Skip to content

Releases: owen2345/camaleon-cms

2.8.3

16 Sep 18:49
340319a
Compare
Choose a tag to compare
  • Remove unused underscore.js
  • Bump IntroJS to 7.2.0
  • Upgrade jquery-validate to 1.21.0
    • Add messages for Arabic language
    • Add methods_ln.js files with regexps for DE, NL, and PT languages
    • Modify admin layout view to load the methods_ln.js file with a javascript_include_tag if the file exists
  • Fix uploads to AWS S3 folders
    • Also, introduced the path traversal validation to the add_folder method, which was found unsafe

Full Changelog: 2.8.2...2.8.3

2.8.2

25 Aug 15:13
b450c33
Compare
Choose a tag to compare
  • Bump AdminLTE to 2.3.11
    • Has several CSS fixes and doesn't yet require jQuery 3.x
  • Fix TermTaxonomy attributes sanitizing to not remove translation tags in [#1091] (#1091)
  • Add bootstrap.min.css.map
    • Works OK in the development environment if the config.assets.debug = true is set.

Full Changelog: 2.8.1...2.8.2

2.8.1

21 Aug 18:09
dae99dd
Compare
Choose a tag to compare

This release is fixing several security vulnerabilities! Please, upgrade ASAP!

What's Changed

  • Replace sass-rails with dartsass-sprockets
    • Remove sass and sass-rails gems from the main app's Gemfile when upgrading camaleon_cms to this version
  • Fix colorpicker missing admin asset, adding it to admin-manifest.css
  • Security fix: Mitigate arbitrary path write in uploader (GHSL-2024-182)
    • Thanks Peter Stöckli for reporting and providing clear reproduction steps
  • Add Rails 7.2 to stable testing on CI, point rails_edge to main branch
  • Security fix: Mitigate arbitrary path traversal in download_private_file (GHSL-2024-183)
    • Thanks Peter Stöckli for reporting and providing clear reproduction steps
  • Security fix: Mitigate stored XSS through user file upload (GHSL-2024-184)
    • Thanks Peter Stöckli for reporting and providing clear reproduction steps
  • Security fix: Mitigate remote code execution through code injection (GHSL-2024-185)
    • Thanks Peter Stöckli for reporting and providing clear reproduction steps
  • Security fix: Mitigate arbitrary file delete vulnerability (GHSL-2024-186)
    • Thanks Peter Stöckli for reporting and providing clear reproduction steps
  • Use actions/checkout@v4 on CI to remove warning about deprecated Node JS version

Full Changelog: 2.8.0...2.8.1

2.8.0

26 Jul 19:53
feccb96
Compare
Choose a tag to compare

What's Changed

  • Use jQuery 2.x - 2.2.4
    • If there are //= require jquery clauses in the main application, replace them with //= require jquery2
  • Add Ruby 3.3 and Rails 7.2 to CI
  • Replace Tuzitio links with camaleon.website and http with https
  • On cama_site_check_existence, if site is unknown, use allow_other_host: true for redirection to main site
    • Starting from Rails 7.0 a redirection to other host will raise an exception unless the redirect_to method is
      called with the allow_other_host: true option
  • Set sprocket-rails version to be at least 3.5.1
  • Use MiniMime for mime types, because the MiniMagick 5.0 has no Image#mime_type
  • Reimplement the temporary uploaded file removing, wrapping it in a bl…ock to make possible overriding the block in the app initializer to use an async job
  • Sanitize name and description attrs of TermTaxonomy classes to prevent XSS attacks
  • Potentially breaking change: Fix ActiveRecord deprecations from Rails 6.1
    • fields, field_values, and field_groups associations have been removed from the CustomFieldsRead mixin module
    • custom_fields, custom_field_values, and custom_field_groups associations should be used instead
    • Beware that the CustomFieldsRead mixin is included into the TermTaxonomy base model, PostDefault model, and UserMethods mixin

Full Changelog: 2.7.5...2.8.0

2.7.5

22 Dec 20:58
71c864d
Compare
Choose a tag to compare

What's Changed

Full Changelog: 2.7.4...2.7.5

2.7.4

11 Apr 18:08
b83efee
Compare
Choose a tag to compare

Full Changelog: 2.7.3...2.7.4

This release contains security fixes.

2.7.3

11 Apr 18:07
8e5a0d2
Compare
Choose a tag to compare

What's Changed

  • Fix error rendering category pages by @brian-kephart in #1045
  • Inclusion of CommonRelationships into subclasses is now performed in an inherited hook by @texpert in #1046

Full Changelog: 2.7.2...2.7.3

2.7.2

24 Mar 21:06
7ea956d
Compare
Choose a tag to compare

Fixes an issue rendering category pages.

Full Changelog: 2.7.1...2.7.2

2.7.1

23 Mar 01:08
8f0ef38
Compare
Choose a tag to compare

This release fixes a bug introduced in 2.7.0.

Full Changelog: 2.7.0...2.7.1

2.7.0

22 Mar 19:47
f39a357
Compare
Choose a tag to compare

What's Changed

  • Remove Database Cleaner and share FactoryBot factories by @texpert in #1028
  • Feature/improve app settings for rails7 by @owen2345 in #1026
  • Migrate existing CoffeeScript files to JavaScript by @texpert in #1029
  • Start using RuboCop by @brian-kephart in #1041
  • Fix seo_canonical option to be translated for the frontend, and some optimizations by @texpert in #1042
  • Refactor AR models to inherit from ApplicationRecord and extract the CommonRelationships concern by @texpert in #1043

Full Changelog: 2.6.4...2.7.0