups”, and the latter now has nested permissions for each of the user groups. (#2087)
  • Users with the “Assign user permissions” permission are no longer allowed to grant new permissions to user accounts that they themselves don’t already have. (#915)
  • If a user is not yet activated, but they have a password set on the account, then admins will no longer see the “Copy Activation URL” user administration option.

Fixed

  • Fixed a bug where DateTimeHelper::wasYesterday() was returning whether the timestamp was yesterday in UTC rather than in the system time zone. (#2086)
  • Fixed a bug where the autocomplete menu in Tags fields would sometimes not go away.
  • Fixed a bug where Craft would mistake users/sendPasswordResetEmail requests for users/login requests, if the Forgot Password form was submitted from the same path as the loginPath config setting.

2.6.2994 - 2017-10-31

Added

  • Added HttpRequestService::isSingleActionRequest().

Changed

  • Updated Imagine to 0.7.1.3, which now preserves image IPTC data when preserving EXIF data. (#2034)

Fixed

  • Fixed a bug where it was possible for logged-out users to access offline sites.
  • Fixed a bug where front-end URLs that were generated in the Control Panel were not getting trailing slashes if the addTrailingSlashesToUrls config setting was enabled.
  • Fixed a bug where some element rows might have not been deleted when they should have, if multiple elements were saved in a single request.
  • Fixed a PHP error that occurred when updating Craft on environments running PHP 7.1 and where ZipArchive wasn’t installed.
  • Fixed a PHP 7.1 compatibility issue when uploading some JPEGs while preserving EXIF data, on environments using GD.

2.6.2993 - 2017-10-18

Added

  • Added the preserveExifData config setting, which determines whether EXIF data should be discarded when transforming an image (defaults to false).

Changed

  • Client accounts are now allowed to access the edition upgrade modal.
  • Added an $ensureTempFileExists argument to UploadedFile::getInstanceByName(), which will cause the method to return null if the matching file had already been moved out of its temp location (defaults to true).
  • Added an $ensureTempFilesExist argument to UploadedFile::getInstancesByName(), which will filter out any files that have already been moved out of their temp locations (defaults to true).

Fixed

  • Fixed a PHP error that occurred if an empty array was passed to the relatedTo element criteria parameter.
  • Fixed a PHP error that occurred when uploading a file to an Assets field on the front-end. (#2018)
  • Fixed a bug where HttpRequestService::getQueryStringWithoutPath() wasn’t including duplicate param names in the returned string. (#2041)
  • Fixed a bug where Categories fields weren’t automatically adding all of a category’s ancestors when selecting a nested category, if any of its ancestors were disabled. (#2035)

2.6.2992 - 2017-10-13

Changed

  • Reduced the chance of a deadlock occurring on sites that have a high concurrent volume of element writes.
  • Updated Redactor II to 2.11.

Fixed

  • Fixed a bug where any plugin that listened to the onEndRequest event would be ignored.
  • Fixed a bug where assets uploaded to an Assets field by a front-end form would not get related to the element being saved if setContentFromPost() was called more than once. (#2018)
  • Fixed a bug where it was not possible to create tags with multiple words. (#2036)

2.6.2991 - 2017-09-29

Fixed

  • Fixed a MySQL error that could occur when saving a disabled element with a column value that was too large for its database column.
  • Fixed a PHP warning that could occur when submitting a non-numeric value for a Number field, on servers running PHP 7.
  • Fixed a bug where color inputs were really narrow in Safari 11. (#2010)
  • Fixed some buggy behavior on structured element index views when collapsing/expanding elements, if no elements had been collapsed before.

Security

  • Fixed an XSS vulnerability.

2.6.2990 - 2017-09-15

Changed

  • Added support for the application/font-woff2 MIME type (.woff2). (#1966)
  • div.matrixblock elements in the Control Panel now have a data-type attribute set to the Matrix block type’s handle. (#1915)
  • Global sets’ global template variables are now available to all templates rendered when the Template Mode is set to site. (#1953)

Fixed

  • Fixed a bug where you could get a PHP error uploading some JPG files on PHP 7.1.
  • Fixed a bug where user photos and site logos/icons were not taking into account the sanitizeSvgUploads config setting.
  • Fixed a CSRF validation error that would occur when attempting to re-login via the login modal in the Control Panel.
  • Fixed a bug where transforms could break sometimes on external asset sources that used path prefix.
  • Fixed a bug where transforms would not be deleted when an Asset was being moved in some cases.
  • Implemented a workaround for PHP bug #74980 that affected some Craft installs running PHP 7.1+.

Security

  • Fixed an XSS vulnerability.

2.6.2989 - 2017-08-15

Added

  • Added the onLockUser event, which fires when a user account is locked.

Fixed

  • Fixed a bug where the PHP and DB versions the Craft Support widget passed to GitHub would not escape tildes (~), potentially having Markdown confuse them for strikethrough markup delimiters.
  • Fixed a bug where it was possible for users to be redirected to a 404 in the Control Panel after logging in. (#1901)
  • Fixed a bug where users would get one extra login attempt than the maxInvalidLogins config setting was set to.

