1.0.0+build-749: First release 1.0.0

First release after more than 4 years of development. Installation instructions Feel free to report bugs if any, feature requests and questions, they are highly appreciated!

1.1.3+build-757: New stable release 1.1.3

Better testing environment. Improved and extended OAuth2 module:

now supports Authentication: Bearer {access_token} from RFC 6750
breaking change in OAuth2 module - /OAuth2/token* requests should be made with POST not GET method to follow RFC 6749
improved documentation

Bunch of system constants removed. Of course, some bug fixes to improve stability. New builds are not attached anymore to releases:

you can always find latest builds on downloads page
or download source code and build it yourself

1.5.0+build-764: New stable release 1.5.0

Added 2 new triggers:

System/Config/before_init
System/Config/after_init

wiki

cs\CRUD trait can handle multilingual functionality automatically: wiki

cs\DB\_Abstract::insert() now can accept single-dimensional array of parameters if needed so.

API requests fix (for certain cases).

Fixes in Blogs and Photo gallery modules.

Latest builds on downloads page or download source code and build it yourself

1.8.3+build-770: New stable release 1.8.3

Main changes:

New upstream version of Sortable jQuery plugin
New upstream version of UIkit
Fix for api/System/profiles/{id} not working for single user id.
Simplified UIkit's tab integration, fade animation added.

Fixes and small improvements in components:

Comments
Plupload
TinyMCE

There is shop branch with WIP version of Shop module, will be merged into master as soon as will be ready (currently administration side is almost ready).

Latest builds on downloads page or download source code and build it yourself

1.16.0+build-790: The most stable, extensible and Web Components-ready version ever

New features:

wait cursor while web components are cooking
System styles are ShadowDOM-ready
Extremely flexible patching of system classes
Possibility to extend Polymer element with the same name like <polymer-element name="some-element" extends="some-element">...
Service script to convert any CSS to ShadowDOM-ready (for instance, used for UIkit), service_scripts/make_css_shadow_dom_ready.php file

Updates:

New upstream version of WebComponents.js
New upstream version of Polymer
New upstream version of BananaHTML
New upstream version of UIkit
New upstream version of Fotorama
New upstream version of jQuery 3.0 (Development version)

Fixes and small improvements in components:

Fixed multilingual functionality
Better navigation with tab key in sign in block
Better errors handling during files uploading in Plupload module
Other small fixes

Important patches of upstream third-party libraries:

jQuery patched to fix $.fn.offset() on elements inside ShadowsDOM (pull request)
WebComponents.js patched to handle properly relative path resolving in css (pull request)
Polymer patched to allow <polymer-element name="some-element" extends="some-element">... (discussion) (experimental git branch with patch applied)
UIkit styles converted to ShadowDOM-ready (using service script)
Fotorama style also wrapped to work inside ShadowDOM

There is shop branch with WIP version of Shop module, will be merged into master as soon as will be ready (most of major features ready, need some supplementary features and triggers to be more hackable).

Latest builds on downloads page or download source code and build it yourself

1.22.2+build-811: More features and new Prism plugin

New features:

Inverse dependency through provide property in meta.json like Blog/post_patch (crucial for same name extending of Web Components).
Added controller-based routing support in addition to files-based (documentation)
Atom feed in Blogs module (for all posts, specific category, specific tag)
New Prism plugin for source code highlighting on pages

Fixes and small improvements:

Fix for TypeError: (intermediate value).parentNode is null in Polymer
Fix for body[unresolved] was not actually working
Removed hack for older versions HHVM that fixed installation/upgrade, now fix available upstream in HHVM itself
Fix for content items list displaying when there are no items yet in Content module
Small fix to improve customizations possibilities of user block
Fix for Firefox freezing on modal opening
Better code formatting (not in single line as before)
Fixes and improvements in DarkEnergy theme
Better control over drafts access in Blogs module
Drop part of URL after ? to comply with standards, otherwise it created unnecessary difficulties in many cases
Builder fix: didn't include some files from core directory
React on X-Facebook-Locale header and switch language regardless from URL

There is shop branch with WIP version of Shop module, will be merged into master as soon as will be ready (very likely to be included in next release).

Latest builds on downloads page or download source code and build it yourself

1.40.2+build-853: Huge leap forward to the future, WebSockets and Shop modules added

New components:

New WebSockets module makes WebSockets usage with CleverStyle CMS ridiculously easy
New Shop module, provides simple, but highly extensible and customizable shopping functionality

New features:

$_SERVER superglobal is now wrapped by object to provide simplified, more functional and secure alternative to raw elements (while keeping original array-like behavior for compatibility)
\cs\Language::init() and ::url_language() methods added
\cs\User::get_session() refactored to ::get_session_id() which much better explains what function actually do
Possibility to attach volume to Docker container with demo
Triggers are now Events, corresponding class Event added, Trigger still exists for backward compatibility, but uses Event under the hood (transition is simple - Trigger::register() -> Event::on(), Trigger::run() -> Event::fire(), also Event have some new functionality with methods ::off() and ::once(), events.php is used now instead trigger.php which is deprecated now
cs.Event object added on frontend similar to cs\Event on backend with the same methods

Updates:

UIkit updated to latest upstream version + all components included since this version!
New upstream version of Polymer and WebComponents.js
New upstream version of jQuery (still from master branch)

Fixes and small improvements:

Style fixes in DarkEnergy theme
Do not pass user session to third-party services in HybridAuth, use md5 from provider and session instead
Fix for warning during docker image building
Make clickable license, readme and API icons look like buttons
Better modals handling in module and plugin admin pages (and no colored text anymore)
Do not use TIME constant for sessions, because it now may be used for long-living cases and constant will not reflect real current time
Events System/User/del_session/before and System/User/del_session/after now passes session id to callback

Deprecations:

User::$user_agent, ::$ip, ::$forwarded_for and ::$client will trigger E_USER_DEPRECATED, $_SERVER should be used instead
\cs\User\get_session() still exists and backward-compatible with old format (throws deprecated warning in log), but now is used to get all session details
trigger.php is deprecated in favor of events.php with the same functionality

Possible partial compatibility breaking (very unlikely, but still possible):

Reverse signature of shutdown_function() function
\cs\Config::update_clangs() method removed
\cs\Language::reload_core_config() method removed
Encryption improvement, but will not be able to decode old encrypted data (not likely to have big impact):
- Initial vector is random and returned with encrypted data
- Blowfish changed in favor of Twofish
- Good random key generated on installation with the help of openssl_random_pseudo_bytes()
\cs\User::get_session_user() refactored to ::load_session() which much better explains what function actually do

Latest builds on downloads page or download source code and build it yourself

1.54.0+build-880: What if we just make everything 5 times faster?

New components:

New Http server module allows to run Http server written in PHP, thus everything lives much longer and works much faster!

New features:

Static pages: Live editing of Static pages
DB::queries() and ::time() methods added (look at deprecations)
Support for not only application/json, but also other application/something+json request content types
New function _header() introduced to be used instead of header(), arguments are the same
New \ExitException instead of just exit or die when there is no real need to stop whole process

Updates:

UIkit updated to latest upstream version
New upstream version of Polymer and WebComponents.js
New upstream version of jQuery (still from master branch)
New upstream version of UPF

Fixes and small improvements:

Shop: Fix for characteristics (not shown because of some bug with fotorama and untranslated string)
WebSockets: Tiny fix for simulating internal WebSockets event register_actions from client side
Removing global used during installation process
cs\Singleton is now based on cs\Singleton\Base in order to ease hackability and reduce code duplication
Basic loader part that can be used for custom loaders during tests and in http server moved into separate file
Fix for favicon path when there is icon in theme directory
Singleton performance fix
Remove unnecessary _once suffix for files including
Fix potential repeated execution of the whole system (resolve duplicated functions declaration)
Fix for session deletion with WebSockets enabled (missing session id during event firing)
Functions that work with global state moved into separate file and are not included by base loader
Fix for setting cookie to empty string didn't remove it from $_COOKIE superglobal
Be ready for $_GET, $_POST and $_REQUEST being array-like objects instead of arrays
WebSockets: Rename prepare_cli.php in WebSockets module to more logical name start_cli.php
Event class simplification
Improvement of server type detection
__invoke() added to \cs\False_class
Show information about module even if it is not installed

Deprecations:

DB::instance()->queries and ->time properties

Possible partial compatibility breaking (very unlikely, but still possible):

Update support for Blogs module from very old versions removed (not likely to be an issue)

Latest builds on downloads page or download source code and build it yourself

1.58.0+build-887: We love Composer!

New Composer module makes installing composer packages as easy as mentioning them in meta.json file, no need to use command line, no need to even have access to command line on shared hosting, etc.

New components:

New Composer module - Composer integration into CleverStyle CMS, allows to specify composer dependencies in meta.json that will be installed automatically

New features:

New events:
- admin/System/components/modules/update/prepare
- admin/System/components/modules/update_system/prepare
- admin/System/components/modules/enable/prepare
- admin/System/components/modules/disable/prepare
- admin/System/components/modules/update/process/before
- admin/System/components/modules/update/process/after
- admin/System/components/modules/update_system/process/before
- admin/System/components/modules/update_system/process/after
- admin/System/components/modules/enable/process
- admin/System/components/modules/disable/process
- admin/System/components/plugins/update/prepare
- admin/System/components/plugins/enable/prepare
- admin/System/components/plugins/disable/prepare
- admin/System/components/plugins/enable/process
- admin/System/components/plugins/disable/process
- admin/System/components/plugins/update/process/before
- admin/System/components/plugins/update/process/before
Http server and WebSockets modules now depends on Composer module and does not include dependencies inside!

Updates:

None

Fixes and small improvements:

Http server: Fix for classes cache cleaning in Http server
DB reconnection in long living process when DB server was disconnected
Support simple modal width in any units, not only px
trigger.php renamed into events.php everywhere
Http server: Mentioning that in Http sever mode files uploading is not currently supported
Http server: Set remote_addr in $_SERVER under Http server
Do not change working directory when minifying css/js/html
Removed synchronization of minified files between mirrors
Do not change working directory in Local storage engine
Photo gallery: Small fix in Photo gallery when all images failed to upload
Constants renamed:
- STORAGE -> PUBLIC_STORAGE
- PCACHE -> PUBLIC_CACHE
Constants added:
- STORAGE (now points to /storage)

Deprecations:

Deprecated events (use newer instead):
- admin/System/components/modules/enable
- admin/System/components/modules/disable
- admin/System/components/plugins/enable
- admin/System/components/plugins/disable

Possible partial compatibility breaking (very unlikely, but still possible):

PCACHE and STORAGE constants renamed to new names, STORAGE constant now points to another directory (not likely to cause any problems)

Latest builds on downloads page or download source code and build it yourself

1.88.4+build-938: Better consistency in routing and improved security

Major change in this release happening to routing. \cs\Route class introduced and now covers all routing functionality instead of having part of it in \cs\Config and \cs\Index classes. Though, complete backward compatibility is present and will be kept until 2.0.

This is the last or pre-last release before 2.0, be sure to keep your components up to date for easy and smooth upgrade to next major release!

New components:

None

New features:

Planned transition to Controller-based routing in System module
Big amount of code duplication removed using new generic methods for packages installation, updating and removal
New events:
- System/Route/pre_routing_replace
- System/Route/routing_replace

Updates:

New upstream version of TinyMCE:
- new plugin colorpicker now included
- table styling since now will be done with css rather than with attributes
New upstream version of UPF (also with security improvements)

Fixes and small improvements:

GZ page compression removed on system level, it should be rather done on higher level (WebServer or proxy) with better performance
Protected constructor in \cs\User as in \cs\Singleton trait
Improved security in case of allowing any user-submitted iframe elements
Added support for removing nested empty directories during update process (only single directory was removed before)
Database and storage testing modal is now rendered purely on frontend
Refactoring in cs\Config class, protection was really dubious
cs\Config::instance()->can_be_admin property refactored to method with the same name, backward compatibility still present
$_SERVER->protocol added which is more useful in many cases instead of ->secure property
Fix for cs\Page::config() with scalar values didn't work as expected on frontend
Installation config is now in form of regular array instead of parsing JSON string O_o

Deprecations:

\cs\Core::api_request() method
\cs\User::system() method
\cs\Config::$can_be_admin property (use method with the same name instead)
\cs\Config::$server property
\cs\Config::$route property (use \cs\Route::$route instead)
\cs\Config::process_route() method (use \cs\Route::process_route() instead)
\cs\Index::$route_path property
\cs\Index::$route_ids property
Deprecated events (use newer instead):
- System/Config/pre_routing_replace
- System/Config/routing_replace

Possible partial compatibility breaking (very unlikely, but still possible):

None

Latest builds on downloads page or download source code and build it yourself

1.110.0+build-985: Bitcoin payment, automated builds and lots of polishing all over the place

Major change in this release happening to session management. \cs\Session class introduced and now covers all session management functionality instead of having everything in still large \cs\User class. Though, complete backward compatibility is present and will be kept until 2.0.

Also this release brings new module Blockchain payment, this is actually first payment module, it integrates nicely with Shop module and any other if needed, and allows to accept payments in Bitcoin!

This is not all yet, now all builds are automatic! This means that all stable builds will be kept as long, as you need them, also bleeding edge nightly builds are prepared after each commit just for you!

One more thing here - if you are using PHP 5.4 - it is encouraged to upgrade to 5.5 or even better 5.6, because 5.4 support will be dropped in 2.0 release together with all deprecated functionality.

Look at SourceForge downloads page.

This is the last release before 2.0, be sure to keep your components up to date for easy and smooth upgrade to next major release! Update to 2.0 will be available only from 1.110.0+, update older releases to 1.110 before moving forward!

New components:

New Blockchain payment module, pay for anything in Bitcoin

New features:

Shop: Notion of currency added to Shop module
New events:
- System/Config/init/before
- System/Config/init/after
- System/Session/init/before
- System/Session/init/after
- System/Session/del/before
- System/Session/del/after
- System/Session/del_all
Now it is possible to use .cs-table-* classes in addition to custom elements with the same name
Since now after each commit new builds will be published on SourceForge

Updates:

New upstream version of BananaHTML
New upstream version of WebComponents.js, thankfully, no patches needed this time
New upstream version of UIkit
New upstream version of UPF:
- Do not allow custom elements (with dash in name or regular elements with is property)

Fixes and small improvements:

Throwing deprecated error on PHP 5.4 with recommendation to update to 5.5+
Run Travis CI tests on PHP 7, nightly builds currently, to be ready when it will be released officially as stable
Shop: Some events now passes currency together with other arguments in order to provide better context
Fix for cs.config when passing array there
Shop: Do not show "Pay now" for cash payment method
Shop: Additional parameter in payment confirmation event - callback, to avoid redirects when it is not desirable
Shop: Repeated payment confirmation will have no effect, so can be freely executed as many times as needed
Shop: Fix for "Pay later" button didn't work
Shop: Fix for bug when after successful payment order status didn't change (paid property worked fine)
Shop: Fix for wrong recalculation of available units
Big changes again: \cs\Session class introduced, all session-related work moved from \cs\User to new class
User-specific settings processing moved to event handler instead of doing it in session object
System core and components switched to using \cs\Session for session-related things and it's events
Http server: Http server updated according to new structure of System core
release-notes.md added in oder to avoid relying purely on GitHub releases
Http server: Disable memory cache for \cs\User class under http server
Hugely refactored, simplified and improved dependencies check
Now dependency check will account conflicts in both sides, not only from side of package that is going to be installed
package item in some modules updated to reflect real name of package directory
Fix for inclusion multiple inline Web Components
Inline scripts inclusion placed near file includes (placement depends on configuration)
Support of new meta.json option for hiding module in main menu
Do not use /dir file in module/plugin/theme distributive package, use package from meta.json file instead, but still keep file until 2.0 for backward compatibility
Force Travis CI to use container-based infrastructure
Build scripts moved info single class
DarkEnergy theme doesn't have hardcoded copyright anymore,  might be used to specify it instead, also  might be used to customize header
Do not use /version file in system core package anymore, keep for backward compatibility till 2.0
meta.json added to system core package root
Significantly faster build creation
Allowed building multiple modules, plugins and themes at once in corresponding mode
Fix for admin page not opening because of missing \cs\Route class import
Fixed forms for permissions addition and editing
Http server: Move some code in Http_server module into namespace
Actually no need for exit in Core class
Get rid of exit, we can actually replace them with echo + return statements
Files permissions updated
SensioLabInsight badge added, existing renamed and switched to SVG
Fix for incorrect detection of other components that provides the same functionality
Some tweaks suggested by SensioLabsInsight
\cs\Language instance caching removed from __() function
User-specific directories removed from .gitignore
Multiple unused variables removed
Multiple unused use statements removed
Photo gallery: Fix for potential bug with images deletion in Photo gallery module
\cs\Mail class refactoring
Avoid using goto in \cs\Session
Refactoring of \cs\DB\MySQLi
LOTS of smaller fixes all over the place

Deprecations:

Deprecated events (use newer instead):
- System/Config/before_init
- System/Config/after_init
- System/User/del_session/before
- System/User/del_session/after
- System/User/del_all_sessions

Possible partial compatibility breaking (very unlikely, but still possible):

Set of functions removed from global namespace because were used in one or two places only, and there was no need to add them into global namespace. Removed functions:
- check_mcrypt
- curl
- apc
- memcached

Latest builds on SourceForge downloads page (details about installation process) or download source code and build it yourself

2.4.2+build-1005: Code quality and bugs hunting

This release is not so huge as previous, but extremely important, because it drops backward compatibility, even, partially, with last release, read on.

