Skip to content

Latest commit

 

History

History
1039 lines (927 loc) · 75.7 KB

CHANGELOG.md

File metadata and controls

1039 lines (927 loc) · 75.7 KB

Changelog

Fixed

  • recover temporary solution for html entities in browser title (e72541e35de4f71f9d870bbd9bb46ddf586bdf1d)
  • custom contrast color affected by parents (577890d89c593ae5b6cb96083fab69e2f1ae600c)
  • reply placeholder wrong positioning (253a3d281dbf5ce3fa712b629b80587cf67e7dbe)

Fixed

  • (a11y) reply placeholder not accessible [#3793]
  • (bbcode) highlight.js does not work after changing post content [#3817]
  • (bbcode) localize quote wrote string [#3809]
  • (mentions) mentions XHR fired even after mentioning is done [#3806]
  • (package-manager) available core updates cause an error in the dashboard (fab71f2)
  • (tags) not all tags are loaded in the permission grid [#3804]
  • (tags) tag discussion modal filters with exact matches only after first index [#3786]
  • (testing) always clear cache in integration test's tearDown [#3818]
  • UserSecurityPage not exported (232618a)
  • isDark() utility can receive null value [#3774]
  • approving a post does not bump user comment_count [#3790]
  • circular dependencies disable all involved extensions [#3785]
  • color input overflowing the input box [#3796]
  • deleting a discussion from the profile does not visually remove it [#3799]
  • discussion page showing horizontal scroll on iOS [#3821]
  • empty string displayed as SelectDropdown title [#3773]
  • filter values are not validated [#3795]
  • infinite scroll not initialized for notifications on big screens [#3733]
  • notification subject discussion eager loading fails [#3788]
  • null as 2nd param in preg_match is deprecated [#3801]
  • unread count in post stream not visible [#3791]
  • unreadable badge icon on certain colors [#3810]
  • integrity constraint violation [#3772]

Changed

  • (core,mentions) limit mentionedBy post relation results [#3780]
  • (likes) limit likes relationship results [#3781]
  • Change some methods from private to protected, to be able to extend the affected classes [#3802]
  • Do not catch exceptions when testing Console commands [#3813]
  • drop usage of jquery in install and update interfaces [#3797]
  • extensibility improvements [#3729]
  • major frontend JS cleanup [#3609]
  • revert ineffective code for encoding of page title [#3768]
  • speed up post creation time [#3808]

Added

  • (mentions,tags) tag mentions [#3769]
  • add delete own posts permission [#3784]
  • add a trait to flush the formatter cache in tests [#3811]
  • add user creation to users list page [#3744]
  • cli command for enabling or disabling an extension [#3816]
  • conditional extenders [#3759]
  • provide old content to Revised event [#3789]

Fixed

  • (tags) composer tag selection modal using wrong primary max & min numbers (abc9670659426b765274376945b818b70d84848c)
  • missing parameter names in token title translation. (#3752)
  • hardcoded language strings in StatusWidget (#3754)
  • hide developer tokens section in if there is nothing to display or create (#3753)
  • improve sessions user UI on mobile (dd868ab44e11e892d020e3b9412553c6a789e68d)

Added

  • (actions) allow running JS tests in GH actions [#3730]
  • (core) PHP 8.2 Support [#3709]
  • (jest) create jest config package for unit testing [#3678]
  • (jest) mithril component testing [#3679]
  • (phpstan) foundation for usage in extensions [#3666]
  • (seo) Do not use h3 header for poster author in posts stream [#3732]
  • (seo) Use h2 header for discussions on discussions list [#3731]
  • (seo) shift h1 tag from logo to discussion title [#3724]
  • (tags) admin tag selection component (reusable tag selection modal) [#3686]
  • Admin User Search [#3712]
  • access tokens user management UI [#3587]
  • add display name column to admin users list [#3740]
  • allow push additional items to the end of the poststream [#3691]
  • allow using utf8 characters in tag slugs [#3588]
  • expose queue driver, schedule status [#3593]
  • expose {time} to eventPost data, fix renamed tooltip [#3698]
  • frontend Model extender [#3646]
  • global logout to clear all sessions, access tokens, email tokens and password tokens [#3605]
  • improved page navigation for users list [#3741]
  • introduce frontend extenders [#3645]

Fixed

  • (mentions) correctly convert a 3 char. hex color to a 6 char. one [#3694]
  • (mentions) post reply mention missing notification on approval [#3738]
  • (phpstan) adapt phpstan package for extension use [#3727]
  • (tags) clickable tag labels have underline [#3737]
  • (tags) tag text color contrast [#3653]
  • 3 digit hex color value in color input not supported [#3706]
  • column id can be ambiguous in group filter with extensions [#3696]
  • disallow certain dangerous LESS features (1761660)
  • evaluated page title content [#3684]
  • invalid translation key for scheduler dashboard [#3736]
  • load actor.groups on showforumcontroller [#3716]
  • make go-to-page input number-like [#3743]
  • normal logout affects all sessions [#3571]
  • permissions table on mobile is unusable [#3722]
  • post dropdown opens all dropdowns in .Post-actions [#3675]
  • typo in Formatter extender docblock [#3676]
  • undefined showing in dropdown active title [#3700]

Changed

  • (phpstan) enable phpstan in bundled extensions [#3667]
  • Add missing states exports to compat.ts [#3683]
  • Indicate cross-origin request in generic error message [#3669]
  • Merge branch 'release/v1.6.2' (e0b9dcf)
  • The negate field doesn't get used, which means you cant exclude tags [#3713]
  • Update forum.less to fix the misalignment of the choose tags button [#3726]
  • yarn audit-fix (8ddb0fe)
  • yarn (ee1e04c)
  • convert Dropdown components to TS [#3608]
  • fix php 8.1 on preg_match 2nd argument being null, which also optimizes slightly (d7b9a03)
  • improve group mentions parsing [#3723]
  • prepare @flarum/jest-config for release (748cca6)
  • remove use of deprecated phpunit assertion (3af0481)
  • set flarum version to 1.7.0 for dev (2517bc0)
  • update JS dependencies [#3695]

Fixed

  • Post mentions can be used to read any post on the forum without access control (ab1c868b978e8b0d09a5d682c54665dae17d0985).
  • Notifications can leak restricted content (d0a2b95dca57d3dae9a0d77b610b1cb1d0b1766a).
  • Any user including unactivated can reply in public discussions whose first post was permanently deleted (12f14112a0ecd1484d97330b82beb2a145919015).
  • (subscriptions) Post notifications not getting access checked (https://github.com/flarum/framework/commit/e5f05166a062a9a6eb7c12e28728bfd5db7270e3).

