Releases: flarum/framework
Releases · flarum/framework
v1.2.1
v1.2.0
Added
- View
README
documentation in extension pages (#3094). - Declare & Use CSS Custom Properties (#3146).
- Lazy draw dropdowns to improve performance (#2925).
- Default Settings Extender (#3127).
- Add
textarea
setting type to admin pages (#3141). - Allow registering settings as
Less
config vars through Settings Extender (#3011). - Allow replacing of blade template namespaces via extender (#3167).
- Update to Webpack 5 (#3135).
- Introduce
Less
custom function extender with ais-extension-enabled
function (#3190). - Support for
few
in ICU Message syntax (#3122). - ES6 local support for number formatting (#3099).
- Added dedicated endpoint for retrieving single groups (#3084).
- Callback
loadWhere
relation eager loading extender (#3116). - Extensible document title driver implementation (#3109).
- Type checks, typescript coverage GH action (#3136).
- Add color indicator in appearance admin page instead of validating colors (#3140).
- Add typing files for our translator libraries (#3175).
StatusWidget
tools extensibility (#3189).- Allow switching the
ImageManager
driver (#3195). - Events for notification read/all read actions (#3203).
Changed
- Testing with php8.1 (#3102).
- Migrate fully to Yarn (#3155).
- Handle post rendering errors to avoid crashes (#3061).
- Added basic filtering, sorting, and pagination to groups endpoint (#3084).
- Pass IP address to API Client pipeline (#3124).
- Rename Extension Page "Uninstall" to "Purge" (#3123).
- [A11Y] Improve accessibility for discussion reply count on post stream (#3090).
- Improved post loading support (#3100).
- Rewrite SubtreeRetainer into Typescript (#3137).
- Rewrite ModalManager and state to Typescript (#3007).
- Rewrite frontend application files to Typescript (#3006).
- Allow extensions to modify the minimum search length in the Search component (#3130).
- Allow use of any tag in
listItems
helper (#3147). - Replace
for ... in
withArray.reduce
(#3149). - Page title format is now implemented through translations (#3077, #3228)
- Add
aria-label
attribute to the navigation drawer button (#3157). - Convert extend util to TypeScript (#2928).
- Better typings for DiscussionListState (#3132).
- Rewrite ItemList, update
ItemList
typings (#3005). - Add priority order to discussion page controls (#3165).
- Use
@php
in Blade templates (#3172). - Convert some common classes/utils to TS (#2929).
- Convert routes to Typescript (#3177).
- Move admin
colorItems
to anItemList
(#3186). - Centralize pagination/canonical meta URL generation in Document (#3077).
- Use revision versioner to allow custom asset versioning (#3183).
- Split up application error handling (#3184).
- Make SlugManager available to blade template (#3194).
- Convert models to TS (#3174).
- Allow loading relations in other discussion endpoints (#3191).
- Improve selected text stylization (#2961).
- Extract notification
primaryControl
items to an ItemList (#3204). - Frontend code housekeeping (#3214, #3213).
- Only retain scroll position if coming from discussion (#3229).
- Use
aria-live
regions to focus screenreader attention on alerts as they appear (#3237). - Prevent unwarranted
a11y
warnings on custom Button subclasses (#3238).
Fixed
- Missing locale text in the user editing modal (#3093).
- Dashes in table prefix prevent installation (#3089).
- Missing autocomplete attributes to input fields (#3088).
- Missing route parameters throwing an error (#3118).
- Mail settings select component never used (#3120).
- White avatar image throws javascript errors on the profile page (#3119).
- Unformatted avatar upload validation errors (#2946).
- Webkit input clear button shows up with the custom one (#3128).
- Media query breakpoints conflict with Windows display scaling (#3139).
typeof this
not recognized by some IDEs (#3142).Model.save()
cannot savenull
hasOne
relationship (#3131).- Edit post
until reply
policy broken on PHP 8 (#3145). - Inaccurate
Component.component
argument typings (#3148). - Scrolling notification list infinitely repeats (#3159).
- Argument for INFO constant was assigned to
maxfiles
argument incorrectly (bfd81a8). Activated
event is sent every time an email is confirmed instead of just once (#3163).- [A11Y] Modal close button missing accessible label (#3161).
