Grav Changelog

v1.7.49.5

4 months ago

1. • Backup not honoring ignored paths #3952

v1.7.49.4

4 months ago

1. • Fixed cron force running jobs severy minute! #3951

v1.7.49.3

4 months ago

1. • Fixed an error in ZipArchive that was causing issues on some systems
   • Fixed namespace change for Cron\Expression
   • Removed broken cron install field... use 'instructions' instead
   • Fixed duplicate jobs listing in some CLI commands

v1.7.49.2

4 months ago

1. • Fix translation of key for image adapter #3944

v1.7.49.1

4 months ago

1. • Rerelease to include all updated plugins/theme etc.

v1.7.49

4 months ago

1. • Revamped Grav Scheduler to support webhook to call call scheduler + concurrent jobs + jobs queue + logging, and other improvements
   • Revamped Grav Cache purge capabilities to only clear obsolete old cache items
   • Added full imagick support in Grav Image library
   • Added support for Validate match and match_any in forms
2. • Handle empty values on require with ignore fields in Forms
   • Use actions/cache@v4 in github workflows
   • Use actions/checkout@v4in github workflows #3867
   • Update code block in README.md #3886
   • Updated vendor libs to latest
3. • Bug in exif_read_data #3878
   • Fix parser error in URI: #3894

v1.7.48

1 year ago

1. • New Trait for fetchPriority attribute on images #3850
2. • Fix for #3164. Adds aliases as possible commands during lookup #3863
3. • Fix style conflict with Clockwork and tooltips #3861

v1.7.47

1 year ago

1. • New Utils::toAscii() method
   • Added support for Clockwork Debugger to allow web UI (requires new clockwork-web plugin)
2. • Include modular sub-pages in last-modification date computation #3562
   • Updated vendor libs to latest versions
   • Updated JQuery to 3.7.1 #3787
   • Updated vendor libraries to latest versions
   • Support for Fediverse Creator meta tag #3844
3. • Fixes deprecated for return type in Filesystem with PHP 8.3.6 #3831
   • Fix for exif_imagtetype() throwing an exception when file doesn't exist
   • Fix JSON output comments check with content type #3859

v1.7.46

2 years ago

1. • Better handling of external protocols in Utils::url() such as mailto:, tel:, etc.
   • Handle GRAV_ROOT or GRAV_WEBROOT when / #3667
2. • Fixes for multi-lang taxonomy when reinitializing the languages (e.g. LangSwitcher plugin)
   • Ensure the full filepath is checked for invalid filename in MediaUploadTrait::checkFileMetadata()
   • Fixed a bug in the on_events REGEX pattern of Security::detectXss() as it was not matching correctly.
   • Fixed an issue where read_file() Twig function could be used nefariously in content #GHSA-f8v5-jmfh-pr69

v1.7.45

2 years ago

1. • Added new Image trait for decoding attribute #3796
2. • Fixed some multibyte issues in Inflector class #732
   • Fallback to page modified date if Page date provided is invalid and can't be parsed getgrav/grav-plugin-admin#2394
   • Fixed a path traversal vulnerability with file uploads #GHSA-m7hx-hw6h-mqmc
   • Fixed a security issue with insecure Twig functions be processed #GHSA-2m7x-c7px-hp58 #GHSA-r6vw-8v8r-pmp4 #GHSA-qfv4-q44r-g7rv #GHSA-c9gp-64c4-2rrh
3. • Updated composer packages
   • Updated bin/composer.phar to latest 2.7.2

v1.7.44

2 years ago

1. • Added PHP 8.3 to tests #3782
   • Added debugger messages when Page routes conflict
   • Added ISO 8601 date format #3721
   • Added support for .vcf (vCard) in media configuration #3772
2. • Update jQuery to v3.6.4 #3713
   • Updated vendor libraries including Dom-Sanitizer v1.0.7 that addresses an XSS issue
   • Updated bin/composer.phar to latest 2.6.6
   • Updated vendor libraries to latest
   • Updated language files
   • Updated copyright year
3. • Fixed a math rounding issue with number validation when using floating point steps #3761
   • Fixed an issue with Inflector::ordinalize() not working as expected #3759
   • Fixed various issues with file extension checking with dangerous extensions [#3756(https://github.com/getgrav/grav/pull/3756)]
   • Fix for invalid input to foreach in UserGroupObject #3724
   • Fixed exception: Property 'jsmodule_pipeline_include_externals' does not exist in object #3661
   • Fixed too few arguments exception in FlexObjects #3658

v1.7.43

2 years ago

1. • Add the ability to programatically set a page's modified timestamp via a modified: frontmatter entry
2. • Update vendor libraries
   • Include phar in the list of security.uploads_dangerous_extensions
   • When enabled system.languages.debug now dumps Key -> Value to debugger #3752
   • Updated built-in composer to latest 2.6.4 #3748
   • Added support for @import to ensure paths are rewritten correctly in CSS pipeline #3750

v1.7.42.3

2 years ago

2. • Fixed a typo in Utils::isDangerousFunction

v1.7.42.2

2 years ago

2. • In Utils::isDangerousFunction, handle double \\ in |map twig filter to mitigate SSTI attack
   • Better handle empty email in Validatoin::typeEmail()

v1.7.42.1

3 years ago

2. • Quick fix for isDangerousFunction when $name was a closure #3727

v1.7.42

3 years ago

1. • Added a new system.languages.debug option that adds a <span class="translate-debug"></span> around strings translated with |t. This can be styled by the theme as needed.
2. • More robust SSTI handling in filter, map, and reduce Twig filters and functions
   • Various SSTI improvements Utils::isDangerousFunction()
3. • Fixed Twig |map() allowing code execution
   • Fixed Twig |reduce() allowing code execution

v1.7.41.2

3 years ago

1. • Added the ability to set a configurable 'key' for the Twig Cache Tag: {% cache 'my-key' 600 %}
2. • Fixed an issue with special characters in slug's would cause redirect loops

v1.7.41.1

3 years ago

1. • Fixed certain UTF-8 characters breaking Truncator class #3716

v1.7.41

3 years ago

1. • Removed FILTER_SANITIZE_STRING input filter in favor of htmlspecialchars(strip_tags()) for PHP 8.2+
   • Added GRAV_SANITIZE_STRING constant to replace FILTER_SANITIZE_STRING for PHP 8.2+
   • Support non-deprecated style dynamic properties in Parsedown class via ParseDownGravTrait for PHP 8.2+
   • Modified Truncator to not use deprecated mb_convert_encoding() for PHP 8.2+
   • Fixed passing null into mb_strpos() deprecated for PHP 8.2+
   • Updated internal TwigDeferredExtension to be PHP 8.2+ compatible
   • Upgraded getgrav/image fork to take advantage of various PHP 8.2+ fixes
   • Use UserGroupObject::groupNames method in blueprints for PHP 8.2+
   • Comment out files-upload deprecated message as this is not going to be removed
   • Added various public Twig class variables used by admin to address deprecated messages for PHP 8.2+
   • Added parse_url to list of PHP functions supported in Twig Extension
   • Added support for dynamic functions in Parsedown to stop deprecation messages in PHP 8.2+