a:2:{i:0;a:2:{s:3:"cms";a:4:{s:6:"status";s:8:"eligible";s:8:"releases";a:52:{i:0;a:4:{s:7:"version";s:5:"3.9.6";s:8:"critical";b:0;s:5:"notes";s:62:"- Fixed a privilege escalation vulnerability.
";s:4:"date";s:19:"2023-11-16T00:00:00";}i:1;a:4:{s:7:"version";s:5:"3.9.5";s:8:"critical";b:0;s:5:"notes";s:882:"- Added
pgpassword and pwd to the list of keywords that Craft will look for when determining whether a value is sensitive and should be redacted from logs, etc.
- Fixed a bug where the
defaultDirMode config setting wasn’t being respected when the storage/runtime/ and storage/logs/ folders were created. (#13756)
- Fixed a bug where the
CRAFT_VENDOR_PATH, CRAFT_BASE_PATH, CRAFT_CONFIG_PATH, CRAFT_CONTENT_MIGRATIONS_PATH, CRAFT_STORAGE_PATH, CRAFT_TEMPLATES_PATH, CRAFT_TRANSLATIONS_PATH, and CRAFT_TESTS_PATH PHP constants weren’t being respected if the directories didn’t exist.
- Fixed RCE vulnerabilities.
";s:4:"date";s:19:"2023-10-17T00:00:00";}i:2;a:4:{s:7:"version";s:5:"3.9.4";s:8:"critical";b:0;s:5:"notes";s:491:"- Added
craft\helpers\App::phpExecutable().
- Added
craft\helpers\Component::cleanseConfig().
craft\helpers\Component::createComponent() now filters out as X and on X keys from the component config.- Improved the reliability of Composer operations when PHP is running via FastCGI. (#13681)
- Fixed an RCE vulnerability.
";s:4:"date";s:19:"2023-09-26T00:00:00";}i:3;a:4:{s:7:"version";s:5:"3.9.3";s:8:"critical";b:0;s:5:"notes";s:363:"- Added the
maxGraphqlBatchSize config setting. (#13693)
- Fixed a bug where page sidebars and detail panes weren’t scrolling properly if their height was greater than the main content pane height. (#13637)
";s:4:"date";s:19:"2023-09-14T00:00:00";}i:4;a:4:{s:7:"version";s:5:"3.9.2";s:8:"critical";b:0;s:5:"notes";s:795:"- Added
SK to the list of keywords that Craft will look for when determining whether a value is sensitive and should be redacted from logs, etc. (#3619)
- Improved the scrolling behavior for page sidebars and detail panes. (#13637)
- Fixed an error that could occur when saving an element with an Assets field from a console command. (#13623)
- Fixed a bug where the “Active Trials” section in the Plugin Store cart modal wasn’t listing plugins in trial. (#13661)
- Fixed two RCE vulnerabilities.
";s:4:"date";s:19:"2023-09-12T00:00:00";}i:5;a:4:{s:7:"version";s:5:"3.9.1";s:8:"critical";b:0;s:5:"notes";s:228:"- Fixed an error that could occur when Craft was performing a Composer operation, if no
HOME environment variable was set for PHP. (#13590)
";s:4:"date";s:19:"2023-08-23T00:00:00";}i:6;a:4:{s:7:"version";s:5:"3.9.0";s:8:"critical";b:0;s:5:"notes";s:714:"- Updated Yii to 2.0.48.1. (#13444)
- Loosened the Composer constraint to
^2.2.19. (#13396)
- Internal Composer operations now use a bundled
composer.phar file, rather than Composer’s PHP API. (#13519)
craft\services\Assets::getAllDescendantFolders() now has an $asTree argument. (#13535)- Fixed a bug where asset exports could be blank if only subfolders were selected.
";s:4:"date";s:19:"2023-08-22T00:00:00";}i:7;a:4:{s:7:"version";s:6:"3.8.17";s:8:"critical";b:0;s:5:"notes";s:505:"- Fixed a bug where
Craft.BaseElementIndexView::this.canSelectElement() wasn’t getting applied for lazy-loaded elements.
- Fixed a bug where setting an element query’s
status param to archived would always yield zero results. (#13465)
- Fixed a bug where
update commands could fail on some environments.
- Fixed an information disclosure vulnerability.
";s:4:"date";s:19:"2023-08-08T00:00:00";}i:8;a:4:{s:7:"version";s:6:"3.8.16";s:8:"critical";b:0;s:5:"notes";s:204:"- The “Access the control panel” user permission now includes a warning that the permission grants view-only access to user data and most content.
- Fixed an RCE vulnerability.
";s:4:"date";s:19:"2023-07-18T00:00:00";}i:9;a:4:{s:7:"version";s:6:"3.8.15";s:8:"critical";b:0;s:5:"notes";s:369:"- The control panel footer now includes a message about active trials, with a link to purchase the licenses.
- Fixed an error that occurred when passing arguments to an element’s
prev and next fields via GraphQL. (#13334)
- Fixed an RCE vulnerability.
";s:4:"date";s:19:"2023-07-03T00:00:00";}i:10;a:4:{s:7:"version";s:6:"3.8.14";s:8:"critical";b:0;s:5:"notes";s:491:"- The
_includes/forms/date and _includes/forms/time templates now accept a timeZone variable.