- [A11Y] Auth modal inputs missing accessible labels (#3207).
- [A11Y] Triggering click on drawer button can cause layered backdrops (#3018).
- [A11Y] Focus can leave open nav drawer on mobile (#3018).
- [A11Y] Post action items not showing when focus is within the post (#3173).
- [A11Y] Missing accessible label for alert dismiss button (#3237).
- Error accessing the forum after saving a setting with more than 65k characters (#3162).
- Cannot restart queue from within (#3166).
Post--by-actor
not showing when comparing user instances (#3170).- Incorrect typings for Modal
hide()
method (#3180). - Avatar Upload throws errors with correct mimetype and incorrect extension (#3181).
- Clicking the dropdown button on a post opens all dropdowns in
Post-actions
(#3185). getPlainContent()
causes external content to be fetched (#3193).listItems
not accepting allMithril.Children
(#3176).- Notifications mark as read option updates all notifications including the read ones (#3202).
- Post meta permalink not properly generated (#3216).
- Broken contribution link in README (#3211).
WelcomeHero
is displayed when content is empty (#3219).last_activity_at, last_seen_at
updated on all API requests (#3231).RememberMe
access token updated twice in API requests (#3233).- Error in
funding
item incomposer.json
bricks the frontend (#3239). - Escaped quotes in window title (#3264)
schedule:list
command fails due to missing timezone configuration.
Deprecated
- Unused
evented
utility (#3125).
v1.1.1
v1.1.0
Added
- Info command now displays MySQL version, queue driver, mail driver (#2991)
- Use organization Prettier config (#2967)
- Support for global typings in extensions (#2992)
- Typings for class component state attribute (#2995)
- Custom colorising with CSS custom properties (#3001)
- Theme Extender to allow overriding LESS files (#3008)
- Update lastSeenAt when authenticating via API (#3058)
- NoJs Admin View (#3059)
- Preload FontAwesome, JS and CSS, and add
preload
extender (#3057)
Changed
- Move Day.js plugin types import to global typings (#2954)
- Avoid resolving excluded middleware on each middleware items
- Allow extra attrs provided to
<Select>
to be passed through to the DOM element (#2959) - Limit height of code blocks (#3012)
- Update normalize.css from v3.0.2 to v8.0.1 (#3015)
- Permission Grid: stick the headers to handle a lot of tags (#2887)
- Use
ItemList
forDiscussionPage
content (#3004) - Move email confirmation to POST request (#3038)
- Minor CSS code cleanup (#3026)
- Replace username with display name in more places (#3040)
- Rewrite Button to Typescript (#2984)
- Rewrite AdminPage abstract component into Typescript (#2996)
- Allow adding page parameters to PaginatedListState (#2935)
- Pass filter params to getApiDocument (#3037)
- Use author filter instead of gambit to get a user's discussions (#3068)
- [A11Y] Accessibility improvements for the Search component (#3017)
- Add determinsm to extension order resolution (#3076)
- Add cache control headers to the admin area (#3097)
Fixed
- HLJS 11 new styles resulting in double padding (#2909)
- Internal API client attempting to load an uninstantiated session
- Empty post footer taking visual space (#2926)
- Unrecognized component class custom attribute typings (#2962)
- User edit groups permission not visually depending on view hidden groups permission (#2880)
- Event post excerpt preview triggers error (#2964)
- Missing settings defaults for display name driver and User slug driver (#2971)
- [A11Y] Icons not hidden from screenreaders (#3027)
- [A11Y] Checkboxes not focusable (#3014)
- Uploading ICO favicons resulting in server errors (#2949)
- Missing proper validation for large avatar upload payload (#3042)
- [A11Y] Missing focus rings in control elements (#3016)
- Unsanitised integer query parameters (#3064)
Code Contributors
@lhsazevedo, @Ornanovitch, @pierres, @the-turk, @iPurpl3x
Issue Reporters
@uamv, @dannyuk1982, @BurnNoticeSpy, @haarp, @PeopleInside, @matteocontrini
v1.0.4
v1.0.3
Changed
- Removed [forum] prefix from Request Password and Email Confirmation emails (a4a81c0)
- Adopt huntr.dev for handling our security vulnerability reports (#2918)
- Maintenance handler can now be replaced through the service container (ioc) (4acff91)