2.6.2988 - 2017-07-28

Changed

  • Added .m2t to the default allowedFileExtensions config setting value.
  • .m2t files are now treated as videos.
  • Images within field instructions are now given a max-width of 100%. (#1868)

Fixed

  • Fixed a PHP error that could occur when logging a deprecation error in DepreactorService.
  • Fixed a bug where Redactor was losing its custom styling in Live Preview and Element Editor modals. (#1795)
  • Fixed a bug where picturefill was not applied to thumbnails within lazy-loaded elements on element index pages.
  • Fixed a visual alignment bug on Tags fields.

Security

  • Fixed a bug where admins could download arbitrary zip files from the server.
  • Fixed a bug where a full server path would be disclosed if you were able to upload a file with a filename larger than 255 characters.

2.6.2987 - 2017-07-14

Changed

  • Added .jp2 and .jpx to the default allowedFileExtensions config setting value.
  • Plugin settings now get set once all plugin classes have been loaded.

Fixed

  • Fixed a PHP error that would occur when a Rich Text field’s settings referenced an asset source that no longer existed.
  • Fixed a PHP error that could occur when using HTML Purifier in a Rich Text field.

Security

  • Fixed an XSS bug in the Control Panel.

2.6.2986 - 2017-06-30

Changed

  • Improved the styling of locale menus on Edit Entry and Edit Categories pages. (#1803)
  • The Control Panel font-family declaration now checks for "Helvetica Neue" in addition to HelveticaNeue. (#1805)

Fixed

  • Fixed a bug where emails that had inner-word underscores would get converted to <em> tags if a HTML body was not provided in the email. (#1800)
  • Fixed a bug where the author of a draft could not delete their own draft if they did not have the “Publish Live Changes” permission.
  • Fixed a Twig error that could occur when editing a locked user account.
  • Fixed a bug where element source labels could get double-encoded.

2.6.2985 - 2017-06-27

Changed

  • DateTime::createFromString() now supports dates formatted with DateTime::ISO8601, which is incorrectly missing the colon between the hours and minutes in the timezone offset declaration (e.g. +0000 instead of +00:00).

Fixed

  • Fixed a bug where users would get an “Invalid Verification Code” error when clicking on the link in a verification email.

2.6.2984 - 2017-06-26

Added

  • Added the sanitizeSvgUploads config setting, which determines whether SVG files should be sanitized on uploads (true by default).

Changed

  • The assets.onReplaceFile event is now fired whenever a file is replaced, not only if it happens using the Replace file Asset action.
  • Updated HTML Purifier to 4.9.3.
  • Updated Redactor II to 2.7.

Fixed

  • Fixed a bug where changing a user account’s email address to one that is already taken would silently fail.
  • Fixed a bug where a validation error would occur when saving two routes with the same URL Pattern in different locales.
  • Fixed a JavaScript error that would occur after sending in a support request from the Craft Support widget.
  • Fixed a bug where Rackspace Asset Sources would corrupt files with trailing whitespaces when downloading them.
  • Fixed a SQL error that would occur when saving a Dropdown or Radio Buttons field if the default option’s value contained quotation marks.
  • Fixed a bug where asset upload prompts would not always reset between uploads.

Security

  • Fixed several XSS vulnerabilities in the Control Panel.

2.6.2983 - 2017-06-09

Changed

  • Date pickers’ “Previous” and “Next” buttons are now represented as arrows. (#1538)
  • Updated Yii to 1.1.19.

Fixed

  • Fixed a bug where doctype and XML declarations were getting stripped out of SVG files on upload. (#1767)

2.6.2982 - 2017-06-07 [CRITICAL]

Changed

  • Updated Redactor II to 2.6.
  • Updated Imagine to 0.7.1.
  • Craft now requires the PHP DOM extension when uploading SVG files.

Security

  • Fixed a potential user enumeration attack vector when authenticating a user.
  • Craft will now sanitize uploaded SVG files to prevent a potential XSS attack vector.

2.6.2981 - 2017-05-31

Changed

  • Improved the readability of field instructions.
  • Updated jQuery Timepicker to 1.11.11.

Fixed

  • Fixed a bug where clicking Enter/Return on a time field with a manually-entered time would change the value to the closest rounded time value. (#1720)
  • Fixed a bug where resaving Elements task would fail in some cases.
  • Fixed a bug where entries’ titles weren’t getting updated automatically after saving a Section, for Entry Types with dynamic titles. (#1728)
  • Fixed a bug where the Get Help widget would check for the existence of the log file path when trying to zip up site templates, if that option was selected.
  • Fixed a bug where the Edit Entry page wouldn’t show the current revision notes for the current entry if it was displaying any validation errors. (#1747)
  • Fixed a bug where the revision dropdown on the Edit Entry page would attribute the current version to the entry author, if version history wasn’t known for the entry. (#1746)

2.6.2980 - 2017-05-13

Fixed

  • Fixed a bug where action requests on the front-end were getting treated like CP requests in the TemplatesService, breaking Live Preview, and possibly other things.

2.6.2979 - 2017-05-12

Added

  • Added the new Craft Support widget.

Changed

  • The Field Layout Designer is now using the default font instead of the Coming Soon font. (#1537)
  • The entry revision dropdown on the edit entry page now shows the who edited the “Current” version along with the time. (#1650)
  • Craft now checks the template mode when it tries to resolve a template for a plugin.