Fixed

  • XSS Vulnerability in core (#3684).

Fixed

  • JS dependencies update breaks utilities.

Fixed

  • (approval) posts approved for deleted users error (b5874a0)
  • (regression) bad import (5f2d7fb)
  • akismet fails when the extension is not on a version (45d9121)
  • apply flex for AppearancePage colors input [#3651]
  • groupmentions have poor contrast on some backgrounds [#3672]
  • larastan v1 incompatible with phpstan v1.9.0 [#3665]
  • package manager failures not showing alerts [#3647]
  • password reset leaks user existence [#3616]
  • statistics previous period chart is unclear [#3654]

Changed

  • (package-manager) config composer to use web php version (fd19645)
  • (package-manager) set min core version and add warning (31c3cfc)
  • (statistics) prepare v1.5.1 (dc215ab)
  • Apply fixes from StyleCI (267f675)
  • Fix tag discussion count decreased by 2 when hiding before deleting [#3660]
  • Log migration path when up/down keys are missing [#3664]
  • Make it possible to extend SetupScript [#3643]
  • Setup PHPStan Level 5 [#3553]
  • yarn format (c5c312d)
  • add missing last period to custom date ranges [#3661]
  • add priorities to profile settings page [#3657]
  • allow specifying php extensions in workflow (b0b47a0)
  • format js (06963df)
  • group mentions [#3658]
  • remove styleci from changelog (b2fa28e)
  • set flarum version to dev for 1.6.0 (fc743ba)
  • throw an exception when no serializer is provided to the controller [#3614]

Added

  • (statistics) support for custom date ranges [#3622]
  • Allow additional login params, Introduce LogInValidator [#3670]
  • Allow additional reset password params, introduce ForgotPasswordValidator [#3671]
  • add statistics chart export button [#3662]
  • allow specifying extensions when installing an instance [#3655]
  • contrast util with yiq calculator [#3652]
  • customizable session driver [#3610]
  • replace ColorPreviewInput for GroupModal color input [#3650]
  • send notifications of a new reply when post is approved [#3656]

Fixed

  • (a11y) add accessible labels to notification grid options [#3520]
  • (a11y) present post streams as feeds [#3522]
  • (a11y) set aria-busy when editing a post stream item [#3521]
  • (compilation) versioner not inject into compilers [#3589]
  • (mentions) accessing id of null user relation [#3618]
  • (subscriptions) add missing table prefix for filter gambit [#3599]
  • (tags) use default index sortmap [#3615]
  • Move guzzle requirement to core [#3544]
  • MyISAM tables for extensions during installation (75aaef7, f926c58)
  • Set the translator locale to user preference for email notifications [#3525]
  • $events property declared dynamically [#3598]
  • core settings header has no priority (33bf228)
  • html entities shown raw in page title [#3542]
  • incorrect centring of deleted user avatars in notification list [#3569]
  • intellisense imports defaulting to absolute path from src folder [#3549]
  • minor backward compatible fix for php 8.1 in st_replace (07b2f86)
  • post query wildcard selection causes ambiguity [#3621]
  • potential static caching memory exhaustion [#3548]
  • prepare release workflow has invalid layout (70e483d)
  • remove deprecation warning for decoding null values (590639f)
  • replace .fa() mixin usage with .fas() [#3537]
  • return type hint static is php 8+ (b01b75e)
  • sticky nav content displays below post stream [#3575]
  • titles positioned wrongly with custom header height [#3550]
  • typo in error message (1a189f4)
  • unread notifications are globally cached between users. [#3543]
  • update workflow name (628c281)
  • user has wrong discussion read status [#3591]

Changed

  • (approval, likes) use subscribers [#3577]
  • (package-manager) last tweaks before beta tag (335c602)
  • (statistics) add release notes for 1.4.1 (f4ace73)
  • (statistics) rewrite for performance on very large communities [#3531]
  • (statistics) split timed data into per-model XHR requests [#3601]
  • (tags) Replace event helper with event dispatcher [#3570]
  • Add loading="lazy" attribute for avatars [#3578]
  • Create CODEOWNERS (6e48a03)
  • MyISAM tables for extensions during installation" (f128190)
  • convert AlertManager IndexPage and UserPage components to TS [#3536]
  • convert Badge Checkbox and Navigation components to TS [#3532]
  • convert core modals to TypeScript [#3515]
  • convert page components to TypeScript [#3538]
  • debug line slipped in while rebasing a PR [#3580]
  • don't pass password field between auth modals [#3626]
  • fix github issue templates (d3e456a)
  • format code (4954621)
  • getting the release workflow in (5530400)
  • link logo at the top with the official website [#3552]
  • prevent running both push and pull_request actions at the same time [#3597]
  • refactor prefix matrix and add MySQL 8.0 & PHP 7.3 to workflows [#3595]
  • relying on a third-party for avatar URL tests is unreliable [#3586]
  • require guzzle 6 or 7 (46b3b7a)
  • split FA imports into separate Less file for easy overriding [#3535]
  • unify JS actions into one (rewritten flarum/action-build) [#3573]
  • update version constant during cycle 22 (d864405)
  • use isCollapsed instead of rangeCount [#3581]
  • use github issue template forms [#3526]