Bad things first:

if you're running any old version - you need to update system to 1.110.0+build-985 first, then update all components (otherwise they will not be able to uninstall completely) and ensure you've read all release notes about releases newer that you currently use, modified your code accordingly and there are no errors and deprecated messages in log file
also right after upgrade to 2.4.2+build-1005 update all components

Now exciting good news:

no redundant elements for backward compatibility!
better performance!
more static code analysis with SensioLabsInsights and Scrutinizer!
PHP 5.5 is the minimum supported version now and we can use new features inside system core!

New components:

None

New features:

cs\CRUD_helpers trait added to reduce code duplicating for trivial additional operations when using cs\CRUD trait (currently includes search method)
Scrutinizer badge added
Block templates now have access to $block variable, so they can render block as they like

Updates:

New upstream version of UPF, dropped PHP 5.4 support

Fixes and small improvements:

OAuth2: Fix for refresh_token in OAuth2 module
Deferred tasks: Split \cs\modules\Deferred_tasks::run method into two, because they both do not share any common code anyway
OAuth2: Unnecessary return statement removed, fixed potential error in Http server mode because of function redeclaration
Some refactoring of DB-related classes and usages
Fix for removing empty gallery
Simplification in \cs\Page class
Tiny fixes in \cs\Config\Module_Properties
Refactoring and fixes in \cs\Session, do not update sign_in time unless really sign in
Reformatting and simplification of \cs\Permissions
Refactoring and simplification of \cs\User\Permission trait
Dropped deprecated internal method in \cs\Core class
Huge PhpDoc update that will allow more precise static analysis:
- bool in multiple return types of PhpDoc sections in many cases replaced by false as more specific type
- some PhpDoc types corrected
Refactoring and simplification of \cs\Index class
Fixes for warnings on admin pages
Generally big amount of PhpDoc improvements and small fixes

Deprecations:

Well, this is backward incompatible version:)

Dropped backward compatibility:

All deprecated functionality was dropped
All components now require System of version >= 2.0, but < 3.0 since API will be backward-compatible for whole 2.x series
Dropped update support from System versions older than previous release, the same for all components
Dropped support for PHP 5.4
Meta information unification (sorry, no transitional version this time):
- meta/db.json contents of components now available as db field in meta.json
- meta/storage.json contents of components now available as storage field in meta.json
- versions.json contents of components now available as update_versions field in meta.json

Latest builds on SourceForge downloads page (details about installation process) or download source code and build it yourself

2.28.0+build-1076: Semantics matters

Significant amount of changes comparing to few previous releases.

Starting from this release and onwards we'll move components towards using JSON-LD and Web Components. First module that works in such way on user side is Blogs.

Also this release includes important fixes for some regressions that made it unable to install module that uses DB in simple mode because of incorrect dependencies resolution.

As usual many small fixes and improvements, especially exiting improvements happened in \cs\CRUD trait that now supports JSON type, html with iframes and automatically handles files uploads + introduces new simplified interface.

And the last important thing here: all new builds and git tags are digitally signed now!

New components:

New Json_ld plugin - simplifies some parts of JSON-LD generation
New Tags plugin - currently contains single trait, is used by other components in order to avoid code duplication

New features:

\cs\CRUD::*() methods now work like \cs\CRUD::*_simple() which are now deprecated
New upstream version of BananaHTML:
- If boolean value specified for some attribute - false means no attribute and true means attribute without value (or with value as name in case of XHTML tags style)
- $known_unit_atributes had typo, refactored to $known_unit_attributes
- Some small types corrections
Blogs module now uses JSON-LD and Web Components to render semantic and highly customizable pages

Updates:

New upstream version of UPF, JSON_UNESCAPED_SLASHES added to _json_encode
New build of patched Polymer:
- Applied patch for same name extending to latest upstream master
- Fixed inheritance if Chromium
New upstream version of UIkit

Fixes and small improvements:

Rewrite of \cs\DB class
maindb_for_write system option replaced with db_mirror_mode that allows too choose from Master-Master or Master-Slave configuration
\cs\False_class updated to support more scenarios and reformatted
Small fix and reformatting of \cs\Mock_object
Restored buttons order in \cs\Index class
Dropped micro-optimization in \cs\Cache, reformatted
Do not show empty forms for db and storage selection during module installation
Use simple admin mode by default
Better performance of session creation
Support for additional classes in h::radio() and h::checkbox()
\cs\Index::$apply_button now defaults to false, as this value is used MUCH more often, not likely to cause backward incompatibility, but potentially can hide apply button somewhere
Simplification because of new default value of \cs\Index::$apply_button
Shop: Fixes for some header comments in Shop module's files
Use script[type=application/json] instead of template for user-side configs, also eliminates need for some pre- and post-processing
Fix for creation and deletion of items with not-numeric primary key in \cs\CRUD trait
PhpDoc improvements in \cs\CRUD trait
Fix for \cs\User\Properties::avatar() infinite loop
Blogs: New format of tags item of returned post data in Blogs module
Blogs: \cs\modules\Blogs::get_as_json_ld() method added
Blogs: Post page now uses JSON-LD and Web Components instead of server-side HTML markup
Blogs: More technical data returned with JSON-LD structure
Transition from using deprecated methods of \cs\CRUD
PhpDoc fixes, small tweaks and reformatting of \cs\User\Data
Return strictly boolean in \cs\User\Data::set_data() and ::del_data()
More polishing with improved PhpDoc and reformatting for \cs\User\* traits
Reformatting of \cs\Group
\cs\DB\_Abstract trait refactored.
Simplifications and PhpDoc improvements in \cs\Language
PhpDoc fix and reformatting of \cs\Language\Prefix
Sacrifice a bit of performance (loop will not be too big to cause any measurable performance issues) to make \cs\DB\MySQLi::f() code smaller and simpler
Huge refactoring of \cs\Language::change(), should be simpler to understand and easier to modify now
Fix for showing/hiding smtp settings in administration
Refactoring of \cs\Mail::send_to()
Improved signature formatting in HTML emails
Fixed attachments addition to emails sent
Huge refactoring of \cs\Session class, should be simpler and a bit faster now
Common code decoupled and simplified in \cs\\h\Base::checkbox() and ::radio()
Reformatting of \cs\Base
Splitting \cs\Core::constructor() into 2 methods, reformatting
Splitting \cs\DB::connecting() into 2 methods
Fix for blocks were not rendered if previous block was rendered by event handler
Decision whether to render block decoupled into separate method
Splitting \cs\Page\Meta::render() into 2 methods
\cs\Route::process_route() refactoring
Fix in Builder that produced incorrect fs.json files for packages when building system core package with built-in components
Fix for displaying System version during installation process
Fix for database check during dependencies resolution at module installation
Content: Fix for untranslated save button in Content module
HybridAuth: Fix for HybridAuth catches \ExitException and unable to authenticate
Some low-level error messages now untranslated in order to be properly shown in log file
Old unused translations removed
\cs\CRUD::$data_model_files_tag_prefix added, allows extremely simple solution to maintain tags for uploaded files automatically
Added support for html_iframe in \cs\CRUD as possible type for data model
Static pages: \cs\modules\Static_pages\Static_pages splitted into \cs\modules\Static_pages\Pages and \cs\modules\Static_pages\Categories, both now uses \cs\CRUD which simplified code a lot
Static pages: Files uploaded through editor now are tagged by Static pages module
Refactoring of \cs\Page\Includes
\cs\modules\Blogs\Blogs splitted into \cs\modules\Blogs\Posts, \cs\modules\Blogs\Sections and \cs\modules\Blogs\Tags
functionality() function now account components names as functionalities as well (for convenience)
pages() function now sets canonical URL automatically, also it was reformatted and a bit simplified
Blogs: Section page of Blogs module now renders posts as Web Components using JSON-LD
Blogs: Section, tag, latest posts and drafts pages with posts list are now all rendered with JSON-LD and Web Components
Blogs: Helper class added instead of plain functions
Simplification in \cs\DB\_Abstract
Fix for files tags were not changed during update in \cs\CRUD when multilingual interface is used
Blogs: \cs\modules\Blogs\Posts uses \cs\CRUD
Use INSERT IGNORE in \cs\CRUD which is helpful in some cases
Tags plugin added - contains trait that will be used by other modules
Blogs: Blogs module now uses Tags plugin for tags management
Better PhpDoc types in \cs\DB\_Abstract
Shop: Shop module now also uses Tags plugin for tags management
Make more \cs\CRUD methods protected instead of private to allow their usage from outside
JSON data type support added to \cs\CRUD
Improved URLs detection in \cs\CRUD, now fields that contain URLs by themselves are supported
Shop: Shop module now uses some new features of \cs\CRUD trait
Shop: Few classes in Shop module had a lot of common functionality, now it is concentrated in single trait
Shop: \cs\CRUD use moved to cs\modules\Shop\Common_actions in Shop module
New upstream version of UIkit
Fix for Blockchain_payment module package name in meta.json

Deprecations:

\cs\CRUD::*_simple() methods now deprecated, \cs\CRUD::*() methods should be used instead with the same syntax, full backward compatibility is present

Possible partial compatibility breaking (very unlikely, but still possible):

Dropped support for 2-level arrays in \cs\DB\_Abstract::q() (very unlikely someone used this construction since it was not documented and looks too complex)

Latest builds on SourceForge downloads page (details about installation process) or download source code and build it yourself

2.43.0+build-1113: Write less, do more

The main feature of this release is further extension of already functional \cs\CRUD trait. Now in addition to simple CRUD operations, files tags handling (was improved also), multilingual strings handling even more advanced feature was added: joined tables. Joined tables allow to make CRUD operations on tables that are tightly connected to main table, such as:

post tags
shop item attributes
shop item images

Now you can manage things of such kind automatically together with fields from main table just by specifying all such tables in common data model, read updated documentation for more details of implementation. Obviously, \cs\CRUD_helpers::search() supports joined tables as well, allowing creation of most common queries even including joined tables very easily and naturally.

Second important thing is basically rewrite of HybridAuth integration, now code is much simpler, better structured and reliable. Also some small fixes and new features were introduced.

There are also various other fixes and fresh upstream versions of third-party components, enjoy!

New components:

Picturefill plugin added

New features:

Support for nested arrays in \cs\CRUD::find_urls() method
\cs\CRUD can now handle even more work with added joined tables support
Extended search options (intervals and multiple options) in \cs\CRUD_helpers trait
search method in \cs\CRUD_helpers trait now supports joined tables
search method in \cs\CRUD_helpers trait now supports joined tables in $order_by using :

Updates:

New upstream version of UIkit
New upstream version of WebComponents.js
New upstream version of PHPMailer
New upstream version of jsSHA
New upstream version of html5sortable
New upstream version of fotorama
New upstream build (no exact version) of Prism
New upstream build of Composer
New upstream version of TinyMCE
New upstream version of Plupload

Fixes and small improvements:

FileSystem cache doesn't support size limitation anymore - it caused huge performance hit and made code much more complex
Also corresponding cache-related low-level error messages now untranslated in order to be properly shown in log file
Blogs: Drop posts editing from administration, it just duplicates user-side interface where administrator already have access
Code for rendering permissions form decoupled into separate method
HybridAuth: prepare.php renamed into Controller.php into ::index() method, no code logic changes
HybridAuth: \cs\modules\HybridAuth\Social_integration class added, DB queries unified and moved there from controller
HybridAuth: Session setting and contacts updating code decoupled into separate method because it was duplicated many times
HybridAuth: Data updating decoupled into separate method because it is even more common
HybridAuth: Some refactoring and rearrangement - check for user existence first before registration
HybridAuth: Email sending code decoupled into separate method
HybridAuth: Splitted long method into few separate, goto replaced by separate method, code logic shouldn't be affected
HybridAuth: Redirect code decoupled into separate method, some comments reformatting
HybridAuth: More tweaks, less arguments in methods
HybridAuth: Simplification and generalization in merge confirmation
HybridAuth: More simplification regarding adapter handling, profile information and contacts update
HybridAuth: Simplifications, less plain functions
Do not use $_POST['login'] directly in \cs\User anymore, not likely to break anything, but still possible
HybridAuth: More simplification - no need to store HybridAuth data in user's session
HybridAuth: More common code decoupled
HybridAuth: Allow to sign in, but not register or merge account if registration is disabled on system level
Simplification in \cs\CRUD
Some code rearrangement in \cs\CRUD
Data model processing part of \cs\CRUD trait decoupled into separate trait
Support for language fallback in \cs\CRUD when using joined tables
Shop: \cs\modules\Shop\Items now uses latest features of \cs\CRUD to reduce boilerplate code and total code complexity
Fix files tags setting for complex data models
Make markup a bit nicer)
Fix for Commands out of sync; you can't run this command now error which happened in Travis CI tests
search_do() method decoupled from search() method in \cs\CRUD_helpers trait
Shop: New search_do() method is now used by \cs\modules\Shop\Items
Simplifications in Polls module using some new CRUD features
Small other fixes
Docker shield added
Translations updates
Fix for building and uploading packages on non-master branch
Fix for \cs\CRUD_helpers methods sometimes didn't honour $table_alias
Shop: Items search fix in Shop module

Deprecations:

None

Possible partial compatibility breaking (very unlikely, but still possible):

$_POST['login'] is not used directly in \cs\User anymore, not likely to break anything, but still possible

Latest builds on SourceForge downloads page (details about installation process) or download source code and build it yourself

2.86.0+build-1210: Bower and NPM support, Emoji, powerful WebSockets

One cool thing in this release is transition from utf8 to uf8mb4, which is correct version of UTF8 and now you can use whole range of symbols, including emoji without any problems.

Another thing is reducing amount of backend code that deals with UI, instead few WebComponents were created for administration UI alongside with new API endpoints, more work in this direction will be done in future releases.

Major advancements were done in WebSockets module bringing incredible flexibility, simple server start and reliable support for multi-servers setup.

Last but not least major feature of this release is new Composer assets, which brings extremely simple support for Bower and NPM packages that can now be specified as components dependencies for frontend alongside with Composer dependencies for backend. Of course, automatic minification, compression, vulcanization and dependencies management works for Bower and NPM assets flawlessly! LESS and SCSS styles are also supported, since Bower encourages to specify non-minified versions in package manifest.

