v0.23.6

Added:

Nothing.

Changed:

Nothing.

Fixed:

• decidim-core: Fix report mailers when author is a meeting #7874
• decidim-comments: Fix TypeError in newsletters #7875
• decidim-core: Open attachments in new tab #7917
• decidim-core: Validate nickname using correct regexp #7920
• decidim-proposals: Cast proposal and collaborative drafts titles to text #7927
• decidim-core: Don't show deleted users on user group members page #7926
• decidim-admin: Disable select inputs with the subform toggler as well #7958
• decidim-core: Fix fragment caching with multiple locales #7959

Removed:

Nothing.

Developer improvements:

• Update to Rails 5.2.6 #7950

v0.24.2

Added

Nothing.

Changed

Nothing.

Fixed

• decidim-core: CSV exporter should take into account locales from all resources #7860
• decidim-comments: Fix TypeError in newsletters #7876
• decidim-core: Open attachments in new tab #7918
• decidim-core: Validate nickname using correct regexp #7921
• decidim-proposals: Cast proposal and collaborative drafts titles to text #7928
• decidim-core: Fix editor: remove br tags from inside a tags #7957
• decidim-core: Fix fragment caching with multiple locales #7960

Removed

Nothing.

Developer improvements

• Do not change the global test app configs during specs #7816
• Update to Rails 5.2.6 #7949

v0.24.1

Added

Nothing.

Changed

Nothing.

Fixed

• decidim-admin: Add admin missing translations (#7702) #7766
• decidim-initiatives: Fix permission for initiative edit and update #7654
• decidim-conferences: Fix validations for registration related fields in Conference form #7734
• decidim-admin, decidim-conferences: Add Conferences and Admin missing translations (#7653) #7765

Removed

Nothing.

Developer improvements

• Do not modify the controller class in the controller tests that rende… #7775
• Upgrade to Rails 5.2.5 #7806

v0.23.5

Added

Nothing.

Changed

Nothing.

Fixed

• decidim-participatory processes: Fix process serializer to consider nil images #7615
• decidim-proposals: Backport proposal imports fix to 0.23 #7610
• decidim-core: Make category in the API non-mandatory #7625
• decidim-proposals: Don't copy counters when copying proposals #7640
• decidim-proposals: Fix rendering of proposals in map #7644
• decidim-proposals: Show all proposals in map (#7660) #7677

Removed

Nothing.

Developer improvements

• Fix migration from #7640 #7650
• Lint file #7652
• Bump mimemagic to 0.3.6 #7718
• Update Rails to 5.2.5 and carrierwave to 1.3.2 #7807

v0.24.0

Upgrade Notes

Bump Ruby to v2.7

We've bumped the minimum Ruby version to 2.7.1, thanks to 2 PRs:

• #6320
• #6522

Comments no longer use react

As per #6498, the comments component is no longer implemented with the react component. In case you had customized the react component, it will still work as you would expect as the GraphQL API has not disappeared anywhere. You should, however, gradually migrate to the "new way" (Trailblazer cells) in order to ensure compatibility with future versions too.

Consultations module deprecation

As the new Votings module is being developed and will eventually replace the Consultations module, the latter enters the deprecation phase.

Authorization metadata is now encrypted in the database

As per #6947, the JSON values for the authorizations' metadata and verification_metadata columns in the decidim_authorizations database table are now automatically encrypted because they can contain identifiable or sensitive personal information connected to a user account. Storing this data in plain text in the database would be a security risk.

You need to do changes to your code if you have been querying these tables in the past through the Decidim::Authorization model as follows:

Decidim::Authorization.where(
  name: "your_authorization_handler"
).where("metadata ->> 'gender' = ?", "f").find_each do |authorization|
  puts "#{authorization.user.name} is a #{authorization.metadata["gender"]}"
end

The problem with this code is that the data in the metadata ->> 'gender' column is now encrypted, so your search would not match any records in the database. Instead, you can do the following:

Decidim::Authorization.where(
  name: "your_authorization_handler"
).find_each do |authorization|
  next unless authorization.metadata["gender"] == "f"

  puts "#{authorization.user.name} is a #{authorization.metadata["gender"]}"
end

As you notice, when you are accessing the metadata or verification_metadata columns through the Active Record object, you can utilize the data in plain text. This is because the accessor method for these columns will automatically decrypt the data in the hash object.

This is less performant but it is more secure. Security weighs more.