Added

  • (likes) Add likes tab to user profile [#3528]
  • (likes) Option to prevent users liking their own posts [#3534]
  • (modals) support stacking modals, remove bootstrap modals dependency [#3456]
  • (subscriptions) add option to send notifications when not caught up [#3503]
  • Add custom class for email confirmation alert [#3584]
  • Admin debug mode warning [#3590]
  • Delete all notifications [#3529]
  • Queue package manager commands [#3418]
  • Restart the queue worker after cache clearing, ext enable/disable, save settings [#3565]
  • add createTableIfNotExists migration helper [#3576]
  • add new workflow for generating release meta (0901e59)
  • clear password & email tokens when appropriate [#3567]
  • discussion UTF-8 slug driver [#3606]
  • expose assets base url to frontend forum model [#3566]
  • extender to add custom less variables [#3530]
  • publish assets on admin dashboard cache clear [#3564]
  • throttle email change, email confirmation, and password reset endpoints. [#3555]

Added

  • created_at and updated_at columns added to several tables (#3435)
  • Priorities added to AdminNav links (#3453)
  • app.translator allows retrieving and setting locale (#3451)
  • Extensions can now declare custom settings components for use with buildSettingComponent (#3494)
  • Implement extensibility on rel and target attributes on links (#3455)
  • New backend tests were added to some of the bundled extensions (#3508)

Changed

  • Split boot script for Flarum in HTML footer into two parts for CSP hashing (#3461)
  • Split asset compilation by giving assembling compilers its own method (#3446)
  • Increase visibility of Component typescript class for better extensibility (#3437)

Fixed

  • Mentioning an event post breaks the notification dropdown (#3493)
  • Suspension modal shows after suspension is over (#3449)
  • CLI based installations don't exit with an error code on failure (#3452)
  • Tabbing through dropdown controls doesn't make them visible (#3450)
  • Requiring zero tags on new discussions forces the user to select tags (#3448)
  • Long topic titles in the notification list don't overflow (#3500)
  • Subtags of tags the user has access to are visible even if these are not accessible (#3419)
  • assertAdmin tests access based on wrong gate ability (#3501)
  • Increasing the composer header size causes elements to slip underneath (#3502)
  • The profile mentions tab errors when sorting by created_at (#3506)

Changed

  • UserCard now has ItemList for easier extending (#3436)

Fixed

From v1.2.1 on all bundled Flarum extensions and flarum/core are merged into one monorepo. As a result of this, the full code diff linked above looks rather complex and messy compared to the full list of changes made for this release.

Added

Changed

  • Post number calculation is now executed inside the database layer, preventing integrity constraints (#3358)
  • Errors from within extensions no longer make Flarum crash but trigger a visible warning (#3349)
  • Sorting options for discussion index is now extensible (#3377)
  • Event listeners from the framework now are added before those of extensions (#3373)

Fixed

  • Typings and missing typescript components (#3348)
  • Post--by-start-user CSS class is not added to post html (#3356)
  • Timestamps for notifications are incorrect on servers that have a timezone different than UTC (#3379)
  • Extensions with dependencies that are enabled do not cause dependencies to be enforced (#3352)
  • Search using non-words doesn't work (#3385)
  • Slugs are not working for other languages than English (#3387)
  • Deprecations are triggered on PHP 8.1 (#3384)
  • Post permalink for subdirectory installs have duplicate paths segments (#3354)
  • Composer discussion title is not always clearly visible (#3413)
  • Mentions: extensions re-using mentions can cause errors due to missing context (#3382)
  • Tags: tag selection modal errors on new discussions when pressing down (#3403)
  • [A11Y] Tags: focus to input and layout of tag selection modal are off (#3412)
  • Subscriptions: searching inside the following page will search in all discussions (#3376)

Fixed

  • Don't escape single quotes in discussion title meta tags (60600f4d2b8f0c5dac94c329041427a0a08fad42)

Added

  • View README documentation in extension pages (#3094).
  • Declare & Use CSS Custom Properties (#3146).
  • Lazy draw dropdowns to improve performance (#2925).
  • Default Settings Extender (#3127).
  • Add textarea setting type to admin pages (#3141).
  • Allow registering settings as Less config vars through Settings Extender (#3011).
  • Allow replacing of blade template namespaces via extender (#3167).
  • Update to Webpack 5 (#3135).
  • Introduce Less custom function extender with a is-extension-enabled function (#3190).
  • Support for few in ICU Message syntax (#3122).
  • ES6 local support for number formatting (#3099).
  • Added dedicated endpoint for retrieving single groups (#3084).
  • Callback loadWhere relation eager loading extender (#3116).
  • Extensible document title driver implementation (#3109).
  • Type checks, typescript coverage GH action (#3136).
  • Add color indicator in appearance admin page instead of validating colors (#3140).
  • Add typing files for our translator libraries (#3175).
  • StatusWidget tools extensibility (#3189).
  • Allow switching the ImageManager driver (#3195).
  • Events for notification read/all read actions (#3203).

