- Logout controller allows open redirects [#3948]
s9e/textformatter
2.15 has breaking changes [#3946]
- Console extender does not accept ::class [#3900]
- Conditional extender instantiation [#3898]
- suspended users can abuse avatar upload [#3890]
- missing compat exports [#3888]
- recover temporary solution for html entities in browser title (e72541e35de4f71f9d870bbd9bb46ddf586bdf1d)
- custom contrast color affected by parents (577890d89c593ae5b6cb96083fab69e2f1ae600c)
- reply placeholder wrong positioning (253a3d281dbf5ce3fa712b629b80587cf67e7dbe)
- (mentions) missed post mentions UI changes with lazy loading [#3832]
- (mentions) cannot use newly introduced mentionables extender [#3849]
- (mentions) missing slug from post mention links (5a4bb7c)
- (a11y) reply placeholder not accessible [#3793]
- (bbcode) highlight.js does not work after changing post content [#3817]
- (bbcode) localize quote
wrote
string [#3809] - (mentions) mentions XHR fired even after mentioning is done [#3806]
- (package-manager) available core updates cause an error in the dashboard (fab71f2)
- (tags) not all tags are loaded in the permission grid [#3804]
- (tags) tag discussion modal filters with exact matches only after first index [#3786]
- (testing) always clear cache in integration test's tearDown [#3818]
UserSecurityPage
not exported (232618a)isDark()
utility can receive null value [#3774]- approving a post does not bump user
comment_count
[#3790] - circular dependencies disable all involved extensions [#3785]
- color input overflowing the input box [#3796]
- deleting a discussion from the profile does not visually remove it [#3799]
- discussion page showing horizontal scroll on iOS [#3821]
- empty string displayed as SelectDropdown title [#3773]
- filter values are not validated [#3795]
- infinite scroll not initialized for notifications on big screens [#3733]
- notification subject discussion eager loading fails [#3788]
- null as 2nd param in
preg_match
is deprecated [#3801] - unread count in post stream not visible [#3791]
- unreadable badge icon on certain colors [#3810]
- integrity constraint violation [#3772]
- (core,mentions) limit
mentionedBy
post relation results [#3780] - (likes) limit
likes
relationship results [#3781] - Change some methods from private to protected, to be able to extend the affected classes [#3802]
- Do not catch exceptions when testing Console commands [#3813]
- drop usage of jquery in
install
andupdate
interfaces [#3797] - extensibility improvements [#3729]
- major frontend JS cleanup [#3609]
- revert ineffective code for encoding of page title [#3768]
- speed up post creation time [#3808]
- (mentions,tags) tag mentions [#3769]
- add delete own posts permission [#3784]
- add a trait to flush the formatter cache in tests [#3811]
- add user creation to users list page [#3744]
- cli command for enabling or disabling an extension [#3816]
- conditional extenders [#3759]
- provide old content to
Revised
event [#3789]
- (tags) composer tag selection modal using wrong primary max & min numbers (abc9670659426b765274376945b818b70d84848c)
- missing parameter names in token title translation. (#3752)
- hardcoded language strings in StatusWidget (#3754)
- hide developer tokens section in if there is nothing to display or create (#3753)
- improve sessions user UI on mobile (dd868ab44e11e892d020e3b9412553c6a789e68d)
- (actions) allow running JS tests in GH actions [#3730]
- (core) PHP 8.2 Support [#3709]
- (jest) create jest config package for unit testing [#3678]
- (jest) mithril component testing [#3679]
- (phpstan) foundation for usage in extensions [#3666]
- (seo) Do not use h3 header for poster author in posts stream [#3732]
- (seo) Use h2 header for discussions on discussions list [#3731]
- (seo) shift h1 tag from logo to discussion title [#3724]
- (tags) admin tag selection component (reusable tag selection modal) [#3686]
- Admin User Search [#3712]
- access tokens user management UI [#3587]
- add display name column to admin users list [#3740]
- allow push additional items to the end of the poststream [#3691]
- allow using utf8 characters in tag slugs [#3588]
- expose queue driver, schedule status [#3593]
- expose {time} to eventPost data, fix renamed tooltip [#3698]
- frontend
Model
extender [#3646] - global logout to clear all sessions, access tokens, email tokens and password tokens [#3605]
- improved page navigation for users list [#3741]
- introduce frontend extenders [#3645]
- (mentions) correctly convert a 3 char. hex color to a 6 char. one [#3694]
- (mentions) post reply mention missing notification on approval [#3738]
- (phpstan) adapt phpstan package for extension use [#3727]
- (tags) clickable tag labels have underline [#3737]
- (tags) tag text color contrast [#3653]
- 3 digit hex color value in color input not supported [#3706]
- column
id
can be ambiguous in group filter with extensions [#3696] - disallow certain dangerous LESS features (1761660)
- evaluated page title content [#3684]
- invalid translation key for scheduler dashboard [#3736]
- load actor.groups on showforumcontroller [#3716]
- make go-to-page input number-like [#3743]
- normal logout affects all sessions [#3571]
- permissions table on mobile is unusable [#3722]
- post dropdown opens all dropdowns in
.Post-actions
[#3675] - typo in Formatter extender docblock [#3676]
- undefined showing in dropdown active title [#3700]
- (phpstan) enable phpstan in bundled extensions [#3667]
- Add missing states exports to
compat.ts
[#3683] - Indicate cross-origin request in generic error message [#3669]
- Merge branch 'release/v1.6.2' (e0b9dcf)
- The negate field doesn't get used, which means you cant exclude tags [#3713]
- Update forum.less to fix the misalignment of the choose tags button [#3726]
yarn audit-fix
(8ddb0fe)yarn
(ee1e04c)- convert
Dropdown
components to TS [#3608] - fix php 8.1 on preg_match 2nd argument being null, which also optimizes slightly (d7b9a03)
- improve group mentions parsing [#3723]
- prepare
@flarum/jest-config
for release (748cca6) - remove use of deprecated phpunit assertion (3af0481)
- set flarum version to 1.7.0 for dev (2517bc0)
- update JS dependencies [#3695]
- Post mentions can be used to read any post on the forum without access control (ab1c868b978e8b0d09a5d682c54665dae17d0985).