- Fixed an error that could occur when updating a plugin with the
craft update command, if it provided a new migration but still had the same schema version.
- Fixed an error that occurred when rendering editable tables with Date or Time columns. (#13270)
";s:4:"date";s:19:"2023-06-13T00:00:00";}i:11;a:4:{s:7:"version";s:6:"3.8.13";s:8:"critical";b:0;s:5:"notes";s:548:"- Fixed a bug where asset sources weren‘t immediately showing a source path on a clear
localStorage cache.
- Fixed a JavaScript error that could occur when searching within an asset index, when there was no source path. (#13241)
- Fixed a bug where Date fields with “Show Time Zone” enabled were displaying their values in the system’s time zone within element indexes. (#13233)
";s:4:"date";s:19:"2023-05-24T00:00:00";}i:12;a:4:{s:7:"version";s:6:"3.8.12";s:8:"critical";b:0;s:5:"notes";s:1116:"- Asset indexes now remember their previously-selected source path. (#13147)
- Added
craft\base\ElementInterface::sourcePath().
- Improved
craft\helpers\FileHelper::getExtensionByMimeType() for some ambiguous, web-friendly MIME types.
- Removed the OAuth 2.0 Client library, as it’s no longer used in core.
- Fixed a bug where activation emails sent to newly-created users could link to the front-end site, if they were granted control panel access via a user group. (#13204)
- Fixed a bug where it wasn’t possible to drag Verbb Navigation nodes via their drag handles. (#12896)
- Fixed a bug where Date fields could display the wrong date. (#13233)
- Deprecated the
Craft.startsWith() JavaScript method. String.prototype.startsWith() should be used instead.
";s:4:"date";s:19:"2023-05-23T00:00:00";}i:13;a:4:{s:7:"version";s:6:"3.8.11";s:8:"critical";b:0;s:5:"notes";s:442:"- Fixed a SQL error that could occur when updating to Craft 3.8 on PostgreSQL. (#13186)
- Fixed a JavaScript error that occurred for Matrix inputs with static blocks. (#13194)
- Fixed the vertical alignment of element labels. (#13168)
";s:4:"date";s:19:"2023-05-15T00:00:00";}i:14;a:4:{s:7:"version";s:8:"3.8.10.2";s:8:"critical";b:0;s:5:"notes";s:182:"- Fixed a bug where it wasn’t possible to add new Matrix blocks via the “Add a block” menu. (#13177)
";s:4:"date";s:19:"2023-05-10T00:00:00";}i:15;a:4:{s:7:"version";s:8:"3.8.10.1";s:8:"critical";b:0;s:5:"notes";s:182:"- Fixed a bug where it wasn’t possible to add new Matrix blocks via the “Add a block” menu. (#13177)
";s:4:"date";s:19:"2023-05-09T00:00:00";}i:16;a:4:{s:7:"version";s:6:"3.8.10";s:8:"critical";b:0;s:5:"notes";s:335:"- Fixed a “Double-instantiating a menu button on an element” console warning that occurred on pages with Matrix fields. (#6338)
- Fixed an error that could occur when running tests. (#13076)
";s:4:"date";s:19:"2023-05-09T00:00:00";}i:17;a:4:{s:7:"version";s:5:"3.8.9";s:8:"critical";b:0;s:5:"notes";s:598:"- Volumes no longer validate if their field layout contains a field called
extension, filename, height, kind, size, or width.
- Fixed a bug where queue-runner Ajax requests triggered on the front end weren’t getting closed before running the queue, potentially causing long front-end load delays.
- Fixed a bug where long element titles weren’t wrapping. (#13143)
- Fixed a user enumeration timing attack vulnerability.
";s:4:"date";s:19:"2023-05-02T00:00:00";}i:18;a:4:{s:7:"version";s:5:"3.8.8";s:8:"critical";b:0;s:5:"notes";s:1566:"- Fixed a bug where it was possible to select a disallowed volume as the Default Asset Location in Assets field settings. (#13072)
- Fixed a bug where it was possible to upload files to Assets fields outside of the allowed volumes, if the Default Asset Location was set to a disallowed volume. (#13072)
- Fixed an error that could occur if a Plain Text field had over 1,000,000 bytes. (#13083)
- Fixed a bug where relational field values weren’t yielding any results for event handlers immediately after a draft had been merged. (#13087)
- Fixed a bug where element labels could bleed out of their container. (#13099)
- Fixed an error that occurred if
yii\web\UrlManager::addRules() was called on a console request. (#13109)
- Fixed a bug where it was possible to select the current folder as the target when moving a volume folder, resulting in the folder and its contents being lost. (#13118)
- Fixed a bug where custom field values weren’t getting saved for assets in the local temp upload location. (#12695)
";s:4:"date";s:19:"2023-04-25T00:00:00";}i:19;a:4:{s:7:"version";s:5:"3.8.7";s:8:"critical";b:0;s:5:"notes";s:982:"- Improved the control panel styling when the Debug Toolbar is enabled.
- Boolean config settings that are set to the strings
'true', 'false', or 'null' are now converted to true, false, and null. (#13063)
craft\web\View::renderObjectTemplate() now trims the returned template output.- Fixed a bug where the Entries index page was listing unpublished drafts created by other users, even if the current user didn’t have permission to edit them.