2.6.2978 - 2017-05-02

Fixed

  • Fixed a bug where Title fields on new elements could display the class name of the element by default. (#1685)

2.6.2977 - 2017-05-02

Changed

  • Assets fields no longer attempt to guard against prepValueFromPost() getting called multiple times.
  • Updated Garnish to 0.1.18.

Fixed

  • Fixed a bug where Control Panel breadcrumbs where unclickable when a flash notification was visible. (#1675)
  • Fixed a bug where Assets fields could associate the same image to multiple elements, when saving large batches of elements at once. (#1673)
  • Fixed a bug where HUDs where briefly showing up in the top-left corner of the window before getting repositioned, particularly in Safari. (#1647)
  • Fixed a bug where saving customized element index settings could wipe out all the settings in rare cases.
  • Fixed a bug where elements that don’t have titles were incorrectly passing is empty tests in Twig.

2.6.2976 - 2017-04-27

Changed

  • The _layouts/cp.html Control Panel template now defines the #container element attributes within a containerAttributes block, so they can be overridden or added to from sub-templates. (#1665)

Fixed

  • Fixed a bug where HttpRequestService::getSegments() and getActionSegments() could return an array that started at a non-0 number allowing for a bypass of the XSS vulnerability fix in 2.6.2974.

Security

  • Fixed a bug where it was possible to view the contents of files in the craft/app/ folder via resource requests under certain conditions.
  • Fixed a potential security vulnerability that made it possible to fire off a forgot password email with a modified URL.

2.6.2974 - 2017-04-21

Changed

  • Entry and category edit pages will now show any validation errors attached to the parent attribute.
  • Updated Yii to 1.1.18.
  • Updated Twig to 1.33.2.

Fixed

  • Fixed timezone bug when requesting data for a run chart in \Craft\ChartHelper::getRunChartDataFromQuery()

Security

  • Fixed an XSS vulnerability.

2.6.2973 - 2017-04-17

Added

  • Added the “HTML Purifier Config” setting to Rich Text fields. (#1415)

Fixed

  • Fixed a bug where Craft would set a hard-coded PHP time limit of 30 seconds when uploading some types of images.
  • Fixed a PHP error that occurred when using an Assets field on servers running PHP 5.3.

2.6.2972 - 2017-04-12

Changed

  • Images added to Rich Text fields are now nested within a <figure> element, for consistency with Redactor’s default image behavior. (#1611)
  • Improved the legibility of text in Live Preview in Safari. (#1578)
  • It is now possible to override the default element criteria used on index pages in the Control Panel, by modifying Craft.defaultIndexCriteria.

Fixed

  • Fixed a bug where clearing all caches could have unintended side effects on temporary upload folders.
  • Fixed a bug where jquery.ui.widget.js was getting loaded twice in the Control Panel.
  • Fixed a bug where submitting a “forgot password” form on the front-end without a username or password would result in an “Invalid username or email” error in addition to “Username or email is required”.
  • Fixed a bug where the users/sendPasswordResetEmail controller action would act like the password reset email was sent successfully, even if no username/email was submitted, if the preventUserEnumeration config setting was enabled. (#1605)
  • Fixed a bug where Command/Ctrl/Shift-clicking on multiple elements in an element selector modal in quick succession could be mistaken for a double-click, causing the elements to become selected and the modal to close. (#1622)

Security

  • Fixed a brute force attack vector.

2.6.2971 - 2017-04-07

Fixed

  • Fixed a PHP error that occurred when editing elements with a Rich Text field set to show all available asset sources.

2.6.2970 - 2017-04-07

Fixed

  • Fixed a bug where the first value of an Assets field within a Matrix field was getting set on all subsequent instances of that Assets field.
  • Fixed a bug where Craft would not specify which required PHP extensions were missing when attempting to install.

2.6.2969 - 2017-04-07

### Changed

  • It’s now possible to execute AssetsFieldType::prepValueFromPost() only once per field instance. Subsequent calls will return previous execution result.
  • Disabled Matrix blocks are no longer shown in Live Preview. (#13)

Fixed

  • Fixed a PHP error that occurred when updating Craft if the OPcache restrict_api config setting was set.
  • Fixed a bug where Redactor dialogs would list the Asset Source in the wrong order.
  • Fixed a bug where temporary upload folders were not being created correctly.
  • Fixed a bug where Craft was not redirecting users to the correct URL after login, if the site homepage had a {% requireLogin %} tag, and was accessed with a query string. (#1577)
  • Fixed a bug where the DeleteStaleTemplateCaches could potentially miss some caches that should be busted. (#1593)

2.6.2968 - 2017-03-24

Added

  • Added Control Panel translations for Polish.

Changed

  • Removed the Delete button from entry version/draft pages. (#1556)
  • Assets fields no longer throw an exception if they can’t resolve a dynamic upload path for a disabled element.
  • Updated element-resize-detector to 1.1.11.
  • Updated Garnish to 0.1.17.