- Notifications can leak restricted content (d0a2b95dca57d3dae9a0d77b610b1cb1d0b1766a).
- Any user including unactivated can reply in public discussions whose first post was permanently deleted (12f14112a0ecd1484d97330b82beb2a145919015).
- (subscriptions) Post notifications not getting access checked (https://github.com/flarum/framework/commit/e5f05166a062a9a6eb7c12e28728bfd5db7270e3).
- XSS Vulnerability in core (#3684).
- JS dependencies update breaks utilities.
- (approval) posts approved for deleted users error (b5874a0)
- (regression) bad import (5f2d7fb)
- akismet fails when the extension is not on a version (45d9121)
- apply flex for AppearancePage colors input [#3651]
- groupmentions have poor contrast on some backgrounds [#3672]
- larastan v1 incompatible with phpstan v1.9.0 [#3665]
- package manager failures not showing alerts [#3647]
- password reset leaks user existence [#3616]
- statistics previous period chart is unclear [#3654]
- (package-manager) config composer to use web php version (fd19645)
- (package-manager) set min core version and add warning (31c3cfc)
- (statistics) prepare v1.5.1 (dc215ab)
- Apply fixes from StyleCI (267f675)
- Fix tag discussion count decreased by 2 when hiding before deleting [#3660]
- Log migration path when up/down keys are missing [#3664]
- Make it possible to extend SetupScript [#3643]
- Setup PHPStan Level 5 [#3553]
yarn format
(c5c312d)- add missing last period to custom date ranges [#3661]
- add priorities to profile settings page [#3657]
- allow specifying php extensions in workflow (b0b47a0)
- format js (06963df)
- group mentions [#3658]
- remove styleci from changelog (b2fa28e)
- set flarum version to dev for 1.6.0 (fc743ba)
- throw an exception when no serializer is provided to the controller [#3614]
- (statistics) support for custom date ranges [#3622]
- Allow additional login params, Introduce
LogInValidator
[#3670] - Allow additional reset password params, introduce
ForgotPasswordValidator
[#3671] - add statistics chart export button [#3662]
- allow specifying extensions when installing an instance [#3655]
- contrast util with yiq calculator [#3652]
- customizable session driver [#3610]
- replace
ColorPreviewInput
for GroupModal color input [#3650] - send notifications of a new reply when post is approved [#3656]
- (a11y) add accessible labels to notification grid options [#3520]
- (a11y) present post streams as feeds [#3522]
- (a11y) set
aria-busy
when editing a post stream item [#3521] - (compilation) versioner not inject into compilers [#3589]
- (mentions) accessing
id
of nulluser
relation [#3618] - (subscriptions) add missing table prefix for filter gambit [#3599]
- (tags) use default index sortmap [#3615]
- Move guzzle requirement to core [#3544]
- MyISAM tables for extensions during installation (75aaef7, f926c58)
- Set the translator locale to user preference for email notifications [#3525]
$events
property declared dynamically [#3598]- core settings header has no priority (33bf228)
- html entities shown raw in page title [#3542]
- incorrect centring of deleted user avatars in notification list [#3569]
- intellisense imports defaulting to absolute path from
src
folder [#3549] - minor backward compatible fix for php 8.1 in st_replace (07b2f86)
- post query wildcard selection causes ambiguity [#3621]
- potential static caching memory exhaustion [#3548]
- prepare release workflow has invalid layout (70e483d)
- remove deprecation warning for decoding null values (590639f)
- replace
.fa()
mixin usage with.fas()
[#3537] - return type hint static is php 8+ (b01b75e)
- sticky nav content displays below post stream [#3575]
- titles positioned wrongly with custom header height [#3550]
- typo in error message (1a189f4)
- unread notifications are globally cached between users. [#3543]
- update workflow name (628c281)
- user has wrong discussion read status [#3591]
- (approval, likes) use subscribers [#3577]
- (package-manager) last tweaks before beta tag (335c602)
- (statistics) add release notes for 1.4.1 (f4ace73)
- (statistics) rewrite for performance on very large communities [#3531]
- (statistics) split timed data into per-model XHR requests [#3601]
- (tags) Replace event helper with event dispatcher [#3570]
- Add
loading="lazy"
attribute for avatars [#3578] - Create CODEOWNERS (6e48a03)
- MyISAM tables for extensions during installation" (f128190)
- convert
AlertManager
IndexPage
andUserPage
components to TS [#3536] - convert
Badge
Checkbox
andNavigation
components to TS [#3532] - convert core modals to TypeScript [#3515]
- convert page components to TypeScript [#3538]
- debug line slipped in while rebasing a PR [#3580]
- don't pass password field between auth modals [#3626]
- fix github issue templates (d3e456a)
- format code (4954621)
- getting the release workflow in (5530400)
- link logo at the top with the official website [#3552]
- prevent running both
push
andpull_request
actions at the same time [#3597] - refactor prefix matrix and add
MySQL 8.0
&PHP 7.3
to workflows [#3595] - relying on a third-party for avatar URL tests is unreliable [#3586]
- require guzzle 6 or 7 (46b3b7a)
- split FA imports into separate Less file for easy overriding [#3535]
- unify JS actions into one (rewritten
flarum/action-build
) [#3573] - update version constant during cycle 22 (d864405)
- use
isCollapsed
instead ofrangeCount
[#3581] - use github issue template forms [#3526]
- (likes) Add likes tab to user profile [#3528]
- (likes) Option to prevent users liking their own posts [#3534]
- (modals) support stacking modals, remove bootstrap modals dependency [#3456]
- (subscriptions) add option to send notifications when not caught up [#3503]
- Add custom class for email confirmation alert [#3584]
- Admin debug mode warning [#3590]
- Delete all notifications [#3529]
- Queue package manager commands [#3418]
- Restart the queue worker after cache clearing, ext enable/disable, save settings [#3565]
- add createTableIfNotExists migration helper [#3576]
- add new workflow for generating release meta (0901e59)
- clear password & email tokens when appropriate [#3567]
- discussion UTF-8 slug driver [#3606]
- expose assets base url to frontend forum model [#3566]
- extender to add custom less variables [#3530]
- publish assets on admin dashboard cache clear [#3564]
- throttle email change, email confirmation, and password reset endpoints. [#3555]
created_at
andupdated_at