- Fixed a bug where Matrix fields weren’t counting disabled blocks when enforcing their Min Blocks settings. (#13059)
- Fixed a bug where volume folder modals’ sidebars and content were being cut off. (#13074)
";s:4:"date";s:19:"2023-04-11T00:00:00";}i:20;a:4:{s:7:"version";s:5:"3.8.6";s:8:"critical";b:0;s:5:"notes";s:2721:"- Content tab menus now reveal when a tab contains validation errors, and invalid tabs’ menu options get the same warning icon treatment as inline tabs do. (#12971)
- Element index bulk action spinners are now centered on the viewport. (#12972)
- All control panel errors are new presented via error notifications rather than browser alerts. (#13024)
- Fixed a bug where Assets fields weren’t respecting their View Mode setting when viewing entry revisions. (#12948)
- Fixed a bug where some relational fields were showing duplicate selected relations. (#12949)
- Fixed a bug where asset pagination was broken when there was more than 100 subfolders. (#12969)
- Fixed a bug where entry index pages’ “Revision Notes” and “Last Edited By” columns weren’t getting populated for disabled entries. (#12981)
- Fixed a JavaScript error that occurred when closing a disclosure menu within Live Preview. (#12992)
- Fixed a bug where assets were getting relocated to the root volume folder when renamed. (#12995)
- Fixed a bug where it wasn’t possible to preview entries on another domain when the system was offline. (#12979)
- Fixed a bug where users were able to access volumes they didn’t have permission to view via Assets fields. (#13006)
- Fixed a bug where soft hyphens, non-breaking spaces, zero-width characters, invisible characters, and byte order marks weren’t getting stripped from sanitized asset filenames. (#13029)
- Fixed a bug where the Plugin Store wasn’t accurately reporting installed plugins’ license statuses. (#12986)
- Fixed a bug where the Plugin Store wasn’t handling 403 API responses for cart operations properly, once a cart had been handed off to Craft Console and assigned to an organization. (#12916)
- Fixed an XSS vulnerability.
";s:4:"date";s:19:"2023-04-04T00:00:00";}i:21;a:4:{s:7:"version";s:5:"3.8.5";s:8:"critical";b:0;s:5:"notes";s:728:"- Fixed a bug where relation data was getting deleted when running garbage collection on PostgreSQL. (#9905)
- Fixed a bug where Lightswitch fields’ “OFF Label” and “ON Label” settings weren’t getting translated. (#12942)
- Fixed a bug where
craft\events\DefineUserContentSummaryEvent::$userId was never set for craft\controllers\EVENT_DEFINE_CONTENT_SUMMARY events. (#12944)
- Updated svg-sanitizer to 0.16. (#12943)
";s:4:"date";s:19:"2023-03-21T00:00:00";}i:22;a:4:{s:7:"version";s:5:"3.8.4";s:8:"critical";b:0;s:5:"notes";s:837:"- The
|json_encode Twig filter now calls craft\helpers\Json::encode() internally, improving error handling. (#12919)
craft\helpers\Json::encode() no longer sets the JSON_UNESCAPED_SLASHES flag by default.- Fixed a JavaScript error that occurred when resolving an asset move conflict. (#12920)
- Fixed a bug where volume subfolders were being shown when viewing soft-deleted assets. (#12927)
- Fixed a bug where structure data was getting deleted when running garbage collection on PostgreSQL. (#12925)
";s:4:"date";s:19:"2023-03-20T00:00:00";}i:23;a:4:{s:7:"version";s:5:"3.8.3";s:8:"critical";b:0;s:5:"notes";s:1124:"- Customize Sources modals no longer hide when the Esc key is pressed on the surrounding area is clicked on. (#12895)
- Added
craft\helpers\FileHelper::uniqueName().
- Fixed an error that occurred when uploading an asset with a filename over 250 characters long. (#12889)
- Fixed an error that could occur when preparing licensing alerts, if any licenses were invalid. (#12899)
- Fixed a bug where it wasn’t possible to drag nested Neo blocks. (#12896)
- Fixed a bug where fields with reduced widths in Matrix blocks were becoming full-width while dragged. (#12909)
- Fixed a bug where multi-edition plugins weren’t showing their edition labels within the Plugin Store cart. (#12910)
";s:4:"date";s:19:"2023-03-16T00:00:00";}i:24;a:4:{s:7:"version";s:5:"3.8.2";s:8:"critical";b:0;s:5:"notes";s:603:"- Fixed a bug where it wasn’t always possible to access entry or category edit pages if the
slugWordSeparator config setting was set to /. (#12871)
- Fixed a bug where
craft\helpers\Html::parseTagAttribute() wasn’t decoding attribute values, which could lead to double-encoded attributes, e.g. when using the |attr filter. (#12887)
- Fixed XSS vulnerabilities.
- Fixed an SSRF vulnerability.
";s:4:"date";s:19:"2023-03-14T00:00:00";}i:25;a:4:{s:7:"version";s:5:"3.8.1";s:8:"critical";b:0;s:5:"notes";s:913:"- Fixed a bug where it wasn’t possible to select subfolders on the Assets index page. (#12802)
- Fixed a bug where element index search inputs were losing focus when the element listing was updated. (#12846)
- Fixed a bug where the database driver was being referenced as “MySQL” when using MariaDB. (#12827)
- Fixed a bug where users weren’t able to select assets within Assets fields, if they didn’t have full permissions for the volume. (#12851)
- Fixed a bug where the Assets index page’s URL would get updated incorrectly when renaming a subfolder.