Added

• decidim-initiatives: Show draft initiatives #6584
• decidim-budgets: Add scope to proposals import in budgets #6525
• Add new languages: Korean, Vietnamese and Chinese #6648
• decidim-core, decidim-meetings: Add online meetings #6572
• decidim-core: Allow customization of the upload help messages #6683
• decidim-admin, decidim-assemblies, decidim-elections: Add elections trustees role #6535
• decidim-elections: Add the trustee zone for users #6615
• decidim-elections: Elections design improvements #6721
• decidim-elections, decidim-forms: Election feedback form #6548
• decidim-meetings: Missing i18n on closed debate notification #6746
• decidim-admin, decidim-core, decidim-debates, decidim-meetings, decidim-proposals: Improve moderation panel #6677
• decidim-budgets: Budget voting projects rule (select min-max projects) #6753
• decidim-meetings: Let users close meetings from public pages #6703
• decidim-elections: Add preview of questions to an election #6749
• decidim-core: feat: send notification to reported content authors #6747
• decidim-core: Allow subhero content block to hold HTML tags #6810
• decidim-core: Add info to report email for moderators #6725
• decidim-meetings: Add registration system to meetings #6662
• decidim-initiatives: Filter created initiatives only by author #6658
• decidim-proposals: Add locales for cost report #6767
• decidim-admin, decidim-core: Detect the use of spam-bots and ban non compliant users (part 1) #6696
• decidim-core: Send report email when reported resource is translated to default org language #6726
• decidim-elections: Setup election for bulletin board #6813
• decidim-initiatives: Edit initiative as promoter #6790
• decidim-admin, decidim-core: Send notification to resource's authors when it is hidden by a moderator #6885
• decidim-meetings: Add a config flag to disable the registration code #6698
• decidim-elections: Show election results #6768
• decidim-admin: Add HTML titles in Admin panel #6666
• decidim-core, decidim-elections: Export election results #6846
• decidim-admin, decidim-participatory processes: Implement ContentBlock for Process Groups (Admin UI) #6655
• decidim-meetings: Automatically enable registrations when meeting is "on this platform" #6874
• decidim-core, decidim-proposals: Allow user to drag address on proposal map #6291
• decidim-conferences: Localize a string in conference speaker #6866
• decidim-participatory processes: Add HTML Content Blocks in Process Groups #6823
• decidim-core: Adds spinner to block page while ajax petition is executed #6611
• decidim-participatory processes: Add Metadata Content Block in Process Groups #6699
• decidim-participatory processes: Add Participatory Processes Content Block in Process Groups #6826
• decidim-admin: Add a general moderation panel #6955
• decidim-participatory processes: Edit link in groups and show group in processes #6827
• decidim-participatory processes: Improve highlights of Process Groups #6828
• decidim-participatory processes: Improvements in Process Groups and processes block #6853
• decidim-debates: Archive Debates #6940
• decidim-admin, decidim-core: Let components define settings with type time #6948
• decidim-debates: Export debate comments #6962
• decidim-elections: Add and use decidim-bulletin_board gem #6997
• decidim-meetings: Allow creation of hybrid meetings #6891
• decidim-core, decidim-verifications: Encrypt authorization metadata #6947
• decidim-admin, decidim-core, decidim-system: Make it possible to allow some pages to display publicly even when organization access is limited #6951
• decidim-surveys: Start and end dates for survey #7016
• decidim-admin, decidim-core, decidim-verifications: Improve management of managed user #6748
• decidim-participatory processes: Let admins enter the Space Private Users section in admin #7067
• decidim-admin, decidim-core: Detect the use of spam-bots and ban non compliant users (part 2) #6804
• decidim-meetings: Add comments export to meetings #6946
• decidim-consultations: See a deprecation callout in Consultations #7095
• decidim-debates: Add scope to debates #6326
• decidim-budgets: Sum Budgets finished and pending orders in admin panel #7010
• decidim-admin, decidim-assemblies, decidim-participatory processes: Allow admin to be registered as a participatory space user [#6890](http...

v0.24.0.rc2

Added

Nothing.

Changed

Nothing.

Fixed

• decidim-core: Fix invalid signature on message decryption #7490
• decidim-assemblies, decidim-participatory processes: Fix NULL error with weight field in assemblies & processes #7491
• decidim-core: Fix record encryptor hash values JSON parsing for legacy unencrypted hash values #7496
• decidim-admin: Only share tokens if component exists #7504
• decidim-core: Invalidate all user sessions when destroying the account #7511
• decidim-proposals: Fix non-unique IDs element in filter hash cash #7533
• decidim-core: Fix record encryptor trying to decrypt or decode non-String values #7538
• decidim-core: Fix record encryptor trying to decrypt empty strings #7547
• decidim-admin, decidim-budgets: New Admin users cannot accept Terms and conditions #7520
• decidim-core, decidim-proposals: Fix cells caching by using cache_key_with_version instead of cache version #7556
• decidim-debates, decidim-meetings, decidim-proposals: Fix user profile timeline activity cards texts showing "New resource" on updates #7558
• decidim-core: Sanitize address inputs #7576

Removed

Nothing.