columns added to several tables (#3435)- Priorities added to AdminNav links (#3453)
app.translator
allows retrieving and setting locale (#3451)- Extensions can now declare custom settings components for use with
buildSettingComponent
(#3494) - Implement extensibility on
rel
andtarget
attributes on links (#3455) - New backend tests were added to some of the bundled extensions (#3508)
- Split boot script for Flarum in HTML footer into two parts for CSP hashing (#3461)
- Split asset compilation by giving assembling compilers its own method (#3446)
- Increase visibility of Component typescript class for better extensibility (#3437)
- Mentioning an event post breaks the notification dropdown (#3493)
- Suspension modal shows after suspension is over (#3449)
- CLI based installations don't exit with an error code on failure (#3452)
- Tabbing through dropdown controls doesn't make them visible (#3450)
- Requiring zero tags on new discussions forces the user to select tags (#3448)
- Long topic titles in the notification list don't overflow (#3500)
- Subtags of tags the user has access to are visible even if these are not accessible (#3419)
assertAdmin
tests access based on wrong gate ability (#3501)- Increasing the composer header size causes elements to slip underneath (#3502)
- The profile mentions tab errors when sorting by
created_at
(#3506)
- UserCard now has ItemList for easier extending (#3436)
- Button to go directly to all results page is hidden while API request for search hasn't completed (#3431)
- Setting extender does not register modifications beyond first fluent call (#3439)
- Link to font awesome icons list no longer works (https://github.com/flarum/framework/commit/df1bdd2ad84e992414c0e1e7be576558b4b0fe29)
- Mentions: mentions with deleted authors not showing (#3432)
- Nicknames: regex validation isn't functional (#3430)
- Subscriptions: reply notifications not working (#3445)
- Suspend: not providing suspension reason breaks mail (#3433)
From v1.2.1 on all bundled Flarum extensions and flarum/core
are merged into one monorepo. As a result of this, the full code diff linked above
looks rather complex and messy compared to the full list of changes made for this release.
- [A11Y] Added role feed to DiscussionList (#3359)
- Support multiple confirmation dialogs when closing a tab/window (#3372)
- Markdown: markdown toolbar support for admin frontend (https://github.com/flarum/framework/commit/16d5cc11e3aee5c94aeed877987cdb199a2a0d2c)
- Post number calculation is now executed inside the database layer, preventing integrity constraints (#3358)
- Errors from within extensions no longer make Flarum crash but trigger a visible warning (#3349)
- Sorting options for discussion index is now extensible (#3377)
- Event listeners from the framework now are added before those of extensions (#3373)
- Typings and missing typescript components (#3348)
Post--by-start-user
CSS class is not added to post html (#3356)- Timestamps for notifications are incorrect on servers that have a timezone different than UTC (#3379)
- Extensions with dependencies that are enabled do not cause dependencies to be enforced (#3352)
- Search using non-words doesn't work (#3385)
- Slugs are not working for other languages than English (#3387)
- Deprecations are triggered on PHP 8.1 (#3384)
- Post permalink for subdirectory installs have duplicate paths segments (#3354)
- Composer discussion title is not always clearly visible (#3413)
- Mentions: extensions re-using mentions can cause errors due to missing context (#3382)
- Tags: tag selection modal errors on new discussions when pressing down (#3403)
- [A11Y] Tags: focus to input and layout of tag selection modal are off (#3412)
- Subscriptions: searching inside the following page will search in all discussions (#3376)
- Don't escape single quotes in discussion title meta tags (60600f4d2b8f0c5dac94c329041427a0a08fad42)
- View
README
documentation in extension pages (#3094). - Declare & Use CSS Custom Properties (#3146).
- Lazy draw dropdowns to improve performance (#2925).
- Default Settings Extender (#3127).
- Add
textarea
setting type to admin pages (#3141). - Allow registering settings as
Less
config vars through Settings Extender (#3011). - Allow replacing of blade template namespaces via extender (#3167).
- Update to Webpack 5 (#3135).
- Introduce
Less
custom function extender with ais-extension-enabled
function (#3190). - Support for
few
in ICU Message syntax (#3122). - ES6 local support for number formatting (#3099).
- Added dedicated endpoint for retrieving single groups (#3084).
- Callback
loadWhere
relation eager loading extender (#3116). - Extensible document title driver implementation (#3109).
- Type checks, typescript coverage GH action (#3136).
- Add color indicator in appearance admin page instead of validating colors (#3140).
- Add typing files for our translator libraries (#3175).
StatusWidget
tools extensibility (#3189).- Allow switching the
ImageManager
driver (#3195). - Events for notification read/all read actions (#3203).
- Testing with php8.1 (#3102).
- Migrate fully to Yarn (#3155).
- Handle post rendering errors to avoid crashes (#3061).
- Added basic filtering, sorting, and pagination to groups endpoint (#3084).
- Pass IP address to API Client pipeline (#3124).
- Rename Extension Page "Uninstall" to "Purge" (#3123).
- [A11Y] Improve accessibility for discussion reply count on post stream (#3090).
- Improved post loading support (#3100).
- Rewrite SubtreeRetainer into Typescript (#3137).
- Rewrite ModalManager and state to Typescript (#3007).
- Rewrite frontend application files to Typescript (#3006).
- Allow extensions to modify the minimum search length in the Search component (#3130).
- Allow use of any tag in
listItems
helper (#3147). - Replace
for ... in
withArray.reduce
(#3149). - Page title format is now implemented through translations (#3077, #3228)
- Add
aria-label
attribute to the navigation drawer button (#3157). - Convert extend util to TypeScript (#2928).
- Better typings for DiscussionListState (#3132).
- Rewrite ItemList, update
ItemList
typings (#3005). - Add priority order to discussion page controls (#3165).
- Use
@php
in Blade templates (#3172). - Convert some common classes/utils to TS (#2929).
- Convert routes to Typescript (#3177).
- Move admin
colorItems
to anItemList
(#3186). - Centralize pagination/canonical meta URL generation in Document (#3077).
- Use revision versioner to allow custom asset versioning (#3183).
