File Storage Location improvements: added the ability to search by file storage location, added file storage location to the file menu, allows changing file storage in bulk using a progressive operation, prevents deletion of file storage locations if they have files (thanks marvinde)
Added the User Selector attribute to the core, enabling the selection of users for pages, files and Express objects (thanks haeflimi)
Much improved logging support: more actions are logged, and you have the ability to specify what log levels you want to keep/discard in the Dashboard. Additionally, Monolog Cascade support means granular logging configuration is available in the PHP config.
Added date modified to express entries (thanks deek87)
Added “Author” as a property to Express – the users who create express entries are tracked. Added form field for author property as well.
Added the ability to specify an HTML Input vs Entry Selector vs. Select2 search autocomplete for association selecting in the Dashboard (thanks hissy)
Added the ability to filter the Express Entry List block at the block level before the data hits the page.
Express Entry List block can now be filtered by associations in advanced search on the page (thanks hissy)
You can now filter block types by searching them when adding blocks in stacks (thanks mlocati)
Added preview images when mousing over images in the file manager (thanks haeflimi)
Updated CKEditor from 4.9.1 to 4.10.0 (thanks MrKarlDilkington)
Added the ability to search a site by any locale in the local selector on multilingual sites (thanks mlocati)
Added a page changes report that lets users export a full list of versions that have been created during a particular time period.
Nascent support for the upcoming REST API (defaulted to off.)
Add ability to configure password requirements in a new Password Options Dashboard page.
Add ability to keep users from reusing the same password.
Add ability to automatically log users out after a period of inactivity.
Added a Dashboard page to control Automated Logout settings that were previously only available by editing PHP config files directly (thanks mlocati)
Added ability to automatically log out all signed-in users from the Automated Logout page.
Added a dashboard page to configure trusted proxy IPs (thanks mlocati)
Show URL of selected page in sitemap selector (thanks mlocati)
Added an external authentication type based on OAuth2 authorization, allowing one concrete5 site to act as the authentication provider for another.
Add support to generate animated GIF thumbnails (Requires Imagick) (thanks mlocati)
Add “Scheduled” as an option for page searches (thanks deek87)
Add the ability to automatically deactivate user accounts that receive many failed login attempts
You now can control whether CSV exports contain a BOM with an Export Options Dashboard settings page (thanks mlocati)
Added ability for YouTube videos to skip setting a cookie (thanks HamedDarragi and tigerxy)
Behavioral Improvements
We have removed the spaces from URLs generated by the topic list block for improved display (thanks JackVanson)
We now show the types of Express entities being viewed in the Dashboard page header (thanks hissy)
Show errors when displaying Ajax dialogs fails (thanks mlocati)
We now remember the state of both sitemaps in the 2-up sitemap interface, instead of just 1 (thanks mlocati)
Split install steps in smaller chunks for better performance (thanks mlocati)
SVG images in the image block can now be resized in the image block (thanks dimger)
When entities that own other entities are deleted in Express their child entities will also be deleted.
