OpenCATS v0.10.0

What's Changed

• Travis ci fix by @RussH in #659
• attachments module will require authentication by @RussH in #658
• candidates: for the edit form, add missing asterisks + "Owner" check by @xalt7x in #653
• joborders: for forms, take a default company name from the database by @xalt7x in #652
• Use mb_substr() for correct abbreviation of non-ASCII characters by @xalt7x in #651
• Fix javascript "back button" links by @xalt7x in #650
• Add "txt" to the list of safe file extensions by @xalt7x in #649
• add 'uploads' folder content to be excluded from pushed in .gitignore… by @meorajrul in #665
• fix session error when domain are not set, default to empty by @meorajrul in #664
• Feature/migrate ci to GitHub actions by @RussH in #695
• Fix "Other" section overlap on company edit page by @anonymoususer72041 in #673
• Company forms layout alignment by @anonymoususer72041 in #674
• Fix candidate city search mode by @anonymoususer72041 in #679
• Security: Add default robots.txt by @anonymoususer72041 in #680
• security: restrict direct attachment access and upload file types by @anonymoususer72041 in #681
• feat: add configurable default phone country calling code by @anonymoususer72041 in #686
• chore(docker): remove obselete compose version by @RussH in #711
• fix: respect user date format for activities, calendar events and core date fields by @anonymoususer72041 in #683
• feat: introduce address2 and replace address textareas with inputs by @anonymoususer72041 in #675
• feat: add required-field support for additional careers portal inputs by @anonymoususer72041 in #677
• security: switch password storage to password_hash() with legacy MD5 migration by @anonymoususer72041 in #685
• feat: add consolidated contact activity stream to Company details view by @anonymoususer72041 in #688
• Normalize initial database state for new installations by @anonymoususer72041 in #689
• security: do not expose database password to the client during upgrade by @anonymoususer72041 in #691
• security: add baseline security headers by @anonymoususer72041 in #692
• Fix README-testing.md instructions by @anonymoususer72041 in #696
• fix: unblock failing tests by restoring admin seed + syncing fixtures by @anonymoususer72041 in #715
• refactor: remove redundant test.sql fixture by @anonymoususer72041 in #716
• Fix Schema.php migrations 365–368 overwritten during PR689 conflict resolution by @RussH in #718
• security: CSRF protection for state-changing requests (high risk) by @anonymoususer72041 in #693
• chore: enforce LF line endings by @anonymoususer72041 in #698
• refactor: handle E.164 extraction in extractPhoneNumber by @anonymoususer72041 in #707
• fix: resolve duplicate schema migration 366 (renumber to 370) by @anonymoususer72041 in #721
• security: XSS hardening across high-risk output surfaces by @anonymoususer72041 in #697
• fix: preselect Email activity type in edit form by @anonymoususer72041 in #699
• security: escape address2 in careers portal form output by @anonymoususer72041 in #723
• feat: require explicit activity type selection when logging activities by @anonymoususer72041 in #700
• fix: prevent special character corruption with explicit escaping encodings by @anonymoususer72041 in #701
• chore: reorder candidate job order status seed data by @anonymoususer72041 in #727
• fix: clean up extra field records when deleting definitions by @anonymoususer72041 in #728
• feat: treat NULL install schema version as snapshot by @anonymoususer72041 in #719
• chore: fix doublequote string style violations in first-party JavaScript by @anonymoususer72041 in #722
• fix: restore CATSWebTestCase::post signature compatibility by @anonymoususer72041 in #730
• fix: stop storing HTML entities and decode legacy entity-encoded data by @anonymoususer72041 in #702
• fix: render line breaks in activity notes by @anonymoususer72041 in #733
• feat: add activity type for candidate status changes by @anonymoususer72041 in #737
• fix: quote reserved YAML scalars in test/behat.yml by @anonymoususer72041 in #744