- Split up application error handling (#3184).
- Make SlugManager available to blade template (#3194).
- Convert models to TS (#3174).
- Allow loading relations in other discussion endpoints (#3191).
- Improve selected text stylization (#2961).
- Extract notification
primaryControl
items to an ItemList (#3204). - Frontend code housekeeping (#3214, #3213).
- Only retain scroll position if coming from discussion (#3229).
- Use
aria-live
regions to focus screenreader attention on alerts as they appear (#3237). - Prevent unwarranted
a11y
warnings on custom Button subclasses (#3238).
- Missing locale text in the user editing modal (#3093).
- Dashes in table prefix prevent installation (#3089).
- Missing autocomplete attributes to input fields (#3088).
- Missing route parameters throwing an error (#3118).
- Mail settings select component never used (#3120).
- White avatar image throws javascript errors on the profile page (#3119).
- Unformatted avatar upload validation errors (#2946).
- Webkit input clear button shows up with the custom one (#3128).
- Media query breakpoints conflict with Windows display scaling (#3139).
typeof this
not recognized by some IDEs (#3142).Model.save()
cannot savenull
hasOne
relationship (#3131).- Edit post
until reply
policy broken on PHP 8 (#3145). - Inaccurate
Component.component
argument typings (#3148). - Scrolling notification list infinitely repeats (#3159).
- Argument for INFO constant was assigned to
maxfiles
argument incorrectly (bfd81a83cfd0fa8125395a147ff0c9ce622f38e3). Activated
event is sent every time an email is confirmed instead of just once (#3163).- [A11Y] Modal close button missing accessible label (#3161).
- [A11Y] Auth modal inputs missing accessible labels (#3207).
- [A11Y] Triggering click on drawer button can cause layered backdrops (#3018).
- [A11Y] Focus can leave open nav drawer on mobile (#3018).
- [A11Y] Post action items not showing when focus is within the post (#3173).
- [A11Y] Missing accessible label for alert dismiss button (#3237).
- Error accessing the forum after saving a setting with more than 65k characters (#3162).
- Cannot restart queue from within (#3166).
Post--by-actor
not showing when comparing user instances (#3170).- Incorrect typings for Modal
hide()
method (#3180). - Avatar Upload throws errors with correct mimetype and incorrect extension (#3181).
- Clicking the dropdown button on a post opens all dropdowns in
Post-actions
(#3185). getPlainContent()
causes external content to be fetched (#3193).listItems
not accepting allMithril.Children
(#3176).- Notifications mark as read option updates all notifications including the read ones (#3202).
- Post meta permalink not properly generated (#3216).
- Broken contribution link in README (#3211).
WelcomeHero
is displayed when content is empty (#3219).last_activity_at, last_seen_at
updated on all API requests (#3231).RememberMe
access token updated twice in API requests (#3233).- Error in
funding
item incomposer.json
bricks the frontend (#3239). - Escaped quotes in window title (#3264)
schedule:list
command fails due to missing timezone configuration.
- Unused
evented
utility (#3125).
- Performance issue with very large communities.
- Info command now displays MySQL version, queue driver, mail driver (#2991)
- Use organization Prettier config (#2967)
- Support for global typings in extensions (#2992)
- Typings for class component state attribute (#2995)
- Custom colorising with CSS custom properties (#3001)
- Theme Extender to allow overriding LESS files (#3008)
- Update lastSeenAt when authenticating via API (#3058)
- NoJs Admin View (#3059)
- Preload FontAwesome, JS and CSS, and add
preload
extender (#3057)
- Move Day.js plugin types import to global typings (#2954)
- Avoid resolving excluded middleware on each middleware items
- Allow extra attrs provided to
<Select>
to be passed through to the DOM element (#2959) - Limit height of code blocks (#3012)
- Update normalize.css from v3.0.2 to v8.0.1 (#3015)
- Permission Grid: stick the headers to handle a lot of tags (#2887)
- Use
ItemList
forDiscussionPage
content (#3004) - Move email confirmation to POST request (#3038)
- Minor CSS code cleanup (#3026)
- Replace username with display name in more places (#3040)
- Rewrite Button to Typescript (#2984)
- Rewrite AdminPage abstract component into Typescript (#2996)
- Allow adding page parameters to PaginatedListState (#2935)
- Pass filter params to getApiDocument (#3037)
- Use author filter instead of gambit to get a user's discussions (#3068)
- [A11Y] Accessibility improvements for the Search component (#3017)
- Add determinsm to extension order resolution (#3076)
- Add cache control headers to the admin area (#3097)
- HLJS 11 new styles resulting in double padding (#2909)
- Internal API client attempting to load an uninstantiated session
- Empty post footer taking visual space (#2926)
- Unrecognized component class custom attribute typings (#2962)
- User edit groups permission not visually depending on view hidden groups permission (#2880)
- Event post excerpt preview triggers error (#2964)
- Missing settings defaults for display name driver and User slug driver (#2971)
- [A11Y] Icons not hidden from screenreaders (#3027)
- [A11Y] Checkboxes not focusable (#3014)
- Uploading ICO favicons resulting in server errors (#2949)
- Missing proper validation for large avatar upload payload (#3042)
- [A11Y] Missing focus rings in control elements (#3016)
- Unsanitised integer query parameters (#3064)
@lhsazevedo, @Ornanovitch, @pierres, @the-turk, @iPurpl3x
@uamv, @dannyuk1982, @BurnNoticeSpy, @haarp, @peopleinside, @matteocontrini
- Upgrade to v1.0 resets the "view" permission on all tags (#2941)
- Removed [forum] prefix from Request Password and Email Confirmation emails (a4a81c0)
- Adopt huntr.dev for handling our security vulnerability reports (#2918)
- Maintenance handler can now be replaced through the service container (ioc) (4acff91)
- The colors on the auto generated avatars are now based on the Display Name of the user (#2873)
- Avatar in notifications list are incorrectly aligned (#2906)
- FilesystemManager is not compatible with upstream Laravel implementation (#2936)
- Critical XSS vulnerability
- Installation fails on environments without proc_* functions enabled or mysql client binary (#2890)
- Task scheduling
load()
method onApiController
extender to allow eager loading of relations (#2724)- Installation supports enabling a set of extensions (#2757)
- RequestUtil helper class added to abstract the logic of the actor, session, locale and route name from the request (#2449)
- Code scanning action with GitHub CodeQL (#2744)
- The Formatter extender now has an
unparse
method to allow extensions to hook into the unparsing of content (#2780) - A Filesystem extender allows direct modification and addition of filesystem disks (#2732)
- A slug driver based on the User ID was introduced (#2787)
- An extensible users list was added to the admin area (#2626)
- Headers hardened by adding Referer Policy, Xss Protection and Content type (#2721)
- Tooltip component (#2843)
- Moved
insertText
andstyleSelectedText
from markdown to core (#2826) - A squashed database schema install dump to speed up new installs (#2842)
- Pagination in the canonical URL for discussion pages (#2853)
- PaginatedListState for the DiscussionList and to support paginated lists in the frontend (#2781)