- The colors on the auto generated avatars are now based on the Display Name of the user (#2873)
Fixed
v1.0.2
Fixed
- Critical XSS vulnerability (GHSA-5qjq-69w6-fg57 / CVE-2021-32671)
v1.0.1
v1.0.0
Added
- Task scheduling
load()
method onApiController
extender to allow eager loading of relations (#2724)- Installation supports enabling a set of extensions (#2757)
- RequestUtil helper class added to abstract the logic of the actor, session, locale and route name from the request (#2449)
- Code scanning action with GitHub CodeQL (#2744)
- The Formatter extender now has an
unparse
method to allow extensions to hook into the unparsing of content (#2780) - A Filesystem extender allows direct modification and addition of filesystem disks (#2732)
- A slug driver based on the User ID was introduced (#2787)
- An extensible users list was added to the admin area (#2626)
- Headers hardened by adding Referer Policy, Xss Protection and Content type (#2721)
- Tooltip component (#2843)
- Moved
insertText
andstyleSelectedText
from markdown to core (#2826) - A squashed database schema install dump to speed up new installs (#2842)
- Pagination in the canonical URL for discussion pages (#2853)
- PaginatedListState for the DiscussionList and to support paginated lists in the frontend (#2781)
- Introduce the new webpack config and flarum-tsconfig for typehinting (#2856)
Changed
- Now tracking bundle sizes to keep an eye on web performance (#2695)
- Eager load relations on ListPostsController to improve performance (#2717)
- Replace classList with clsx library (#2760)
- Replaced the javascript based loading spinner with a pure CSS version (#2764)
- Route names now have to be unique (#2771)
- ActorReference is now available from the error handler middleware (#2410)
- The
migrations
table now has an Auto Increment ID (#2794) - Assets and avatars are now managed using Laravel filesystem disks (#2729)
- Extracted asset publishing (
php flarum assets:publish
) from migrating (#2731) - Assets were compiled in the format
<asset>-<revision>.<js|css>
, this is now<asset>.<js|css>?v=<revision>
(#2805) - The powered by header can now be configured in the config under
headers
(#2777) - Switched to the ICU format for translation files (#2759)
- Allow extend and override to apply to multiple methods in one call
- Notifications dropdown and list refactored (#2822)
- Updated validation locale strings based on Laravel 8 changes (#2829)
- Caching of permissions is now taken care of centrally, reducing code duplication (#2832)
- Replaced lodash-es by throttle-debounce to reduce bundle size (#2827)
- Internal API requests are now executed through middleware (#2783)
- Permission changes:
viewDiscussions
toviewForum
andviewUserList
tosearchUsers
(#2854)
Fixes
- Javascript is shown when editing the title of a discussion (#2693)
- Canonical url logic uses request object which causes wrong URL's when a different page is default (#2674)
- Dropdown toggle has no aria label (#2668)
- Nav drawer is focusable when off-screen on small viewports (#2666)
- Search input has no aria-label and no role (#2669)
- Code duplication exists between SendConfirmationEmailController and AccountActivationMailer (#2493)
- When setting tags as homepage default, visiting a tag will show all posts (#2754)
- Locale cache is cleared twice when cache clearing (#2738)
- When cache clearing fails an exception can be thrown due to a partial flush (#2756)
- Database migrations rely on MyISAM even though the eventual migrated database does not use it (#2442)
- Discussion search result is not sorted by relevance by default (#2773)
- Extensions cannot register custom searcher classes (#2755)
- Searching discussion titles is not possible (#2698)
- Boot errors due to failing extenders throw a generic error (#2740)
- Required argument to
Component.$()
isn't really required (#2844) - Component does not allows use of all mithril lifecycle functionality (#2847)
Removed
v0.1.0-beta.16
Added
- Allow event subscribers (#2535)
- Allow Settings extender to have a default value (#2495)
- Allow hooking into the sending of notifications before being send (#2533)
- PHP 8 support (#2507)
- Search extender (#2483)
- User badges to post preview (#2555)