Fixed

  • Fixed a bug where bold text in Rich Text fields was getting set to the system’s default sans-serif font, unlike the rest of the text. (#1441)
  • Fixed a bug where jQuery DatePicker was missing some of the locale files that the Craft Control Panel is translated into.
  • Fixed some Control Panel messages that weren’t getting translated. (#1540)
  • Fixed a PHP error that occurred on console requests if there was a database connection issue.
  • Fixed a bug where Table fields weren’t initializing reliably in Firefox. (#1553)

2.6.2967 - 2017-03-10

Fixed

  • Fixed a bug where translatable fields on new Matrix blocks would show the current application locale rather than the locale of the element being edited. (#5)
  • Fixed a PHP error that could occur if you called craft()->updates->isCriticalUpdateAvailable() and there wasn't any cached plugin update info.
  • Fixed a few bugs that prevented a console request from being able to call craft()->entries->saveEntry() successfully in some circumstances.
  • Fixed a bug where charts were not properly taking timezone settings into account.

2.6.2966 - 2017-03-03

Fixed

  • Fixed a PHP error occurred when saving users on servers running PHP 5.3.

2.6.2965 - 2017-03-03

Changed

  • Craft database backups will no longer include the cache table created when the cacheMethod config setting is set to 'db'. (#1447)
  • Ajax requests to controller actions that require a user session now get a 403 response rather than the Login page HTML, if the user isn’t logged in. (#1451)
  • Relational and Matrix fields now check if their values have been eager-loaded when displaying their inputs.

Fixed

  • Fixed a bug where newlines would be replaced with escaped <br> tags on the Settings → Email → Messages page after saving a custom email message.
  • Fixed a bug where Matrix Block validation might fail when programmatically adding blocks to a Matrix field.
  • Fixed a bug where bug where account activation emails were linking to the front-end rather than the Control Panel for users with access to the Control Panel.
  • Fixed a bug where EmailService::sendEmail() and sendEmailByKey() were throwing exceptions if something went wrong, rather than returning false.
  • Fixed an exception that occurred when registering a user if the email settings weren’t configured correctly.
  • Fixed a bug where an “Activation email sent.” message would be displayed even if there was a problem sending the user’s activation email.

2.6.2964 - 2017-02-27

Fixed

  • Fixed a bug where it was not possible to access the edit page for entries and categories in the non-primary site, or entry drafts/versions.
  • Fixed a bug where unordered lists in Rich Text fields weren’t getting bullets. (#1435)
  • Fixed a JavaScript error that occurred when adding a page break to Rich Text fields. (#1433)

2.6.2963 - 2017-02-23

Changed:

  • Updated Redactor II to 2.2.
  • Updated Garnish to 0.1.15.
  • Element indexes now get a reference to their containing element selector modal via this.settings.modal.

Fixed

  • Fixed a bug where the forms/checkboxSelect.html include template wouldn’t display a checkbox option with the value of 0. (#1378)
  • Fixed a bug where hidden login page inputs were still focusable by pressing Tab after clicking the “Forget your password?” link. (#1387)
  • Fixed a bug where the requirements checker would error if the craft folder and the public index.php file lived at the root of the file system.
  • Fixed a bug where modals were super laggy, especially in Safari.
  • Fixed a bug where Rich Text field settings were stating that MEDIUMTEXT columns could store 4GB, when in reality they store 16MB.
  • Fixed a bug where the URL portion of newly saved routes would show HTML for any tokens that were in the route.

2.6.2962 - 2017-02-15

Added

  • The Control Panel now recognizes potentially-stalled tasks, and gives the user the option to retry or cancel them.

Changed

  • The Control Panel now polls for updated background task information at a variable frequency based on the speed of the currently-running task.

Removed

  • Removed TasksController::actionGetRunningTaskInfo().

Fixed

  • Fixed a PHP error that occurred when auto-updating Craft if the OPcache restrict_api config setting was set.
  • Fixed a bug where SVGs without a viewbox were not getting scaled correctly.
  • Fixed a warning that occurred when indexing images with no content.
  • Fixed a bug where the asset upload progress bar was not staying fixed in the center of the window when scrolling down the page.

Security

  • Fixed four potential XSS vulnerabilities in the Control Panel.

2.6.2961 - 2017-02-08

Fixed

  • Fixed an “Invalid UTF-8 sequence” error that occurred on some servers when using the deprecated depth element criteria param.
  • Fixed a bug where custom Title field labels weren’t getting HTML-encoded on Edit Entry pages.
  • Fixed a bug where editable tables may not be responsive until the window had been resized.

2.6.2960 - 2017-02-02

Fixed

  • Fixed a bug where {% exit %} tags would always result in a 500 error regardless of the exit code passed in, when Dev Mode was disabled.
  • Fixed a bug where it was impossible to replace files on Rackspace Sources with whitespaces in the filename. (Thanks Thoai.)

2.6.2959 - 2017-01-30

Changed

  • Increased the minimum width of HUD element editors to 380px.
  • Increased the size of number fields to 10.
  • Updated element-resize-detector.js to 1.1.10.
  • Updated Garnish to 0.1.12.

Fixed

  • Fixed a bug where users with the “Delete Users” permission would get the button to delete an admin even though the controller would block it.
  • Fixed a deprecation error that was getting logged whenever a tag was saved within the Control Panel.
  • Fixed a bug where Craft was scaling remote images up if less than 2,000 x 2,000 pixels when caching them locally.
  • Fixed a bug where some PHP errors weren’t getting logged to craft/storage/runtime/logs/phperrors.log when Dev Mode was disabled.
  • Fixed a bug where the Control Panel could become unresponsive when opening nested HUDs.
  • Fixed a PHP 5.3 compatibility issue.