- Introduce the new webpack config and flarum-tsconfig for typehinting (#2856)
- Now tracking bundle sizes to keep an eye on web performance (#2695)
- Eager load relations on ListPostsController to improve performance (#2717)
- Replace classList with clsx library (#2760)
- Replaced the javascript based loading spinner with a pure CSS version (#2764)
- Route names now have to be unique (#2771)
- ActorReference is now available from the error handler middleware (#2410)
- The
migrations
table now has an Auto Increment ID (#2794) - Assets and avatars are now managed using Laravel filesystem disks (#2729)
- Extracted asset publishing (
php flarum assets:publish
) from migrating (#2731) - Assets were compiled in the format
<asset>-<revision>.<js|css>
, this is now<asset>.<js|css>?v=<revision>
(#2805) - The powered by header can now be configured in the config under
headers
(#2777) - Switched to the ICU format for translation files (#2759)
- Allow extend and override to apply to multiple methods in one call
- Notifications dropdown and list refactored (#2822)
- Updated validation locale strings based on Laravel 8 changes (#2829)
- Caching of permissions is now taken care of centrally, reducing code duplication (#2832)
- Replaced lodash-es by throttle-debounce to reduce bundle size (#2827)
- Internal API requests are now executed through middleware (#2783)
- Permission changes:
viewDiscussions
toviewForum
andviewUserList
tosearchUsers
(#2854)
- Javascript is shown when editing the title of a discussion (#2693)
- Canonical url logic uses request object which causes wrong URL's when a different page is default (#2674)
- Dropdown toggle has no aria label (#2668)
- Nav drawer is focusable when off-screen on small viewports (#2666)
- Search input has no aria-label and no role (#2669)
- Code duplication exists between SendConfirmationEmailController and AccountActivationMailer (#2493)
- When setting tags as homepage default, visiting a tag will show all posts (#2754)
- Locale cache is cleared twice when cache clearing (#2738)
- When cache clearing fails an exception can be thrown due to a partial flush (#2756)
- Database migrations rely on MyISAM even though the eventual migrated database does not use it (#2442)
- Discussion search result is not sorted by relevance by default (#2773)
- Extensions cannot register custom searcher classes (#2755)
- Searching discussion titles is not possible (#2698)
- Boot errors due to failing extenders throw a generic error (#2740)
- Required argument to
Component.$()
isn't really required (#2844) - Component does not allows use of all mithril lifecycle functionality (#2847)
- The
make:migration
command has been removed (#2686) - Background fade on the header has been removed (#2685)
- Remove vendor prefixes in less (#2766)
- The session is no longer available from the User class (#2790)
- The
mail
key is removed from the laravel related config (#2796)
- Allow event subscribers (#2535)
- Allow Settings extender to have a default value (#2495)
- Allow hooking into the sending of notifications before being send (#2533)
- PHP 8 support (#2507)
- Search extender (#2483)
- User badges to post preview (#2555)
- Optional extension dependencies allow a booting order (#2579)
- Auth extender (#2176)
X-Powered-By
header added to allow indexers easier data aggregation of Flarum adoption (#2618)
- Run integration tests in transaction (#2304)
- Allow policies to return a boolean for simplified allow/deny (#2534)
- Converted highlight helper to typescript (#2532)
- Add accessibility attributes to Mark as Read button (#2564)
- Dismiss errors on change email modal upon a new request (00913d5)
- Disabled extensions now are marked with a red circle instead of a red dot (#2562)
- Extension dependency errors now show the extension title instead of the ID (#2563)
- Change
mutate
method on ApiSerializer extender toattributes
(#2578) - Moved locale files to the core from the language pack (#2408)
- AdminPage extensibility and generic improvements (#2593)
- Remove entry of authors, link to https://flarum.org/team (#2625)
- Search and filtering are split (#2454)
- Move IP identification into a middleware (#2624)
- Editor Driver abstraction introduced (#2594)
- Allow overriding routes (#2577)
- Split user edit permissions into permissions for editing of user credentials, username, groups and suspending (#2620)
- Reduced number of admin extension categories (#2604)
- Move search related classes to a dedicated Query namespace (#2645)
- Rewrite common helpers into typescript (#2541)
TextEditor
is moved to the common namespace for use in the admin frontend (#2649)- Update Laravel/Illuminate components to 8 (#2576)
- Eager load relations in discussion listing to improve performance (#2639)
- Adopt flarum/testing package (#2545)
- Replace
user
gambit withauthor
gambit (612a57c) - Posts page of on user profile loads posts using username instead of id (30017ee)
- Transform css breaks iOS scroll functionality (#2527)
- Composer header is hidden on mobile devices (#2279)
- Cannot delete a post or discussion of a deleted user (#2521)
- DiscussionListPane jumps around not keeping the scroll position (#2402)
- Infinite scroll on notifications dropdown broken (#2524)
- The show language selector switch remains toggled on (9347b12)
- Model Visibility extender throws exception on extensions that aren't installed or enabled (#2580)
- Extensions are marked as enabled when enabling fails to unmet extension dependencies (#2558)
- Routes to admin extension pages without a valid ID break the admin page (#2584)
- Disabled fieldset use an incorrect CSS property
disallowed
(#2585) - Scrolling to a post that is already loaded the Load More button shows and does not trigger (#2388)
- Opening discussions on some mobile devices require a double tap (#2607)
- iOS devices show erratic behavior in the post stream while updating (#2548)
- Small mobile screens partially hides the composer when the keyboard is open (#2631)
- Clearing cache does not clear the template cache in storage/views (#2648)
- Boot errors show critical information (#2633)
- List user endpoint discloses last online even if user choose against it (#2634)
- Group gambit disclosed hidden groups (#2657)
- Search results on small windows not fully visible (#2650)
- Composer goes off screen on Safari when starting to type (#2660)
- A search that has no results shows the search results dropdown (b88a7cb)
- The composer modal moves around when typing on Safari (a64c398)
- Deprecated CSRF wildcard path match
- Deprecated policy and visibility scoping events
- Deprecated post types event
- Deprecated validation events
- Deprecated notification events
- Deprecated floodgate
- Deprecated user preferences event
- Deprecated formatting events
- Deprecated api events
- Deprecated bootstrap.php support
- PHP 7.2 support (#2507)
- Bidi attribute in the rendered HTML (#2602)
AccessToken::find
, useAccessToken::findValid
instead (#2651)
GetModelIsPrivate
event (#2587)CheckingPassword
event (#2176)event()
helper (#2608)AccessToken::generate
argument$lifetime
(#2651)Rememberer::remember
argument$token
should receive an instance ofRememberAccessToken
withAccessToken
being deprecated (#2651)Rememberer::rememberUser
(#2651)SessionAuthenticator::logIn
argument$userId
, should be replaced withAccessToken
(#2651)TextEditor
has been moved tocommon
(#2649)UserFilter
(91e8b56)
- Slug drivers support (#2456).