- Added
craft\db\Connection::getDriverLabel().
";s:4:"date";s:19:"2023-03-09T00:00:00";}i:26;a:4:{s:7:"version";s:5:"3.8.0";s:8:"critical";b:0;s:5:"notes";s:5002:"Content Management
- Volume subfolders are now displayed within the element listing pane on asset indexes, rather than as nested sources in the sidebar. (#12558, #9171, #5809)
- Asset indexes now display the current subfolder path above the element listing. (#12558)
- Assets and folders can now be drag-and-dropped simultaneously. (#12792)
- Reduced the likelihood of accidentally triggering an asset drag operation. (#12792)
- Reduced the likelihood of accidentally dropping dragged assets/folders on an unintended target. (#12792)
- It’s now possible to move volume folders and assets to a new location via a new “Move…” bulk element action, rather than via drag-and-drop interactions. (#12558)
- It’s now possible to sort asset indexes by image width and height. (#12653)
Administration
- Most licensing issues are now consolidated into a single control panel alert, with a button to resolve them all with a single purchase on Craft Console. (#12768)
- Added the
users/unlock console command. (#12345)
- The
utils/prune-revisions console command now has a --section option. (#8783)
Development
- Added the
revisionNotes field to elements queried via GraphQL. (#12610)
craft\elements\Asset::getMimeType() now has a $transform argument, and assets’ mimeType GraphQL fields now support a @transform directive. (#12269, #12397, #12522)
Extensibility
- Added support for private plugins. (#12716, #8908)
- Element source definitions can now include a
defaultSourcePath key.
- Added
craft\base\ApplicationTrait::getEditionHandle().
- Added
craft\base\Element::indexElements().
- Added
craft\base\ElementInterface::findSource().
- Added
craft\base\ElementInterface::indexElementCount().
- Added
craft\db\Migration::dropForeignKeyIfExists().
- Added
craft\models\VolumeFolder::getHasChildren().
- Added
craft\models\VolumeFolder::setHasChildren().
- Added
craft\services\Assets::createFolderQuery().
- Added
craft\services\Assets::foldersExist().
- Added
craft\services\Search::normalizeSearchQuery().
- Added
Craft.AssetMover.
- Added
Craft.BaseElementIndex::getSourcePathActionLabel().
- Added
Craft.BaseElementIndex::getSourcePathActions().
- Added
Craft.BaseElementIndex::getSourcePathLabel().
- Added
Craft.BaseElementIndex::onSourcePathChange().
- Added
Craft.BaseElementIndex::sourcePath.
- Added
Craft.BaseElementSelectorModal::getElementIndexParams().
- Added
Craft.BaseElementSelectorModal::getIndexSettings().
- Added
Craft.BaseElementSelectorModal::hasSelection().
- Added
Craft.VolumeFolderSelectorModal.
- Deprecated
craft\helpers\Assets::sortFolderTree().
- Deprecated
craft\services\Assets::getFolderTreeByFolderId().
- Deprecated
craft\services\Assets::getFolderTreeByVolumeIds.
- The custom
activate jQuery event will now trigger when the Return key is pressed.
- The custom
activate jQuery event will no longer trigger for Ctrl/Command-clicks.
System
- Fixed a database deadlock error that could occur when updating a relation or structure position for an element that was simultaneously being saved. (#9905)
";s:4:"date";s:19:"2023-03-08T00:00:00";}i:27;a:4:{s:7:"version";s:6:"3.7.68";s:8:"critical";b:0;s:5:"notes";s:1622:"- Fixed a bug where
craft\events\RegisterElementSourcesEvent::$context wasn’t always set to modal when defining the available element sources for an element selection modal.
- Fixed a styling bug where multi-line checkbox labels within the Customize Sources modal weren’t wrapping properly. (#12717)
- Fixed a bug where asset thumbnails within collapsed Matrix blocks weren’t loading when the block was expanded. (#12720)
- Fixed a bug where custom fields’ database columns would get deleted when applying project config changes, if the field type wasn’t present. (#12760)
- Fixed a bug where Assets, Categories, and Tags fields weren’t respecting their “Allow self relations” settings. (#12769)
- Fixed a bug where dynamically-generated entry titles weren’t always generated with the site’s formatting locale in place. (12780)
- Fixed a bug where element titles weren’t getting a pointer cursor or underlines on hover, when selected on an element index page.
- Fixed a bug where it wasn’t possible to close modals that were opened by a custom select menu via the
<kbd>Esc</kbd> key. (#12814)
- Fixed an XSS vulnerability.
";s:4:"date";s:19:"2023-03-07T00:00:00";}i:28;a:4:{s:7:"version";s:6:"3.7.67";s:8:"critical";b:0;s:5:"notes";s:351:"- Fixed a bug where clicking on the scrollbar of a disclosure menu would close it. (#12681)
- Fixed an error that could occur when loading the Plugin Store, if there wasn’t a
.env file. (#12687)
";s:4:"date";s:19:"2023-02-17T00:00:00";}i:29;a:4:{s:7:"version";s:6:"3.7.66";s:8:"critical";b:0;s:5:"notes";s:876:"- HTML Purifier now allows
oembed tags. (ckeditor#59)
- Added
craft\htmlpurifier\VideoEmbedUrlDef.