• chore: improve composer.json structure and metadata by @anonymoususer72041 in #745
• fix: stabilize Docker-based integration test readiness by @anonymoususer72041 in #750
• fix: preserve job order regarding when editing by @anonymoususer72041 in #704
• chore: update composer dependencies by @anonymoususer72041 in #752
• chore: refresh Behat/Mink test stack by @anonymoususer72041 in #746
• refactor: migrate MyISAM tables to InnoDB by @anonymoususer72041 in #705
• security: restrict AJAX during upgrade and escape installer config writes by @anonymoususer72041 in #706
• chore: upgrade phpunit to 8.5 by @anonymoususer72041 in #753
• feat: rename Call activity to Not reached by @anonymoususer72041 in #726
• fix: correct candidate re-apply update mapping and guard empty ownership emails by @anonymoususer72041 in #729
• fix: allow site admins to use administrative hide by @anonymoususer72041 in #708
• feat: standardize status change activity logging by @anonymoususer72041 in #741
• fix: add file-based cache busting for JavaScript and stylesheet assets by @anonymoususer72041 in #749
• security: escape activity notes before applying nl2br by @anonymoususer72041 in #751
• feat: sort activity lists newest-first by @anonymoususer72041 in #717
• fix: normalize candidate activity note escaping by @anonymoususer72041 in #757
• chore: remove legacy testing infrastructure by @anonymoususer72041 in #754
• security: harden template output escaping by @anonymoususer72041 in #761
• chore: remove unused Codacy coverage dependency by @anonymoususer72041 in #770
• chore: remove obsolete Travis CI configuration by @anonymoususer72041 in #777
• feat: allow manually setting activity date and time by @anonymoususer72041 in #758
• refactor: migrate bundled lib dependencies to Composer by @anonymoususer72041 in #755
• refactor: stop persisting inline HTML for status change activity notes by @anonymoususer72041 in #713
• feat: make state optional for job orders by @anonymoususer72041 in #743
• chore: bump phpmailer/phpmailer from 7.0.2 to 7.1.1 by @dependabot[bot] in #789
• chore: remove legacy lib files by @anonymoususer72041 in #778
• chore: modernize PHPUnit 8 test setup and deprecated APIs by @anonymoususer72041 in #756
• chore: remove unused legacy settings from config.php and test/config.php by @anonymoususer72041 in #738
• refactor: move activity description escaping to templates by @anonymoususer72041 in #762
• feat: exclude closed jobs from activity references by @anonymoususer72041 in #764
• security: add missing authorization checks to AJAX endpoints and module actions by @anonymoususer72041 in #724
• chore: upgrade to PHP 7.4 by @anonymoususer72041 in #787
• feat: reorder activity table columns by @anonymoususer72041 in #760
• fix: add CSRF token output to install wizard by @anonymoususer72041 in #763
• fix: use NULL for missing calendar event job order references by @anonymoususer72041 in #768
• chore: bump setasign/fpdf from 1.8.6 to 1.9.0 by @dependabot[bot] in #794
• refactor: separate activity occurrence dates from creation dates by @anonymoususer72041 in #791
• chore: add PR title validation by @anonymoususer72041 in #779
• fix: correct job order repository exception namespace by @anonymoususer72041 in #798
• fix: prevent database column parameter deprecation by @anonymoususer72041 in #799
• fix: prevent activity update parameter deprecations by @anonymoususer72041 in #800
• fix: avoid deprecated E_STRICT usage by @anonymoususer72041 in #801
• feat: make contact title optional by @anonymoususer72041 in #786
• fix: correct migration 377 regex escaping by @anonymoususer72041 in #804
• refactor: remove legacy licensing by @anonymoususer72041 in #802
• chore: add IANA timezone column to site schema by @anonymoususer72041 in #806
• fix: correct column position syntax in migration 380 by @anonymoususer72041 in #807
• security: validate staged import file identifiers by @RussH in #808

New Contributors

• @meorajrul made their first contribution in #665
• @dependabot[bot] made their first contribution in #789

Full Changelog: 0.9.7.4...v0.10.0