- Notification type extender (#2424).
- Validation extender (#2102).
- Post extender (#2101).
- Notification channel extender (#2432).
- Service provider extender (#2437).
- API serializer extender (#2438).
- User preferences extender (#2463).
- Settings extender (#2452).
- ApiController extender (#2451).
- Model visibility extender (#2460).
- Policy extender (#2461).
- Time helpers converted to Typescript (#2391).
- Improved the formatter extender (#2098).
- Improve wording on installer when facing file permission issues (#2435).
- Background color of checkbox toggles improved for better usability (#2443).
- Route resolving refactored (#2425).
- Administration panel UX refactored (#2409).
- Floodgate moved to middleware and extender added (#2170).
- DRY up image uploading logic (#2477).
- Process isolation on testing (https://github.com/flarum/framework/commit/984f751c718c89501cc09857bc271efa2c7eea8c).
- Forum and admin javascript exports namespaced (#2488).
- Web updater does not take into account subfolder installations (#2426).
- Callables handling in extenders failed (#2423).
- Scrolling on mobile from PostSteam changes didn't work correctly (#2385).
- Side pane covers part of the discussion page due to
app.discussions
being empty (https://github.com/flarum/framework/commit/102e76b084bf47fdfb4c73f95e1fbb322537f7aa). - Change email modal keeps showing the previous error message even on success (#2467).
- Comment count not updated when discussions are deleted (#2472).
goToIndex
in PostStream does not trigger an xhr to retrieve new data (https://github.com/flarum/framework/commit/09e2736cbcc267594b660beabbd001d9030f9880).- On refresh the post number is reduced by one (#2476).
- Queue worker would instantiate a new Queue factory, not the bound one (#2481).
- Header accidentally has a border bottom (#2489).
- Namespace mentioned in docblock is incorrect (#2494).
- Scrolling inside longer discussions (especially Firefox) skips posts (https://github.com/flarum/framework/commit/210a6b3e253d7917bd1eacd3ed8d2f95073ae99d).
- Uploading avatars that are jpg/jpeg fails with a validation error (#2497).
- MomentJS alias (#2428).
- Deprecated user events
GetDisplayName
andPrepareUserGroups
(#2428). - AssertPermissionTrait (#2428).
- Path related helpers and methods in Application (#2428).
- Backward compatibility layers from the frontend rewrite (#2428).
CheckingForFlooding
(https://github.com/flarum/framework/commit/8e25bcb68f86cc992c46dfa70368419fe9f936ac).
- SuperTextarea component is not exported.
- Symfony dependencies do not match those depended on by Laravel (#2407).
- Scripts from textformatter aren't executed (#2415)
- Sub path installations have no page title.
- Losing focus of Composer area when coming from fullscreen.