Security

  • Craft now catches runtime exceptions thrown by Twig and throws generic ones instead when Dev Mode is disabled, as they may include internal file/directory paths.
  • Made it much harder to enumerate valid user accounts from a login page based on timing attacks.

2.6.2958 - 2017-01-03

Changed

  • Updated to the latest Redactor translations.
  • Re-added focusable.js and scroll-parent.js to Craft’s bundled jQuery UI.

Fixed

  • Fixed a bug where no classes would get autoloaded if you had the string vendor in any path leading up to your Craft installation.
  • Fixed JavaScript errors that occurred in the Control Panel.
  • Fixed a bug where hourly charts were displaying dates in mm/YY format instead of dd/mm.

2.6.2957 - 2016-12-30

Changed

Fixed

  • Fixed several PHP 7.1 compatibility issues.

2.6.2956 - 2016-12-28

Changed

2.6.2955 - 2016-12-27

Changed

  • TagModel::getName() now logs a deprecation error. Use the title property instead.
  • The childOf, childField, parentOf, and parentField element criteria params now log deprecation errors. Use the relatedTo param instead.
  • The depth element criteria param now logs a deprecation error. Use the level param instead.
  • The name tag criteria param now logs a deprecation error. Use the title param instead.
  • The order tag criteria param now logs a deprecation error if "name" is passed into it. Order by "title" instead.
  • Craft now uses ImageMagick to read and manipulate image EXIF data, when it’s available.
  • Updated PHPMailer to 5.2.18, which fixes a remote code execution vulnerability.
  • Updated Garnish to 0.1.9.
  • Updated Velocity to 1.4.1.

Fixed

  • Fixed a bug where files could be inadvertently deleted on remote Asset sources in rare circumstances.
  • Fixed a bug where Craft would sometimes ignore the maxCachedCloudImageSize config setting.
  • Fixed a bug where some messages on the self-update page were not getting translated.

2.6.2954 - 2016-12-08

Fixed

  • Fixed a PHP error that occurred on servers running PHP 5.3.

2.6.2953 - 2016-12-07

Changed

  • OPcache file caches are row cleared during auto-updates, preventing possible PHP/SQL errors from occurring after the new files have been put in place but before OPcache would have cleared its caches on its own. (This will only take effect in future updates, unfortunately. Servers with OPcache enabled may continue to experience unexpected behaviors while auto-updating until they have updated to this release.)
  • Updated Redactor to 1.3.2.

Fixed

  • Fixed a bug where IoHelper::getFiles() wasn’t returning files without extensions when the $suppressErrors argument was true.
  • Fixed a bug where IoHelper::getFiles() was returning subfolder paths when the $suppressErrors argument was false.
  • Fixed a bug where IoHelper::getFiles() wasn’t normalizing the returned file paths.
  • Fixed a bug where you would get a MySQL data truncation error if you had a template that used a {% cache %} tag and there were more than 250 characters in the request path.
  • Fixed a JavaScript error that occurred when dragging asset folders.

2.6.2952 - 2016-11-21

Changed

  • craft()->getBuild(), craft()->getTrack(), and craft()->getReleaseDate() now somewhat resemble their former behavior, but will now create deprecation logs.

Fixed

  • Fixed a JavaScript error that occurred when selecting an element on an element index page.
  • Fixed a bug where the Globals section of the Control Panel was only showing up to 100 global sets.

2.6.2951 - 2016-11-21

Changed

  • Craft no longer has the concept of “update tracks”, and is now capable of auto-updating between stable/beta/alpha releases.
  • Database backups now have a random string at the end of the filename, fixing a bug where if two separate users created a backup on the exact same second, the backups would get woven together into the same file.
  • craft()->getVersion() now returns the full version number (e.g. “2.6.2951”) rather than just the X.Y parts.

Deprecated

  • craft()->getBuild(), craft()->getReleaseDate(), and craft()->getTrack() are now deprecated, and return null.
  • The template functions craft.getBuild() and craft.getReleaseDate() are now deprecated, and return null.

Fixed

  • Fixed a bug where NumberFormatter::formatCurrency() wasn’t respecting the $stripZeroCents argument if the formatted currency string placed the currency symbol at the end.
  • Fixed a bug where the Assets index page was assuming all sources were normal asset volumes, which may not be the case if plugins are registering custom sources with the modifyAssetSources hook.
  • Fixed a bug where a previous migration that improves the index on the templatecaches table wasn’t actually executing.
  • Fixed a bug where only the first 100 global sets were showing up on Settings → Globals.
  • Fixed a PHP error that occurred when calculating the difference between two DateTime objects, if one of them crossed from Daylight Savings Time to Standard Time.
  • Fixed a z-index conflict that made it impossible to edit a link within a Rich Text field when it was being edited within an Element Editor HUD.
  • Fixed a bug where Element Editor HUD positions weren’t responding to browser resizes.
  • Fixed a bug where log files were not always rotating out correctly on Windows servers, leading to extremely huge log files.