New components:

Composer assets plugin added for Bower and NPM packages support in CleverStyle CMS

New features:

utf8mb4 as DB encoding to support emoji and other symbols
Modules list is not rendered on server anymore, everything moved to client
Plugins list now also rendered on client side
Block addition form is now rendered on client-side
Block type changing is now possible
Block editing form rendering is now also on client side
New JS helpers added to work with form elements inside ShadowDOM nicely:
- $().cs().tooltips_inside()
- $().cs().radio_buttons_inside()
- $().cs().tabs_inside()
- $().cs().connect_to_parent_form()
Infinite route nesting levels support implemented
_ stubs support in index.json for API endpoints
Changing block's permissions is now in modal window instead of separate page, also it is generic and might be used in other places
Small advancement: api/{module}/admin/* URLs are now restricted to administrators only by default just like admin/* (no need for additional checks anymore)
Composer: Composer module now works in interactive mode, meaning it shows current progress almost real time
Check for password strength on client size (during password change)

Updates:

New upstream version of UPF
New upstream version of jsSHA
New upstream version of WebComponents.js

Fixes and small improvements:

Simplification of permissions management, less DB request on change
Fix for situation when user might have duplicated groups
Simplification of users groups management
CRUD trait fix when setting data model value as Closure object
UIkit themes fixes
uk-modal-dialog-slide class is not used in UIkit anymore
More flexible modal wrapper
Fix for inclusion order of UIkit and its components
Using file_exists_with_extension() where relevant
Switching from openssl_random_pseudo_bytes() to random_bytes()
Unused JS function removed
Translations initialization on earlier stage, allows to use in Polymer elements even on created stage
Simpler access to translations in some components
Now it is possible to get/delete multiple groups with single call
Simplification in \cs\Permissions class
Simplification of files extraction checks, fixes for HHVM in packages installation/extraction similarly to system installation
Moved language initialization on frontend to even earlier stage, fixes Polymer elements in administration UI
More API endpoints for administrator, will be used in future to move more features to UI instead of rendering on server side
Fix for simple modal helper bug with non-pixel width size specified
Small fix to System distributive package generation
Some pieces of unused code removed
Do not force to close connection
Fix fo files-based routing
Fotorama: Fix for fotorama and youtube video going fullscreen (reported upstream as artpolikarpov/fotorama#410)
Shop: Fix for only one image was shown on item page in Shop module
uikit/uikit#1304 applied on top of current minified build in order to fix UIkit tabs in ShadowDOM.
uikit/uikit#1364 applied on top of current minified build in order to fix UIkit tooltips with empty title
Use UIkit.notify instead of alert to show AJAX errors
WebKitMutationObserver dropped since it is supported by all modern webkit browsers
Observing for DOM nodes inserting decoupled into separate function
Fix for contents of Allow header when 405 Method Not Allowed error happens with controller-based routing
API for setting permissions of some item (by specified label and group)
HAML added to code style config
Experimental HAML as primary markup for Polymer elements, because it is too long otherwise
Composer: Composer events added:
- Composer/generate_package
- Composer/generate_composer_json
- Composer/Composer
- Composer/updated
Composer: Added hacked Composer application, how can catch and work with Composer instance
Fix for \cs\CRUD not reading data if there is closure as element of data model
Composer: Composer is now running in debug mode to output any errors that might happen
Composer: Added possibility to configure auth.json for Composer (primary to raise GitHub's API rate limit)
Composer: auth.json can be modified through Composer/generate_composer_json event
Composer: composer.json now contains formatted source instead of single line
New event added:
- System/Page/includes_dependencies_and_map
Some simplification and reducing of code duplication in \cs\Page\Includes
Shop: Fixes for operating under Http server module
Composer: Composer log verbosity depending on system configuration
Static pages: Automatic Open Graph tags with images for Static Pages module
Translations update
Interactive installation mode added to CLI
Help in installer with current file name instead of generic one
Using information from controller render for frontend inclusions, since it gives more correct information about how page was rendered
Encryption improvements, but will not be able to decode old encrypted data (not likely to have big impact):
- much simple and straightforward implementation
- using of OpenSSL instead of Mcrypt (we do not depend on it anymore as it is not maintained for a very long time)
- configurable encryption method
- default encryption method changed to aes-256-cbc (will not be able to decrypt previously encrypted data)
HTTP request was incorrectly determined as HTTPS under HHVM
WebSockets: Fixed connection between two servers
WebSockets: Added option for specifying DNS server (defaults to 127.0.0.1)
WebSockets: Updated DB structure, now we track order of new servers addition to servers pool
WebSockets: Fixed frontend authentication because properties of cs.Language are objects, not strings
WebSockets: Other tweaks, code reformatting
WebSockets: Fix for message target parsing
WebSockets: Event WebSockets/register_actions was dropped
WebSockets: Events WebSockets/$action replaced by single WebSockets/message, also access to $connection was added
WebSockets: Readme updated and extended
WebSockets: Added possibility to send message for users, that are specified with filter (this feature is much more flexible than anything before)
WebSockets: Dropped automatic server start on message sending - it makes no sense since no one listening
WebSockets: Dropped safe_mode check since it was removed in PHP 5.4
WebSockets: Added possibility to specify address for server so that other servers may reach it also (useful for multi-server setups)
WebSockets: Changed format of server running, a bit simpler now
WebSockets: WebSockets are no longer assumed to be running on 127.0.0.1, real servers pool is used instead
WebSockets: Duplicated addresses of single server in pool now handled nicely
Additional check for host correctness in $_SERVER wrapper
Additional protection against timing attacks when working with sessions
Fix for Vary header, should be Accept-Language instead of Content-Language
WebSockets: Disconnection event added
Added contributing file that points to new page on wiki with explanations how to setup everything and send patch back
New functions status_code() and status_code_string() introduced, both doesn't interact with global environment directly, but through _header() instead
Long keys in installer now uses two dashed, not one, namely --help instead of -help, however, old way is kept for backward compatibility until 3.0
Long keys support for builder
Other smaller fixes and improvements

Deprecations:

\cs\Encryption class is deprecated now and will be dropped in 3.0: it is not used by any standard component or by system core itself, so there is no need for it here
code_header() function deprecated (use status_code() instead, it does exactly the same and have the same arguments)

Possible partial compatibility breaking (very unlikely, but still possible):

TinyMCE: TinyMCE methods for re-initialization accept DOM element as argument instead of ID

Latest builds on SourceForge downloads page (details about installation process) or download source code and build it yourself

2.119.0+build-1286: No frontend on backend

CleverStyle CMS never had usual templates on backend, but used HTML generation instead. That worked to some degree, but now there are much better Web Components for that! This release brings significantly extended API for administration actions, many thing now done purely on frontend with Web Components interacting with server through API, the rest of things will migrate to this approach in further releases. Such transition not only clearly separates backend code from frontend, but also improves backend code quality, which in nice thing.

Also there are few nice features like associative arrays support in \cs\CRUD, wildcard syntax support in map.json and multiple improvements to JS helpers to deal with UIkit components and other things under Shadow DOM.

This is likely last release from 2.x series, 3.x is coming with new awesome features, large updates and dropped deprecated functionality!

New components:

None

New features:

Added automatic support for OPTIONS request method, even if it is not defined (works like for unsupported method, but responses with status code 200 instead of 501)
New events:
- System/Session/load
- System/Session/add
\cs\CRUD now can accept associative arrays of arguments, not only indexed with proper order
Allow underscore in HTTP request method
Wildcards support in map.json (more details in updated documentation)
Composer assets: Ignore packages on earlier stage, this improves installation time and slightly simplifies runtime

Updates:

New upstream version of WebComponents.js

Fixes and small improvements:

Ignore templates in tabs helper
UIkit hacked to ignore templates inside switcher component, reported upstream as uikit/uikit#1405
UIkit hacked to support .uk-tab > li > a without any attributes, reported upstream as uikit/uikit#1406
Added UIkit hack to make dropdown working under Shadow DOM
User's permissions editing form is rendered purely on frontend, necessary API endpoints added
Users list rendered on client side
Groups list rendered on client side
Dropdown flickering fix
Permissions list rendered on client side using data from API
New API endpoint for getting list of blocks
UIkit modal buttons translation
Permission deletion done via API on frontend
Splitting API controller into more traits
Permissions addition and editing now done through API on frontend
cs.prepare_attr_value() function added on frontend similar to h::cs.prepare_attr_value() on backend
Small fixes and tweaks in cs\Groups::del()
Groups addition, editing and deletion now done through API on frontend
Groups management API extended
Nice load animations added to some Web Components
Significantly simplified \cs\Group class using CRUD features
Users and bots addition now done on frontend through API
Status code for groups and permissions addition changed from 200 to 201
Stricter check during changing users data, some refactoring
Fix for login hash was remaining in cache after login change, which might cause unexpected issues
Raw user data editing removed
Proper handling of setting array of user's data
Check on frontend not only strength, but also length of the password
API for user data changing added
Timezones api endpoint, formatted data added to users api endpoint
Typos in translations
Check if user is blocked at sign in time
Languages getting API
Fix for user password setting through API
Users and bots editing now done on frontend through API
If there is not handler for request method, respond 501 Not Implemented, rather than 405 Method Not Allowed
Handling unknown HTTP methods decoupled into separate method
\cs\Session now uses \cs\CRUD trait to simplify many things
API endpoints for users searching in administration
Missing slashes for inputs in HAML files
Users API fixes and improvements
Users list now rendered on frontend through API
Http server: Refactoring of request class
Fix for user's permissions getting and setting
Refactoring of cs\Index class, routing methods decoupled into cs\Index\Router trait

Deprecations:

None

Possible partial compatibility breaking (very unlikely, but still possible):

\cs\Group::get() signature changed, rarely used argument dropped
\cs\Group::set() method signature changed, group data will be dropped and not available anymore
data column dropped from groups table

Latest builds on SourceForge downloads page (details about installation process) or download source code and build it yourself

3.145.7+build-1787: Pure frontend

This release is a bit revolutionary. Few very important steps were made towards excellence and it took quite a lot of time to get here, but result is awesome!

First important step is migration from Polymer 0.5.x to Polymer 1.x. This is a big step, significant bc-break, but eventually improved performance, new features and improved API worth it.

Second big step is cleaning frontend from UI framework (historically, jQuery UI was used initially and UIkit later), now UIkit is removed and CleverStyle Widgets added instead. This important step resulted in significant JS/CSS size reduction, awesome Shadow DOM and data-bindings integration (it was very buggy in UIkit and not maintained by upstream developers).

Another consequence of dropping UI framework is that NO STYLING IS APPLIED TO PAGE BY DEFAULT! Literally nothing! There are some defaults that can be optionally used, but nothing is used by default. This gives developers complete freedom in styling without fighting with styling overrides and third-party themes can be ported without any conflicts in very short time.

And one more good thing on frontend - all system UI is now based on Web Components and interacts with server through API, so backend is cleaner and frontend can be modified if needed without any issues.

On backend side new Uploader module added that is radically simplified re-implementation of Plupload module (and compatible with it).

Also quality of backend code improved significantly according to Scrutinizer results.

Comprehensive change log is below and documentation is updated accordingly already (and extended to better cover frontend things)!

New components:

Uploader module (replaces Plupload, which was deprecated and will be removed after release), is based on Plupload module, but uses simple standalone implementation of files uploading as wrapper around $.ajax, almost the same API as was in Plupload modules before (now API is the same in both)
Service Worker cache module added as attempt to improve subsequent page loads with Service Worker (if available, still experimental)

New features:

System and all components migrated from Polymer 0.5.x to Polymer 1.x
Polymer behaviors added:
- cs.Polymer.behaviors.Language for multilingual support in custom elements
- cs.Polymer.behaviors.cs for access to window.cs as just cs in custom elements
The whole administration interface now works through API purely on frontend side (including navigation between pages, there are API endpoints to everything configurable in administration)
All user-facing interface like profile settings and password changing now works through API purely on frontend side
Full PHP 7 support
CleverStyle Widgets added instead of UIkit (which was removed entirely) with following custom elements:
- cs-button
- cs-form
- cs-icon
- cs-input-text
- cs-label-button
- cs-label-switcher
- cs-link-button
- cs-nav-button-group
- cs-nav-dropdown
- cs-nav-pagination
- cs-nav-tabs
- cs-notify
- cs-progress
- cs-section-modal
- cs-section-switcher
- cs-select
- cs-textarea
- cs-tooltip
Jade is used instead of plain HTML for custom elements
LiveScript is used for all new code instead of CoffeeScript
Few useful methods added on frontend
- cs.ui.modal()
- cs.ui.simple_modal()
- cs.ui.notify()
- cs.ui.alert()
- cs.ui.confirm()
Flexy-plexy now included instead of UIkit's grid system
Shared styles added (should be declared explicitly in order to be used, nothing is used by default, also usage on global level doesn't affect custom elements, each element should explicitly declare usage as well):
- normalize provides custom elements-aware version of normalize.css
- basic-styles-alone provides custom provide advanced basic styling (including sane typography) on top of normalize
- advanced-styles-alone contains utility classes added instead of ones found in UIkit:
  - .cs-text-primary
  - .cs-text-success
  - .cs-text-warning
  - .cs-text-error
  - .cs-text-center
  - .cs-text-left
  - .cs-text-right
  - .cs-text-lead
  - .cs-text-bold
  - .cs-text-italic
  - .cs-block-primary
  - .cs-block-success
  - .cs-block-warning
  - .cs-block-error
  - .cs-margin
  - .cs-margin-top
  - .cs-margin-bottom
  - .cs-margin-left
  - .cs-margin-right
  - .cs-margin-none
  - .cs-padding
  - .cs-padding-top
  - .cs-padding-bottom
  - .cs-padding-left
  - .cs-padding-right
  - .cs-padding-none
  - .cs-cursor-pointer
  - .cs-table
- basic-styles is normalize and basic-styles-alone together
- advanced-styles is basic-styles and advanced-styles-alone together
\cs\ExitException can now handle error codes and messages, used instead of error_code() + Page::instance()->error()
JS polyfills are now separated and included only for IE/Edge browsers, since all other browsers already have support for all necessary features
cs.Event is now Promise-based, accepts Promise as callback result
New backend events:
- OAuth2/custom_allow_access_page
- admin/System/components/modules/default (replaces admin/System/components/modules/default_module/process)
- admin/System/components/plugins/update/before (replaces admin/System/components/plugins/update/process/before)
- admin/System/components/plugins/update/after (replaces admin/System/components/plugins/update/process/after)
- admin/System/components/modules/update/before (replaces admin/System/components/modules/update/process/before)
- admin/System/components/modules/update/after (replaces admin/System/components/modules/update/process/after)
- admin/System/components/modules/uninstall/before
- admin/System/components/modules/uninstall/after
- admin/System/components/modules/install/before
- admin/System/components/modules/install/after
- admin/System/components/modules/update_system/before (replaces admin/System/components/modules/update_system/process/before)
- admin/System/components/modules/update_system/after (replaces admin/System/components/modules/update_system/process/after)
- admin/System/components/modules/enable/before (replaces admin/System/components/modules/enable/process)
- admin/System/components/modules/enable/after
- admin/System/components/modules/disable/before (replaces admin/System/components/modules/disable/process)
- admin/System/components/modules/disable/after
- admin/System/components/plugins/enable/before (replaces admin/System/components/plugins/enable/process)
- admin/System/components/plugins/enable/after
- admin/System/components/plugins/disable/before (replaces admin/System/components/plugins/disable/process)
- admin/System/components/plugins/disable/after
- System/Page/display/before (replaces System/Page/pre_display)
- System/Page/display/after (replaces System/Page/display)
- admin/System/components/themes/current/before
- admin/System/components/themes/current/after
- admin/System/components/themes/update/before
- admin/System/components/themes/update/after
- System/Index/load/before (replaces System/Index/preload)
- System/Index/load/after (replaces System/Index/postload)
New frontend events:
- admin/System/components/modules/default/before
- admin/System/components/modules/default/after
- admin/System/components/plugins/disable/before
- admin/System/components/plugins/disable/after
- admin/System/components/modules/disable/before
- admin/System/components/modules/disable/after
- admin/System/components/modules/enable/before
- admin/System/components/modules/enable/after
- admin/System/components/plugins/enable/before
- admin/System/components/plugins/enable/after
- admin/System/components/plugins/update/before
- admin/System/components/plugins/update/after
- admin/System/components/plugins/update/before
- admin/System/components/plugins/update/after
- admin/System/components/modules/update/before
- admin/System/components/modules/update/after
- admin/System/components/modules/uninstall/before
- admin/System/components/modules/uninstall/after
- admin/System/components/modules/install/before
- admin/System/components/modules/install/after
- admin/System/components/modules/update_system/before
- admin/System/components/modules/update_system/after
- admin/System/components/themes/current/before
- admin/System/components/themes/current/after
- admin/System/components/themes/update/before
- admin/System/components/themes/update/after
- cs-system-sign-in
No need for session in XHR request body (yay!)
New constants
- \cs\Config::SYSTEM_MODULE
- \cs\Config::SYSTEM_THEME
- \cs\Config\Module_Properties::ENABLED
- \cs\Config\Module_Properties::DISABLED
- \cs\Config\Module_Properties::UNINSTALLED
Support for nested structures in JSON files with translations
Added useful methods for \cs\Config\Module_Properties:
- enabled() (replaces active())
- disabled()
- installed()
- uninstalled()
Added prefix support to cs.Language like cs.Language(prefix), works similarly to new \cs\Language\Prefix($prefix) on backend
Also prefix support added to Language behavior for Polymer cs.Polymer.behaviors.Language(prefix)
System, TinyMCE: New wrapper elements added in order to simplify working with WYSIWYG editor and provide Shadow DOM support (replaces helper functions editor_deinitialization(), editor_reinitialization() and editor_focus(), they are not needed anymore):
- cs-editor
- cs-editor-inline
- cs-editor-simple
- cs-editor-simple-inline
Allow to capture only AJAX errors with specific status code using callbacks like error_404, other status codes will use generic error processing
Added possibility to override implementation of Polymer element using extends or overrides with the same name as element similarly to what was present when using Polymer 0.5.x, but without actual extending custom elements (because it is not supported yet by Polymer 1.x)
Make session and some other cookies HTTP only
Do not make language redirects, we can modify page URL to include language prefix on frontend without any help from backend
\cs\Language\Prefix now can return regular translation if prefixed version not found similarly to how it works on frontend
Separate IE-specific polyfills and include them only for IE/Edge, will also simplify removal their support in future
Custom build of WebComponents.js added with polyfills removed
Use compressed CSS/JS/HTML in administration unless ?debug is present in URL

Updates:

New upstream version of Polymer 1.x with patches on top of it
New upstream version of WebComponents.js
New upstream version of autosize
New git version of jQuery 3.0
New upstream version of PHPMailer
New upstream version of HybridAuth
- New providers:
  - Slack
  - WarGaming
  - Xuite
- Removed providers:
  - Viadeo
New upstream version of TinyMCE with patches for Shadow DOM support and with standalone JS core instead of jQuery-based (with new codesample plugin added)
New upstream version on Picturefill
New upstream version on BananaHTML
New git version on Composer
New upstream version of UPF
New upstream version of jsSHA