Improvements to the stack panel: you can now drag the entire row (instead of a small handle) and you can click an arrow to expand/collapse the stack (thanks mlocati)
My Account now honors user attribute sets (thanks marvinde)
Registration now honors user attribute sets (thanks marvinde)
Added the ability to sanitize uploaded SVG files (thanks mlocati)
Improved performance of large CSV exports (thanks mlocati)
Express Entry Detail block now modifies the title of the page when it’s rendering a detailed express entry (thanks hissy)
Improvements to drag performance and experience in sitemap (thanks mlocati)
Miscellaneous improvements to editing external links
– https://github.com/concrete5/concrete5/pull/7004 (thanks mlocati)
When deleting an element (express entity, file, page, site, user), the associated row in the index table are automatically deleted (thanks mlocati)
Uploading files via the Your Computer dialog in the File Manager now has chunking support (thanks joemeyer)
Fixed error where “stay signed in for two weeks” didn’t work (thanks Xianghar)
Send a JSON error response only if the client is requesting a JSON response (thanks mlocati)
When showing changelog updates for packages we now read from CHANGELOG.txt and CHANGELOG.md if they exist (thanks mlocati)
You can now view SVG images in the file manager like other image files (thanks mlocati)
Remove frameborder attribute on YouTube block and use CSS border for W3C validation (thanks marvinde)
Show different text for aliases and external links in removal confirmation (thanks mlocati)
New and existing databases will be updated to utf8mb4 – adding emoji support! (thanks mlocati)
Add a version-specific querystring parameter to URL local assets based on core version or the package version (thanks mlocati)
Improvements and consolidation of different libraries used to upload files (thanks mlocati)
Added CKEditor Emoji plugin (thanks mlocati)
Allow sending the registration notification to multiple email addresses (thanks marvinde)
Fixing issue with Image Editor not adding crossOrigin (thanks deek87)
Moving Delete all channels button to header to remove ambiguity (thanks joemeyer)
Use translated text when dislaying checkbox labels with the checkbox custom attribute (thanks mlocati)
Fixed bug where deleted pages could break uses of the page selector component that referred to them (thanks Ruud-Zuiderlicht)
We use less memory when uploading and resizing large images in the file manager (thanks mlocati)
Better validation against unexpected input when filtering page list blocks and page title blocks by months and years (thanks hissy)
Better error checking against remote files uploaded in the file manager (thanks mlocati)
Keep animations when ConstrainImageProcessor resizes animated GIFs (only works if you’re using Imagick support in PHP) (thanks mlocati)
Return the default 404 error page if a feed can't be found (thanks mlocati)
You can now merge social links as well as append them in config (thanks mesuva)
We force MyISAM database tables for the PageSearchIndex now only if the MySQL version of InnoDB tables doesn’t support it (thanks mlocati)
Downloading multiple files with the same name downloads only one (thanks marvinde)
Added the ability to replace a page with another page (thanks mlocati)
Update CKEditor from 4.10.0 to 4.11.1 and add Auto Link plugin (thanks MrKarlDilkington)
Fixed workflow emails showing irrelevant dates in some cases (thanks katzueno)
Fixed: Group Combination returns wrong group combination if there is another entity contains same group combination (thanks deek87)
Improved speed when adding files to file sets because we no longer refresh thumbnails on every add to file set (thanks mlocati).
Fixed incorrect flag showing if a page is aliased from one locale to the next (thanks Ruud-Zuiderlicht)
Fixing errors in UserList::filterByInAnyGroup (thanks deek87)
Fix issue where some console commands didn’t have a description even though it had been set in the command class (thanks mlocati)
Fixed: When using inline blocks, I can edit other inline blocks (thanks hissy)
(Try to) redirect to the newly generated thumbnail if it's the requested one (thanks mlocati)
Dashboard page title tags are now translated properly (thanks mlocati)
Stack In Dashboard leave pop-up menu when adding a content block (thanks mlocati)
Bug Fixes
Fixed inability to delete conversation messages from dashboard (thanks hissy)
Fixed: Unpublished scheduled page gets published when there is a new version with schedule (thanks deek87)
Fixed: Avoid displaying an empty message when forcing exit edit mode (thanks mlocati)
Fixed built-in limit of 1920x1080 on some uploads (thanks mlocati)
Fixed: User with 'Approve Changes' permission is not able to approve content in global areas (thanks mlocati)
Fixed: Avoid error on getting users of group permission access entity when group has been deleted (thanks hissy)
Improved page version publishing date support to ensure that versions cannot overlap (thanks mlocati)
Fix too many results in PagerAdapter::getSlice (thanks mlocati)
Fixing Issue when deleting users who created other users (Thanks deek87)