2.6.2950 - 2016-10-31

Added

Changed

  • getNext() and getPrev() now work as expected for eager-loaded elements.
  • Sped up template cache queries.
  • Improved the styling of the Plugins index page on smaller screens.
  • Updated Redactor to 1.3.1.

Fixed

  • Fixed a PHP notice that was occurring on some environments.
  • Fixed a bug where element titles weren’t getting indexed by the Search service for non-current locales when saving a brand new element.
  • Fixed a bug where Live Preview was not updating when Matrix blocks were reordered.
  • Fixed a bug where menu option shortcut hints were not aligned correctly in Firefox.

2.6.2949 - 2016-10-05

Added

Changed

  • The Edit User form now has autocomplete="off" set, which should prevent LastPass from auto-filling the Email field when Settings → Advanced → “Allow pages to disable autofill” is enabled.
  • Craft.BaseElementSelectorModal and Craft.BaseElementSelectInput now have a showLocaleMenu setting, which controls whether the Locale menu should be visible within element index modals.

Fixed

  • Fixed a bug where Rich Text fields weren’t loading properly when viewing the Control Panel in Portuguese.
  • Fixed a PHP error that occurred when setting the $ignore argument on StringHelper::normalizeKeywords().

2.6.2945 - 2016-09-27

Fixed

  • Fixed a bug where IOHelper::copyFolder() was not working on Windows servers.
  • Fixed a bug where Craft could think that content changes had been made on Edit Entry/Category/etc. pages after opening and closing Live Preview, without making any changes.

Security

2.6.2944 - 2016-09-22

Added

Fixed

  • Fixed a bug where ChartHelper::getRunChartDataFromQuery() wasn’t factoring in the system’s Timezone setting.
  • Fixed a bug where UserModel::getGroups() was not always respecting the user’s latest group assignments.
  • Fixed a bug where animated GIFs were losing their animations when uploaded to a server running an older version of ImageMagick than 6.8.8-3.
  • Fixed a bug that broke asset uploading via Assets fields in some cases.

2.6.2940 - 2016-09-20

Added

  • The Control Panel is now translated for Brazilian Portuguese (pt_br).

Changed

  • Login forms no longer reveal that a user account is locked, unless the correct username and password was entered.
  • Craft no longer exposes full file paths in some image manipulation-related exceptions.
  • Craft now suppresses the X-Mailer header when sending emails.

Fixed

  • Fixed a bug where NumberFormatter::formatCurrency() was incorrectly formatting currencies with a minor value of less than 10, e.g. $1.05.
  • Fixed a bug where IOHelper::copyFolder() was not working.
  • Fixed some potential PHP errors due to code that was not prepared for the possibility that IOHelper::getFolderContents() could return false.
  • Fixed a bug where FieldsService::getFieldByHandle() would return FieldModel objects for fields that had been deleted earlier in the same request.
  • Retroactively fixed a bug where it was possible to have multiple user groups with the same name and/or handle.
  • Fixed a bug where translatable fields were not always respecting the element’s locale’s orientation, when it differed from the user’s preferred locale’s orientation.
  • Fixed a couple bugs related to double-clicking on elements within the Control Panel.
  • Fixed a bug where the “Sensitive Craft folders should not be publicly accessible” requirement at admin/utils/serverinfo would incorrectly report that Craft folders were not accessible if they had been uploaded to a subfolder.

Security

2.6.2931 - 2016-09-08

Changed

  • Improved the legibility of light-on-dark text
  • Double tapping the title bar of a Matrix block collapses/expands the block.
  • Double tapping an element in an element selector modal selects the element.
  • Tap-holding an element in element select inputs now shows the Element Editor HUD.
  • Tap-holding an element in element index views now shows the Element Editor HUD.
  • The Control Panel now includes jquery.mobile-events.js for touch events support.
  • Updated Redactor to 1.2.6.

Fixed

  • Fixed a bug where HTML entities were getting encoded for plain text emails.

2.6.2930 - 2016-09-01

Fixed

  • Fixed a PHP error that occurred when creating a DB backup on environments running PHP 5.3.

2.6.2929 - 2016-08-31

Changed

  • It’s now possible to translate Plain Text fields’ placeholder messages with static translations.

Fixed

  • Fixed a bug where the self-updater would display a nondescript error message if the environment didn’t meet all of Craft’s server requirements, rather than explaining the actual issue(s).

2.6.2923 - 2016-08-30

Fixed

  • Fixed a bug where Craft was not properly indexing assets whose file paths were longer than 255 characters.
  • Fixed a bug where animated GIF loop limits were not being respected.
  • Fixed a bug where existing compiled Control Panel templates were not always getting cleared properly when updating Craft via a manual update.
  • Retroactively fixed a bug where Craft was not fully deleting entries authored by users that were automatically deleted via the purgePendingUsersDuration config setting.
  • Fixed a bug where textareas with auto-adjusted heights were not accounting for trailing newlines.

2.6.2922 - 2016-08-26

Added

  • Added cp.categories.edit and cp.categories.edit.right-pane hooks to the categories/_edit template.
  • Added cp.users.edit and cp.users.edit.right-pane hooks to the users/_edit template.

Fixed

  • Fixed a bug where clicking on a menu option would hide the menu before the option had a chance to activate.

Security

  • Fixed a vulnerability that made it possible to execute Craft database backups in other contexts besides restoring from a failed update attempt.