Developer improvements

• Remove duplicated migration #7521

v0.23.4

Added

Changed

Fixed

• decidim-admin: Fix and tests to avoid registered users being invited again #7455
• decidim-proposals: Fix the proposal body validation error messages #7495
• decidim-admin: Only share tokens if component exists #7503
• decidim-core: Invalidate all user sessions when destroying the account #7510
• decidim-core: Fix user profile timeline activity cards texts showing "New resource" on updates #7559
• decidim-core: Sanitize address inputs #7577

Removed

v0.24.0.rc1

Upgrade Notes

Bump Ruby to v2.7

We've bumped the minimum Ruby version to 2.7.1, thanks to 2 PRs:

• #6320
• #6522

Comments no longer use react

As per #6498, the comments component is no longer implemented with the react component. In case you had customized the react component, it will still work as you would expect as the GraphQL API has not disappeared anywhere. You should, however, gradually migrate to the "new way" (Trailblazer cells) in order to ensure compatibility with future versions too.

Consultations module deprecation

As the new Votings module is being developed and will eventually replace the Consultations module, the latter enters the deprecation phase.

Authorization metadata is now encrypted in the database

As per #6947, the JSON values for the authorizations' metadata and verification_metadata columns in the decidim_authorizations database table are now automatically encrypted because they can contain identifiable or sensitive personal information connected to a user account. Storing this data in plain text in the database would be a security risk.

You need to do changes to your code if you have been querying these tables in the past through the Decidim::Authorization model as follows:

Decidim::Authorization.where(
  name: "your_authorization_handler"
).where("metadata ->> 'gender' = ?", "f").find_each do |authorization|
  puts "#{authorization.user.name} is a #{authorization.metadata["gender"]}"
end

The problem with this code is that the data in the metadata ->> 'gender' column is now encrypted, so your search would not match any records in the database. Instead, you can do the following:

Decidim::Authorization.where(
  name: "your_authorization_handler"
).find_each do |authorization|
  next unless authorization.metadata["gender"] == "f"

  puts "#{authorization.user.name} is a #{authorization.metadata["gender"]}"
end

As you notice, when you are accessing the metadata or verification_metadata columns through the Active Record object, you can utilize the data in plain text. This is because the accessor method for these columns will automatically decrypt the data in the hash object.

This is less performant but it is more secure. Security weighs more.

Added

• decidim-initiatives: Show draft initiatives #6584
• decidim-budgets: Add scope to proposals import in budgets #6525
• Add new languages: Korean, Vietnamese and Chinese #6648
• decidim-core, decidim-meetings: Add online meetings #6572
• decidim-core: Allow customization of the upload help messages #6683
• decidim-admin, decidim-assemblies, decidim-elections: Add elections trustees role #6535
• decidim-elections: Add the trustee zone for users #6615
• decidim-elections: Elections design improvements #6721
• decidim-elections, decidim-forms: Election feedback form #6548
• decidim-meetings: Missing i18n on closed debate notification #6746
• decidim-admin, decidim-core, decidim-debates, decidim-meetings, decidim-proposals: Improve moderation panel #6677
• decidim-budgets: Budget voting projects rule (select min-max projects) #6753
• decidim-meetings: Let users close meetings from public pages #6703
• decidim-elections: Add preview of questions to an election #6749
• decidim-core: feat: send notification to reported content authors #6747
• decidim-core: Allow subhero content block to hold HTML tags #6810
• decidim-core: Add info to report email for moderators #6725
• decidim-meetings: Add registration system to meetings #6662
• decidim-initiatives: Filter created initiatives only by author #6658
• decidim-proposals: Add locales for cost report #6767
• decidim-admin, decidim-core: Detect the use of spam-bots and ban non compliant users (part 1) #6696
• decidim-core: Send report email when reported resource is translated to default org language #6726
• decidim-elections: Setup election for bulletin board #6813
• decidim-initiatives: Edit initiative as promoter #6790
• decidim-admin, decidim-core: Send notification to resource's authors when it is hidden by a moderator #6885
• decidim-meetings: Add a config flag to disable the registration code #6698
• decidim-elections: Show election results #6768
• decidim-admin: Add HTML titles in Admin panel #6666
• decidim-core, decidim-elections: Export election results #6846
• decidim-admin, decidim-participatory processes: Implement ContentBlock for Process Groups (Admin UI) #6655
• decidim-meetings: Automatically enable registrations when meeting is "on this platform" #6874
• decidim-core, decidim-proposals: Allow user to drag address on proposal map #6291
• decidim-conferences: Localize a string in conference speaker #6866
• decidim-participatory processes: Add HTML Content Blocks in Process Groups #6823
• decidim-core: Adds spinner to block page while ajax petition is executed #6611
• decidim-participatory processes: Add Metadata Content Block in Process Groups #6699
• decidim-participatory processes: Add Participatory Processes Content Block in Process Groups #6826
• decidim-admin: Add a general moderation panel #6955
• decidim-participatory processes: Edit link in groups and show group in processes #6827
• decidim-participatory processes: Improve highlights of Process Groups #6828
• decidim-participatory processes: Improvements in Process Groups and processes block #6853
• decidim-debates: Archive Debates #6940
• decidim-admin, decidim-core: Let components define settings with type time #6948
• decidim-debates: Export debate comments #6962
• decidim-elections: Add and use decidim-bulletin_board gem #6997
• decidim-meetings: Allow creation of hybrid meetings #6891
• decidim-core, decidim-verifications: Encrypt authorization metadata #6947
• decidim-admin, decidim-core, decidim-system: Make it possible to allow some pages to display publicly even when organization access is limited #6951
• decidim-surveys: Start and end dates for survey #7016
• decidim-admin, decidim-core, decidim-verifications: Improve management of managed user #6748
• decidim-participatory processes: Let admins enter the Space Private Users section in admin #7067
• decidim-admin, decidim-core: Detect the use of spam-bots and ban non compliant users (part 2) #6804
• decidim-meetings: Add comments export to meetings #6946
• decidim-consultations: See a deprecation callout in Consultations #7095
• decidim-debates: Add scope to debates #6326
• decidim-budgets: Sum Budgets finished and pending orders in admin panel #7010
• decidim-admin, decidim-assemblies, decidim-participatory processes: Allow admin to be registered as a participatory space user [#6890](http...

