Grav Changelog

v1.7.45

2 weeks ago

    • Added new Image trait for decoding attribute #3796
    • Updated composer packages
    • Updated bin/composer.phar to latest 2.7.2

v1.7.44

3 months ago

    • Added PHP 8.3 to tests #3782
    • Added debugger messages when Page routes conflict
    • Added ISO 8601 date format #3721
    • Added support for .vcf (vCard) in media configuration #3772
    • Update jQuery to v3.6.4 #3713
    • Updated vendor libraries including Dom-Sanitizer v1.0.7 that addresses an XSS issue
    • Updated bin/composer.phar to latest 2.6.6
    • Updated vendor libraries to latest
    • Updated language files
    • Updated copyright year
    • Fixed a math rounding issue with number validation when using floating point steps #3761
    • Fixed an issue with Inflector::ordinalize() not working as expected #3759
    • Fixed various issues with file extension checking with dangerous extensions [#3756(https://github.com/getgrav/grav/pull/3756)]
    • Fix for invalid input to foreach in UserGroupObject #3724
    • Fixed exception: Property 'jsmodule_pipeline_include_externals' does not exist in object #3661
    • Fixed too few arguments exception in FlexObjects #3658

v1.7.43

6 months ago

    • Add the ability to programatically set a page's modified timestamp via a modified: frontmatter entry
    • Update vendor libraries
    • Include phar in the list of security.uploads_dangerous_extensions
    • When enabled system.languages.debug now dumps Key -> Value to debugger #3752
    • Updated built-in composer to latest 2.6.4 #3748
    • Added support for @import to ensure paths are rewritten correctly in CSS pipeline #3750

v1.7.42.3

8 months ago

    • Fixed a typo in Utils::isDangerousFunction

v1.7.42.2

8 months ago

    • In Utils::isDangerousFunction, handle double \\ in |map twig filter to mitigate SSTI attack
    • Better handle empty email in Validatoin::typeEmail()

v1.7.42.1

9 months ago

    • Quick fix for isDangerousFunction when $name was a closure #3727

v1.7.42

9 months ago

    • Added a new system.languages.debug option that adds a <span class="translate-debug"></span> around strings translated with |t. This can be styled by the theme as needed.
    • More robust SSTI handling in filter, map, and reduce Twig filters and functions
    • Various SSTI improvements Utils::isDangerousFunction()
    • Fixed Twig |map() allowing code execution
    • Fixed Twig |reduce() allowing code execution

v1.7.41.2

10 months ago

    • Added the ability to set a configurable 'key' for the Twig Cache Tag: {% cache 'my-key' 600 %}
    • Fixed an issue with special characters in slug's would cause redirect loops

v1.7.41.1

11 months ago

    • Fixed certain UTF-8 characters breaking Truncator class #3716

v1.7.41

11 months ago

    • Removed FILTER_SANITIZE_STRING input filter in favor of htmlspecialchars(strip_tags()) for PHP 8.2+
    • Added GRAV_SANITIZE_STRING constant to replace FILTER_SANITIZE_STRING for PHP 8.2+
    • Support non-deprecated style dynamic properties in Parsedown class via ParseDownGravTrait for PHP 8.2+
    • Modified Truncator to not use deprecated mb_convert_encoding() for PHP 8.2+
    • Fixed passing null into mb_strpos() deprecated for PHP 8.2+
    • Updated internal TwigDeferredExtension to be PHP 8.2+ compatible
    • Upgraded getgrav/image fork to take advantage of various PHP 8.2+ fixes
    • Use UserGroupObject::groupNames method in blueprints for PHP 8.2+
    • Comment out files-upload deprecated message as this is not going to be removed
    • Added various public Twig class variables used by admin to address deprecated messages for PHP 8.2+
    • Added parse_url to list of PHP functions supported in Twig Extension
    • Added support for dynamic functions in Parsedown to stop deprecation messages in PHP 8.2+

v1.7.40

1 year ago

    • Added a new timestamp: true|false option for individual assets
    • Removed outdated xcache setting #3615
    • Updated robots.txt #3625
    • Fixed force_ssl redirect in case of undefined hostname #3702
    • Fixed an issue with duplicate identical page paths
    • Fixed BlueprintSchema:flattenData to properly handle ignored fields
    • Fixed LogViewer regex greediness #3684
    • Fixed whoami command #3695

v1.7.39.4

1 year ago

    • Reverted a reorganization of account.yaml that caused username to be disabled admin#2344

v1.7.39.3

1 year ago

    • Fix for overzealous modular page template rendering fix in 1.7.39 causing Feed plugin to break #3689

v1.7.39.2

1 year ago

    • Fix for invalid session breaking Flex Accounts (when switching from Regular to Flex)

v1.7.39.1

1 year ago

    • Fix for broken image CSS with the latest version of DebugBar

v1.7.39

1 year ago

    • Vendor library updates to latest versions
    • Various PHP 8.2 fixes
    • Fixed an issue with modular pages rendering thew wrong template when dynamically changing the page
    • Fixed an issue with email validation that was failing on UTF-8 characters. Following best practices and now only check for @ and length.
    • Fixed PHPUnit tests to remove deprecation warnings

v1.7.38

1 year ago

    • New onBeforeSessionStart() event to be used to store data lost during session regeneration (e.g. login)
    • Vendor library updates to latest versions
    • Updated bin/composer.phar to latest 2.4.4 version #3627
    • Don't fail hard if pages recurse with same path
    • Github workflows security hardening #3624

v1.7.37.1

1 year ago

    • Fixed a bad return type #3630

v1.7.37

1 year ago

    • Added new onPageHeaders() event to allow for header modification as needed
    • Added a system.pages.dirs configuration option to allow for configurable paths, and multiple page paths
    • Added new Pages::getSimplePagesHash which is useful for caching pages specific data
    • Updated to latest vendor libraries

v1.7.36

2 years ago

    • Added authorize-*@: support for Flex blueprints, e.g. authorize-disabled@: not delete disables the field if user does not have access to delete object
    • Added support for flex-ignore@ to hide all the nested fields in the blueprint