Changed

  • Testing with php8.1 (#3102).
  • Migrate fully to Yarn (#3155).
  • Handle post rendering errors to avoid crashes (#3061).
  • Added basic filtering, sorting, and pagination to groups endpoint (#3084).
  • Pass IP address to API Client pipeline (#3124).
  • Rename Extension Page "Uninstall" to "Purge" (#3123).
  • [A11Y] Improve accessibility for discussion reply count on post stream (#3090).
  • Improved post loading support (#3100).
  • Rewrite SubtreeRetainer into Typescript (#3137).
  • Rewrite ModalManager and state to Typescript (#3007).
  • Rewrite frontend application files to Typescript (#3006).
  • Allow extensions to modify the minimum search length in the Search component (#3130).
  • Allow use of any tag in listItems helper (#3147).
  • Replace for ... in with Array.reduce (#3149).
  • Page title format is now implemented through translations (#3077, #3228)
  • Add aria-label attribute to the navigation drawer button (#3157).
  • Convert extend util to TypeScript (#2928).
  • Better typings for DiscussionListState (#3132).
  • Rewrite ItemList, update ItemList typings (#3005).
  • Add priority order to discussion page controls (#3165).
  • Use @php in Blade templates (#3172).
  • Convert some common classes/utils to TS (#2929).
  • Convert routes to Typescript (#3177).
  • Move admin colorItems to an ItemList (#3186).
  • Centralize pagination/canonical meta URL generation in Document (#3077).
  • Use revision versioner to allow custom asset versioning (#3183).
  • Split up application error handling (#3184).
  • Make SlugManager available to blade template (#3194).
  • Convert models to TS (#3174).
  • Allow loading relations in other discussion endpoints (#3191).
  • Improve selected text stylization (#2961).
  • Extract notification primaryControl items to an ItemList (#3204).
  • Frontend code housekeeping (#3214, #3213).
  • Only retain scroll position if coming from discussion (#3229).
  • Use aria-live regions to focus screenreader attention on alerts as they appear (#3237).
  • Prevent unwarranted a11y warnings on custom Button subclasses (#3238).

Fixed

  • Missing locale text in the user editing modal (#3093).
  • Dashes in table prefix prevent installation (#3089).
  • Missing autocomplete attributes to input fields (#3088).
  • Missing route parameters throwing an error (#3118).
  • Mail settings select component never used (#3120).
  • White avatar image throws javascript errors on the profile page (#3119).
  • Unformatted avatar upload validation errors (#2946).
  • Webkit input clear button shows up with the custom one (#3128).
  • Media query breakpoints conflict with Windows display scaling (#3139).
  • typeof this not recognized by some IDEs (#3142).
  • Model.save() cannot save null hasOne relationship (#3131).
  • Edit post until reply policy broken on PHP 8 (#3145).
  • Inaccurate Component.component argument typings (#3148).
  • Scrolling notification list infinitely repeats (#3159).
  • Argument for INFO constant was assigned to maxfiles argument incorrectly (bfd81a83cfd0fa8125395a147ff0c9ce622f38e3).
  • Activated event is sent every time an email is confirmed instead of just once (#3163).
  • [A11Y] Modal close button missing accessible label (#3161).
  • [A11Y] Auth modal inputs missing accessible labels (#3207).
  • [A11Y] Triggering click on drawer button can cause layered backdrops (#3018).
  • [A11Y] Focus can leave open nav drawer on mobile (#3018).
  • [A11Y] Post action items not showing when focus is within the post (#3173).
  • [A11Y] Missing accessible label for alert dismiss button (#3237).
  • Error accessing the forum after saving a setting with more than 65k characters (#3162).
  • Cannot restart queue from within (#3166).
  • Post--by-actor not showing when comparing user instances (#3170).
  • Incorrect typings for Modal hide() method (#3180).
  • Avatar Upload throws errors with correct mimetype and incorrect extension (#3181).
  • Clicking the dropdown button on a post opens all dropdowns in Post-actions (#3185).
  • getPlainContent() causes external content to be fetched (#3193).
  • listItems not accepting all Mithril.Children (#3176).
  • Notifications mark as read option updates all notifications including the read ones (#3202).
  • Post meta permalink not properly generated (#3216).
  • Broken contribution link in README (#3211).
  • WelcomeHero is displayed when content is empty (#3219).
  • last_activity_at, last_seen_at updated on all API requests (#3231).
  • RememberMe access token updated twice in API requests (#3233).
  • Error in funding item in composer.json bricks the frontend (#3239).
  • Escaped quotes in window title (#3264)
  • schedule:list command fails due to missing timezone configuration.

Deprecated

  • Unused evented utility (#3125).

Fixed

  • Performance issue with very large communities.

Added

  • Info command now displays MySQL version, queue driver, mail driver (#2991)
  • Use organization Prettier config (#2967)
  • Support for global typings in extensions (#2992)
  • Typings for class component state attribute (#2995)
  • Custom colorising with CSS custom properties (#3001)
  • Theme Extender to allow overriding LESS files (#3008)
  • Update lastSeenAt when authenticating via API (#3058)
  • NoJs Admin View (#3059)
  • Preload FontAwesome, JS and CSS, and add preload extender (#3057)

Changed

  • Move Day.js plugin types import to global typings (#2954)
  • Avoid resolving excluded middleware on each middleware items
  • Allow extra attrs provided to <Select> to be passed through to the DOM element (#2959)
  • Limit height of code blocks (#3012)
  • Update normalize.css from v3.0.2 to v8.0.1 (#3015)
  • Permission Grid: stick the headers to handle a lot of tags (#2887)
  • Use ItemList for DiscussionPage content (#3004)
  • Move email confirmation to POST request (#3038)
  • Minor CSS code cleanup (#3026)
  • Replace username with display name in more places (#3040)
  • Rewrite Button to Typescript (#2984)
  • Rewrite AdminPage abstract component into Typescript (#2996)
  • Allow adding page parameters to PaginatedListState (#2935)
  • Pass filter params to getApiDocument (#3037)
  • Use author filter instead of gambit to get a user's discussions (#3068)
  • [A11Y] Accessibility improvements for the Search component (#3017)
  • Add determinsm to extension order resolution (#3076)
  • Add cache control headers to the admin area (#3097)

Fixed

  • HLJS 11 new styles resulting in double padding (#2909)
  • Internal API client attempting to load an uninstantiated session
  • Empty post footer taking visual space (#2926)
  • Unrecognized component class custom attribute typings (#2962)
  • User edit groups permission not visually depending on view hidden groups permission (#2880)
  • Event post excerpt preview triggers error (#2964)
  • Missing settings defaults for display name driver and User slug driver (#2971)
  • [A11Y] Icons not hidden from screenreaders (#3027)
  • [A11Y] Checkboxes not focusable (#3014)
  • Uploading ICO favicons resulting in server errors (#2949)
  • Missing proper validation for large avatar upload payload (#3042)
  • [A11Y] Missing focus rings in control elements (#3016)
  • Unsanitised integer query parameters (#3064)
Code Contributors