Fixes and small improvements:

Users search API fix
Dropped layout attributes from Polymer 0.5 in favor of iron-flex-layout
Removing Polymer inclusion from Web Components, since Polymer is already here
New upstream version of run-tests.php from PHP repository
Refresh styling when all components are ready
Improve includes processing to handle <style is="custom-style"> and new CSS imports nicely <link href="style.css" rel="import" type="css">
JS minification added
Do not inline in CSS files bigger than 3 KiB
Handle relative links with query string in CSS
Add query string with part of md5 digest to track content changes
Fixes for \cs\CRUD and \cs\CRUD_helpers traits
Dropped common theme styles as unnecessary
Cookie path configuration is not necessary, especially, since installation into subdirectory is not supported
cs-table is only used as class since now
.cs-table moved into advanced styles and doesn't penetrate Shadow DOM by default
Fix for default configuration options were not set during modules installation
Small tweak to prevent error in some cases
Upload only release tags
Handle nicely style[include] as special feature in Polymer
Do not join various styles in minifier - it requires quite complex regexps and doesn't benefit that much
Do not remove semicolons in minifier - this causes problems for Polymer with some rules
Add hashes even to non-cached includes in order to avoid problems in production, when CDN caches files in administration interface
Permissions API fix
TinyMCE: TinyMCE now sets textarea value after each change
Unused translations removed
Packages manipulation functions are now in standalone class instead of trait
Fix for dependencies resolution when there is multiple requirements/conflicts for the same package
Generic API endpoint for files uploads in administration (for phar CleverStyle CMS-specific installers, simple checks are present)
Fix for 501 status code not returned if HTTP method not implemented
Using rmdir_recursive() in some places instead of some custom alternatives
User block with sign-in/sign-out and other features are now custom element, no global event listeners for some classes
Sign in, registration and restore password modal dialogs are pretty generic, so they are not in theme, but in system itself
Fix for multilingual redirect and link[rel=alternate][hreflang]
Remove redundant usages of h::prepare_attr_value() since with BananaHTML it will be applied to attributed automatically
User's profile page removed
Improving PhpDoc on \cs\DB\_Abstract, removed redundant $indexed argument for ::fs(), ::fas(), ::qfs() and ::qfas() methods since id does nothing in this context
\cs\Config::instance()->core['themes'] option removed since it is actually redundant
OAuth2: Do not send 403 because Windows Phone in particular will have difficulties with this
New method \cs\Config::cancel_available() added to easily check whether it is possible to cancel applied changes of configuration
\cs\Config::cancel() now returns boolean result
Hide Static pages module in main menu
Composer: Do not run Composer's update when Composer itself is manipulated
Composer: Do not use Composer while it is not actually enabled
Blogs: Show head actions regardless on presence of posts in current list
Fix for absolute path determination in FileSystem cache engine under OS Windows
Fix for filling basic settings during modules installation because events now fired from API
Improve security by not allowing jQuery to execute JS after AJAX responses with Content-Type: application/javascript
Simplified cs.Event internals by utilizing advanced features of Promises
Improved JS minification when complex comments structures present
Fix for admin pages includes included on regular pages
cs.Language source moved into own file
Switch from apc_* functions to apcu_*
Fix for includes from regular pages were not included in administration (inverse should not be true however)
Do not force box-sizing on everything, this might and will break some third-party components
Composer assets: Add iron-flex-layout to Bower packages provided by system
set_core_ml_text() function added similarly to get_core_ml_text()
Automatic cleanup of old unused options from core settings
Plupload: Plupload module modified so that it can now be disabled and new uploaded files will be served by other module, but plupload's files will be still around
Composer: Composer module fix for installing components
Composer assets: UIkit is not provided by system anymore
\cs\Session::is_session_owner() method added for checking session data against user agent, remote addr and IP to confirm that this is the same user tries to use session
WebSockets: WebSockets module now uses actual headers to get user agent and other things about client rather that asking JS client to send them explicitly
\cs\Language methods updated:
- get() got $prefix argument
- format() got $language and $prefix arguments
\cs\Language\Prefix methods updated:
- format() got $language argument
Use native Promise.all() instead of jQuery's $.when()
Administration navigation on frontend, no page-specific markup on backend
Fix for Cookie domain detection during installation
Fix for Docker image building
GD package added to Dockerfile to enable Photo gallery module in demo
Photo gallery: Fix for incorrect image deletion in Photo gallery module when preview was not yet created
Raise MySQL and MariaDB versions requirements since Shop module requires FULLTEXT indexes on InnoDB table
Use MariaDB 10.1 instead of MySQL 5.5 from default packages when building Docker image
Shop: Small API fixes and nicer handling the case when user name was not specified during order completion
Shop: Fix for total price number on orders page in Firefox
Support id field other than id in \cs\CRUD_helpers trait since \cs\CRUD already supports this
Gravatar support is now optional and configurable; it is disabled by default for new installations and enabled for upgraded installations to preserve existing behavior
Do not delete backup fs and meta files, might be useful on later stages for upgrade scripts
Some UI fixes, no forcing styling on [hidden] elements, target elements should care about this by themselves

Deprecations:

Plupload module deprecated and is left only for smoother transition and will be removed after release, please, migrate to Uploader
\cs\Page::error() usage is highly discouraged, use \cs\ExitException instead
\cs\Config\Module_Properties::active() (replaced with \cs\Config\Module_Properties::enable(), will be removed after release)

Dropped backward compatibility:

All deprecated functionality was dropped
All components now require System of version >= 3.x, but < 4.0 since API will be backward-compatible for whole 3.x series
Dropped update support from System versions older than previous release, the same for all components
Dropped UIkit completely, CleverStyle Widgets are used instead
All helpers in $.cs and $().cs() removed, they worked primarily with UIkit which is not present anymore
data-title attribute support dropped from system, tooltip attribute can be used with the same result (only for regular elements, not custom)
Tenebris theme was not actively used/maintainer, and thus removed:(
\ExitException refactored into \cs\ExitException for better consistency
Internally used JS functions removed:
- cs.blocks_toggle()
- cs.async_call()
- cs.observe_inserts_on()
error_code() function, use \cs\ExitException instead, it provides complete replacement
Removed backend events:
- admin/System/components/modules/default_module/prepare
- admin/System/components/modules/default_module/process (replaced with admin/System/components/modules/default)
- admin/System/components/plugins/disable/prepare
- admin/System/components/plugins/disable/process (replaced with admin/System/components/plugins/disable/before)
- admin/System/components/modules/disable/prepare
- admin/System/components/modules/disable/process (replaced with admin/System/components/modules/disable/before)
- admin/System/components/modules/enable/prepare
- admin/System/components/modules/enable/process (replaced with admin/System/components/modules/enable/before)
- admin/System/components/plugins/enable/prepare
- admin/System/components/plugins/enable/process (replaced with admin/System/components/plugins/enable/before)
- admin/System/components/plugins/update/prepare
- admin/System/components/plugins/update/process/before (replaced with admin/System/components/plugins/update/before)
- admin/System/components/plugins/update/process/after (replaced with admin/System/components/plugins/update/after)
- admin/System/components/modules/update/prepare
- admin/System/components/modules/update/process/before (replaced with admin/System/components/modules/update/before)
- admin/System/components/modules/update/process/after (replaced with admin/System/components/modules/update/after)
- admin/System/components/modules/uninstall/prepare
- admin/System/components/modules/uninstall/process (replaced with admin/System/components/modules/uninstall/before and admin/System/components/modules/uninstall/after)
- admin/System/components/modules/install/prepare
- admin/System/components/modules/install/process (replaced with admin/System/components/modules/install/before and admin/System/components/modules/install/after)
- admin/System/components/modules/db/prepare
- admin/System/components/modules/storage/prepare
- admin/System/components/modules/db/process
- admin/System/components/modules/storage/process
- admin/System/components/modules/update_system/prepare
- admin/System/components/modules/update_system/process/before (replaced with admin/System/components/modules/update_system/before)
- admin/System/components/modules/update_system/process/after (replaced with admin/System/components/modules/update_system/after)
- System/Page/pre_display (replaced with System/Page/display/before)
- System/Page/display (replaced with System/Page/display/after)
- System/profile/settings
- System/profile/info
- System/Route/pre_routing_replace
- System/Index/preload (replaced with System/Index/load/before)
- System/Index/postload (replaced with System/Index/load/after)
cs\modules\System\admin\Controller\packages_manipulation::recursive_directory_removal() method removed since there is rmdir_recursive() function already in latest version of UPF
Generic settings page removed
Methods \cs\Config::reload_languages() and \cs\Config::reload_themes() removed, since they are not used anymore
Method \cs\Config::can_be_admin() removed because of corresponding functionality was removed from system core
OAuth2: Dropped support for Access-token header or request parameter
Helper functions on frontend removed since they are not needed anymore (replaced with elements cs-editor, cs-editor-inline, cs-editor-simple and cs-editor-simple-inline):
- editor_deinitialization()
- editor_reinitialization()
- editor_focus()
Replace and routing options removed from core settings as rarely used and such that can be easily implemented using third-party tools
Removed following system core options and corresponding functionality:
- ip_black_list
- ip_admin_list_only
- ip_admin_list
cs.getcookie() and cs.setcookie() alongside with jQuery cookie plugin removed on frontend
\cs\Index lost many ugly designed features which existing modules do not use anymore
- Removed properties:
  - Content
  - form
  - file_upload
  - form_attributes
  - buttons
  - save_button
  - apply_button
  - cancel_button_back
  - custom_buttons
  - action
- Removed methods:
  - content()
  - in_admin()
  - apply()
  - save()
  - cancel()
Cookie prefix and domain are not needed on frontend anymore
Also specifying protocol doesn't make sense since already available on frontend
Do not enforce POST method in $.ajax() calls, it is explicitly specified where necessary

Latest builds on SourceForge downloads page (details about installation process) or download source code and build it yourself

3.152.1+build-1808: Few things here and there

This release is incomparably smaller than previous. It contains several fixes and few nice improvements, dropped upgrade support from versions older than latest stable, but overall nothing dramatic.

New components:

None

New features:

WOFF2 support
Generic abstract class \cs\Cache\_Abstract_with_namespace now provides common abstraction for simplified cache engine implementation in cases when there is no native namespace support (APC, Memcached for now)
Allow avatar uploading in profile settings if necessary module is present

Updates:

New git version of jQuery 3.0
New upstream version of HybridAuth
- New providers:
  - DigitalOcean
  - GitLab
  - MixCloud
  - StackExchange
New git version of TinyMCE with patches for Shadow DOM support
Composer updated to 1.0.0-alpha11

Fixes and small improvements:

Improved cs-icon performance
Fix for including CSS/JS/HTML on administration pages because of compression used - always build public for installed but disabled modules
Run cleanup on System update to clean caches
Fix for getting cache item results in false being returned when caching is not working even if $callback argument was specified
Optimized sessions table indexes
Small form fix
Remove ) from safe symbols in JS minifier
Improved mirror check, port number was ignored
Better error messages handling
Composer: Autoloader from Composer module now included as early as possible
update_versions is not needed in meta.json anymore (but will be present in meta.json until 4.x release in order to keep possibility to upgrade from older 3.x versions that rely on update_versions)
Old unused CSS removed
Fix for cs behavior
Small fix for optional System dependencies
TinyMCE: readme.md added with instructions how to get custom TinyMCE build with Shadow DOM support
Fix for h::checkbox rendering and functioning
Few smaller fixes

Deprecations:

None

Dropped backward compatibility:

Dropped upgrade support from versions earlier than latest stable
Dropped hack for upgrade from 2.x versions

Latest builds on SourceForge downloads page (details about installation process) or download source code and build it yourself

3.155.0+build-1818: Security update

This release fixes important flaw in permissions system, update ASAP!

Besides extremely important security update, DarkEnergy theme now uses App Shell for better page load experience and WebComponents.js polyfill is only loaded in browsers that needs it, improving page load for browsers with native Shadow DOM support.

Security fixes:

Security fix for permissions system to administration pages when no permissions present for target page

New components:

None

New features:

Added OTF fonts support
App Shell approach added to DarkEnergy theme to improve load experience
WebComponents.js polyfill is only included when needed (not included in Chrome browser on subsequent page opening; only on subsequent opening because of feature detection on frontend)

Updates:

None

Fixes and small improvements:

Fixes for modern mime types for font files
Refactoring of some system components that resulted in improved code quality
Generate WebComponentsReady even if WebComponents.js not included
Shop: Fix in Shop module for situation when item removed, but order is still present
Various small fixes and PhpDoc improvements

Deprecations:

None

Possible partial compatibility breaking (very unlikely, but still possible):

jQuery ready event is now completely standalone again (not likely, but potential BC-break)

Latest builds on SourceForge downloads page (details about installation process) or download source code and build it yourself

3.162.4+build-1841: Towards sub-1ms page rendering performance

This release brings variety of performance tweaks starting from avoiding session creation for guests until necessary and finishing with tweaking third-party dependencies. The goal of sub-1ms rendering time for regular page is not reached yet, but we now have 1.2ms rendering time which is quite close.

Generally, CleverStyle CMS core now works around 3x times faster in simple but common scenarios, which is amazing being already blazing fast!

Also IE10 support was dropped from system core since IE10 is not supported anymore, but new plugin Old_IE is here is you still need to support it.

Finally, take a look at video tutorials for developers to start with CleverStyle CMS even faster.

Security fixes:

Do not allow non-admin used to enter admin pages under any conditions even if permissions allow explicitly

New components:

Old_IE plugin added to provide support for older IE versions (10 currently)

New features:

Performance boost: do not create session for each visitor automatically, create only when it is necessary
Added removing HTML comments in HTML files processing
IE10 support dropped (use Old_IE plugin if IE10 support is still needed)
APCu cache engine added and APC now is actually APC (which is important for HHVM which doesn't provide apcu_* functions)
Small performance tweak: cache modules and plugins events.php file existence in order to avoid filesystem scan each time
Composer: Composer module now states itself as replacement for some bundled system dependencies

Updates:

New upstream version of UPF:
- Refactoring of get_files_list() function resulted in improved performance
- Always return array from get_files_list() function
- - Fix for the case when $prefix_path is an empty string in get_files_list() function (unnecessary starting slash added)
New upstream version of BananaHTML:
- Small performance tweaks and refactoring
- Naive implementation of ::is_array_indexed() and ::is_array_assoc() methods, but should be enough in most cases, 10x+ better performance
New version of Polymer 1.2.4 + git with patches on top and removed Shady DOM support

Fixes and small improvements:

\cs\Session::get_user() now returns integers only, which is simpler to handle
Fix for infinite loader if there are no permissions
Fixed APCu availability check, APC engine test unlocked for PHP 7
Duplicated calls of \cs\Page::canonical_url() will not cause duplicated links in page's source code anymore
Tiny hack to make sure styles properly upgraded with native Shadow DOM
Tiny performance improvement in cs\Language::check_locale_header() method
Tiny fix in administration navigation
Composer: UI fix for horizontal scrolling in modal
Composer: Fix for force update not working
Composer: Fix for stability requirements not satisfied because of composer/composer#4889

Deprecations:

None

Possible partial compatibility breaking (very unlikely, but still possible):

Potential BC break (very unlikely) is that $user argument in \cs\Session::add() is now mandatory
Undocumented \cs\Page::$link, ::$Search and $Replace properties now have protected access

Latest builds on SourceForge downloads page (details about installation process) or download source code and build it yourself

3.174.2+build-1883: RequireJS integration, Bower/NPM integration with system and SQLite support

RequireJS is now bundled with system, it also includes aliases to all bundled third-party components like jQuery or jsSHA, so that they can be used transparently, some components are no longer loaded unconditionally, but are used as AMD modules instead only when needed. Bower/NPM packages installed in website directory are now flawlessly picked by system and aliases to all modules created based on contents of bower.json or package.json files, so that they are all available as AMD modules for RequireJS. Composer assets plugin reached 1.0 version and changed its behavior: no files included automatically (files should be now specified explicitly) and integration with system's RequireJS was added. Now all Bower/NPM packages installed using Composer assets plugin will be automatically available as AMD modules, moreover, direct files inclusion within paths /bower_components and /node_modules will be available to smooth integration even further (though it is not encouraged way of using it).

Another major feature is SQLite support. SQLite database engine was added alongside with ability to install system using SQLite database (no explicit SQLite support within components yet).

The last major change under the hood is translations namespacing. This will ease translations management and support in future.

There was also BananaHTML update which contains performance tweaks for real-world use-cases using simplified rendering path.

