Mini Shell
5.12.0 (2023-07-31)
------------------
Fixed:
* Core: Fix redirecting in parseWidget [#3513](https://github.com/forkcms/forkcms/pull/3513)
* Core: Make privacy consent dialog scrollable on mobile [#3507](https://github.com/forkcms/forkcms/pull/3507)
* Core: Make the old session clean-up method timezone aware [#3511](https://github.com/forkcms/forkcms/pull/3511)
* Core: Move the apple touch icon to the theme [#3512](https://github.com/forkcms/forkcms/pull/3512)
* Pages: Allow the use of install in a page title [#3533](https://github.com/forkcms/forkcms/pull/3533)
* Pages: Skip empty images while copying a page [#3545](https://github.com/forkcms/forkcms/pull/3545)
Security:
* Core: Fix Open Redirect issue [#3547](https://github.com/forkcms/forkcms/pull/3547)
Added:
* CLI: Reset password CLI command [#3491](https://github.com/forkcms/forkcms/pull/3491)
* Profiles: Autocomplete attributes [#3508](https://github.com/forkcms/forkcms/pull/3508)[#3548](https://github.com/forkcms/forkcms/pull/3548)
Changed:
* Core: Added PHP8 support and bumped minimum to 7.4 [#3538](https://github.com/forkcms/forkcms/pull/3538)
* Core: Switched to symfony 4.4 [#3538](https://github.com/forkcms/forkcms/pull/3538)
5.11.1 (2022-03-24)
Fixed:
Core: Add missing aria attributes on form errors #3485
Core: Fix adding links on images in ckeditor #3478
Core: Fix database env variables not resolving before checking installed module #3502
Core: Update packages #3500 #3482 #3483 #3489 #3490 #3492
Blog: Fix translation in wordpress import page #3484
Pages: Fix default breadcrumb style #3487
Security:
All these security issues require access to the backend before they can be exploited.
Core: Fix xss bug in multiple select box #3501
Authentication: Intercept a redirect to a different domain on login using // at the start of the queryparameter #3494
Authentication: Reauthenticate a user after password change to log out other sessions #3493
Blog: Prevent sql injection in the backend through bulk action marking comments as spam #3497
Extensions: Prevent xss in the backend in the theme and module detail page through the description #3499
FormBuilder: Prevent sql injection in the backend through bulk deletion of submitted data #3495
Locale: Prevent sql injection in the backend through export of translations #3498
Tags: Prevent sql injection in the backend through bulk deletion of tags #3496
5.11.0 (2021-10-14)
Fixed:
Core: Fix array offset error for canonical url in meta #3411
Core: Fix deleting cookies #3440
Core: Fix encoding problem with generating urls #3429
Core: Fixed GenarteUrl to allow Backend Locale #3423
Core: Update packages #3452 #3447 #3448 #3451 #3435 #3437 #3439 #3408 #3427 #3469 #3467 #3465 #3462 #3461 #3459
Core: Update the placeholder image URLs #3463
ContentBlocks: Fix mapping old content blocks when copying pages #3442
Docs: Put code in code block #3407
Docs: Update old screenshots #3210 #3412
Locale: Fixed exporting XML truncated by a few bytes
Locale: Fixed truncated locale XML export #3470
MediaLibrary: Fix image preview #3434
MediaLibrary: Fix item preview in the editor #3450
Page: Duplicate page image when copying a page to a different locale #3438
Pages: Revert usertemplates fix since it is broken because of the nex security fixes #3460
Search: Fix search total for short terms #3441
Security:
Core: Fix xss issue in spoon form #3453
Core: Prevent CSRF logout in the backend #3471
Core: SpoonLibrary expects the charset to be in lowercase, otherwise some xss protections fail #3455
MediaLibrary: Fix xss in mediaitem type movie id on edit #3406
Added:
Core: Add support for Google reCAPTCHA v3 #3409
FormBuilder: Copy forms and their widgets when making a language copy #3445
MediaLibrary: Add support for svg #3424 #3432
Changed:
DX: Only run tests once on PR #3468
Test: Minor database optimalisation #3443
5.10.0 (2021-05-16)
Fixed:
Core: Fix double encoding in spoon library #3400
Core: Fix files not loading on some apache servers #3361
Core: Update packages #3398 #3394 #3386 #3385 #3382 #3364
Blog: Fix broken thumbnail in the backend #3360
Pages: Fix usertemplates #3371 #3365
Security:
Authentication: Fix xss in redirect url #3355 #3353
MediaLibrary: Fix xss in media item title #3401
MediaLibrary: Fix xss in video ids #3402
Search: Fix xss in search referrer #3387
Spoon: Fix xss in form input files #3357
Added:
Core: Add canonical URL to SEO tab #3188
Core: Add CLI command to install a module #3323
Core: Throw an event when the session id changes #3377
MediaLibrary: Add edit button to media item within a form #3192
MediaLibrary: Added a search box to the media library #3189
Pages: Make it possible to set an id in a usertemplate #3166
Changed:
Core: Improve GDPR consent dialog #3372
Github: No codecov annotations in PR's #3378
Github: Upgrade to native dependabot #3384
Zerion Mini Shell 1.0