@bladealslayer bladealslayer released this Jun 7, 2018 · 137 commits to master since this release

Assets 2

[7.3.1] - 2018-06-07

Release contains important security fixes.

Security

  • [Critical] Fix several parameter validation bugs that opened the app to SQL injection
  • Update sinatra dependency #3344
  • Update multiple dependencies
  • Present form auto-complete for Stripe secret keys #3338

Added

  • Add soundcloud link support in custom landing page footer #3300
  • Add checkbox for consent for receiving emails from admins to signup process #3318
  • Add popup notification when giving admin rights to a new user #3329
  • Add link to privacy policy in the signup page #3328
  • Allow admins to disable end-user Analytics #3319
  • Allow links in custom listing text fields #3297
  • Add View reviews section in the admin panel #3267
  • Add possibility to export transaction as CSV file #3245

Changed

  • Improve user deletion to clear personal data more thoroughly #3325
  • Delete automatically transactions that fail with Stripe #3326
  • Prevent an admin from deleting their account if they are the only admin in the marketplace#3320
  • Split first name and last name from Stripe account connection form #3317

Removed

  • Remove feature flag for export transactions feature #3288

Fixed

  • Fix Dockerfile issue where bundler was trying to install binaries in root-owner directory #3321. Thanks, Nick Meiremans.
  • Fix Stripe payout scheduler #3309
  • Fix last 4 digits of SSN passing to Stripe for US bank accounts #3282

Upgrade from 7.3.0 to 7.3.1

Nothing special. See the general upgrade instructions.

Jun 7, 2018

@Luis-RG Luis-RG released this Feb 28, 2018 · 375 commits to master since this release

Assets 2

[7.3.0] - 2018-02-23

Added

  • Per hour availability 3166
  • Support for NZ bank account with Stripe 3165
  • "View conversations" section in admin panel 3173
  • Account tokens for Stripe bank account connections 3234

Changed

  • Made user confirmation form more secure 3170

Removed

  • Confirmation days x after end time of the transaction 3205

Fixed

  • Improvements to PayPal workflow (IPNs) 3176
  • Some bugs related to sending emails from admin#3183

Upgrade from 7.2.0 to 7.3.0

Nothing special. See the [#general-update-instructions].

@thomasmalbaux thomasmalbaux released this Nov 22, 2017 · 568 commits to master since this release

Assets 2

Added

  • Add rack-attack for request throttling #3078
  • Stripe integration #3018
  • Sending emails from admin to specified subset of users #3058
  • Custom Scripts are now also enabled in Custom Landing Page #3080
  • Allow admins to edit their Custom Outgoing Email and Sender Name #3106
  • Allow admins to unban users 3108
  • Ability to disable Stripe and PayPal 3112
  • Allow admins to search users by name or email 3113
  • Add an unsubscribe link to invitation emails 3136
  • Add more information texts about holding funds with Stripe 3150

Changed

  • Lowered daily limits for invitations from 50 to 10 3134
  • Increased unsubscribe auth token validity from 1 week to 4 weeks 3138

Fixed

  • Fixed correct use of outgoing email address, if configured, when sending manual emails to users #3058
  • Fixed sounds of videos in Custom Landing Pages not working #3101
  • Fixed listing image reordering when some images were deleted #3107
  • Fixed incorrect use of name of receipt email 3127
  • Fixed many bugs related to Stripe integration
  • Fixed many bugs related to code refactoring

Upgrade from 7.1.0 to 7.2.0

Nothing special. See the General Update Instructions.

@thomasmalbaux thomasmalbaux released this Sep 15, 2017 · 914 commits to master since this release

Assets 2

Added

  • Added configuration for trusted proxies #3040

Changed

  • Currencies can now be formatted with translations #3043
  • Transaction status is now named Completed everywhere instead of Confirmed #3028
  • WebTranslateIt API keys were updated #3029
  • Force meta tags content to be HTML escaped #3047
  • Upgrade to latest ruby 2.3.4 with latest rubygems (2.6.13+) #3056

Fixed

  • Fixed image deletion in Android 3023
  • Fixed changing the names of custom listing field options 3024
  • Fixed image ordering usability in Android 3034
  • Fixed not sending automatic emails to expired and deleted marketplaces 3044
  • Fixed carousel black box rendering issue 3045
  • Fixed datepicker issue with per night availability 3046
  • Fixed listing checkbox layout issue on mobile 3048
  • Fixed admin layout issue in Safari 3066
  • Fixed error message layout placement when reviewing without grade 3067
  • Fixed managing availability of rejected booking dates 3068

Upgrade from 7.0.0 to 7.1.0

Ruby version is updated from 2.3.1 to 2.3.4. The update contains fixes for several security vulnerabilities.