Security fixes:

Small potential security fix in \cs\Text:set()

New components:

None

New features:

RequireJS bundled with system
- jsSHA is not loaded by default, only on demand using RequireJS
- autosize library moved to modules and is now loaded only when necessary
Modules/plugins RequireJS aliases added, so that Blogs/xyz will be loaded by RequireJS as components/modules/Blogs/includes/js/xyz.js (functionality might also be used instead of direct module/plugin name)
Support for automatic AMD modules detection for root bower_components and node_modules directories added to provide flawless integration with any third-party tools
New event:
- System/Page/requirejs added
Composer assets: Backward incompatible version of Composer assets plugin with multiple improvements:
- RequireJS support
- Possibility to specify explicitly which files should be included from package
- Handling /bower_components/* and /node_modules/* paths for installed packages which are not present in corresponding root directories
All translations are now namespaced, system translations significantly restructured, unsed translation keys removed
Basic SQLite support:
- SQLite database engine
- System installation and operation with SQLite database engine
- Conversion of some certain MySQL queries to SQLite equivalents if possible for compatibility
- Some SQL queries modified to be compatible with both MySQL and SQLite

Updates:

New upstream version of sprintf.js
Composer upgraded to Git version
New upstream version of BananaHTML:
- Separate, faster path for typical use case added to improve performance in real-world applications

Fixes and small improvements:

Tiny fix for notification
Prevent page scrolling in browsers where possible when modal is opened
Fix for link to module's administration page
Include CSS/JS/HTML files targeted for System module on all other pages
Composer: Composer/Composer event now have one more argument called Application
Composer: Usability improvement in Composer module: modal's content is scrolling as new data appearing if before update modal was scrolled till the end
APC and APCu showed separately in about server information (for HHVM that only supports APC)
Builder refactoring, using getopt() instead of manually inspecting CLI arguments
All system code converted from CoffeeScript to LiveScript
Builder class refactored to only contain methods related to builder itself, web and cli interfaces moved to separate files
bower.json and package.json will now be included into distributive if present
Guest's username returned from translations in cs\User::username() avoiding checking this manually
Fix for Chromium now willing loading stylesheet with Content-Type application/octet-stream
Fix for reporting incompatible databases and storages
Create session for CSRF
Fix for module's databases and storages settings
Fix for setting value in set_core_ml_text() function
Old redundant method removed
Stop returning false from \cs\DB\_Abstract::columns() and ::tables(), return empty array instead
Old IE: URL polyfill removed from Old_IE plugin since it is already available in system itself
Fix for URL polyfill was Template polyfill indeed in system core
api/System/blank endpoint added, primarily for benchmarking purposes (to avoid UI overhead)
Composer: Update Composer on package update in addition to installation/uninstallation
Return correct error message when trying to register existing user in administration interface
Added avatar uploading support when editing user profile in administration
Tests:
- Test for prefixed language usage added
- Better event test
- Improved MySQLi database engine tests added
- Group tests added
- Added permissions tests
Normalized \cs\Permission::get() result (false or empty array on failure instead of null)
Better fix for WebComponentsReady event in Chromium
Various small fixes and tweaks

Deprecations:

None

Possible partial compatibility breaking (very unlikely, but still possible):

cs.hash() signature changes, requires jssha AMD module to be loaded first
Composer assets plugin will not include any files completely automatically anymore, explicit files listing required or AMD module loading can be used
Site rules configuration removed from system

Latest builds on SourceForge downloads page (details about installation process) or download source code and build it yourself

3.212.0+build-1965: Sub-1ms performance achieved, PSR-7 compatibility, request/response abstractions

First of all, there is important psychological achievement: when using Http server under HHVM simple page generation is made in 0.81 ms or 0.00081 seconds - really impressive performance!

Secondly, this version brings a lot of backend improvements beause of introduction of cs\Request and cs\Response system classes that encapsulate all functionality necessary to handle these 2 important aspects of request processing. Unification also allowed to make integration with PSR-7, so now it is possible to initialize system from PSR-7 compatible request object and put response into PSR-7 compatible response object, which greatly improves interoperability with third-party tools. The last piece of this puzzle - bunch of existing functions and even classes to make request processing clear and consistent (backward compatibility still kept with the rest of 3.x versions).

There are many other smaller improvements below, so give it a try!

This is the last major version in 3.x series, see you soon in 4.x world:)

Security fixes:

None

New components:

None

New features:

cs\Config doesn't initialize cs\Language and cs\Page directly, instead - they grab configuration by themselves and if t is not available yet - just subscribe to event and wait when configuration is ready
New backend events:
- System/Config/changed
- System/Request/routing_replace (replaces System/Route/routing_replace)
- System/App/construct (replaces System/Index/construct)
- System/App/render/before (replaces System/Index/load/before)
- System/App/render/after (replaces System/Index/load/after)
- System/App/block_render (replaces System/Index/block_render)
- System/Page/render/before (replaced with System/Page/display/before)
- System/Page/render/after (replaced with System/Page/display/after)* 2 rejected Polymer patches reworked to be standalone and do not need to be injected into Polymer core anymore
cs\Request class added to provide unified source of all needed request information
cs\Response class added to provide unified target for all needed response data (not used everywhere yet)
Correct class autoloader for installer package instead of manual files inclusion
It is now possible to specify during registration API call not just email, but also following fields:
- username
- password
- language
- timezone
- avatar
cs\App class added (replaces cs\Index)
Added cs\Request::init_from_psr7() method to initialize request from PSR-7-compatible object
Added cs\Response::output_to_psr7() method to put response data into PSR-7-compatible response object
Controller's methods now accept cs\Request and cs\Response instances as arguments instead of cs\Request::$route_ids and cs\Request::$route_path as it was before; however, basic compatibility kept by implementing \ArrayAccess and \Iterator
System will now support requests with following Content-Type regardless of system configuration:
- application/json
- application/x-www-form-urlencoded
- multipart/form-data
This means that files uploading will now work for any request method and all data in body will be parsed even if php.ini contains enable_post_data_reading = Off (files are only available through cs\Request object). 2 stream wrappers added to make implementation memory efficient and do not duplicate any request data twice (we have single data stream and files are extracted from there on-fly only when needed and only those parts that are needed).
New method cs\Page::render() as replacement for now deprecated ::__finish()
System now knows which classes store state that changes between requests and which doesn't, this provides simpler system integration with external tools

Updates:

New Polymer version without additional patches (sic!), only Shady DOM removed (which is not used anyway), lazy loading is used in Polymer by default
New upstream Composer 1.0.0-beta1
New upstream version of RequireJS
New upstream version of TinyMCE
New upstream version of Promise polyfill

Fixes and small improvements:

Http server: Async mode removed from Http module, since in order to benefit from this mode many things should be rewritten significantly and it doesn't seem to practically feasible to do so in most cases, thus such over complication doesn't make practical sense
Reply with descriptive message if upload failed
Fix for message during system upgrade
Small fixes for cs\Mail class
Drop password_hash index and change its size to be 255 in order to be ready for possible future algorithm changes (also column comment removed)
Http server: Simplifications in Http server module because of recent changes in system core
Normalized user deletion - always integer user id, less complexity
Small fix, missing necessary re-initialization after configuration change
Composer: Added automatic scrolling of modal's content when Composer finishes all operations like during regular progress
Composer: Added firing admin/Composer/updated event even during forced Composer updating
Composer assets: Composer assets dependencies update
More translations refactoring
WebSockets: Ratchet/Pawl dependency upgraded to new upstream version
Remover method for input stream parsing in cs\Core class since this functionality is now covered by cs\Request class
Redundant oldcs\Config::$core's key allow_change_language removed
Http server: Http server module now reuses system functions for working with global state
cs\ExitException thrown with some status code will set status code on cs\Response
WebSockets: Fix for getting prefixed session cookie in WebSockets module
Refactoring in order to unify and simplify errors processing
Simplifications in cs\User, now all data are persisted immediately
Ignore User::$memory_cache for guest user
Provide cleanup of memory cache in cs\User object when calling ::disable_memory_cache()
Http server: Disable memory cache on cs\User object in Http server module
Removed fix for WebComponentsReady event in Chrome since it doesn't actually work:(
TinyMCE: Fix for content set incorrectly in empty inline editor
Extract more details about server under HHVM using HHVM's custom ini settings
Http sever: Much simpler and straightforward Http server integration, no classes overriding, thanks to latest changes in system core
Http server: Page generation time is now shown correctly under Http server (not number of database queries yet)
Tiny fix for loading language aliases
Migrating from using deprecated Classes/functions
Migrating from deprecated arguments in controllers
Small refactoring, fix for bots detection
Use new controller arguments in places where request/response object were created manually
Http server: Fix for manual autoloader inclusion which is not necessary anymore
Do not show memory limit under Http server, since in this case ini_get() returns -1
Various small fixes and tweaks

Deprecations:

cs\_SERVER is now just a wrapper around cs\Request, it will be around until 4.x, but marked as deprecated
Deprecated functions:
- _setcookie()
- _getcookie()
- _header()
- admin_path()
- api_path()
- current_module()
- home_page()
- shutdown_function() (simplified and is not used anywhere anymore)
- errors_on()
- errors_off()
- interface_on()
- interface_off()
- system_version()
cs\Route class deprecated, cs\Request absorbed and unified all its data
Deprecated events:
- System/Route/routing_replace (replaced with System/Request/routing_replace)
- System/Index/block_render (replaced with System/App/block_render)
- System/Index/construct (replaced with System/App/construct)
- System/Index/load/before (replaced with System/App/render/before)
- System/Index/load/after (replaced with System/App/render/after)
- System/Page/display/before (replaced with System/Page/render/before)
- System/Page/display/after (replaced with System/Page/render/after)
cs\Index class deprecated, use cs\App instead
cs\User::__finish() method deprecated and does nothing
cs\Page::__finish() method deprecated, use ::render() instead
OAuth2: Non-standard guest tokens deprecated in OAuth2 module
Bots deprecated and will be removed in 4.x

Possible partial compatibility breaking (very unlikely, but still possible):

Public methods used internally become protected:
- cs\Language::init()
- cs\Page::init()
Partially breaking change: translation files renamed to latin names

Latest builds on SourceForge downloads page (details about installation process) or download source code and build it yourself

4.78.5+build-2225: HTTP/2 Server Push, PostgreSQL support, docs with sources

First of all, project was renamed from CleverStyle CMS to CleverStyle Framework, which better describes this project.

This release introduces initial CLI support with few methods and components supporting it, more methods in system core and components expected in land future releases.

PostgreSQL in new database engine supported in system core out of the box in addition to already supported MySQLi and SQLite.

HTTP/2 Server Push and preload support added on system level, which alongside with another new feature Frontend loading optimization greatly improves first paint, especially on mobile devices with slow network.

A lot of performance tweaks were made both on backend (especially for Http server) and frontend (especially smaller Polymer build, less JS libraries loaded unconditionally).

Major refactoring happened to Blogs module, Comments and Disqus modules were hugely refactored and their integration now works very differently than it was before.

Documentation was moved to the same repository as source code, this makes updates easier and allows documentation versioning.

This is the first release of 4.x series, so it brings some BC-breaks, deprecations that will be removed in next 4.x release as well as all functionality declared as deprecated in any previous release.

PHP 5.6+ is now required (PHP 7 recommended) or HHVM 3.14+

WARNING: update to this version WILL remove config/main.php, .htaccess, favicon.ico and .gitignore files on update, make sure to have backup and restore them manually right after update.

Security fixes:

None

New components:

None

New features:

Added support for returning value from controllers: value that is different than null will be passed to cs\Page::json() for API calls and to ::content() for other calls
cs\CRUD trait now will cast numbers to, basically, numbers (instead of leaving them as strings, which is what we get from database)
Support for CLI interface added:
- arguments parsing
- routing
- output
- exit codes (400..510, all modulo 256)
- wp-cli/php-cli-tools bundled with system as primary CLI output tool
- support for ./cli cli:* calls for printing available paths and methods
- support for help: command on System module and few CLI paths/methods
Register all events from the beginning unconditionally (this will cause some performance overhead during regular operating, but will increase performance under Http server)
Added transactions support using new method cs\DB\_Abstract::transaction()
cs\CRUD::create() and ::update() now supports arguments to be passed directly instead of being passed as single argument in form of an array
Convenient methods cs\Cache::prefix() and cs\Language::prefix() that are just wrappers around corresponding classes
Homegrown PHPT Tests runner added with support for modified PHPT tests format, colored output and overall much simpler
Preload support (via Link: rel=preload header) added, current includes to preload elements, this is typically used for automatic HTTP2 Server Push
Added support for classes aliases: if package Bar provides functionality Foo, then class cs\modules\Bar\Bar is also available as cs\modules\Foo\Bar
cs\Installer class created, used in modern installer
Support for cs\custom classes for controller-based routing
New backend events:
- System/App/execute_router/before
- System/App/execute_router/after
- (replaced with)
cs.ui.ready property with promise added, allows to conveniently run stuff when Web Components are ready
PostgreSQL support added to system core
Documentation added to docs subdirectory and will now be updated more actively as code changes within the same repository
CleverStyle CMS > CleverStyle Framework
Alternative cs-unresolved method supported for dealing with FOUC
New feature Frontend loading optimization, it should help reaching faster initial page loads

Updates:

Composer updated to latest stable version
New upstream version of Font Awesome
New upstream version of TinyMCE (with more patches)
New upstream version of WebComponents.js
Fresh git build of jQuery 3.x (very likely to be the final 3.0.0)
New upstream version of Promise polyfill
New upstream version of PHPMailer
New upstream version of jsSHA
New upstream version of UPF
Alameda replaces original RequireJS as smaller, RequireJS-compatible alternative that works in IE10+ which is absolutely fine for us
Imported changes from upstream normalized.css, moved IE10-specific hacks to Old IE plugin, Android 4.x-specific normalizations removed
Even smaller Polymer build based on 1.5.0 with more Shady DOM-specific stuff removed, processed with Google Closure Compiler, source branch: https://github.com/nazar-pc/polymer/tree/no-shady-dom
New upstream version of BananaHTML
New upstream version of Prism

Fixes and small improvements:

System:
- Fix for cs\Storage\Local::source_by_url() method
- move_uploaded_file() changed to copy(), since files might be abstracted from default PHP representation and therefore it will not be possible to move them
- TinyMCE: Fixed TinyMCE integration (files uploading) and corresponding readme section in Uploader module
- Build demo image with PHP 5.6
- Even more convenient way to get arguments in cs\Request::data() and ::query() methods, ::route(), ::route_path() and ::route_ids() methods added
- Forbid administrator to access contacts of other users
- Some normalization of profile-specific APIs
- Return null instead of false in some places, null is better compatible with some cases
- System doesn't use superglobals directly except when intentionally need them
- Fix for multipart body parsing and small refactoring
- Added support for AJAX responses with specific status code using callbacks like success_201 for convenience
- Registration API returns status code 201 or 202 instead of string to indicate whether registration confirmation is needed or not
- Annotated properties that are available through magic methods
- Small tweak in order to avoid uncontrolled growing of memory consumption
- Fix for showing error when system config not found (taking into account SAPI)
- Tiny fix for cs-select element
- Fix for TinyMCE integration, changes of value property on cs-editor* elements was not notified to the outside
- Small fix for selected property change on cs-select element
- Migrating to more convenient database interfaces
- Fixes for cs\CRUD_helper trait when working with joined tables
- Allow specify certain language for joined tables instead of using current one in cs\CRUD_helpers trait
- Events caching that might potentially boost performance under Http server
- Major fix for getting available request methods for controller routing
- Removed unnecessary item from index.json
- Very old unused file dropped
- Show system's help message when executing ./cli without arguments
- CLI help for optimization commands, small simplification
- Readme updated to better describe project purpose and features
- Small fix for situation when error happens during \cs\Request initialization and \cs\Response was not initialized yet
- Small fixes for SQLite database engine
- Added test for installation with SQLite database
- Added tests for SQLite database engine
- Cache also failed autoloader results to decrease overhead caused by additional autoloaders (like Composer)
- cs\Permissions class simplification using cs\CRUD_helpers trait
- Casting id value in cs\CRUD_helpers::search()
- Run all tests with both MySQLi and SQLite database engines separately (excluding database-specific tests when needed)
- Added tests for nested transactions
- Simplifications using modern features of cs\CRUD trait
- Added checks in cs\CRUD::update() and ::delete() to ensure item actually exists before doing something on it
- Disallow search engines to scan files of modules, plugins and themes as well as uploaded files
- Since now cache will not be disabled in debug mode (BlackHole engine exists for this purpose)
- BlackHole cache engine tests added
- Use simplified cache and language interface in system core
- Few traits decoupled from cs\App\Router
- Part of cs\Page\Includes decoupled into separate trait
- It is not likely that modules, plugins, themes or even any other files will be located somewhere other that default paths and dropping absolute path of root will give incorrect relative path; which means that we can simplify certain things
- Small tweaks and fixes for incorrect translation prefixes used which caused errors on submission of some forms and prevented showing success message
- Changed structure of naming of cached includes to such that will always have common prefix
- We can do even better - store not hashes, but actual map of includes with hashes
- Be ready that something might modify cached includes in System/Page/rebuild_cache event
- 2 more traits decoupled from cs\Page\Includes
- Clean public cache when applying or saving any changes of optimization settings (vulcanization option change didn't trigger public cache cleaning, so lets do it always)
- cs\User\Data trait split into 2 traits
- cs\modules\System\Packages_dependencies class added (decoupled from cs\modules\System\Packages_manipulation)
- Use implicit flush for efficient output of large content
- Side effects removed from cs\Core
- Refactored and centralized cache tests
- Fix for FileSystem cache engine returned integer instead of boolean on set
- Extended cache test suite with testing get with callback and namespaced keys
- Fix for correction of relative paths in CSS when path contains whitespace
- Use predefined array instead of switch/case for determining type by extension
- Elimination of tab symbol usage in header comments
- CoffeeScript > LiveScript
- Make modal opening smooth
- Improved builder UX
- Refactoring of cs\Singleton\Base
- Always show tooltips
- Return integer instead of string with digits from cs\CRUD_helpers::search() when total_count is specified
- Return numeric user id from API
- Fix for handling components dependencies and functionalities when processing includes
- Added support for $_SERVER['REQUEST_SCHEME']
- Simplified get_timezones_list(), there is no big reason to cache timezones list
- -m and --mode options added to CLI mode of installation
- CLI and Web installation methods separated completely and both use cs\Installer to make actual system installation
- Simplifications in pagination rendering
- Translations fixes
- Fix JS minifier when dealing with </script> inside of JS code and with vulcanization enabled
- Fix for recursive dependencies includes priority was not preserved
- Unified handling of WebComponentsReady event by all CleverStyle Widgets elements
- Small fix for filling cs\Config::$mirrors property
- Using cs\CRUD trait in cs\Config and some additional simplifications
- Simplify includes handling by avoiding unnecessary replacing characters back and forth
- Fix for error when numeric $database argument passed to cs\Text class methods
- Set X-UA-Compatible as header
- Multiple small adjustments to follow SQL standards closely and improve compatibility with other RDBMSs
- Corrected DB primary keys set during installation for MySQLi and SQLite engines
- Do not use LIMIT on DELETE in SQL queries
- Unlock SQLite to affect total build success
- Fix for supported languages in meta.json files
- Module disabling operation extracted into separate method to allow its execution during module upgrade (otherwise it is not possible to upgrade current default module)
- Do not cache events files paths, under Http server events handlers themselves will be cached
- Do not remove directories during upgrade when ether files or directories are present, not just files
- Clear internal caches of PHP during upgrade to avoid unexpected errors which should not happen normally
- Add XML and mbstring extensions to the list of required
- Handle the case when nothing was selected in Web UI of builder
- Added basic tests for cs\CRUD trait
- Fix for multi query in MySQLi DB engine
- Fix for incorrect query when joined table doesn't contain any records in cs\CRUD trait
- Fix for null argument during cs\CRUD::create() call caused error
- Fix for potential infinite loop in cs\CRUD::read_joined_table()
- Docs update
- Small formatting tweaks to SQL scripts used during installation
- SQLite version requirement increased to 3.7.11+ due to the need for multiple inserts support
- readme.html removed
- Project's own logo landed
- readme.md restructuring
- Web installer fixes and UI improvements
- Small changes in about server administration page
- Favicons removed from themes
- 3 times smaller guest icon (it was tiny already, but why not?:))
- Updated logo image, removed image with docker pulls count
- Tenebris theme removed from readme, since it is not available in repository anymore
- Slightly cleaned root directory and modified installer
- Advanced CRUD tests added
- Small fix in cs\CRUD trait
- Fix for text_md5 column was not set in cs\Text class
- Never embed or preload fonts other than woff (woff2 will be used in future when browsers support will be better) because they are quite big, typically not critical and preloading new fonts types together is a waste of bandwidth
- Fix for unresolved handling when JS inserted into <head>
- Themes now use cs-unresolved attribute instead of unresolved, since it works better with Frontend loading optimization, which is enabled by default
- Tweak default computed bindings for Polymer, so that '0' will be treated as false
- 2-pass, more efficient HTML minification
- Dropped CSS CSP-compatibility, since it wasn't complete anyway because Polymer only supports style[is=custom-style], but no link-based counterpart
- Fix for registered user getting system default language instead of automatically detected if not specified something explicitly
- Fix in cs-select when currently selected value is falsy
- Simplifications in select[is=cs-select] usage, some operations are simply redundant
- Clean public cache on theme update
- Store not only the keys, but also default values of cs\Core::$core
- Normalize core installer's package internals with internals of components counterparts, so that system updating doesn't override certain files it shouldn't override
- Set expiration headers for uploaded files
- Fix for HTTPS detection
- Add all CSS to frontend load optimized server push
- Raise HHVM requirement to 3.14+ (which is not release yet); version might be lowered if required fixes backported to earlier releases
- No errors suppressing when working with DB
- html5sortable plugin moved to AMD modules, since it is only used in few cases
- Small improvements in storing cached includes paths - now they are all prefixed with /
- App shell for CleverStyle theme
- Improved caching expiration for files outside of storage/pcache
- Fix for closing modal by pressing Esc
- Fix for returning 0 from API results, null being returned
- Better handle concurrent deletion in FileSystem cache engine
- Fix for configuration loading that caused performance issues
- cs\Config::cancel() doesn't return any value anymore, just throws an exception if something goes wrong
- Polymer/polymer#3678 applied on top of minified Polymer to fix issue with Polymer.cs.behaviors.value behavior
- Tiny UI performance tweak
- Small tweak for cs.Language
- Hack for HHVM compatibility until facebook/hhvm#7087 is resolved
- Few hacks removed since patches to HHVM bugs were upstreamed and we already require version that will include those fixes
- Reduced complexity of cs-notify
- Also transition duration in cs-notify is now determined imperatively instead of relying on transitionend event which had random bugs from time to time
- Do not allow to upgrade system and components to the same version that already installed
- Typo fix and small update to root .gitignore
- Use modern ppa for PHP in Docker image instead of deprecated one
- Do not preload stuff from CSS that have ? in URL
- Call includes addition before Page::$Head generation so that preload links might be generated in usual way
- Added support for favicon.png in root directory with higher priority in addition to favicon.ico
- Use transactions in cs\CRUD trait
- Fix for enabling/update messages during dependencies check
- Fix for CleverStyle Widgets, some widgets were able to override [hidden] attribute effect with own styles
- To make things a bit nicer let's make headers names starting with capital letter
- Added temporary workaround for Chromium that doesn't understand that preloaded JS file is utf-8 without BOM
- api/System/profile is now allowed to be called by guest
- Do not return simple_admin_mode in each admin API response, but rather use api/System/admin/system
- Lowercase headers names for convenience in cs\Request::header() method
- Fix for tricky bug in autoloader that caused caching false for classes, which are actually present
- Allow overriding/extension of built-in system style modules
- Fix error happened inside of jQuery, caused by jQuery being included after WebComponents.js polyfill in Firefox
- Show notification during updating components that are not installed/used, but have the same version as such to which they are supposed to be updated
- Small fix for cs-notify
Blogs:
- Blogs module switched to controller-based routing, no other changes made
- Move Blogs API into controller
- Posts addition/editing/deletion on frontend through API
- Migration to LiveScript
- Small UI fixes
- Render preview as native post element, no logic duplication
- Added public method for converting post array into JSON-LD structure
- Do not force setting close tab handler during preview
- Joined CRUD tables used to simplify posts manipulation
- Simplification using CRUD trait
- Simplify searches with cs\CRUD_helpers trait
- All administration settings are now on frontend through API
- Get settings through API instead of setting them as attributes on elements
- cs\modules\Blogs\Sections::get_structure() usage was eliminated and method was removed
- Fix for posts list rendering in Firefox
- Comments count is not returned anymore by Blogs module API
- Fix for post addition when there are no custom sections
Comments:
- Rewriting how comments work (simpler interfaces, utilizing new features of system core, events format changed)
- Simplifying Comments class using cs\CRUD_helpers trait and new features from system core
- Comment's API moved from files to Controller
- Comments rendering/posting/editing/deletion on frontend through API using Web Components
- cs-comments element is now used directly to insert comments block on frontend
- cs-comments-count element for unified displaying of comments number
- Using comments settings from API instead of though attributes in Blogs module
- Added possibility for other modules to fire event that will cause removal of comments associated with some item
- Small fix for Comments module, where cursor didn't show that reply is available, but click still worked
- Improve username and avatar getting
Composer:
- Added CLI interface in Composer module
- New event Composer/update_progress added
- Do not use superglobals in Composer module
- Composer modules switched to Controller-based routing
- nazar-pc/stream-slicer added to Composer packages already included in system core
Content:
- Tiny fix in Content module, it wasn't prepared to optimized frontend loading
- Tiny fix in Content module, it wasn't prepared for being disabled
Composer assets:
- Composer assets fails nicely if fxp/composer-asset-plugin package not installed
- Optimize dependencies structure and assets packages naming to avoid potential conflicts
DarkEnergy:
- Remove big logo from theme - nothing to do there
- Simpler CSS layout in DarkEnergy theme
- Basic app shell for DarkEnergy theme
- Use Google Fonts API for loading Open Sans font, it will be much more efficient than doing it in the way it is now, and making it efficiently ourselves it pretty complex topic
- Do not use custom fonts in DarkEnergy theme when user agent advertises data saving
Disqus:
- Include Disqus's module JS only on those pages where needed
- Script migrated to LiveScript
Feedback:
- Small fix for Feedback module, including CSS directly is not needed for a long time now
Http server:
- Remove from CLI help optional argument which is not supported for some time already
- Small refactoring, avoid creating objects all the time
- Log generic errors in Http server module
Photo gallery:
- Fix for Photo gallery not working, since jQuery ready event is not fired after Web Components are ready anymore
- Tiny simplification in Photo gallery module
Prism:
- Prism integration fixes - wait for Web Components to initialize before initializing itself
- Languages now loaded though autoloader plugin
Shop:
- Stop using already removed hide.uk.modal event
TinyMCE:
- Fix for duplicated change event capturing on each real change
- Fix for editor when it is initialized before all Web Components are ready (for some reason, which is very difficult to debug, change events are not fired by TinyMCE in this case)
- Use empty string instead of undefined to prevent error within TinyMCE
- TinyMCE silently moved basic Shadow DOM events support under experimental flag
- Fix for resize handle under Shadow DOM added to TinyMCE
- Small tweak to TinyMCE (do not show textarea inside of editor element)
- TinyMCE plugin reworked so that huge TinyMCE library is only loaded when instance of editor is used
- Fix for files uploading integration with TinyMCE
- Add small delay to not update content too often in TinyMCE which causes performance issues, especially during quick typing
- Small fix on top of minified TinyMCE in order to allow links insertion when having inline editor (though, link insertion position is not correct yet:()
Uploader:
- Do not use superglobals in Uploader module

Deprecations (will be dropped right after release):

Bunch of database-related methods in cs\DB\_Abstract deprecated as not very useful:
- ::aq()
- ::n()
- ::fa()
- ::fs()
- ::fas()
cs\DB\_Abstract::q*() methods don't accept usual boolean arguments, but accepts array of arguments as ::q() method

Possible partial compatibility breaking (very unlikely, but still possible):

$condition argument removed from cs\Permissions::get() since it was not actually used and just complicates code
Dropped undocumented indexed key from cs\CRUD trait as never used
Partially breaking change, cs\Page\Includes_processing::htmL() method accepts slightly different arguments
jQuery is only loaded after all main JS and HTML files are loaded (and components that are loaded globally should be aware of this)
Stop supporting custom charsets for databases, always use proper UTF8 depending on database engine

Dropped backward compatibility:

All deprecated functionality was dropped
Dropped update support from System versions older than previous release, the same for all components
HTTP storage engine removed since it was not ever used and thus not tested, better not offer it at all
POST api/System/user/* endpoints moved to restful * api/System/profile
Dropped unused frontend functions:
- cs.xor_string()
- cs.prepare_attr_value()
Dropped support for => in dependencies (use regular >= instead)
config/main.php MUST be present
DEBUG constant MUST be defined in config/main.php
DOMAIN constant removed (use Core::$domain instead)
Drop support for prepare.php in modules and themes as redundant
Remove global properties on frontend:
- cs.base_url
- cs.current_base_url
- cs.module
- cs.route
- cs.route_path
- cs.route_ids
- cs.in_admin
- cs.is_user
- cs.is_guest
- cs.public_key
- cs.password_min_length
- cs.password_min_strength
- cs.is_admin
- cs.debug
- cs.simple_admin_mode
Behavior cs.Polymer.behaviors.cs removed from system
Stop applying shim-shadowdom attribute to all styles automatically

Latest builds on downloads page (details about installation process) or download source code and build it yourself

4.85.0+build-2240: Less jQuery, less plugins

This release contains incremental improvements and bug fixes over last major release with 2 important changes.

The first significant change is that jQuery is not used by system core and many components, it is still around, but will be removed in 5.x, so it is time to explicitly define dependency on jQuery NPM package and use it as AMD module exclusively.

The seconds change is deprecation of plugins in favor of using modules only. Plugins were always simpler version of modules and didn't bring any substantial benefit, while added a lot of complexity. While migrating from plugins to modules you might want to disable simple administration mode temporarily (Administration > General > System :: Simple mode of administration) and ignore dependency conflicts while you disable/remove plugin and install/enable corresponding module.

Security fixes:

None

New components:

None

New features:

System doesn't use jQuery anymore
cs.api function added on frontend for convenient calls to API without dependency on jQuery
cs.ui.alert() now returns promise
cs.ui.confirm() also returns promise if ok_callback was not specified
Standalone version of html5sortable added alongside with previously available
All existing plugins converted into modules, since plugins are deprecated

Updates:

Stable version of jQuery 3.0

Fixes and small improvements:

System:
- Added check for origin header
- Small fix for getting permission for API
- Fixed focus in sign in and password restoration modals
- Fix for password changing on frontend
- Fix for block deletion
- Set selected property on cs-select during initialization from value property
- Small fix for labels, when active property is set before element is attached to DOM
- Fix for incorrect error message during failed API request on frontend
- Support trailing slashes in administration pages
- Return numeric user's groups ids
- Fix jQuery version in packages, since * causes problems
Blockchain payment
- Small important fix for Blockchain payment module
- Use NPM package with jQuery-independent QR code generator
Blogs:
- Stop using jQuery in Blogs module
Comments:
- Stop using jQuery in Comments module
Composer:
- Stop using jQuery in Composer module
Content:
- Stop using jQuery in Content module
Disqus:
- Disqus conflict with Shadow DOM polyfill was resolved, so hack is not needed anymore
Feedback:
Fotorama
- Added AMD support to fotorama
- Fotorama plugin now depends on Composer assets and NPM package jQuery
Old IE
- Dataset polyfill added to Old IE plugin
Photo gallery:
- Photo gallery consumes jQuery only as AMD module, declares dependency on corresponding NPM package and Composer assets plugin
Shop:
- Shop consumes jQuery only as AMD module, declares dependency on corresponding NPM package and Composer assets plugin
- Shop module uses jQuery-free html5sortable from latest system version
Static pages
- Stop using jQuery in Static pages module
TinyMCE:
- Specify display: on editor elements
Uploader:
- Stop using jQuery in Uploader module (but still support jQuery objects if passed as argument)

Deprecations:

jQuery is now deprecated in system core, but is still around till 5.x
Plugins are deprecated, but still fully supported and will be removed in 5.x

Possible partial compatibility breaking (very unlikely, but still possible):

Partially breaking change: second argument in cs.file_upload()'s error callback is now regular XHR object, rather than jqXHR

Dropped backward compatibility:

All features that were deprecated in last release and kept for smooth upgrade were removed
Removed possibility to upgrade from older versions than latest release

Latest builds on downloads page (details about installation process) or download source code and build it yourself

4.94.6+build-2277: Better testing

This release is primarily focused on improving code quality of system core and testing. Code coverage analysis was added into testing process, it helps to figure out which areas require more attention than others.

There are small fixes and improvements, but nothing major. However, there are some deprecations that will be removed in future 5.x release.

This release is likely to be the last one from 4.x series.