@lhsazevedo, @Ornanovitch, @pierres, @the-turk, @iPurpl3x

Issue Reporters

@uamv, @dannyuk1982, @BurnNoticeSpy, @haarp, @peopleinside, @matteocontrini

Fixed

  • Upgrade to v1.0 resets the "view" permission on all tags (#2941)

Changed

  • Removed [forum] prefix from Request Password and Email Confirmation emails (a4a81c0)
  • Adopt huntr.dev for handling our security vulnerability reports (#2918)
  • Maintenance handler can now be replaced through the service container (ioc) (4acff91)
  • The colors on the auto generated avatars are now based on the Display Name of the user (#2873)

Fixed

  • Avatar in notifications list are incorrectly aligned (#2906)
  • FilesystemManager is not compatible with upstream Laravel implementation (#2936)

Fixed

  • Critical XSS vulnerability

Fixed

  • Installation fails on environments without proc_* functions enabled or mysql client binary (#2890)

Added

  • Task scheduling
  • load() method on ApiController extender to allow eager loading of relations (#2724)
  • Installation supports enabling a set of extensions (#2757)
  • RequestUtil helper class added to abstract the logic of the actor, session, locale and route name from the request (#2449)
  • Code scanning action with GitHub CodeQL (#2744)
  • The Formatter extender now has an unparse method to allow extensions to hook into the unparsing of content (#2780)
  • A Filesystem extender allows direct modification and addition of filesystem disks (#2732)
  • A slug driver based on the User ID was introduced (#2787)
  • An extensible users list was added to the admin area (#2626)
  • Headers hardened by adding Referer Policy, Xss Protection and Content type (#2721)
  • Tooltip component (#2843)
  • Moved insertText and styleSelectedText from markdown to core (#2826)
  • A squashed database schema install dump to speed up new installs (#2842)
  • Pagination in the canonical URL for discussion pages (#2853)
  • PaginatedListState for the DiscussionList and to support paginated lists in the frontend (#2781)
  • Introduce the new webpack config and flarum-tsconfig for typehinting (#2856)

Changed

  • Now tracking bundle sizes to keep an eye on web performance (#2695)
  • Eager load relations on ListPostsController to improve performance (#2717)
  • Replace classList with clsx library (#2760)
  • Replaced the javascript based loading spinner with a pure CSS version (#2764)
  • Route names now have to be unique (#2771)
  • ActorReference is now available from the error handler middleware (#2410)
  • The migrations table now has an Auto Increment ID (#2794)
  • Assets and avatars are now managed using Laravel filesystem disks (#2729)
  • Extracted asset publishing (php flarum assets:publish) from migrating (#2731)
  • Assets were compiled in the format <asset>-<revision>.<js|css>, this is now <asset>.<js|css>?v=<revision> (#2805)
  • The powered by header can now be configured in the config under headers (#2777)
  • Switched to the ICU format for translation files (#2759)
  • Allow extend and override to apply to multiple methods in one call
  • Notifications dropdown and list refactored (#2822)
  • Updated validation locale strings based on Laravel 8 changes (#2829)
  • Caching of permissions is now taken care of centrally, reducing code duplication (#2832)
  • Replaced lodash-es by throttle-debounce to reduce bundle size (#2827)
  • Internal API requests are now executed through middleware (#2783)
  • Permission changes: viewDiscussions to viewForum and viewUserList to searchUsers (#2854)

Fixes

  • Javascript is shown when editing the title of a discussion (#2693)
  • Canonical url logic uses request object which causes wrong URL's when a different page is default (#2674)
  • Dropdown toggle has no aria label (#2668)
  • Nav drawer is focusable when off-screen on small viewports (#2666)
  • Search input has no aria-label and no role (#2669)
  • Code duplication exists between SendConfirmationEmailController and AccountActivationMailer (#2493)
  • When setting tags as homepage default, visiting a tag will show all posts (#2754)
  • Locale cache is cleared twice when cache clearing (#2738)
  • When cache clearing fails an exception can be thrown due to a partial flush (#2756)
  • Database migrations rely on MyISAM even though the eventual migrated database does not use it (#2442)
  • Discussion search result is not sorted by relevance by default (#2773)
  • Extensions cannot register custom searcher classes (#2755)
  • Searching discussion titles is not possible (#2698)
  • Boot errors due to failing extenders throw a generic error (#2740)
  • Required argument to Component.$() isn't really required (#2844)
  • Component does not allows use of all mithril lifecycle functionality (#2847)

Removed

  • The make:migration command has been removed (#2686)
  • Background fade on the header has been removed (#2685)
  • Remove vendor prefixes in less (#2766)
  • The session is no longer available from the User class (#2790)
  • The mail key is removed from the laravel related config (#2796)

Added

  • Allow event subscribers (#2535)
  • Allow Settings extender to have a default value (#2495)
  • Allow hooking into the sending of notifications before being send (#2533)
  • PHP 8 support (#2507)
  • Search extender (#2483)
  • User badges to post preview (#2555)
  • Optional extension dependencies allow a booting order (#2579)
  • Auth extender (#2176)
  • X-Powered-By header added to allow indexers easier data aggregation of Flarum adoption (#2618)