Using RVM, you can upgrade your local Ruby version like this:

rvm install ruby-2.3.4
rvm use ruby-2.3.4
gem install bundler
bundle install

@sktoiva sktoiva released this Aug 8, 2017 · 995 commits to master since this release

Assets 2

Tag version: v7.0.0

Release title: v7.0.0

Describe this release:

Changed

  • Updated Rails to 5.1.1 and Node to 7.8 #2976

Upgrade

Make sure you have node 7.8 installed.

Then follow the general upgrade instructions in https://github.com/sharetribe/sharetribe/blob/master/UPGRADE.md.

If foreman causes trouble with an error message:

'method_missing': undefined method 'this'

it's an issue with rubygems. This issue can be solved by updating rubygems with:

gem update --system

@rap1ds rap1ds released this Jun 9, 2017 · 1102 commits to master since this release

Assets 2

Added

  • New feature: User can reorder listing images #2970

Changed

  • Change instructions how to compile assets. This reduces the JavaScript bundle size drastically. c613cac

Fixed

  • Fixed transaction button styles. Styles were broken in IE Edge. #2968
  • Fixed admin UI language change. #2969
  • Fix old mobile browser compatibility by removing dependency to Intl api. #2979

Security

  • Fixed cross-community security issues #2978

@rap1ds rap1ds released this Apr 24, 2017 · 1184 commits to master since this release

Assets 2

Changed

  • Migrate from database session store to cookie-based session store #2935

Removed

  • Removed default twitter handle #2906

Fixed

  • Fix cropped cover photo in big screens #2895
  • Add missing padding to homepage search field in mobile view #2895
  • Fix unwanted scrolling in listing page by removing comment text area auto focus #2917
  • Fix faulty feature flag dependency handling #2932
  • Fix map bug where multiple listings close to each other caused the icon cluster to disapper when zoomed closed enough #2942
  • Fix issue #2885: Landing page always shows Sign up button for private marketplace, even if the user is logged in #2944

Security

  • Upgrade Nokogiri and rubyzip gems #2943

Upgrade from 6.2.0 to 6.3.0

Migration from database session store to cookie-based session store

This release migrates from database session store to cookie-based session store. The migration is done seamlessly without users being logged out.

Make sure that you are using a cache store that can share cache between processes (such as FileStore, MemCacheStore or Redis) if you are running multiple server processes. The new session implementation caches user session data and if the cache is not shared between all server processes they will get out of sync and actions such as logout will only log out the user from one process but not from all processes. See this Rails Guides article to read more about Cache Stores in Rails.

Add a new scheduled task to clean up expired tokens. Run it once per day:

bundle exec rails runner ActiveSessionsHelper.cleanup

To read more, see Scheduled tasks.

@rap1ds rap1ds released this Mar 9, 2017 · 1350 commits to master since this release

Assets 2

Added

  • Add support for redis as cache store #2786
  • Add support for using PayPal in fake mode for development purposes. Read more #2598
  • Add support for linking to member invitation page in CLP #2859
  • New feature: Hide irrelevant search filters when a category or subcategory is selected #2882
  • Landing page Markdown support #2887
  • Add instructions how to configure Harmony service #2892

Changed

  • Redirect user to the page where user was before login/sign up #2758
  • Updated NPM packages #2762

Fixed

  • Fixed broken transaction button styles #2723
  • Fixed number of issues in the Order Types form #2858
  • Fixed an issue which caused sign up to fail partially if the Facebook profile picture upload failed #2886

Upgrade from 6.1.0 to 6.2.0

NPM packages are updated, run npm install to get the latest packages.

@rap1ds rap1ds released this Nov 1, 2016 · 1975 commits to master since this release

Assets 2

Changed

  • Updated Node.js to the latest LTS (long term support) version 6.9 #2655
  • Updated NPM packages #2655
  • Update react_on_rails gem #2655
  • Upgrade Facebook SDK from v2.2 to v2.8 #2666
  • Instruct crawlers not to follow auth paths, add crawling delay for bots that support the directive #2693

Fixed

  • Avoid redirect to correct S3 bucket endpoint when bucket is not in us-east-1 region #2605
  • Added missing database indexes #2621, #2634, #2670
  • Fix bug: rake assets:precompile fails if MySQL is not available. Issue fixed by upgrading money-rails gem from 1.3 to 1.4 #2612 by @nicolaracco

Security

  • Fixed insecure gem urls in Gemfile #2635

Upgrade from 6.0.0 to 6.1.0

In this release we are introducing layout changes that require new image styles. Therefore, a migration is added to reprocess all images from open listings into new styles. This does not require any precautions, but if your marketplace has a lot of open listings the time required for image reprocessing can be reduced by increasing the number of workers until all CreateSquareImagesJob jobs have been processed.

This release updates Node.js to the latest LTS (long term support) version 6.9. You should update your local Node.js to the same version and run npm install to update the NPM packages. There is now a strict enforcement for the Node.js version, and building the frontend bundles fail when using an unsupported version of Node.js.

Alongside the updated NPM packages, also the react_on_rails gem is updated to match the NPM package version, and requires running bundle install to install the latest version.