8.5.3 Release Notes

Improvements?

Let us know by posting here.

Released June 4, 2020

New Features

  • Added the ability to display the version status on the results page of a Page Search (thanks biplobice)
  • Added the ability to log API requests via a Dashboard setting (thanks Kaapiii)
  • Add phone and email to social links (thanks mlocati)
  • The YouTube Video block now supports lazy loading. (Thanks MrKarlDilkington)

Behavioral Improvements

  • Moves the custom block template selector from the advanced tab to buttons (thanks Mesuva)
  • YouTube block: Delete 'show video infomation' option and change option name of showing related videos (thanks yuuminakazawa)
  • Return a response object instead of exiting after saving a block (thanks mlocati)
  • Fixed: We don't have to generate thumbnails if the image is in the private storage location (thanks hissy)
  • Fixed potential errors that could result when adding invalid regular expressions into the Google authentication type whitelist/blacklist (thanks mlocati)
  • When you uncheck “include attribute in search index” then the columns will be fully removed from the search indexing tables (thanks mlocati)
  • Update OAuth password check to use PasswordHasher class (thanks Mesuva)
  • CKEditor: turn off 'Edit Source' before submit (thanks mlocati)
  • Fix issue with sitemap generation in multilingual sites (thanks dimger)
  • concrete5 handle the session garbage collection if a server isn’t going to do it (thanks mlocati)
  • Select Multiple now works from within the file manager again (thanks deek87)
  • When the user opens "Schedule Publishing" dialog, show a warning message if there is another scheduled version (thanks hissy)
  • Add "Cancel Scheduled Publish" button in "Publish Pending" dialog (thanks hissy)
  • Show a logout view to logged in users on the login page
  • More logging during OAuth attach/detach attempts.
  • Added a unique page ID class to each page for page targeting (thanks Shahroq)
  • Added a blacklist of file extensions to ensure that developers can’t easily add PHP to a list of uploadable file types (thanks mlocati)
  • Improves to logout speed under certain circumstances (thanks kkyusuke)
  • Calendar block height set to auto for better display in small width areas (thanks nakazanaka)
  • Fixed: getUserAccessEntityObjects returns guest if no session found (thanks biplobice)
  • The Refresh Token grant is now available for OAuth2 APIs (thanks kkyusuke)
  • Use local date time format in CSV (thanks hissy)
  • Faster and safer duplication of FAQ/Image Slider blocks (thanks mlocati)
  • Added an exception in case there's no template file to render (thanks iampedropiedade)
  • Added raw and samesite options to cookie (thanks iampedropiedade)
  • Improve distinction between log severity icons (thanks JohnTheFish)