Changed

  • Run integration tests in transaction (#2304)
  • Allow policies to return a boolean for simplified allow/deny (#2534)
  • Converted highlight helper to typescript (#2532)
  • Add accessibility attributes to Mark as Read button (#2564)
  • Dismiss errors on change email modal upon a new request (00913d5)
  • Disabled extensions now are marked with a red circle instead of a red dot (#2562)
  • Extension dependency errors now show the extension title instead of the ID (#2563)
  • Change mutate method on ApiSerializer extender to attributes (#2578)
  • Moved locale files to the core from the language pack (#2408)
  • AdminPage extensibility and generic improvements (#2593)
  • Remove entry of authors, link to https://flarum.org/team (#2625)
  • Search and filtering are split (#2454)
  • Move IP identification into a middleware (#2624)
  • Editor Driver abstraction introduced (#2594)
  • Allow overriding routes (#2577)
  • Split user edit permissions into permissions for editing of user credentials, username, groups and suspending (#2620)
  • Reduced number of admin extension categories (#2604)
  • Move search related classes to a dedicated Query namespace (#2645)
  • Rewrite common helpers into typescript (#2541)
  • TextEditor is moved to the common namespace for use in the admin frontend (#2649)
  • Update Laravel/Illuminate components to 8 (#2576)
  • Eager load relations in discussion listing to improve performance (#2639)
  • Adopt flarum/testing package (#2545)
  • Replace user gambit with author gambit (612a57c)
  • Posts page of on user profile loads posts using username instead of id (30017ee)

Fixed

  • Transform css breaks iOS scroll functionality (#2527)
  • Composer header is hidden on mobile devices (#2279)
  • Cannot delete a post or discussion of a deleted user (#2521)
  • DiscussionListPane jumps around not keeping the scroll position (#2402)
  • Infinite scroll on notifications dropdown broken (#2524)
  • The show language selector switch remains toggled on (9347b12)
  • Model Visibility extender throws exception on extensions that aren't installed or enabled (#2580)
  • Extensions are marked as enabled when enabling fails to unmet extension dependencies (#2558)
  • Routes to admin extension pages without a valid ID break the admin page (#2584)
  • Disabled fieldset use an incorrect CSS property disallowed (#2585)
  • Scrolling to a post that is already loaded the Load More button shows and does not trigger (#2388)
  • Opening discussions on some mobile devices require a double tap (#2607)
  • iOS devices show erratic behavior in the post stream while updating (#2548)
  • Small mobile screens partially hides the composer when the keyboard is open (#2631)
  • Clearing cache does not clear the template cache in storage/views (#2648)
  • Boot errors show critical information (#2633)
  • List user endpoint discloses last online even if user choose against it (#2634)
  • Group gambit disclosed hidden groups (#2657)
  • Search results on small windows not fully visible (#2650)
  • Composer goes off screen on Safari when starting to type (#2660)
  • A search that has no results shows the search results dropdown (b88a7cb)
  • The composer modal moves around when typing on Safari (a64c398)

Removed

  • Deprecated CSRF wildcard path match
  • Deprecated policy and visibility scoping events
  • Deprecated post types event
  • Deprecated validation events
  • Deprecated notification events
  • Deprecated floodgate
  • Deprecated user preferences event
  • Deprecated formatting events
  • Deprecated api events
  • Deprecated bootstrap.php support
  • PHP 7.2 support (#2507)
  • Bidi attribute in the rendered HTML (#2602)
  • AccessToken::find, use AccessToken::findValid instead (#2651)

Deprecated

  • GetModelIsPrivate event (#2587)
  • CheckingPassword event (#2176)
  • event() helper (#2608)
  • AccessToken::generate argument $lifetime (#2651)
  • Rememberer::remember argument $token should receive an instance of RememberAccessToken with AccessToken being deprecated (#2651)
  • Rememberer::rememberUser (#2651)
  • SessionAuthenticator::logIn argument $userId, should be replaced with AccessToken (#2651)
  • TextEditor has been moved to common (#2649)
  • UserFilter (91e8b56)

Added

  • Slug drivers support (#2456).
  • Notification type extender (#2424).
  • Validation extender (#2102).
  • Post extender (#2101).
  • Notification channel extender (#2432).
  • Service provider extender (#2437).
  • API serializer extender (#2438).
  • User preferences extender (#2463).
  • Settings extender (#2452).
  • ApiController extender (#2451).
  • Model visibility extender (#2460).
  • Policy extender (#2461).

Changed

Fixed

Removed

  • MomentJS alias (#2428).
  • Deprecated user events GetDisplayName and PrepareUserGroups (#2428).
  • AssertPermissionTrait (#2428).
  • Path related helpers and methods in Application (#2428).
  • Backward compatibility layers from the frontend rewrite (#2428).

Deprecated

Fixed

  • SuperTextarea component is not exported.
  • Symfony dependencies do not match those depended on by Laravel (#2407).
  • Scripts from textformatter aren't executed (#2415)
  • Sub path installations have no page title.
  • Losing focus of Composer area when coming from fullscreen.

Added

  • Check dependencies before enabling / disabling extensions (#2188)
  • Set up temporary infrastructure for TypeScript in core (#2206)
  • Better UI for request error modals (#1929)
  • Display name extender, tests, frontend UI (#2174)
  • Scroll to post or show alert when editing a post from another page (#2108)
  • Feature to test email config by sending an email to the current user (#2023)
  • Allow searching users by group ID using the group gambit (#2192)
  • Use liveHumanTimes helper to update times without reload/rerender (#2208)
  • View extender, tests (#2134)
  • User extender to replace PrepareUserGroups (#2110)
  • Increase extensibility of skeleton PHP (#2308, #2318)
  • Pass a translator instance to getEmailSubject in MailableInterface (#2244)
  • Force LF line endings on windows (#2321)
  • Add a Link component for internal and external links (#2315)
  • ConfirmDocumentUnload component
  • Error handler middleware can now be manipulated by the middleware extender