2.6.2916 - 2016-08-25

Changed

  • Improved keyboard and accessibility support for the Select All button on element indexes.
  • Improved keyboard and accessibility support for Lightswitch fields.
  • Improved keyboard and accessibility support for menus.
  • The .hover class can now be applied to selected elements.
  • Improved the height approximation logic for textareas with dynamic heights.
  • Improved the styling of elements within metadata panes, such as an entry’s author.
  • The _includes/forms/field include template now assigns an id attribute to the <label> if either a labelId or id variable is passed in.
  • The _includes/forms/lightswitch include template now assigns an aria-labelledby attribute to the container <div> if a labelId variable is passed in.
  • TemplatesService::namespaceInputs() now namespaces aria-labelledby attributes when $otherAttributes is true.

Fixed

  • EmailService no longer has Twig render email messages in safe mode, which was a little heavy-handed and prevented email message templates from accessing global variables and other things.
  • Really, really, really fixed a bug where ElementsService::getTotalElements() was not working correctly for some plugins that were modifying the element query.
  • Fixed a bug where using |length on a Matrix field in a Live Preview would return the total number of saved blocks, rather than the number of blocks in the post data.
  • Fixed a bug where new entry types would get added to the beginning of the section’s entry type list, if the order of the list had been customized.

2.6.2911 - 2016-08-16

Added

Changed

  • Craft no longer flushes the entire data cache when the file system path to the craft/app/ folder changes.
  • Craft no longer sets the Content-Length header when responding to CP resource requests, fixing a potential mismatch between the header value and the actual content size if the response body was compressed its way to the client.
  • Craft now disables PHPMailer’s SMTPAutoTLS setting, preventing an error on servers that don’t support TLS.

Fixed

  • Fixed a bug where the email.onSendEmailError event was not firing in some cases.
  • Fixed a bug where transforms that took longer than 120 seconds to generate would get cut off at 120 seconds.
  • Reduced the probability that an animated GIF transform could be double-generated if the transform generation took longer than 30 seconds.
  • Fixed a bug that occurred in some cases.

2.6.2903 - 2016-08-02

Added

  • Added the getTableAttributesForSource hook, making it possible for plugins to override the visible table attributes for a given element index source.

Changed

  • Password inputs no longer reveal the password when the Alt key is pressed, since some international keyboards require the Alt key to be pressed to type common symbols.
  • TemplatesService::render() and renderString() now accept a $safeMode argument.
  • EmailService now has Twig render email messages in safe mode.
  • Craft now sets the flash message “User registered.” when a user is created via public registration, rather than “User saved.”.
  • Craft now gracefully handles any errors or exceptions that are thrown as a result of a reference tag.

2.6.2804 - 2016-07-28

Fixed

  • Fixed a PHP error that was occuring on servers running PHP 5.3.
  • Fixed a bug where some textareas in the Control Panel were getting some extra padding below them.

2.6.2798 - 2016-07-27

Changed

Fixed

  • Fixed a bug where eager-loaded relations weren’t factoring in the source elements’ locale.
  • Fixed a bug where some responsive tables were not collapsing when they should on mobile.
  • Fixed a MySQL error that occurred when installing Craft if MySQL’s ENFORCE_GTID_CONSISTENCY config setting was set to 1.
  • Fixed a bug where setting toolbarFixed: true in Redactor configs were not working correctly when using the “Redactor I” plugin.

2.6.2797 - 2016-07-18

Fixed

  • Fixed a bug where TemplatesService::getTwig() was not instantiating new Twig environments for unique sets of options.
  • Fixed a PHP error that occurred if a base DateTime object was passed into DateTimeHelper::formatTimeForDb(), rather than a Craft\DateTime object.
  • Fixed a PHP error that could occur when testing or saving new email settings on case-sensitive file systems.
  • Fixed a bug where element thumbnails were getting distorted in IE.

2.6.2796 - 2016-07-10

Changed

  • Updated Redactor to 1.2.5.

Fixed

  • Really, really fixed a bug where ElementsService::getTotalElements() was not working correctly for some plugins that were modifying the element query.
  • Fixed a bug that could have prevented Craft from restoring the site to normal if a problem occurred during an update.
  • Fixed a bug where thumbnails for portrait images were getting stretched into a square.

2.6.2795 - 2016-07-08

Added

Changed

  • HUD headers and footers should now use the classes .hud-header and .hud-footer, fixing conflicts with .header and .footer classes.
  • Improved the error messages for asset operations involving an invalid asset source.
  • Updated jQuery Timepicker to 1.11.1, fixing some issues for users Eastern Australia.

Fixed

  • Fixed a bug where user suspension and unsuspension actions would set flash messages that indicated the action had completed successfully, even if something went wrong.
  • Fixed a bug where ElementsService::getTotalElements() was not working correctly for some plugins that were modifying the element query.
  • Fixed a bug where StringHelper::normalizeKeywords() was not mapping some uppercase letters to their ASCII equivalents.
  • Fixed some bugs with Control Panel grids.

2.6.2794 - 2016-06-29

Fixed

  • Fixed a bug that prevented Asset sources that did not have public URLs from saving.