- Fixed a bug where entries that aren’t propagated to the primary site weren’t showing revision notes. (#12641)
- Fixed a bug where HTML tags weren’t getting stripped from auto-generated Handle and URI Format setting values.
- Fixed a JavaScript error that could occur if an object with
null values was passed to Craft.compare().
- Fixed a bug where
craft\elements\db\ElementQuery::toArray() was calling getter methods whose names conflicted with custom field handles. (#12635)
";s:4:"date";s:19:"2023-02-14T00:00:00";}i:30;a:4:{s:7:"version";s:8:"3.7.65.2";s:8:"critical";b:0;s:5:"notes";s:217:"- Fixed a PHP error that could occur if relational fields were getting eager-loaded for elements that the fields didn’t belong to. (#12648)
";s:4:"date";s:19:"2023-02-08T00:00:00";}i:31;a:4:{s:7:"version";s:8:"3.7.65.1";s:8:"critical";b:0;s:5:"notes";s:378:"- Fixed a PHP error that occurred after performing a Composer action within Craft. (#12647)
- Fixed a bug where element attributes weren’t getting eager-loaded. (#12646, #12645)
";s:4:"date";s:19:"2023-02-08T00:00:00";}i:32;a:4:{s:7:"version";s:6:"3.7.65";s:8:"critical";b:0;s:5:"notes";s:625:"- Updated Composer to 2.2.19, fixing a PHP error that could occur when performing a Composer action within Craft, when the autoload classmap was generated with Composer 2.5. (#12482)
- Fixed a bug where Matrix blocks weren’t getting eager-loaded. (#12631)
- Fixed a PHP error that could occur when calling
craft\services\Assets::getAllDescendantFolders() for the root folder. (craftcms/feed-me#1231)
";s:4:"date";s:19:"2023-02-07T00:00:00";}i:33;a:4:{s:7:"version";s:8:"3.7.64.1";s:8:"critical";b:0;s:5:"notes";s:236:"- Fixed a bug where
craft\behaviors\CustomFieldBehavior::$owner was getting nullified by craft\base\Element::fieldByHandle(). (#12624)
";s:4:"date";s:19:"2023-02-05T00:00:00";}i:34;a:4:{s:7:"version";s:6:"3.7.64";s:8:"critical";b:0;s:5:"notes";s:4729:"- Improved the performance of the “Generating pending image transforms” queue job. (#12274)
- Added more reserved field handles to avoid conflicts with
craft\base\Element properties. (#12577)
- Control panel requests no longer override the
pageTrigger config setting value to 'p'. (#12598, #12614)
- Fixed field status badge styling in some contexts. (#12403)
- Fixed a bug where exporting elements with multiple field layouts as a CSV file using the “Expanded” export type would result in mismatched column values.
- Fixed a bug where cancelling a conflicting volume folder move would result in the moved folder getting deleted.
- Fixed a bug where Date and Number fields could be misinterpreted in category Live Preview requests, if the site’s language used different date/number formats than the user’s formatting locale.
- Fixed a bug where the horizontal scroll position wasn’t being retained when refreshing Live Preview. (#12504)
- Fixed a bug where HTML tags within field labels, instructions, tips, and warnings weren’t always getting escaped.
- Fixed a bug where the sidebar scroll position wasn’t retained when selecting a new source on element index pages. (#12523)
- Fixed a bug where
resave/* commands’ output didn’t take the offset into account. (#12526)
- Fixed a bug where warnings were getting logged for video assets that were “missing” their dimensions.
- Fixed a bug where
craft\services\Assets::getAllDescendantFolders() could return unexpected results for folders that contained an underscore.
- Fixed a bug where accessing a custom field’s magic property on an element would return the field’s raw database value rather than
null, if it didn’t belong to the element’s field layout anymore. (#12539, #12578)
- Fixed a bug where
craft\image\Raster::getIsTransparent() wasn’t working. (#12565)
- Fixed a bug where the component name comments in project config YAML files would always lag behind the current project config a little. (#12576, #12581)
- Fixed a SQL error that occurred when creating a database backup using the default backup command, when running MySQL 5.7.41+ or 8.0.32+. (#12557, #12560)
- Fixed a bug where database backups weren’t respecting SSL database connection settings if they were specified when using MySQL. (#10351, #11753, #12596)
- Fixed a bug where element indexes could stop showing their loading spinner prematurely if the element listing needed to be reloaded multiple times in rapid succession. (#12595)
- Fixed a bug where element indexes would show show an expand/collapse toggle for structured elements that only had unsaved draft children, which aren’t actually shown. (#11253)
- Added
craft\helpers\Db::escapeForLike().
- Added
craft\web\twig\variables\Paginate::$pageTrigger. (#12614)
craft\services\Assets::getAllDescendantFolders() now has a $withParent argument, which can be passed false to omit the parent folder from the results. (#12536)- Deprecated
craft\helpers\DateTimeHelper::timeZoneAbbreviation().
- Deprecated
craft\helpers\DateTimeHelper::timeZoneOffset().