Security fixes:

None

New components:

None

New features:

Code coverage analysis added to tests
Add support for /index.php-prefixed requests
Add support setting event handlers using scripts in custom directory
Quick tests added that can be executed autonomously and concurrently

Updates:

New upstream version of UPF
New upstream version of PHPT-Tests-Runner
New upstream version of Composer
New upstream version of Polymer (Native custom CSS properties are not used yet because of Polymer.updateStyles() is not compatible with it yet)

Fixes and small improvements:

System:
- Change website protocol to https
- Added support for multiple return values from methods when mocking objects in tests
- Bind $this and static in mocked object's closures
- Make autoloader ready for CACHE being not defined
- Make cli file executable on system installation
- Small tweaks for builder tests
- Added badge with tests coverage
- Small tweaks to autoloader and installer
- Tiny refactoring in cs\Event class
- Small fixes in cs\CRUD trait
- Small fixes in cs\Key class
- Fix for false return value was not working correctly in cs\Event::once()
- Fixes for password restoration
- Fix for closed site sign in
- Allow overriding system core files constants upfront
- Fixes for groups permissions inheritance and consistency of getting/setting user's groups
- NOTE: User's groups priority has changed order in administration: now each next group have higher priority than previous
- Control memory cache for user's permissions the same way as user's data
- Fixes for user's permissions inheritance
- Fix for infinite loop in cs\Language class
- Improved sessions deletion
- Small fixes and simplifications in cs\User\Profile trait
Blockchain payment
- Change blockchain payment functionality from payment to payment/blockchain, that will allow installation of multiple payment systems at the same time
Blogs:
- Small fix, Blogs module didn't use proper namespace for Json ld module
- UI fix for editable area during posts addition or editing
- Add language prefix to post edit URL so that it wouldn't confuse users in multilingual setup
Composer assets:
- Increase fxp/composer-asset-plugin dependency version

Deprecations:

ENGINES constant is deprecated now
User's contacts deprecated in system core
Templates for blocks are deprecated now

Possible partial compatibility breaking (very unlikely, but still possible):

None

Dropped backward compatibility:

None

Latest builds on downloads page (details about installation process) or download source code and build it yourself

4.95.0+build-2279: Forward-compatible version

Version for smooth upgrade to 5.x

5.15.3+build-2332: Focus on quality

This release is primarily focused on code quality with significantly increased tests coverage.

Another aspect is rectifying framework's API by removing redundant elements (like plugins, blocks templates, users contacts, some methods and properties), blocks and modules now moved to project root similarly to themes.

The last noteworthy aspect is slightly improved minimal request overhead, which improves page rendering under mod_php or php-fpm as well as under Http server (which can render pages in almost 0.5 ms).

This is the first release of 5.x series, so it brings some BC-breaks, as well as removed all functionality declared as deprecated in any previous release.

Security fixes:

None

New components:

Psr7 (decoupled into optional module from system core)

New features:

Added serving static files in framework itself (without external web-server)
Backend events added:
- System/Request/routing_replace/before
- System/Request/routing_replace/after

Updates:

Normalize is now based on normalize.css 4.2.0
New upstream version of PHPT-Tests-Runner
New upstream version of autosize
New upstream version of Composer

Fixes and small improvements:

System:
- Use element.matches() instead of element.tagName
- Fixes for session data setting and deletion
- Fix for making API requests for non-authorized user (essentially, initial sign in)
- Updated Nginx config sample without compression headers
- Small fix for streams in multiple files uploads as streams
- Do not handle and request data and/or files for GET, HEAD and OPTIONS requests
- Keep correct independent position in uploaded files that are opened multiple times
- Docker image updated to newer base phusion/baseimage as well as using PHP7
- Multiple DB query always returns boolean result
- Print error messages to stderr in CLI mode
- Fixes and small improvements for CSS minifier
- Small fixes and improvements for processing nested HTML imports
- Correct support for Forwarded HTTP header per spec
- Improved HHVM support in some edge cases with errors
- Fix for making multiple API calls on frontend: request body was sent where it shouldn't
- Small fix for headers initialization in cs\Response::init_with_typical_default_settings() method
- Small fix for REQUEST_URI decoding in cs\Request\Server trait
- Stop using ETags for improved caching
- Stop setting the same headers multiple times
- Multiple .htaccess files are added to installation distributive instead of creating them in core/bootstrap.php
- Fix permission for cli
- More lightweight Language initialization, delays loading of translations until really needed
- Website name is now added to Page::instance()->Title only right before page rendering (affects only manual changing of this property), which allows to avoid loading translations completely for certain requests
- Only set Content-Language header for multilingual setups
- Do not render title when interface turned off
- Many tweaks and small fixes
Deferred tasks
- Hide deferred tasks from menu
Http server
- Fix for serving streams in Http server module
HybridAuth
- Contacts integration removed from HybridAuth module
- Small fix in HybridAuth module when no providers enabled

Deprecations (will be dropped right after release):

None (major release)

Possible partial compatibility breaking (very unlikely, but still possible):

Minor potential BC-break (very unlikely), cs\Text::get() signature has changed and implementation largely simplified
Request initialization should not happen after Response initialization, since exit might happen during Request initialization and there is a need for response to be ready by that time

Dropped backward compatibility:

All deprecated functionality was dropped
Dropped update support from System versions older than previous release, the same for all components
jQuery was removed from system (including jQuery configuration)
Plugins support removed with all corresponding backend and frontend events, UI elements, API and documentation.
Removed backend events:
- System/App/construct
- admin/System/components/plugins/enable/before
- admin/System/components/plugins/enable/after
- admin/System/components/plugins/disable/before
- admin/System/components/plugins/disable/after
- admin/System/components/plugins/update/before
- admin/System/components/plugins/update/after
- System/User/get_contacts
- System/Request/routing_replace
Removed frontend events:
- admin/System/components/plugins/disable/before
- admin/System/components/plugins/disable/after
- admin/System/components/plugins/enable/before
- admin/System/components/plugins/enable/after
- admin/System/components/plugins/update/before
- admin/System/components/plugins/update/after
ENGINES constant removed
Contacts support removed from system
Blocks templates removed together with corresponding configuration, UI elements, constants, files and documentation
Major backward-compatibility break: blocks and modules moved to the root of the project (system tries to make sure process goes smooth by correcting fs.json files and creating temporary symlinks in original locations).
Also events with components/ in their name have lost this suffix, for instance, admin/System/components/modules/default become admin/System/modules/default
Do not compress minified files i public cache, this should be better done by web/proxy server (also resolves problems with setting headers on some configurations)
cs\Text::search() method removed as unused
Dropped support for calling DB::instance()->$db_index, DB::instance()->$db_index(), Storage::instance()->$storage_index
Dropped support for calling database methods directly on DB::instance() objects, now explicit getting database with DB::instance()->db() or DB::instance()->db_prime() is required
Psr7 support moved from system core to new Psr7 module
cs\Response::$protocol property removed as unused
clanguage_en removed from translations and events as redundant
cs\Page::set_theme() function removed

Latest builds on downloads page (details about installation process) or download source code and build it yourself

5.21.2+build-2360: Better consistency

Small incremental release on top of last major update. Release improves consistency in builder/installer and some interfaces, have significantly code coverage (>90% for core system classes).

Nothing major this time.

Security fixes:

None

New components:

None

New features:

Allow any host in Docker demo

Updates:

New upstream version of phpt-tests-runner
New upstream Promise polyfill
New upstream version of autosize
New version of TinyMCE

Fixes and small improvements:

System:
- Add .htaccess files in storage directory to core files in builder, so that they'll be updated with system update
- Remove mentioning Storage.php from builder
- Reload page on module enabling, disabling and uninstallation
- Fix for potential redirect use wih specially created subdomain
- Fix for inheriting translations from core language, that was broken in 1183976
- Installer is now covered by code coverage analysis (not 100%, but mostly)
- Add nightly PHP to Travis CI, but allow it to fail
- Use native code coverage merging
- PHP_SAPI constant usage changed to php_sapi_name() function usage, which is easier to wrap in tests
- Smaller code coverage overhead (bug bigger data file)
- Lighter integration of code coverage into installer
- Fix for instantiating classes from cs\custom namespace which do not extend original class
- Fix for multiple class extension
- Many tests added
- Only compute code coverage on PHP 7.0
- Tiny fix for bug found under PHP Nightly
- Fix for Docker demo
- Small fix for nav bar in administration
- icon property on cs-button renamed to icon-before, icon property is still supported and will be, now it is just an alias to icon-before
- Declare public visibility on methods explicitly
- Clean upstream version of PHPMailer without any modifications is used
- Tiny fix in mail settings in administration interface
- Use smtp port in cs\Mail class directly as is
- Small fix in cs\Mail class
- Mark more tests as slow
- Refactoring and simplifications in cs\Storage class
- New constants:
  - cs\Storage::CONNECTIONS_ACTIVE
  - cs\Storage::CONNECTIONS_SUCCESSFUL
  - cs\Storage::CONNECTIONS_FAILED
- Small refactorings and fixes

Deprecations:

cs\Storage\_Abstract::move_uploaded_file() method deprecated and is just an alias to ::copy() now

Possible partial compatibility breaking (very unlikely, but still possible):

cs\modules\System\Packages_manipulation::move_uploaded_file_to_tmp() method removed as unused, it remained from pre-API-based administration interface
cs\Mail doesn't extend PHPMailer class anymore, but rather uses it internally
cs\DB::CONNECTIONS_ALL constant renamed into CONNECTIONS_MASTER
cs\DB::CONNECTIONS_MIRRORS constant renamed into CONNECTIONS_MIRROR
cs\DB::get_connections_list() method now requires first argument to be specified explicitly
cs\Storage::get_connections_list() method now requires first argument to be specified explicitly, also requires arguments to be cs\Storage::CONNECTIONS_* constants

Dropped backward compatibility:

All features that were deprecated in last release and kept for smooth upgrade were removed
Removed possibility to upgrade from older versions than latest release
SimpleImage module removed, hacks in it were not actually used anywhere, so better use upstream version from Composer, it will not make any practical difference

Latest builds on downloads page (details about installation process) or download source code and build it yourself

5.28.3+build-2384: Lighter frontend

This release is a small incremental update over previous release.

Major improvements are focused on decreasing frontend overhead:

added possibility to disable Web Components support (with all related features) if it is not needed
added asynchronous interface for translations (translations will only be loaded when actually used), but under the hood they are synchronous till 6.x to avoid BC break

Small but handy improvements done for CSS/JS minifiers, important fixes for TinyMCE editor and Web Components polyfill (not upstreamed yet).

On backend side there is improved code coverage (96%+ for core directory, 66%+ for system in general). Added support for native server-side prepared statements in database interfaces in addition to already present client-side placeholders.

Last thing worth mentioning is support for upcoming PHP 7.1.

Security fixes:

None

New components:

None

New features:

Added support for server-side prepared statements
cs.Language.ready() method added, will be used in upcoming asynchronous translations loading, returns Promise
cs.Polymer.behaviors.Language behavior is now ready for cs.Language being asynchronous
Added optimization option to disable Web Components usage, only available for advanced users (Administration > General > System > Simple mode of administration == Off)
All components and system ported to asynchronous translations interface on frontend
CSS minified improvements:
- added support for @import url(...) in addition to @import ...
- added support for CSS imports with media queries
JS minified improvement:
- added support to ES2015 template strings (minifier does nothing in this case to avoid breaking good code)

Updates:

Rebased Polymer against new upstream version 1.6.1, patch accepted upstream
Git version of WebComponents.js with webcomponents/webcomponentsjs#589 on top

Fixes and small improvements:

System:
- Old already removed from docs event actually removed from code
- Update APCu version for Travis CI
- Add PHP 7.1 in Travis CI and make it mandatory for test to succeed
- cs.Language implementation rewritten (more code, but require less brain power to read)
- cs.Polymer.behaviors.Language implementation rewritten (more code, but require less brain power to read)
- Polymer-related files moved into own directory
- Use single quotes where possible
- Small fixes and docs update for cs\CRUD_helpers trait
- Small fixes for cs\CRUD trait
- Unnecessary condition removed in cs\Page class
- Simplified and normalized structure of dependencies determination results
- Simplified structure for dependent packages
- Improved tests coverage, small fixes, optimizations and docs updates

Deprecations:

Synchronous use of cs.Language is deprecated and will be removed in 6.x

Possible partial compatibility breaking (very unlikely, but still possible):

None

Dropped backward compatibility:

None

Latest builds on downloads page (details about installation process) or download source code and build it yourself

5.43.2+build-2442: Strict mode MySQL, better multilingual search

This release is a small incremental update over previous release.

Major changes are SQLite support in Blogs module, using strict mode for MySQL database and real search for multilingual columns in cs\CRUD_helpers trait (previously it didn't take into account some multilingual features).

Other smaller changes include XSS protection improvements with newer UPF version, lots of simplifications and refactoring, many more tests were added or extended (74%+ for system in general).

Security fixes:

XSS protection improvements in UPF

New components:

None

New features:

System/Request/routing_replace/after event extended to allow changing route_path and route_ids in event handler
Allow to specify more parameters than needed for prepared statement
True search even in multilingual columns in cs\CRUD_helpers trait
Added SQLite support in Blogs module
New backend events added:
- System/Language/change/before
- System/Language/change/after
- System/Language/load (replaces System/general/languages/load)

Updates:

New upstream version of UPF with fixes for stored XSS
New upstream version of alameda
New version of TinyMCE

Fixes and small improvements:

System:
- Fix for cs\CRUD_helpers trait
- Try calling OPTIONS/CLI method handler if available instead of collecting available methods manually
- Fix for nested paths not being included in permissions check
- Corrected documentation about XHR, since jQuery is not used there anymore
- Always add X-Requested-With header when making API requests
- Added pagination tests for cs\CRUD_helpers
- Tiny fix for prepared statements conversion in PostgreSQL engine (when number of statements > 1)
- Added documentation about SQL compatibility and conversion done to support this compatibility
- Use server-side prepared statements in cs\CRUD and cs\CRUD_helpers traits
- Return boolean value from non-select query with prepared statements in MySQLi DB engine
- Handle nicely non-indexed arrays of parameters for prepared statements
- Refactoring in cs\CRUD_helpers trait
- Small tweaks to builder
- Small fix for autoloader when working with aliases
- Fix for arguments parsing in CLI interface
- Replace CREATE TABLE IF NOT EXISTS with CREATE TABLE in installation MySQL scheme to ensure DB was empty before installation
- Fix for non-unique index for SQLite DB scheme
- Small installer fix (expert switch didn't work)
- Fix for packages dependencies conflicts not always printed
- Return false gracefully when prepared statement preparation fails
- cs\DB\_Abstract::queries_count() method added for getting number of made SQL queries
- Do not Push resources if they were pushed already
- Simplification and small fix for FileSystem cache engine
- Typo in translations
- Tiny UI improvement
- Simplified external usage of multilingual options from cs\Config class - now they do not differ externally from other options
- cs\Config\Options class added as centralized source of information about each core option: option type, default value, supported values or ranges, whether option is password or is multilingual
- cs\Config is now responsible itself for checking and formatting options according to defined rules (using cs\Config\Options)
- Do not generate unnecessary content in <head> sections with multilingual meta information for API, administration interface and CLI
- get_core_ml_text() and set_core_ml_text() functions are not used anymore
- Jade files refactored to Pug
- Never create guest session when deleting one (new session will be created on demand anyway)
- Do not remove session cookie if session in cookie doesn't match session being deleted
- Small fix for potential memory exhaustion when deleting large amount of user sessions - fetch and delete sessions one by one
- Some redundant checks removed in sessions processing
- Stop using TIME constant as the source of current time
- Run database upgrade scripts in transactions
- Fix for $L->clang property being undefined (because of getting property second time inside of getting it for the first time with empty cache)
- Reduce ambiguity of events handlers registration when working with multiple requests under Http server
- Fix for multilingual cs\Config options not following language when working with multiple requests under Http server
- Simplifications incs\Language class
- Removed redundant code from cs\Language class
- INIT_STATE_METHOD method is now called after constructor, rather than before, which actually makes much more sense
- Fix for multilingual options might not be processed in cs\Config in API requests, since cs\Language was not used otherwise
- cs\Config::core() method added
- Administration settings API simplified a lot and now relies on data normalization in cs\Config (url and cookie_domain options are now return as is, in form of arrays, rather than strings)
- Small fix for cs\modules\System\Packages_dependencies class when handling updates from too old versions
- Small tweak for cs\modules\System\Packages_manipulation (do not remove installer file when update failed)
- Getting array of properties decoupled into new trait cs\Properties_getter
- Common packages extraction code in cs\modules\System\Packages_manipulation decoupled into separate method
Http server:
- Http server is now using CLI interface for starting server
TinyMCE:
- Incorrect functionality removed from TinyMCE module

Deprecations:

cs\DB\_Abstract::query() and cs\DB\_Abstract::queries() methods are now deprecated
Deprecated backend events:
- System/general/languages/load (replaced with System/Language/load)
Deprecated functions (they do nothing now, since cs\Config handles everything itself):
- get_core_ml_text()
- set_core_ml_text()

Possible partial compatibility breaking (very unlikely, but still possible):

MySQL strict SQL mode is now enforced! (some modules failed to install with strict SQL mode and have been corrected)
Potentially partially breaking change: for consistency $Config->core['name'] renamed into $Config->core['site_name']

Dropped backward compatibility:

None

Latest builds on downloads page (details about installation process) or download source code and build it yourself

5.50.3+build-2467: Better consistency and minor frontend optimizations

This release is a small incremental update over previous release.

Release is primarily focused on improving tests coverage (76%+ for system in general) and small inconsistencies tweaks as well as usual set of bug fixes. There were also some minor performance improvements on frontend (translations initialization, icons and tooltips rendering).