2.6.2793 - 2016-06-28

Added

  • Added the useSslOnTokenizedUrls config setting, providing an explicit way to define whether tokenized URLs should use https.
  • Craft now supports APCu for data caching, which can be enabled by setting the cacheMethod config setting to 'apc' and creating a craft/config/apc.php config file that returns an array with useApcu set to true.
  • Added UrlHelper::getProtocolForTokenizedUrl().

Changed

  • The Twig environment is now registered before plugins have the opportunity to register custom Twig extensions, so calling TemplatesService::getTwig() from a plugin’s addTwigExtension will work as expected.
  • Updated Imagine to add ImageMagick 7 support.

Fixed

  • Fixed a bug where some element types’ reference tags within Rich Text fields were not getting stored and parsed correctly on case-sensitive file systems.
  • Fixed a bug where users would get redirected to /dashboard on the front-end after registering their account, in some cases.
  • Fixed a bug where console requests were not respecting the appId config setting.
  • Fixed a MySQL error that occurred when installing a plugin with a record that defined a composite primary key on its table.
  • Fixed a bug where the transform button was selectable in asset selection modals if not all selected assets had a thumbnail.
  • Fixed a bug where assets were not appearing to get selected in thumb view.
  • Fixed a bug where SVGs were not getting resized for thumbnails correctly if the root <svg> tag had percentage-based width and height dimensions.
  • Fixed a bug where users with permission to upload assets would get a permission error when dragging a file directly onto an Assets field.
  • Fixed a Javascript error that occurred when modifying a field layout in Firefox.

2.6.2791 - 2016-06-07 [CRITICAL]

Added

  • Added the allowSimilarTags config setting, which can be set to true to allow multiple tags to exist with names that would be identical if converted down to ASCII (e.g. Protéines, Proteines).

Changed

  • Calling ConsoleApp::on() now lazily-attaches event listeners to uninitialized components the same way WebApp::on() does.
  • When editing an asset, the Filename input will automatically select the entire value, sans extension, when focused, making it easy to rename a filename without changing the extension.
  • When editing an asset, if the file extension is changed in the Filename input, the user will get prompted about it to make sure they intended to do so.
  • When editing an asset, if the Filename input is changed and the file extension is removed in the process, it will automatically be re-appended.
  • When editing an asset, if the file extension is removed from the Filename input, but the rest of the name was left alone, the user will get prompted to make sure they intended to do so.

Fixed

  • Fixed a bug where Matrix blocks’ action menus were showing “Add [block type] above” options even when the maximum number of blocks was reached.
  • Fixed a bug where using the Ctrl/Command + S shortcut on the My Account page when running Craft Client would result in a 404 error.
  • Fixed a bug where the unabbreviated month name “May” was being translated to the abbreviated version, for locales where they differ.
  • Fixed a bug where linking to an element whose URL included a URL fragment from a Rich Text field would result in multiple URL fragments showing up in the parsed field content on the front end.
  • Fixed a bug where long site names in the global sidebar were breaking on random letters, rather than between words.
  • Fixed a bug where long words in the site name were not breaking properly on the Login page.
  • Fixed a bug where it was not possible to download assets in Firefox. (Oh, Firefox.)
  • Fixed a bug where calling ElementsService::getTotalElements() could result in a PHP memory limit error if there was a very large number of matching elements.

Security

  • Fixed a security vulnerability that made it possible for logged-in users to access sensitive information.

2.6.2789 - 2016-05-26

Changed

  • It is now possible to eager-load Structure entries’ and categories’ descendants using the 'descendants' handle.
  • It is now possible to eager-load Structure entries’ and categories’ immediate children using the 'children' handle.
  • Custom login logos are now center-aligned on the Login page, rather than left-aligned with the form.
  • The global sidebar is now hidden when printing a page in the Control Panel.
  • Updated Redactor to 1.2.4.

Fixed

  • Fixed a MySQL error that occurred when updating from Craft 2.2 or earlier.
  • Fixed a race condition where if two requests used the same token at the exact same time, and the token had a usage limit, both requests may have only counted as one usage.
  • Fixed a PHP error that occurred when passing nested arrays into the $params argument on UrlHelper methods.
  • Fixed a MySQL error that occurred if an empty array was passed to FieldsService::deleteLayoutById().

2.6.2788 - 2016-05-19

Changed

Fixed

  • Fixed a bug where related elements within a Matrix block would appear to be selected when the block was selected.
  • Fixed a MySQL error that occurred when saving a task with over 64K of settings data.
  • Fixed a validation error that occurred when saving Checkboxes fields from front-end forms if the post data contained empty option values.

2.6.2785 - 2016-05-06

Fixed

  • Fixed a bug where some Control Panel forms were not showing password prompts for actions that required an elevated user session, resulting in 403 errors.
  • Fixed a bug where the Edit User Group page was sometimes showing a password prompt when saving a new user group, even though that action does not require an elevated user session.
  • Fixed a bug where {% requireLogin %} tags were not being enforced for users that were suspended while they had an active session.
  • Fixed a bug where disabled checkboxes were not getting styled correctly in Chrome.
  • Fixed a bug where some calls to IOHelper::fileExists() and folderExists() were incorrectly getting set to be case insensitive when the intention was to have them suppress errors.

2.6.2784 - 2016-05-04

Changed

  • The requirements report on admin/utils/serverinf