";s:4:"date";s:19:"2023-02-03T00:00:00";}i:35;a:4:{s:7:"version";s:8:"3.7.63.1";s:8:"critical";b:0;s:5:"notes";s:180:"- Fixed a bug where editing certain Matrix/Neo/Super Table fields could result in content loss. (#12445)
";s:4:"date";s:19:"2023-01-09T00:00:00";}i:36;a:4:{s:7:"version";s:6:"3.7.63";s:8:"critical";b:0;s:5:"notes";s:1724:"- Template caching is no longer enabled for tokenized requests. (#12458)
- Elisions are now stripped from search keywords. (#12467, #12474)
- Added support for HEIC/HEIF images. (#9115)
- The
allowedFileExtensions config setting now includes heic, heif, and hevc by default. (#12490)
- It’s now possible to assign aliases
children fields queried via GraphQL. (#12494)
- Added
craft\helpers\Image::isWebSafe().
- Added
craft\services\Images::getSupportsHeic().
Craft.MatrixInput now fires blockSortDragStop, beforeMoveBlockUp, moveBlockUp, beforeMoveBlockDown, and moveBlockDown events. (#12498)- Fixed an error that could occur when processing template caches in a console request, if a globally-scoped template cache was processed before it.
- Fixed a bug where some custom field property types in
craft\behaviors\CustomFieldBehavior were incorrect.
- Fixed an error that could occur if a Matrix sub-field’s handle was too long. (#12422)
- Updated Imagine to 1.3.3.
";s:4:"date";s:19:"2023-01-04T00:00:00";}i:37;a:4:{s:7:"version";s:6:"3.7.62";s:8:"critical";b:0;s:5:"notes";s:508:"- Fixed a bug where it wasn’t possible to enter
0 in Number fields and numeric column cells within editable tables, using certain keyboard layouts. (#12412)
- Fixed a JavaScript error that could occur when autosaving an entry draft. (#12445)
- Added
Craft.filterInputVal().
- Added
Craft.filterNumberInputVal().
";s:4:"date";s:19:"2022-12-13T00:00:00";}i:38;a:4:{s:7:"version";s:6:"3.7.61";s:8:"critical";b:0;s:5:"notes";s:459:"- Fixed an error that occurred if an arrow function was passed to the
|sort Twig filter. (#12334)
- Fixed a bug where nested fields set to numbers could be inadvertently changed when an entry draft was created.
craft\services\Fields::getFieldsWithContent() and getFieldsWithoutContent() now have $context arguments.
";s:4:"date";s:19:"2022-11-17T00:00:00";}i:39;a:4:{s:7:"version";s:6:"3.7.60";s:8:"critical";b:0;s:5:"notes";s:1374:"- Fixed an information disclosure vulnerability.
- Fixed an XSS vulnerability.
- Fixed a bug where
resave/* commands weren’t catching exceptions thrown when applying the --set and --to options. (#12262)
- Fixed a bug where the
|group Twig filter was logging a deprecation warning when passed an element query.
- Fixed a bug where
craft\elements\Entry::getIsEditable() was returning false for enabled entries, if the logged-in user had the “Publish live changes” permission but not “Publish live changes for other authors’ entries”. (#12315)
- Fixed a bug where element indexes were showing the labels of empty Dropdown options when selected. (#12319)
- Fixed an error that occurred when saving an entry via GraphQL, if a parent entry was assigned that didn’t exist on the requested site. (#12291)
- Fixed a bug where fields set to numbers could be inadvertently changed when an entry draft was created.
- Added
craft\services\Fields::getFieldsWithoutContent().
";s:4:"date";s:19:"2022-11-16T00:00:00";}i:40;a:4:{s:7:"version";s:6:"3.7.59";s:8:"critical";b:0;s:5:"notes";s:687:"- Asset folder and file names are now converted to ASCII using the primary site’s language for character mappings, regardless of the current user’s preferred language, when the
convertFilenamesToAscii config setting is enabled. (#12207)
- Fixed a JavaScript 404 error that occurred when users’ Language was set to Chinese. (#12194)
- Fixed an error that could occur during garbage collection, if any nested volume folders were missing their path. (#12195)
";s:4:"date";s:19:"2022-10-27T00:00:00";}i:41;a:4:{s:7:"version";s:6:"3.7.58";s:8:"critical";b:0;s:5:"notes";s:163:"Fixed
- Fixed a bug where Entry URI Format and Template inputs were editable within sections’ Site Settings tables, for disabled sites.
";s:4:"date";s:19:"2022-10-25T00:00:00";}i:42;a:4:{s:7:"version";s:6:"3.7.57";s:8:"critical";b:0;s:5:"notes";s:717:"Fixed
- Fixed an error that could occur when running tests. (#12088)
- Fixed a bug where the “Your session has ended” modal could be shown on the control panel’s login page. (#12121)
- Fixed an error that could occur in the control panel. (#12133)
- Fixed a bug where image transforms that used the
fit mode but didn’t specify a width or height weren’t getting their missing dimension set on the asset. (#12137)
";s:4:"date";s:19:"2022-10-18T00:00:00";}i:43;a:4:{s:7:"version";s:6:"3.7.56";s:8:"critical";b:0;s:5:"notes";s:2914:"Added
- Added the
--as-json option to the help command. (#12017, #12074)
- Added
craft\helpers\ElementHelper::isAttributeEmpty().