This is likely to be the last release of 5.x branch, see you in 6.x world:)

Security fixes:

None

New components:

None

New features:

Added convenient property cs\Request::$regular_path

Updates:

New upstream version of Composer

Fixes and small improvements:

System:
- Always set Content-Type header to application/json for API requests
- Added convenient do_api_request() method for usage in tests
- Only set Content-Language header for regular pages
- Unnecessary validation already present in cs\User\Profile removed from API controller
- Simplifications and small tweaks in cs\Request\Route
- Do not forbid API access for users by default (this is really wrong)
- Allow to set login to own email (corresponding tests added)
- Support tricky situation when login was equal to email and then email changed, now login will be updated to new email as well
- Fixed behavior of master-slave mirror selection in cs\DB class
- Performance improvement in cs-icon element and in cs-unresolved feature
- Reduce painting when showing tooltip
- Use modern syntax of @apply
- Improved performance of cs.Language initialization
- Fix for email hash left in cache after user deletion
- Fix for failed sign ins registration because of incorrect DB indexes
- Small tweaks to sign in API
- Simplify installer in order to not specify default values explicitly
- Update cs\Config\Options to be usable even if system is not installed
- Optimize modules list rendering
- System/Page/rebuild_cache event doesn't actually have key parameter
- Some HTML files converted to Pug
Content
- Use passive event listener in Content module in order to improve scrolling performance

Deprecations:

None

Possible partial compatibility breaking (very unlikely, but still possible):

cs-icon now only supports either one or two icons, but not more

Dropped backward compatibility:

None

Latest builds on downloads page (details about installation process) or download source code and build it yourself

6.28.1+build-2543: No old browsers, polished API and interfaces, better security

First of all - there is an important security update - xap() function now has brand new implementation and is secure (while previous implementation, unfortunately, was not).

New major release breaks a lot of small things, which was necessary to make system more consistent like following:

there was cache/database//storage engines, databases types and storage connections - now they are all just drivers
includes are renamed to assets (as it is much more common naming)

This release also drops support for IE (partial IE11 support is provided by Old IE module) as well as old versions of all major browsers except 2 latest stable versions.

Some secondary features like temporary users blocking and blocking visitors that failed to enter correct credentials in sign in form few times - these features can be implemented with modules with much more options than built-in primitive support had.

There was a lot of new performance tweaks (simple page rendering is easily under 1ms with PHP7, asynchronous translations on frontend), a lot of fixes and new tests were added (77%+ for system in general, but real coverage is even better, some tests are excluded from code coverage because of https://bugs.xdebug.org/view.php?id=1322) as well as updated documentation.

The last thing to note is that CleverStyle Framework can now be translated on Transifex: https://www.transifex.com/cleverstyle/cleverstyle-framework

Overall, this is the best release to date, give it a try!

Security fixes:

HTML Purifier bundled with system, xap() function reimplemented with the same syntax as before using HTML Purifier as the backend

New components:

None

New features:

Translations on frontend are now asynchronous in production mode and their cache is separated from regular CSS/JS/HTML cache (which are now language-independent)
Improved JS minifier - can now avoid template strings, but will process code before first and after last template string (also backticks in comments are not a problem anymore)
Added support for nested query parameters in cs.api()
New backend events added:
- api/System/profile/sign_in/before
- api/System/profile/sign_in/success
- api/System/profile/sign_in/error
Implemented sorting for multilingual fields in cs\CRUD_helpers trait
Use patched version of wp-cli/php-cli-tools that contains support for nicer syntax for colorizing output (wp-cli/php-cli-tools#100)

Updates:

New upstream version of UPF
Normalize is now based on normalize.css 5.0.0 (dropped IE support, only 2 latest stable versions of major browsers supported)
New upstream release of HybridAuth.
- New HybridAuth providers:
  - Dataporten
  - HumanitarianId
  - Pinterest
  - Weibo
New upstream version of Polymer (still with Shady DOM removed)

Fixes and small improvements:

System:
- Fix for incorrect order of construct() / INIT_STATE_METHOD methods calls when classes are interconnected
- Fix for edge cases in cs\Config multilingual settings
- Simplified cs.Event implementation - should be easier to read and understand
- sprintf.js moved to AMD modules and is not loaded unconditionally anymore
- Small simplification, no need to print messages, since they will be shown to user during sign in process anyway
- Clean the whole cache on system update
- Few TODOs removed, since ready callback will not be available in Polymer 2.x anyway
- Move few checks to interpreter
- Limit uploading to SourceForge to 2 minutes timeout in Travis CI (otherwise it fails to upload code coverage to Scrutinizer)
- Tiny tweak (ensure headers property is always an array in cs\Response)
- Includes map always have indexed arrays with consistent keys on the last level
- Tiny tweak - no need to iterate through cookies if there is no cookies in list
- Small simplification - glob() can replace get_files_list() with simpler syntax
- Replace few conditions with single regular expression
- Do not ignore attachments errors when sending email
- No need for require_once in autoloader
- Create simple autoloader for HTMLPurifier
- Following traits converted into standalone classes:
  - cs\Page\Includes\Cache
  - cs\Page\Includes\Collecting
  - cs\Page\Includes\RequireJS
- Only register request-file stream wrapper when needed
- Use html instead of :root for forward compatibility with Polymer 2.x
- Utility functions array_map_arguments() and array_map_arguments_bool() added
- Small simplifications using new functions
- Users deletion is now done in transaction to keep user groups, permissions and user itself in sync
- Remove comments from translations files
- Added link to Transifex project for translation
- Added documentation about structures used in JSON files for public cache
Composer:
- Added ezyang/htmlpurifier to Composer module as package bundled with system
Shop:
- Shop module migrated to using sprintf.js as AMD module
- Fix for items search in Shop module (caused by changes in cs\CRUD, which now uses server-side prepared statements instead of placeholders)
- Various small fixes in Shop module
- Small hack for item page in Shop module in browsers without native Shadow DOM support (caused by webcomponents/webcomponentsjs#112)
Static pages:
- Administration pages in Static pages module moved to Controller
- Small fix for categories creation in Static pages module
- Categories and pages manipulation all on frontend through API
- Add menu item to conveniently go back to categories list
- Show pages and categories in alphabetical order
- Do not use pages structure anymore, use simple mapping of full path to id instead
TinyMCE:
- Allow to hide cs-editor and friends with hidden attribute
- Small fix on top of minified TinyMCE

Deprecations (will be dropped right after release):

None (major release)

Possible partial compatibility breaking (very unlikely, but still possible):

None (major release)

Dropped backward compatibility:

All deprecated functionality was dropped
Dropped update support from System versions older than previous release, the same for all components
IE10 and Safari 8- support dropped entirely
IE11 support moved from system to Old IE module
Removed block_until column from users table and corresponding functionality (it has very limited and might be implemented by modules if necessary)
Removed storing result of sign in process and related functionality (can be achieved with new events)
Removed support for inline CSS/JS/HTML in cs\Page\Includes (it can be added manually, not used by core and generally not a very good idea)
Engines renamed to drivers (including configuration options)
Storage connection renamed to storage driver
Database type renamed to database driver
Global url_by_source() and source_by_url() functions removed, their implementation was moved to Local storage driver
cs\CRUD_helpers now always using system language and doesn't allow to specify language directly
storage/pcache directory moved to storage/public_cache
Backend event renamed from admin/System/general/optimization/clean_pcache to admin/System/general/optimization/clean_public_cache
Contents of includes/map.json file moved into meta.json under assets key
Assets is more common naming in the wild than includes, so all includes directories, related code renamed to assets
Changed structure of optimized map in public cache

Latest builds on downloads page (details about installation process) or download source code and build it yourself

6.45.0+build-2585: Improved AMD modules support and public cache

This release brings a number of small tweaks and improvements, the most noticeable being related to frontend.

First frontend improvement is about RequireJS/Alameda support being improved by generating more advanced packages configs instead of simple paths (lodash-amd can now be used without issues). Also custom version of Alameda is now used in order to support some not completely valid modules, that might appear in the wild (this is better than not supporting those at all).

Second frontend improvement is about how framework stores frontend cache: now everything is copied into public cache directory, so that it is possible to process all necessary assets (including images, fonts, etc) by just traversing files in this single directory.

As usual, there are other small improvements, more tests, updated documentation and updated third-party components to their latest versions.

Security fixes:

None

New components:

None

New features:

Improved RequireJS support with generating packages configs instead of just paths for Bower/NPM packages (enables using packages like lodash-amd with multiple components inside)
System/Page/requirejs event extended to also expose possibility to add RequireJS packages
Prefer non-minified files for RequireJS when assets compression is not used
Added custom version of Alameda that allows to load more packages that can be found in the wild even if they are technically broken (readme file added with details about this)
Added cs.ui.prompt() method as nice looking replacement for window.prompt()
Update tooltip contents as tooltip property on element gets updated
Content-based files naming in public cache
All images, fonts and other stuff used in CSS files are now copied into public cache directory, so that post-processing might be executed on single directory
Added support for paths that are relative to the root of the website (these were previously considered absolute) in CSS processing
Nested CSS imports are now also processed even if they have media query associated with them
It is almost 2017 and HTTP/2 is here, let's stop inlining any resources in CSS except plain CSS

Updates:

New upstream version of Font Awesome
New upstream version of autosize
New upstream version of Composer
New upstream version of html5sortable
New upstream version of Prism
New upstream version of PHPMailer
New upstream version of Polymer (still with Shady DOM removed)
New upstream release of HybridAuth
- New HybridAuth providers:
  - Amazon
  - Strava
New version of TinyMCE (current git version)

Fixes and small improvements:

System:
- Use newer APCu version with PHP7 on Travis CI
- Stop using parse_url() function
- There are no methods for getting information about executed queries in 6.x, so now we can do some simplifications
- Framework doesn't support installation into subdirectory, so lets remove path from URL in installer
- Optimized translation processing for cs.Language on frontend by not creating functions for keys that don't need to support formatting
- Tiny UI fix for button appearance after normalize update
- Tiny builder fix
- In installed framework store original license.txt under license-cleverstyle-framework.txt
- Tiny fix for the issue that causes system update impossible in UI
- webcomponents/webcomponentsjs#642 applied on top of minified WebComponents.js
- Hide implementation details of callbacks in cs.ui.* methods - no need for consumers to know that it happened because of click on a button
- Tiny UI tweak in administration, option doesn't have any effect without assets compression
- Fix for relative paths to scripts in assets cache without vulcanization
- Run quick tests on Travis CI using HHVM
- Use Phar version of htmlpurifier: it is bigger, but works under HHVM
- Return empty string instead of string with 0 when casting cs\False_class to string
- mysqli_result::get_result() method might not be implemented (see https://secure.php.net/manual/en/mysqli-stmt.get-result.php#refsect1-mysqli-stmt.get-result-mysqlnd and facebook/hhvm#2368), so let's make hands dirty and reimplement everything without it
- Also some black magic is used as workaround for facebook/hhvm#6229
- More tests added to test some edge cases
- Require quick HHVM tests in Travis CI for successful result
- Small refactoring, public cache directory might be swapped when necessary during \cs\Page\Assets\Cache construction
- As https://bugs.xdebug.org/view.php?id=1322 is resolved, we can unlock tests coverage tracking for more code
- Docs update
- FTP paths support removed from CSS processing (not likely to be used anyway)
Composer:
- Do not clean Composer's home directory, allow it to keep cache there
Composer assets
- Increase fxp/composer-asset-plugin dependency version

Deprecations:

Third argument in cs\Page\Assets_processing::html() method now accepts directory instead of file, but until 7.x keeps compatibility with old syntax

Possible partial compatibility breaking (very unlikely, but still possible):

3rd argument added to the method \cs\Page\Assets_processing::css()

Dropped backward compatibility:

None

Latest builds on downloads page (details about installation process) or download source code and build it yourself

6.53.0+build-2598: Maintenance release

This release mainly brings updates to third-party components.

Security fixes:

None

New components:

None

New features:

Use immutable caching with immutable in Cache-Control header
Add query parameters when loading AMD modules, so that updates of Bower/NPM packages and system modules will result in actual files reloading on frontend

Updates:

New upstream version of Composer
New upstream version of html5sortable
Custom version of Alameda rebased against latest upstream version
wp-cli/php-cli-tools rebased against latest upstream version
Polymer and WebComponents.js rebased against latest upstream versions
TinyMCE rebased against latest stable release
HTML Purifier

Fixes and small improvements:

System:
- Windows doesn't like start in files/directories names, let's fix this
- Move built-in AMD modules list from zz1.alameda-setup.ls to backend event handler
- Added readme information about Polymer build used in CleverStyle Framework
Http server
- Increase react/http dependency version

Deprecations:

None

Possible partial compatibility breaking (very unlikely, but still possible):

None

Dropped backward compatibility:

None

Latest builds on downloads page (details about installation process) or download source code and build it yourself

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

release-notes.md

release-notes.md

1.0.0+build-749: First release 1.0.0

1.1.3+build-757: New stable release 1.1.3

1.5.0+build-764: New stable release 1.5.0

1.8.3+build-770: New stable release 1.8.3

1.16.0+build-790: The most stable, extensible and Web Components-ready version ever

1.22.2+build-811: More features and new Prism plugin

1.40.2+build-853: Huge leap forward to the future, WebSockets and Shop modules added

1.54.0+build-880: What if we just make everything 5 times faster?

1.58.0+build-887: We love Composer!

1.88.4+build-938: Better consistency in routing and improved security

1.110.0+build-985: Bitcoin payment, automated builds and lots of polishing all over the place

2.4.2+build-1005: Code quality and bugs hunting

2.28.0+build-1076: Semantics matters

2.43.0+build-1113: Write less, do more

2.86.0+build-1210: Bower and NPM support, Emoji, powerful WebSockets

2.119.0+build-1286: No frontend on backend

3.145.7+build-1787: Pure frontend

3.152.1+build-1808: Few things here and there

3.155.0+build-1818: Security update

3.162.4+build-1841: Towards sub-1ms page rendering performance

3.174.2+build-1883: RequireJS integration, Bower/NPM integration with system and SQLite support

3.212.0+build-1965: Sub-1ms performance achieved, PSR-7 compatibility, request/response abstractions

4.78.5+build-2225: HTTP/2 Server Push, PostgreSQL support, docs with sources

4.85.0+build-2240: Less jQuery, less plugins

4.94.6+build-2277: Better testing

4.95.0+build-2279: Forward-compatible version

5.15.3+build-2332: Focus on quality

5.21.2+build-2360: Better consistency

5.28.3+build-2384: Lighter frontend

5.43.2+build-2442: Strict mode MySQL, better multilingual search

5.50.3+build-2467: Better consistency and minor frontend optimizations

6.28.1+build-2543: No old browsers, polished API and interfaces, better security

6.45.0+build-2585: Improved AMD modules support and public cache

6.53.0+build-2598: Maintenance release

Files

release-notes.md

Latest commit

History

release-notes.md

File metadata and controls

1.0.0+build-749: First release 1.0.0

1.1.3+build-757: New stable release 1.1.3

1.5.0+build-764: New stable release 1.5.0

1.8.3+build-770: New stable release 1.8.3

1.16.0+build-790: The most stable, extensible and Web Components-ready version ever

1.22.2+build-811: More features and new Prism plugin

1.40.2+build-853: Huge leap forward to the future, WebSockets and Shop modules added

1.54.0+build-880: What if we just make everything 5 times faster?

1.58.0+build-887: We love Composer!

1.88.4+build-938: Better consistency in routing and improved security

1.110.0+build-985: Bitcoin payment, automated builds and lots of polishing all over the place

2.4.2+build-1005: Code quality and bugs hunting

2.28.0+build-1076: Semantics matters

2.43.0+build-1113: Write less, do more

2.86.0+build-1210: Bower and NPM support, Emoji, powerful WebSockets

2.119.0+build-1286: No frontend on backend

3.145.7+build-1787: Pure frontend

3.152.1+build-1808: Few things here and there

3.155.0+build-1818: Security update

3.162.4+build-1841: Towards sub-1ms page rendering performance

3.174.2+build-1883: RequireJS integration, Bower/NPM integration with system and SQLite support

3.212.0+build-1965: Sub-1ms performance achieved, PSR-7 compatibility, request/response abstractions

4.78.5+build-2225: HTTP/2 Server Push, PostgreSQL support, docs with sources

4.85.0+build-2240: Less jQuery, less plugins

4.94.6+build-2277: Better testing

4.95.0+build-2279: Forward-compatible version

5.15.3+build-2332: Focus on quality

5.21.2+build-2360: Better consistency

5.28.3+build-2384: Lighter frontend

5.43.2+build-2442: Strict mode MySQL, better multilingual search

5.50.3+build-2467: Better consistency and minor frontend optimizations

6.28.1+build-2543: No old browsers, polished API and interfaces, better security

6.45.0+build-2585: Improved AMD modules support and public cache

6.53.0+build-2598: Maintenance release