Bug Fixes

  • Fixed inability to save blocks or do much of anything on Chrome 83 (relates to Chrome 83 behavioral change) (thanks bikerdave)
  • Fixing not sending password to RedisArray in session and cache drivers (thanks deek87)
  • Fixed bug where unnecessary localized stacks are generated when adding stacks to a multilingual site (thanks hissy)
  • Fixed: 8.5.2 - Chunked file uploads generate multiple files in the backend (thanks ahukkanen)
  • Fix flat sitemap in the trash view (thanks hamzaouibacha)
  • Fixed: Given a calendar event that was starting yesterday and ends tomorrow. It's a strange behavior if this event doesn't show up today in the calendars "events list" block (thanks core77)
  • Fixed multiple issues with user groups (thanks deek87)
  • Failed to upload avatar on user account page because of ccm_token error (thanks deek87)
  • Fix file manager issue with number of items per page (thanks biplobice)
  • Fixed: Thumbnails broken for storage locations outside web root (thanks hissy)
  • Fixed: Unable to detach google account at My Account page due to null exception (thanks deek87)
  • Fixed inability to move multiple pages at once in certain situations (thanks wordish)
  • Unable to paste the screenshot into content block (thanks deek87)
  • Fixed: Failing block validation denies any further access to that block if you cancel editing (thanks jlucki)
  • Fix user-selector events firing more than once (thanks deek87)
  • Fixed: CSS of Free-Form Layouts (or 'Custom Layouts') isn't loaded if the visitor is not logged in (thanks Ruud-Zuiderlicht)
  • Fixed inability to insert a link in Rich Text editor custom attributes in the Dashboard context (thanks mlocati)
  • Fixed XSS issue where admin could insert tags into image slider titles.
  • Fix error caused by invalid sort direction.
  • Build youtube embed url with the league url class to fix issues when malicious admin uses invalid URLs.
  • Fixed: [Bug] Single pages lose their path if location is resaved in sitemap or composer. (thanks dimger)
  • [Fix] Image block hover option doesn't work for responsive images using the picture tag (thanks biplobice)
  • Fixed error when the sortBy column isn't exists on the advanced search result (thanks biplobice)
  • Fixed: Setup on Child Pages updates all pages of the type, not the type / template combination (thanks danklassen)
  • Fixed: getUserAccessEntityObjects returns guest if no session found (thanks deek87)
  • Fixed: The folder name is null when you create it with name '0' (thanks biplobice)
  • Fix setting the emails subject a second time with an undefined variable (thanks Kaapiii)
  • Fixed: 404 does not work in multi language case (thanks Kaapiii)
  • Fixed: CKEDITOR errors shown in console (thanks mlocati)
  • BC Fix: Make it so routes can echo their output (thanks mlocati)
  • Fix token error on flag_conversation_message (thanks guyasyou)
  • Fix document library block error when file node type is other than File or FileFolder (thanks biplobice)
  • Fixed: Unable to save layout if it contains a Form block (thanks mlocati)
  • Fix Fix initializing country/province link (thanks mlocati)
  • Avoid exception on express attribute form during certain edge cases (thanks biplobice)
  • HackerOne security fixes (thanks mlocati)
  • Fix error on submitting workflow request to a deleted user (thanks hissy)
  • Fix height/width of edit folder permissions dialog (thanks deek87)
  • php 7.2 fix for updating a conversation message (thanks danklassen)
  • Replying to a conversation does not clear editor (thanks danklassen)
  • Don't check POSIX permissions of API public key on Windows (thanks mlocati)
  • Fixing draggable zone on filemanager to only accept file/folder nodes (thanks deek87)
  • Fixed: Currently in version 8.5.x sites that have been upgraded from 5.7 sites, you can no longer replace files (thanks deek87)
  • Fixed upgrading from 5.7 under certain database circumstances (thanks mlocati)
  • Fix wrong translatable strings placeholders (thanks mlocati)
  • Fixed: Loading malformed html into a content block does some funky stuff (thanks mlocati)
  • Fix H1 report 753567 (thanks hissy)
  • Aliases are now shown in the Dashboard menu (thanks Ruud-Zicherlicht)
  • make c5:package:uninstall --trash not throw exception if there wasn't a problem (thanks nklatt)
  • Fix: Creating folders in the file manager doesn't create them in the right place
  • Fixed: Deleting a Form block instance for an Existing Express Entity Form can delete the original entity (thanks dimger)
  • Avoid error on save page list block options with empty custom topic node (thanks hissy)
  • FIxed bug in alphabetizing multilingual sections (thanks biplobice)
  • Fixed bug where public date/time page property wasn’t being properly validated if it was marked as required in a composer form (thanks matt9mg)
  • Fixed potential YouTube block exception (thanks matt9mg)
  • Fixed: select filterByAttribute can return all results (thanks matt9mg)
  • Fixed order of parameters in some implode() methods (thanks shahroq)
  • Fixed PHP errors raised when calling View::action() method of an attribute (thanks mlocati)
  • Fixed certain block type errors in advanced permissions and stacks (thanks mlocati)
  • Fixed: CLI update fails if there is a package dependency such as MultiStep Workflow add-on

Developer Improvements

  • Allow nested containers in custom theme layout presets (thanks jneijt)
  • Allow the AuthorFormatter class to be overridden (thanks danklassen)
  • Update concrete5 Translation Library (thanks mlocati)
  • Code cleanup and improvements (thanks mlocati)
  • [Fix] Config command with env option (thanks biplobice)
  • Correctly set express entity package reference during import (thanks olsgreen)
  • Added new buildRedirect method for easily creating redirects that honor the framework middleware from within controller methods (thanks mlocati)
  • We now test installation and upgrades within Docker in our unit test suite (thanks mlocati)
  • Update punic to 3.5.1 (thanks mlocati)
  • Add the ability to easily inject custom Config drivers (loaders/saves) and implement Redis drivers.
  • Fix phpdoc of the \Concrete\Core\Form\Service\Validation::test() (thanks biplobice)
  • Fixed bug where update process wouldn’t use the interface LongRunningMigrationInterface to increase timeout (thanks mlocati)
  • Add ForeignKeyFixer and c5:database:foreignkey:fix CLI command (thanks mlocati)