v0.23.3

Added

• decidim-initiatives: Raise an alert when there's an error signing an initiative #7407
• decidim-proposals: Let admins delete proposal attachments #7435

Changed

Fixed

• decidim-initiatives: Fix initiatives type permissions page #7357
• decidim-meetings: Fix etherpad compatibility for old meetings #7387
• decidim-core: Fix subhero content block removing strip_tags from it #7414

Removed

v0.23.2

Added

Changed

Fixed

• decidim-admin: Allow selecting multiple files on gallery forms #7064
• decidim-proposals: Fix proposals admin form when editing. Closes #7031 (#7042) #7051
• decidim-admin, decidim-assemblies, decidim-core: Add some missing i18n keys (#7039) #7043
• decidim-participatory_processes: Fix ParticipatoryProcess metrics ajax call in show (#6971) #6977
• decidim-core: Backport "Fix newsletter html containing style tag content" to 0.23-stable #6963
• decidim-core, decidim-meetings: Backport to 0.23-stable release of fix access to detail on a visible meeting #6934
• decidim-meetings: Backport to 0.23-stable release of fix visible_meetings_for scope #6932
• decidim-all: Fix broken dashboard action logs under certain conditions (#6857) #6930
• decidim-assemblies, decidim-core, decidim-dev: Fix traceability logs with invalid record (#6879) #6928
• decidim-forms: Backport "Fix mixing answers exports and admin management in questionnaires" to v0.23 #6906
• decidim-templates: Backport "Fix decidim-templates gem definition to include templates migrations" to v0.23 #6900
• decidim-core, decidim-dev, decidim-system: Backport 'Correct smtp_settings keys type #6908' on release/0.23-stable #6904
• decidim-admin, decidim-core: Fix newsletter delivery issue to all recipients with no scopes (#6875) #6909
• decidim-core: Backport 'backport smtp settings correction' to 0.23 #6877
• decidim-all: Backport "Add margin between back link and title" to v0.23 #6858
• decidim-admin: Backport "Fix color text on unpublish button" to v0.23 #6848
• decidim-blogs: Backport Add logic in view to prevent visual error in blog post #7278
• decidim-consultations: Backport 'Restore consultation's description rich text format' to v0.23 #7219
• decidim-admin, decidim-budgets, decidim-comments, decidim-core, decidim-debates, decidim-dev, decidim-proposals: Backport "Fix comments newsletter participant ids" to v0.23 #7184
• decidim-core: Quickfix bug in seeds for 0.23-stable #7061
• decidim-participatory_processes: Fix space private user in process admin #7073
• decidim-core: Backport "fix avoid removing tag style on custom sanitize" to v0.23-stable #7019
• decidim-admin, decidim-core: Fix editor image alt tag (#6920) #6990
• decidim-meetings: Backport "Fix visible_meeting_for scope if Decidim::Conference is not defined" to v0.23 #6980
• decidim-admin, decidim-core: Backport "Fix private participants pagination crash" #7000
• decidim-core: Remove sticky from tos agreement (#6716) #6954
• decidim-admin, decidim-assemblies, decidim-participatory_processes: Allow admin to be registered as a participatory space user #7316
• decidim-core: Fixing error caused by Missing Organization #7317
• decidim-core: Adding Organization scopes to uploaders #7318
• decidim-core, decidim-forms, decidim-meetings: Fix security token generation in anonymous surveys and pads #7327

Removed