Changed

  • Update to Mithril 2 (#2255)
  • Stop storing component instances (#1821, #2144)
  • Update to Laravel 6.x (#2055)
  • Flarum\Foundation\Application no longer implements Illuminate\Contracts\Foundation\Application (#2142)
  • Flarum\Foundation\Application no longer inherits Illuminate\Container\Container (#2142)
  • paths have been split off from Flarum\Foundation\Application into Flarum\Foundation\Paths, which can be injected where needed (#2142)
  • Flarum\User\Gate no longer implements Illuminate\Contracts\Auth\Access\Gate (#2181)
  • Improve Group Gambit performance (#2192)
  • Switch to dayjs from momentjs (#2219)
  • Don't create a bio column in users for new installations (#2215)
  • Start converting core JS to TypeScript (#2207)
  • Make Carbon an explicit dependency (https://github.com/flarum/framework/commit/3b39c212e0fef7522e7d541a9214ff3817138d5d)
  • Use Symfony's translator interface instead of Laravel's (#2243)
  • Use newer versions of fontawesome (#2274)
  • Use URL generator instead of app()->url() where possible (#2302)
  • Move config from config.php into an injectable helper class (#2271)
  • Use reserved TLD for bogus and test urls (https://github.com/flarum/framework/commit/6860b24b70bd04544dde90e537ce021a5fc5a689)
  • Replace m.stream with flarum/utils/Stream (#2316)
  • Replace affixedSidebar util with AffixedSidebar component
  • Replace m.withAttr with flarum/utils/withAttr
  • Scroll Listener is now passive, performance improvement (#2387)

Fixed

Removed

  • Flarum\Event\AbstractConfigureRoutes event class
  • Flarum\Event\ConfigureApiRoutes event class
  • Flarum\Event\ConfigureForumRoutes event class
  • Flarum\Console\Event\Configuring event class
  • Flarum\Event\ConfigureModelDates event class
  • Flarum\Event\ConfigureLocales event class
  • Flarum\Event\ConfigureModelDefaultAttributes event class
  • Flarum\Event\GetModelRelationship event class
  • Flarum\User\Event\BioChanged event class
  • Flarum\Database\MigrationServiceProvider moved into Flarum\Database\DatabaseServiceProvider
  • Unused admin/components/Widget component (admin/component/DashboardWidget should be used instead)
  • Mandrill mail driver (https://github.com/flarum/framework/commit/bca833d3f1c34d45d95bf905902368a2753b8908)

Deprecated

  • Flarum\User\Event\GetDisplayName event class
  • Global path helpers, Flarum\Foundation\Application path methods (#2155)
  • Flarum\User\AssertPermissionTrait (#2044)

Added

  • Console extender (#2057)
  • CSRF extender (#2095)
  • Event extender (#2097)
  • Mail extender (#2012)
  • Model extender (#2100)
  • Posts by users that started a discussion now have the CSS class .Post--by-start-user
  • PHPUnit 8 compatibility
  • Composer 2 compatibility
  • Permission groups can now be hidden (#2129)
  • Confirmation popup when hiding or deleting posts (#2135)

Changed

  • Updated less.php dependency version to 3.0
  • Updated JS dependencies
  • All notifications and other emails now processed through the queue, if enabled (#978, #1928, #1931, #2096)
  • Simplified uploads, removing need to store intermediate files (#2117)
  • Improved date handling for dates older than 1 year (#2034)
  • Linting and automatic formatting for JS (#2099)
  • Translation files from Language Packs are only loaded for extensions that are enabled (#2020)
  • PHP extenders' properties are now private instead of protected, intentionally making it harder to extend these classes (#1958)
  • Preparation for upgrading Laravel components to 5.8 and then 6.0 (#2055, #2117)
  • Allowed permission checks based on model classes in addition to instances (#1977)

Fixed

  • Users can no longer restore discussions hidden by admins (#2037)
  • Issues of the Modal not showing or auto hiding (#1504, #1813, #2080)
  • Columnar layout on admin extensions page was broken in Firefox (#2029, #2111)
  • Non-dismissible modals could still be dismissed using the ESC key (#1917)
  • New discussions were added to the discussion list above unread sticky posts (#1751, #1868)
  • New discussions not visible to users when using Pusher (#2076, #2077)
  • Permission icons were aligned unevenly in admin permissions list (#2016, #2018)
  • Notification bubble not inversed on mobile with colored header (#1983, #2109)
  • Post stream scrubber clicks jumped back to first post (#1945)
  • Loading state of Switch toggle component was hard to see (#2039, #1491)
  • Flarum\Extend\Middleware: The methods insertBefore() and insertAfter() did not work as described (#2063, #2084)

Removed

  • Support for PHP 7.1 (#2014)
  • Zend compatibility bridge (#2010)
  • SES mail support (#2011)
  • Backward compatibility layer for Flarum\Mail\DriverInterface, new methods from beta.12 are now required
  • Flarum\Util\Str helper class
  • Flarum\Event\ConfigureMiddleware event

Deprecated

  • Flarum\Event\AbstractConfigureRoutes event class
  • Flarum\Event\ConfigureApiRoutes event class
  • Flarum\Event\ConfigureForumRoutes event class
  • Flarum\Event\ConfigureLocales event class

Added

  • Full support for PHP 7.4 (#1980)
  • Mail settings: Configure region for the Mailgun driver (#1834, #1850)
  • Mail settings: Alert admins about incomplete settings (#1763, #1921)
  • New permission that allows users to post without throttling (#1255, #1938)
  • Basic transliteration of discussion "slugs" / pretty URLs (#194, #1975)
  • User profiles: Render basic content on server side (#1901)
  • New extender for configuring middleware (#1919, #1952, #1957, #1971)
  • New extender for configuring error handling (#1781, #1970)
  • Automated tests for PHP extenders to guarantee their backwards compatibility

Changed

  • Profile URLs for non-existing users properly return HTTP 404 (#1846, #1901)
  • Confirmation email subject no longer contains the forum title (#1613)
  • Improved error handling during Flarum's early boot phase (#1607)
  • Updated deprecated "Zend" libraries to their new "Laminas" equivalents (#1963)

