Skip to content

7.2.10
Compare
Choose a tag to compare
@justincarter justincarter released this 31 Oct 01:15
· 122 commits to master since this release
7.2.10
eb79ca0

This release contains S3 CDN bug fixes including AWS4 signature support, some performance improvements, better 404 handling for some requests, and a number of security enhancements.

Bug

  • [FC-1934] - Friendly URL autodetect (pingFU) sometimes fails on initialisation
  • [FC-3107] - ACF error when getting a list of scheduled task jobs
  • [FC-3108] - Show 404 for downloads when invalid typename is used
  • [FC-3111] - Library picker pagination has incorrect formAction URL
  • [FC-3113] - Editing a friendly URL in "Manage Friendly URLs" throws an error
  • [FC-3114] - Only set ACL on S3 if there are ACLs to apply
  • [FC-3116] - autoSetLabel fails if webskin permission is denied to displayLabel
  • [FC-3118] - objectBroker removeWebskin() returning a null
  • [FC-3135] - application.fc.lib.error.showErrorPage() throws error if a farcry type that no longer exists
  • [FC-3139] - Redirects to correct URL case cause infinite redirects
  • [FC-3159] - Changing the Navigation alias for Home breaks the entire site

New Feature

  • [FC-3142] - enable ftLibraryData & ftLibraryDataTypename for typeahead formtool

Improvement

  • [FC-3112] - Improve login performance
  • [FC-3117] - Sanitize filenames with lowercase characters to avoid case sensitivity issues across systems
  • [FC-3141] - Add endpoints for healthcheck readiness and liveness probes
  • [FC-3145] - S3 lib - add S3 path to struct returned by ioGetFileLocation()
  • [FC-3146] - show a 404 for non-webtop requests inside core
  • [FC-3147] - Update S3 CDN to use AWS4 signing
  • [FC-3148] - sanitize sort column and direction in objectadmin
  • [FC-3150] - sanitize git/svn client paths
  • [FC-3151] - validate state and country data in formtools
  • [FC-3152] - remove ActivateURL method from email and URL formtools
  • [FC-3153] - encode HTML output in formtools "display" methods
  • [FC-3154] - authenticate() test for locked/disabled accounts regardless of password match
  • [FC-3155] - rotate and invalidate sessions on login/logout
  • [FC-3156] - return the same message for forgot username/password regardless of match to prevent enumeration
  • [FC-3158] - remove obsolete scaffolds
Assets 2