- Check dependencies before enabling / disabling extensions (#2188)
- Set up temporary infrastructure for TypeScript in core (#2206)
- Better UI for request error modals (#1929)
- Display name extender, tests, frontend UI (#2174)
- Scroll to post or show alert when editing a post from another page (#2108)
- Feature to test email config by sending an email to the current user (#2023)
- Allow searching users by group ID using the group gambit (#2192)
- Use
liveHumanTimes
helper to update times without reload/rerender (#2208) - View extender, tests (#2134)
- User extender to replace
PrepareUserGroups
(#2110) - Increase extensibility of skeleton PHP (#2308, #2318)
- Pass a translator instance to
getEmailSubject
inMailableInterface
(#2244) - Force LF line endings on windows (#2321)
- Add a
Link
component for internal and external links (#2315) ConfirmDocumentUnload
component- Error handler middleware can now be manipulated by the middleware extender
- Update to Mithril 2 (#2255)
- Stop storing component instances (#1821, #2144)
- Update to Laravel 6.x (#2055)
Flarum\Foundation\Application
no longer implementsIlluminate\Contracts\Foundation\Application
(#2142)Flarum\Foundation\Application
no longer inheritsIlluminate\Container\Container
(#2142)paths
have been split off fromFlarum\Foundation\Application
intoFlarum\Foundation\Paths
, which can be injected where needed (#2142)Flarum\User\Gate
no longer implementsIlluminate\Contracts\Auth\Access\Gate
(#2181)- Improve Group Gambit performance (#2192)
- Switch to
dayjs
frommomentjs
(#2219) - Don't create a
bio
column inusers
for new installations (#2215) - Start converting core JS to TypeScript (#2207)
- Make Carbon an explicit dependency (https://github.com/flarum/framework/commit/3b39c212e0fef7522e7d541a9214ff3817138d5d)
- Use Symfony's translator interface instead of Laravel's (#2243)
- Use newer versions of fontawesome (#2274)
- Use URL generator instead of
app()->url()
where possible (#2302) - Move config from
config.php
into an injectable helper class (#2271) - Use reserved TLD for bogus and test urls (https://github.com/flarum/framework/commit/6860b24b70bd04544dde90e537ce021a5fc5a689)
- Replace
m.stream
withflarum/utils/Stream
(#2316) - Replace
affixedSidebar
util withAffixedSidebar
component - Replace
m.withAttr
withflarum/utils/withAttr
- Scroll Listener is now passive, performance improvement (#2387)
generate:migration
command for extensions (https://github.com/flarum/framework/commit/443949f7b9d7558dbc1e0994cb898cbac59bec87)- Container config for
UninstalledSite
(https://github.com/flarum/framework/commit/ecdce44d555dd36a365fd472b2916e677ef173cf) - Tooltip glitch on page chang (#2118)
- Using multiple extenders in tests (https://github.com/flarum/framework/commit/c4f4f218bf4b175a30880b807f9ccb1a37a25330)
- Header glitch when opening modals (#2131)
- Ensure
SameSite
is explicitly set for cookies (#2159) - Ensure
Flarum\User\Event\AvatarChanged
event is properly dispatched (#2197) - Show correct error message on wrong password when changing email (#2171)
- Discussion unreadCount could be higher than commentCount if posts deleted (#2195)
- Don't show page title on the default route (#2047)
- Add page title to
All Discussions
page when it isn't the default route (#2047) - Accept
'0'
asfalse
forflarum/components/Checkbox
(#2210) - Fix PostStreamScrubber background (#2222)
- Test port on BaseUrl tests (#2226)
UrlGenerator
can now generate urls with optional parameters (#2246)- Allow
less
to be compiled independently of Flarum (#2252) - Use correct number abbreviation (#2261)
- Ensure avatar html uses alt tags for accessibility (#2269)
- Escape regex when searching (#2273)
- Remove unneeded semicolons inserted during JS compilation (#2280)
- Don't require a username/password for SMTP (#2287)
- Allow uppercase entries for SMTP encryption validation (#2289)
- Ensure that the right number of posts is returned from list posts API (#2291)
- Fix a variety of PostStream bugs (#2160, #2160)
- Sliding discussion glitch on mobile (#2324)
- Sliding discussion button in wrong place (#2330, #2383)
- Sliding discussion glitch on mobile (#2381)
- Fix PostStream for posts with top margins, and scrubber position when scrolling below posts (#2369)
Flarum\Event\AbstractConfigureRoutes
event classFlarum\Event\ConfigureApiRoutes
event classFlarum\Event\ConfigureForumRoutes
event classFlarum\Console\Event\Configuring
event classFlarum\Event\ConfigureModelDates
event classFlarum\Event\ConfigureLocales
event classFlarum\Event\ConfigureModelDefaultAttributes
event classFlarum\Event\GetModelRelationship
event classFlarum\User\Event\BioChanged
event classFlarum\Database\MigrationServiceProvider
moved intoFlarum\Database\DatabaseServiceProvider
- Unused
admin/components/Widget
component (admin/component/DashboardWidget
should be used instead) - Mandrill mail driver (https://github.com/flarum/framework/commit/bca833d3f1c34d45d95bf905902368a2753b8908)
Flarum\User\Event\GetDisplayName
event class- Global path helpers,
Flarum\Foundation\Application
path methods (#2155) Flarum\User\AssertPermissionTrait
(#2044)
- Console extender (#2057)
- CSRF extender (#2095)
- Event extender (#2097)
- Mail extender (#2012)
- Model extender (#2100)
- Posts by users that started a discussion now have the CSS class
.Post--by-start-user
- PHPUnit 8 compatibility
- Composer 2 compatibility
- Permission groups can now be hidden (#2129)
- Confirmation popup when hiding or deleting posts (#2135)
- Updated less.php dependency version to 3.0
- Updated JS dependencies
- All notifications and other emails now processed through the queue, if enabled (#978, #1928, #1931, #2096)
- Simplified uploads, removing need to store intermediate files (#2117)
- Improved date handling for dates older than 1 year (#2034)
- Linting and automatic formatting for JS (#2099)
- Translation files from Language Packs are only loaded for extensions that are enabled (#2020)
- PHP extenders' properties are now
private
instead ofprotected
, intentionally making it harder to extend these classes (#1958) - Preparation for upgrading Laravel components to 5.8 and then 6.0 (#2055, #2117)
- Allowed permission checks based on model classes in addition to instances (#1977)
- Users can no longer restore discussions hidden by admins (#2037)
- Issues of the Modal not showing or auto hiding (#1504, #1813, #2080)
- Columnar layout on admin extensions page was broken in Firefox (#2029, #2111)
- Non-dismissible modals could still be dismissed using the ESC key (#1917)
- New discussions were added to the discussion list above unread sticky posts (#1751, #1868)
- New discussions not visible to users when using Pusher (#2076, #2077)
- Permission icons were aligned unevenly in admin permissions list (#2016, #2018)
- Notification bubble not inversed on mobile with colored header (#1983, #2109)
- Post stream scrubber clicks jumped back to first post (#1945)
- Loading state of Switch toggle component was hard to see (#2039, #1491)
Flarum\Extend\Middleware
: The methodsinsertBefore()
andinsertAfter()
did not work as described (#2063, #2084)
- Support for PHP 7.1 (#2014)
- Zend compatibility bridge (#2010)
- SES mail support (#2011)
- Backward compatibility layer for
Flarum\Mail\DriverInterface