Fixed

  • Update page did not work when installed in subdirectories (#1947)
  • Avatar upload did not work in IE11 / Edge (#1125, #1570)
  • Translation fallback was ignored for client-rendered pages (#1774, #1961)
  • The success alert when posting replies was invisible (#1976)

Fixed

  • Saving custom css in admin failed (#1946)

Added

  • Comments have an additional class Post--by-actor when posted by the user (#1927)

Changed

  • Improved support for URL identification during installation (#1861)
  • KeyboardNavigatable now has a callback ability (#1922)
  • Links are no longer opened with target _blank but in the same window (#859)
  • Links now have nofollow ugc by default as their rel attribute (#859, #1884)
  • Improved performance of the full text gambit when searching for users (#1877)
  • The Queue implementation is now available under its Illuminate contract

Fixed

  • No error handling was possible in the console/cli (#1789)
  • Enable scrollbars in log in modals so it fits for GitHub (#1716)
  • Reduce log in modal for SSO so it fits for Facebook (#1727)
  • Deleting discussions permanently did not delete its posts (#1909)
  • Fixed the queue:restart command (#1932)
  • Deleted posts were visible to all visitors (#1827)
  • Old avatars weren't being deleted when replaced (#1918)
  • The search performance regression was reverted (#1764)
  • No profile background could be set for remote images (#445)
  • Back button sends to home even though it could actually go back (#1942)
  • Debug button no longer visible (#1687)
  • Modals on smaller screens use the whole width of the page

Added

  • Initial queue support: Infrastructure for offloading long-running tasks (e.g. email sending) to background workers (#1773)
  • Notifications can now be marked as read without visiting a discussion (#151)
  • SEO: The discussion list now has a rel="canonical" meta tag, preventing duplicate content (#1134, #1814)
  • The "Edit User" permission can now be edited in the UI (#1845)
  • New status message and redirect after user deletion (#1750, #1777)
  • Errors in Flarum's boot process are now presented with more detailed information (#1607)

Changed

  • Better, more detailed and extensible error handling (#1641, #1843)
  • Error pages in debug mode now return the same HTTP status codes as in production (#1648)
  • Tweak HTTP status codes for authentication / authorization errors (#1854)
  • Already-used links from account activation emails now show a better error message (#1337)

Fixed

  • Security vulnerabilities in dependencies
  • Performance: High CPU usage when scrolling in a discussion (#1222)
  • Special characters crashed the search (#1498)
  • Missing declarations for language and text direction in HTML output (#1772)
  • Private messages were counted in user post counts (#1695)
  • Extensions could not change the forum's default page (#1819)
  • API requests authenticated using access tokens needed to provide a CSRF token (#1828)
  • Accessibility: Screenreaders did not read the "Back to discussion list" link (#1835)

Added

  • New hasPermission() helper method for Group objects (9684fbc)
  • Expose supported mail drivers in IoC container (208bad3)
  • More test for some API endpoints (1670590)
  • The Formatter\Rendering event now receives the HTTP request instance as well (0ab9fac)
  • More and better validation in installer UIs
  • Check and enforce minimum MariaDB (7ff9a90)
  • Revert publication of assets when installation fails (ed9591c)
  • Benefit from Laravel's database reconnection logic in long-running tasks (e0becd0)
  • The "vendor path" (where Composer dependencies can be found) can now be configured (5e1680c)

Changed

  • Performance: Actually cache translations on disk (0d16fac)
  • Allow per-site extenders to override extension extenders (ba594de)
  • Do not resolve objects from the IoC container (in service providers and extenders) until they are actually used
  • Replace event subscribers (that resolve objects from the IoC container) with listeners (that resolve lazily)
  • Use custom service provider for Mail component (ac5e26a)
  • Update to Laravel 5.7, revert custom logic for building database index names
  • Refactored installer, extracted Installation class and pipeline for reuse in CLI and web installers (790d5be)
  • Use whitelist for enabling pre-installed extensions during installation (4585f03)
  • Update minimum MySQL version (7ff9a90)

Fixed

  • Signing up via OAuth providers was broken (67f9375)
  • Group badges were overlapping (16eb1fa)
  • API: Endpoint for uninstalling extensions returned an error (c761802)
  • Documentation links in installer were outdated (b58380e)
  • Event posts where counted when aggregating user posts (671fdec)
  • Admins could not reset user passwords (c67fb2d)
  • Several down migrations were invalid
  • Validation errors on reset password page resulted in HTTP 404 (4611abe)
  • is:unread gambit generated an invalid query (e17bb0b)
  • Entire forum was breaking when the custom_less setting was missing from the database (bf2c5a5)
  • Dropdown icon was not showing in user card when on user page (12fdfc9)
  • Requests were missing the original* attributes, which broke installations in subfolders (56fde28)
  • Special characters such as % and _ could return incorrect results (ee3640e)
  • FontAwesome component package changed paths in version 5.9.0 (5eb69e1)
  • Some server environments had problems accessing the system-wide tmp path for storing JS file maps (54660eb)
  • Content length of posts.content was not migrated to mediumText in 2017 (590b311)
  • An error occurred when going to the previous route if there was no previous route found (985b87da)

Removed

  • php flarum install --defaults - this was meant to be used in our old development VM (44c9109)
  • Obsolete id attributes in JSON-API responses (ecc3b5e and 7a44086)

Fixed

  • Fix live output in migrate:reset command (f591585)
  • Fix search with database prefix (7705a2b)
  • Fix invalid join time of admin user created by installer (57f73c9)
  • Ensure InnoDB engine is used for all tables (fb6b51b, 6370f7e)
  • Fix dropping foreign keys in down migrations (57d5846)
  • Fix discussion list scroll position not being maintained when hero is not visible (40dc6ac)
  • Fix empty meta description tag (88e43cc)
  • Remove empty attributes on <html> tag (796b577)