- Optional extension dependencies allow a booting order (#2579)
- Auth extender (#2176)
X-Powered-By
header added to allow indexers easier data aggregation of Flarum adoption (#2618)
Changed
- Run integration tests in transaction (#2304)
- Allow policies to return a boolean for simplified allow/deny (#2534)
- Converted highlight helper to typescript (#2532)
- Add accessibility attributes to Mark as Read button (#2564)
- Dismiss errors on change email modal upon a new request (00913d5)
- Disabled extensions now are marked with a red circle instead of a red dot (#2562)
- Extension dependency errors now show the extension title instead of the ID (#2563)
- Change
mutate
method on ApiSerializer extender toattributes
(#2578) - Moved locale files to the core from the language pack (#2408)
- AdminPage extensibility and generic improvements (#2593)
- Remove entry of authors, link to https://flarum.org/team (#2625)
- Search and filtering are split (#2454)
- Move IP identification into a middleware (#2624)
- Editor Driver abstraction introduced (#2594)
- Allow overriding routes (#2577)
- Split user edit permissions into permissions for editing of user credentials, username, groups and suspending (#2620)
- Reduced number of admin extension categories (#2604)
- Move search related classes to a dedicated Query namespace (#2645)
- Rewrite common helpers into typescript (#2541)
TextEditor
is moved to the common namespace for use in the admin frontend (#2649)- Update Laravel/Illuminate components to 8 (#2576)
- Eager load relations in discussion listing to improve performance (#2639)
- Adopt flarum/testing package (#2545)
- Replace
user
gambit withauthor
gambit (612a57c) - Posts page of on user profile loads posts using username instead of id (30017ee)
Fixed
- Transform css breaks iOS scroll functionality (#2527)
- Composer header is hidden on mobile devices (#2279)
- Cannot delete a post or discussion of a deleted user (#2521)
- DiscussionListPane jumps around not keeping the scroll position (#2402)
- Infinite scroll on notifications dropdown broken (#2524)
- The show language selector switch remains toggled on (9347b12)
- Model Visibility extender throws exception on extensions that aren't installed or enabled (#2580)
- Extensions are marked as enabled when enabling fails to unmet extension dependencies (#2558)
- Routes to admin extension pages without a valid ID break the admin page (#2584)
- Disabled fieldset use an incorrect CSS property
disallowed
(#2585) - Scrolling to a post that is already loaded the Load More button shows and does not trigger (#2388)
- Opening discussions on some mobile devices require a double tap (#2607)
- iOS devices show erratic behavior in the post stream while updating (#2548)
- Small mobile screens partially hides the composer when the keyboard is open (#2631)
- Clearing cache does not clear the template cache in storage/views (#2648)
- Boot errors show critical information (#2633)
- List user endpoint discloses last online even if user choose against it (#2634)
- Group gambit disclosed hidden groups (#2657)
- Search results on small windows not fully visible (#2650)
- Composer goes off screen on Safari when starting to type (#2660)
- A search that has no results shows the search results dropdown (b88a7cb)
- The composer modal moves around when typing on Safari (a64c398)
Removed
- Deprecated CSRF wildcard path match
- Deprecated policy and visibility scoping events
- Deprecated post types event
- Deprecated validation events
- Deprecated notification events
- Deprecated floodgate
- Deprecated user preferences event
- Deprecated formatting events
- Deprecated api events
- Deprecated bootstrap.php support
- PHP 7.2 support (#2507)
- Bidi attribute in the rendered HTML (#2602)
AccessToken::find
, useAccessToken::findValid
instead (#2651)
Deprecated
GetModelIsPrivate
event (#2587)CheckingPassword
event (#2176)event()
helper (#2608)AccessToken::generate
argument$lifetime
(#2651)Rememberer::remember
argument$token
should receive an instance ofRememberAccessToken
withAccessToken
being deprecated (#2651)Rememberer::rememberUser
(#2651)SessionAuthenticator::logIn
argument$userId
, should be replaced withAccessToken
(#2651)TextEditor
has been moved tocommon
(#2649)UserFilter
(91e8b56)