- Added
craft\queue\jobs\ResaveElements::$ifEmpty.
- Added
craft\queue\jobs\ResaveElements::$set.
- Added
craft\queue\jobs\ResaveElements::$to.
- Added
craft\queue\jobs\ResaveElements::$touch.
Changed
- When passing a PHP callback function to the
--to option of a resave/* command, the $element argument is now optional.
Deprecated
- Deprecated
craft\web\assets\focusvisible\FocusVisibleAsset. (#12037)
Fixed
- Fixed a bug where
resave/* commands weren’t respecting the --set, --to, or --touch options when --queue was passed. (#11974)
- Fixed an error that could occur when passing an element query to a
relatedTo param, if the parent element query contained any closures. (#11981)
- Fixed a bug where unsaved drafts could be unintentionally deleted when saved, if a plugin or module was blocking the save via
EVENT_BEFORE_SAVE. (#12015)
- Fixed a bug where “Propagating tags” jobs would fail if two tags had similar titles.
- Fixed a bug where image transforms weren’t getting sized correctly in some cases when
upscaleImages was disabled. (#12023)
- Fixed a bug where table cells within Redactor fields could appear to be focused when they weren’t. (#12001, #12037)
- Fixed a bug where alerts saying a folder can’t be renamed due to a naming conflict were showing the old folder name instead of the new one. (#12049)
- Fixed a bug where Edit Entry pages were listing other authors’ drafts in the revision menu, for users who didn’t have permission to edit them.
- Fixed a bug where some GraphQL results could be missing if multiple sets of nested elements were being queried using the same alias. (#11982)
Security
- Fixed information disclosure vulnerabilities.
";s:4:"date";s:19:"2022-10-11T00:00:00";}i:44;a:4:{s:7:"version";s:8:"3.7.55.3";s:8:"critical";b:0;s:5:"notes";s:126:"Security
- Updated Twig to 2.15. (#12022)
";s:4:"date";s:19:"2022-10-03T00:00:00";}i:45;a:4:{s:7:"version";s:8:"3.7.55.2";s:8:"critical";b:0;s:5:"notes";s:64:"Security
- Fixed an XSS vulnerability.
";s:4:"date";s:19:"2022-09-22T00:00:00";}i:46;a:4:{s:7:"version";s:8:"3.7.55.1";s:8:"critical";b:0;s:5:"notes";s:655:"Fixed
- Fixed a bug where the “New category” button could be missing from the Categories index page. (#11977)
- Fixed a bug where
Craft::t() and the |t Twig filter were modifying digit-dash-digit sequences. (#11980)
- Fixed PHP errors that occurred if
webonyx/graphql-php 14.11.17 was installed. (#11979, webonyx/graphql-php#1221)
";s:4:"date";s:19:"2022-09-21T00:00:00";}i:47;a:4:{s:7:"version";s:6:"3.7.55";s:8:"critical";b:0;s:5:"notes";s:2423:"Added
- Added
craft\helpers\Image::targetDimensions().
Removed
- Removed the Punycode PHP library. (#11948)
Fixed
- Fixed a bug where image transforms weren’t always getting applied properly to all animation frames. (#11937)
- Fixed a bug where animated WebP images would lose their animation frames when transformed. (#11937)
- Fixed a bug where image transform dimensions could be calculated incorrectly when
upscaleImages was false. (#11837)
- Fixed an error that occurred when setting a non-numeric
width or height on an image transform. (#11837)
- Fixed a bug where
relatedTo* arguments weren’t supported by children fields in GraphQL. (#11918)
- Fixed a bug where Image Editor and slideout action buttons were obstructed when the Debug Toolbar was enabled. (#11965)
- Fixed an error that occurred when installing Craft when MySQL’s
sql_require_primary_key setting was enabled. (#11374)
- Fixed a bug where invalid entries could be duplicated via the “Save as a new entry” action, despite the duplication appearing to have failed with validation errors. (#11959)
- Fixed a PHP error that could occur in a potential race condition when calling
craft\helpers\FileHelper::clearDirectory().
- Fixed a bug where Structure section entries that were duplicated via the “Save as a new entry” action on a provisional draft weren’t being placed within the structure properly.
- Fixed a bug where element’s
searchScore properties would be set to null when their original score was below 1, rather than rounding to 0 or 1. (#11973)
";s:4:"date";s:19:"2022-09-20T00:00:00";}i:48;a:4:{s:7:"version";s:6:"3.7.54";s:8:"critical";b:0;s:5:"notes";s:2098:"Changed
- Control panel menus now automatically reposition themselves when the window is resized.
resave/* commands now have a --touch option. When passed, elements’ dateUpdated timestamps will be updated as they’re resaved. (#11849)- Underscores within query param values that begin/end with
* are now escaped, so they aren’t treated as wildcard characters by the like condition. (#11898)
craft\services\Elements::resaveElements() now has a $touch argument.
Fixed
- Fixed a bug where element caches weren’t being invalidated during garbage collection, so hard-deleted elements could appear to still exist.
- Fixed an error that could occur when rendering front-end templates if there was a problem connecting to the database. (#11855)
- Fixed a bug where it was possible to save an asset with a focal point outside its cropped area. (#11875)
- Fixed a bug where the Assets index page wasn’t handling failed uploads properly. (#11866)
- Fixed a UI bug where renaming a newly-created volume subfolder didn’t appear to have any effect.