Fixed bug where a session cookie is always created in a multilingual site, even when it shouldn’t be required (thanks marvinde and mlocati)
Fixed poor performance when running the search indexing job on large sites where areas are set to use the blacklist indexing method (thanks ahukkanen)
Fixed: Trying to add a larger number of files to a file set in bulk leads to an out of memory error (thanks mlocati)
Fixed errors and buggy behaviors in sitemap overlay dialog (thanks marvinde)
Fixed minor display issues with the page version listing dialog/panel (thanks marvinde)
Fixed When the Zend I18N component loads language files with wrong or missing plural rules (thanks mlocati)
Correctly detect if sendPrivateMessage returned an error (thanks mlocati)
Fixed Call to a member function getTimezones() on null on editing profile (thanks mlocati)
MIscellaneous bug fixes with scheduled pages and 404 experience (thanks deek87)
Fix ParentPageField search field when page is no (more) available (thanks mlocati)
Fixed bug where editing an express entry in the Dashboard doesn’t re-show the entry form when validation is failed (thanks ahukkanen)
Fixed inability to add page type composer output control blocks if you were not the super admin but you still had access to page type defaults (thanks hissy)
Fixed: Single::addGlobal can create the same single page repeatedly (thanks hissy)
Fix resizing images on import when only max height is set (thanks mlocati)
Fixed: Thumbnail error takes down Dashboard completely (thanks mlocati)
Fixed: we now check more appropriate permissions when checking to see if users have permissions to edit stacks (in advanced permissions) (thanks mlocati)
Fixed: Deleting attributes used with customized results in advanced search leads to an error (thanks mlocati)
Fixed: RSS Feed can not be filtered by multilingual parents (thanks mlocati)
Add CSRF validation token to Copy Languages (thanks mlocati)
Fixed bug when the site id contained in the ConcreteSitemapTreeID cookie does not match a valid site (thanks marvinde and a3020).
Fix an error when selecting trash or system pages as the parent page on page search (thanks deek87)
Fixed: Old draft pages of multilingual site upgraded from 5.7.5.13 to 8.4.x gets error (thanks deek87)
Fixed bug where users could see certain aspects of others users private messages (thanks mlocati)
Patch Zend HTTP with security update to fix https://framework.zend.com/security/advisory/ZF2018-01 (thanks mlocati)
Fixed: Currently when using a userSelector if you search for a user or load a new page and try to use the dropdown to select user(s). The option will disappear. (thanks deek87)
Fixed: Page Selector with pagination doesn't work (thanks marvinde)
Fixed bug where exporting forms might put the form data in the wrong columns.
Fixed: Page version menu doesn't close automatically (thanks joemeyer)
Fixed: Option for the multilingual canonical URL is not respected (thanks 1stthomas)
Fixed: Block is not being rendered using custom template after editing when custom template was set programmatically (thanks fabian)
Only parse $_SERVER[‘argv’] on the command line (thanks mlocati)
Developer Updates
Completely new routing component with a much nicer syntax for creating custom routes to closures, controllers and other classes, with full support for route requirements, HTTP verbs and much more. (fully backward compatible)
concrete5 now supports PHP 7.3
Adding Redis as a Session and Cache handler (thanks deek87 and concrete5 Japan)
Added the ability to rescan files via a console command.
Much improved console command, including support for progress bar, Laravel-like syntax definitions and more.
Improve ability to configure and extend concrete5 session.
New memcache session handler. See https://github.com/concrete5/concrete5/pull/7258 for configuration information.
Added an option to control whether or not to display parent page in AutoNav (thanks hissy)
Allow custom class loading from the package for a custom permission key (thanks biplobice)
Trigger event when the display order of a page changes (thanks a3020)
Improved SiteLocaleSelector: show Country in addition to Language, and added new selectMultiple method to the class (thanks mlocati)
Add a config value to toggle the generator meta tag (thanks marvinde)
Upgrade Imagine image manipulation library from 0.7.1 to 1.0.0 (thanks mlocati)
Refactored certain old tools files into routes, views and controllers (thanks mlocati, marvinde)
Added the ability to automatically include CSS files when adding/editing blocks by including an auto.css file in the block folder (thanks mlocati).
Image Slider block - remove old CSS and JS assets code (thanks MrKarlDilkington)
Refactoring and code improvements to CookieJar service (thanks mlocati)
Improved code quality and removal of PHP NOTICE errors (thanks mlocati, a3020)
Tons of new docblocks added to core classes (thanks mlocati)
Fix docblocks in Number service (thanks a3020)
Improve installation detection by allowing {$env}.database.php
Let sitemap event listeners modify the sitemap data (thanks mlocati and a3020)