, new methods from beta.12 are now required Flarum\Util\Str
helper classFlarum\Event\ConfigureMiddleware
event
Flarum\Event\AbstractConfigureRoutes
event classFlarum\Event\ConfigureApiRoutes
event classFlarum\Event\ConfigureForumRoutes
event classFlarum\Event\ConfigureLocales
event class
- Full support for PHP 7.4 (#1980)
- Mail settings: Configure region for the Mailgun driver (#1834, #1850)
- Mail settings: Alert admins about incomplete settings (#1763, #1921)
- New permission that allows users to post without throttling (#1255, #1938)
- Basic transliteration of discussion "slugs" / pretty URLs (#194, #1975)
- User profiles: Render basic content on server side (#1901)
- New extender for configuring middleware (#1919, #1952, #1957, #1971)
- New extender for configuring error handling (#1781, #1970)
- Automated tests for PHP extenders to guarantee their backwards compatibility
- Profile URLs for non-existing users properly return HTTP 404 (#1846, #1901)
- Confirmation email subject no longer contains the forum title (#1613)
- Improved error handling during Flarum's early boot phase (#1607)
- Updated deprecated "Zend" libraries to their new "Laminas" equivalents (#1963)
- Update page did not work when installed in subdirectories (#1947)
- Avatar upload did not work in IE11 / Edge (#1125, #1570)
- Translation fallback was ignored for client-rendered pages (#1774, #1961)
- The success alert when posting replies was invisible (#1976)
- Saving custom css in admin failed (#1946)
- Comments have an additional class
Post--by-actor
when posted by the user (#1927)
- Improved support for URL identification during installation (#1861)
- KeyboardNavigatable now has a callback ability (#1922)
- Links are no longer opened with target
_blank
but in the same window (#859) - Links now have
nofollow ugc
by default as theirrel
attribute (#859, #1884) - Improved performance of the full text gambit when searching for users (#1877)
- The Queue implementation is now available under its Illuminate contract
- No error handling was possible in the console/cli (#1789)
- Enable scrollbars in log in modals so it fits for GitHub (#1716)
- Reduce log in modal for SSO so it fits for Facebook (#1727)
- Deleting discussions permanently did not delete its posts (#1909)
- Fixed the queue:restart command (#1932)
- Deleted posts were visible to all visitors (#1827)
- Old avatars weren't being deleted when replaced (#1918)
- The search performance regression was reverted (#1764)
- No profile background could be set for remote images (#445)
- Back button sends to home even though it could actually go back (#1942)
- Debug button no longer visible (#1687)
- Modals on smaller screens use the whole width of the page
- Initial queue support: Infrastructure for offloading long-running tasks (e.g. email sending) to background workers (#1773)
- Notifications can now be marked as read without visiting a discussion (#151)
- SEO: The discussion list now has a
rel="canonical"
meta tag, preventing duplicate content (#1134, #1814) - The "Edit User" permission can now be edited in the UI (#1845)
- New status message and redirect after user deletion (#1750, #1777)
- Errors in Flarum's boot process are now presented with more detailed information (#1607)
- Better, more detailed and extensible error handling (#1641, #1843)
- Error pages in debug mode now return the same HTTP status codes as in production (#1648)
- Tweak HTTP status codes for authentication / authorization errors (#1854)
- Already-used links from account activation emails now show a better error message (#1337)
- Security vulnerabilities in dependencies
- Performance: High CPU usage when scrolling in a discussion (#1222)
- Special characters crashed the search (#1498)
- Missing declarations for language and text direction in HTML output (#1772)
- Private messages were counted in user post counts (#1695)
- Extensions could not change the forum's default page (#1819)
- API requests authenticated using access tokens needed to provide a CSRF token (#1828)
- Accessibility: Screenreaders did not read the "Back to discussion list" link (#1835)
- New
hasPermission()
helper method forGroup
objects (9684fbc) - Expose supported mail drivers in IoC container (208bad3)
- More test for some API endpoints (1670590)
- The
Formatter\Rendering
event now receives the HTTP request instance as well (0ab9fac) - More and better validation in installer UIs
- Check and enforce minimum MariaDB (7ff9a90)
- Revert publication of assets when installation fails (ed9591c)
- Benefit from Laravel's database reconnection logic in long-running tasks (e0becd0)
- The "vendor path" (where Composer dependencies can be found) can now be configured (5e1680c)
- Performance: Actually cache translations on disk (0d16fac)
- Allow per-site extenders to override extension extenders (ba594de)
- Do not resolve objects from the IoC container (in service providers and extenders) until they are actually used
- Replace event subscribers (that resolve objects from the IoC container) with listeners (that resolve lazily)
- Use custom service provider for Mail component (ac5e26a)
- Update to Laravel 5.7, revert custom logic for building database index names
- Refactored installer, extracted Installation class and pipeline for reuse in CLI and web installers (790d5be)
- Use whitelist for enabling pre-installed extensions during installation (4585f03)
- Update minimum MySQL version (7ff9a90)
- Signing up via OAuth providers was broken (67f9375)
- Group badges were overlapping (16eb1fa)
- API: Endpoint for uninstalling extensions returned an error (c761802)
- Documentation links in installer were outdated (b58380e)
- Event posts where counted when aggregating user posts (671fdec)
- Admins could not reset user passwords (c67fb2d)
- Several down migrations were invalid
- Validation errors on reset password page resulted in HTTP 404 (4611abe)
is:unread
gambit generated an invalid query (e17bb0b)- Entire forum was breaking when the
custom_less
setting was missing from the database (bf2c5a5) - Dropdown icon was not showing in user card when on user page (12fdfc9)
- Requests were missing the
original*
attributes, which broke installations in subfolders (56fde28) - Special characters such as
%
and_
could return incorrect results (ee3640e) - FontAwesome component package changed paths in version 5.9.0 (5eb69e1)
- Some server environments had problems accessing the system-wide tmp path for storing JS file maps (54660eb)
- Content length of posts.content was not migrated to mediumText in 2017 (590b311)
- An error occurred when going to the previous route if there was no previous route found (985b87da)
php flarum install --defaults
- this was meant to be used in our old development VM (44c9109)- Obsolete
id
attributes in JSON-API responses (ecc3b5e and 7a44086)
- Fix live output in
migrate:reset
command (f591585) - Fix search with database prefix (7705a2b)
- Fix invalid join time of admin user created by installer (57f73c9)
- Ensure InnoDB engine is used for all tables (fb6b51b, 6370f7e)
- Fix dropping foreign keys in
down
migrations (57d5846) - Fix discussion list scroll position not being maintained when hero is not visible (40dc6ac)
- Fix empty meta description tag (88e43cc)
- Remove empty attributes on
<html>
tag (796b577)