- Fixed a bug where empty URL fields would be marked as changed, even when no change was made to them. (#11908)
- Fixed a bug where transforming an animated GIF into a WebP file would only include the first frame. (#11889)
Security
- Password inputs no longer temporarily reveal the password when the Alt key is pressed. (#11930)
";s:4:"date";s:19:"2022-09-13T00:00:00";}i:49;a:4:{s:7:"version";s:8:"3.7.53.1";s:8:"critical";b:0;s:5:"notes";s:182:"Fixed
- Fixed a PHP error that occurred when garbage collection was run on web requests. (#11829)
";s:4:"date";s:19:"2022-08-26T00:00:00";}i:50;a:4:{s:7:"version";s:6:"3.7.53";s:8:"critical";b:0;s:5:"notes";s:1006:"Added
- Added
craft\services\Gc::removeEmptyTempFolders().
Changed
- If a plugin’s license key is set to an empty environment variable, its trial license key will now be stored in
.env rather than the project config. (#11830)
- Empty subfolders within the temporary upload volume are now removed during garbage collection. (#10746)
Fixed
- Fixed a bug where the “Edit files uploaded by other users” volume permission was useless unless the “Upload files” permission had been granted. (#11818)
- Fixed a bug where the “Save and add another” entry action was being shown for users without the “Create entries” section permission. (#11819)
";s:4:"date";s:19:"2022-08-26T00:00:00";}i:51;a:4:{s:7:"version";s:6:"3.7.52";s:8:"critical";b:0;s:5:"notes";s:1081:"Changed
- Improved console output for the
gc command.
- The
gc command now runs garbage collection for data caches.
- Exception JSON responses now include
name and code keys. (#11799)
Fixed
- Fixed a bug where
iframeResizer.contentWindow.js was getting loaded for all preview requests, not just Live Preview, and even when useIframeResizer was disabled. (#11778)
- Fixed a bug where deleted relations and Matrix blocks could persist if the edit form was submitted before they had been fully animated away. (#11789)
- Fixed a PHP error that could occur if
craft\services\Assets::getUserTemporaryUploadFolder() was called when there was no logged-in user account. (#11751)
";s:4:"date";s:19:"2022-08-23T00:00:00";}}s:13:"phpConstraint";s:7:">=7.2.5";s:11:"packageName";s:12:"craftcms/cms";}s:7:"plugins";a:3:{s:8:"redactor";a:4:{s:6:"status";s:8:"eligible";s:8:"releases";a:2:{i:0;a:4:{s:7:"version";s:7:"2.10.12";s:8:"critical";b:0;s:5:"notes";s:217:"- Fixed several styling issues with Redactor’s fullscreen mode. (#450, #445)
";s:4:"date";s:19:"2023-03-16T00:00:00";}i:1;a:4:{s:7:"version";s:7:"2.10.11";s:8:"critical";b:0;s:5:"notes";s:192:"- Fixed a bug where image URLs would be broken after selecting them, if the URL contained any underscores. (#441)
";s:4:"date";s:19:"2022-12-31T00:00:00";}}s:13:"phpConstraint";N;s:11:"packageName";s:17:"craftcms/redactor";}s:11:"super-table";a:4:{s:6:"status";s:8:"eligible";s:8:"releases";a:4:{i:0;a:4:{s:7:"version";s:7:"2.7.5.1";s:8:"critical";b:0;s:5:"notes";s:84:"Fixed
- Fix an error with JSON output introduced in 2.7.5.
";s:4:"date";s:19:"2023-03-28T00:00:00";}i:1;a:4:{s:7:"version";s:5:"2.7.5";s:8:"critical";b:0;s:5:"notes";s:185:"Added
- Add support for Fix Fks plugin. (thanks @olivierbon).
Fixed
- Fixed a bug where Super Table field property type was incorrect.
";s:4:"date";s:19:"2023-03-28T00:00:00";}i:2;a:4:{s:7:"version";s:5:"2.7.4";s:8:"critical";b:0;s:5:"notes";s:599:"Changed
- Block queries’
field params now support passing an array of verbb\supertable\fields\SuperTableField objects.
Fixed
- Fix translation file.
- Fix a bug where saving a field without any block types would result in no changes made to the previously-configured block types, rather than displaying a validation error.
- Fix a bug where blocks could be deleted from newly-created multi-site entries, if the edit page was reloaded.
- Fix collapsed matrix-style fields no longer have preview text.
";s:4:"date";s:19:"2022-12-25T00:00:00";}i:3;a:4:{s:7:"version";s:5:"2.7.3";s:8:"critical";b:0;s:5:"notes";s:201:"Fixed
- Fix elements overflowing grid column bounds in Row Layout. (thanks @bencarr).
Removed
- Remove “Column Width” for fields in Matrix layout.
";s:4:"date";s:19:"2022-09-14T00:00:00";}}s:13:"phpConstraint";N;s:11:"packageName";s:17:"verbb/super-table";}s:7:"sitemap";a:3:{s:6:"status";s:8:"eligible";s:8:"releases";a:0:{}s:11:"packageName";s:15:"dolphiq/sitemap";}}}i:1;N;}