v0.1.0-beta.11

Redback Spider

Added

• Comments have an additional class Post--by-actor when posted by the user (#1927)

Changed

• Improved support for URL identification during installation (#1861)
• KeyboardNavigatable now has a callback ability (#1922)
• Links are no longer opened with target _blank but in the same window (#859)
• Links now have nofollow ugc by default as their rel attribute (#859, #1884)
• Improved performance of the full text gambit when searching for users (#1877)
• The Queue implementation is now available under its Illuminate contract

Fixed

• No error handling was possible in the console/cli (#1789)
• Enable scrollbars in log in modals so it fits for GitHub (#1716)
• Reduce log in modal for SSO so it fits for Facebook (#1727)
• Deleting discussions permanently did not delete its posts (#1909)
• Fixed the queue:restart command (#1932)
• Deleted posts were visible to all visitors (#1827)
• Old avatars weren't being deleted when replaced (#1918)
• The search performance regression was reverted (#1764)
• No profile background could be set for remote images (#445)
• Back button sends to home even though it could actually go back (#1942)
• Debug button no longer visible (#1687)
• Modals on smaller screens use the whole width of the page

v.0.1.0-beta.10

New Holland

Added

• Initial queue support: Infrastructure for offloading long-running tasks (e.g. email sending) to background workers (#1773)
• Notifications can now be marked as read without visiting a discussion (#151)
• SEO: The discussion list now has a rel="canonical" meta tag, preventing duplicate content (#1134, #1814)
• The "Edit User" permission can now be edited in the UI (#1845)
• New status message and redirect after user deletion (#1750, #1777)
• Errors in Flarum's boot process are now presented with more detailed information (#1607)

Changed

• Better, more detailed and extensible error handling (#1641, #1843)
• Error pages in debug mode now return the same HTTP status codes as in production (#1648)
• Tweak HTTP status codes for authentication / authorization errors (#1854)
• Already-used links from account activation emails now show a better error message (#1337)

Fixed

• Security vulnerabilities in dependencies
• Performance: High CPU usage when scrolling in a discussion (#1222)
• Special characters crashed the search (#1498)
• Missing declarations for language and text direction in HTML output (#1772)
• Private messages were counted in user post counts (#1695)
• Extensions could not change the forum's default page (#1819)
• API requests authenticated using access tokens needed to provide a CSRF token (#1828)
• Accessibility: Screenreaders did not read the "Back to discussion list" link (#1835)

v0.1.0-beta.9

Leafy Seadragon

See the release announcement.

Added

• New hasPermission() helper method for Group objects (9684fbc)
• Expose supported mail drivers in IoC container (208bad3)
• More test for some API endpoints (1670590)
• The Formatter\Rendering event now receives the HTTP request instance as well (0ab9fac)
• More and better validation in installer UIs
• Check and enforce minimum MariaDB (7ff9a90)
• Revert publication of assets when installation fails (ed9591c)
• Benefit from Laravel's database reconnection logic in long-running tasks (e0becd0)
• The "vendor path" (where Composer dependencies can be found) can now be configured (5e1680c)

Changed

• Performance: Actually cache translations on disk (0d16fac)
• Allow per-site extenders to override extension extenders (ba594de)
• Do not resolve objects from the IoC container (in service providers and extenders) until they are actually used
• Replace event subscribers (that resolve objects from the IoC container) with listeners (that resolve lazily)
• Use custom service provider for Mail component (ac5e26a)
• Update to Laravel 5.7, revert custom logic for building database index names
• Refactored installer, extracted Installation class and pipeline for reuse in CLI and web installers (790d5be)
• Use whitelist for enabling pre-installed extensions during installation (4585f03)
• Update minimum MySQL version (7ff9a90)

Fixed

• Signing up via OAuth providers was broken (67f9375)
• Group badges were overlapping (16eb1fa)
• API: Endpoint for uninstalling extensions returned an error (c761802)
• Documentation links in installer were outdated (b58380e)
• Event posts where counted when aggregating user posts (671fdec)
• Admins could not reset user passwords (c67fb2d)
• Several down migrations were invalid
• Validation errors on reset password page resulted in HTTP 404 (4611abe)
• is:unread gambit generated an invalid query (e17bb0b)
• Entire forum was breaking when the custom_less setting was missing from the database (bf2c5a5)
• Dropdown icon was not showing in user card when on user page (12fdfc9)
• Requests were missing the original* attributes, which broke installations in subfolders (56fde28)
• Special characters such as % and _ could return incorrect results (ee3640e)
• FontAwesome component package changed paths in version 5.9.0 (5eb69e1)
• Some server environments had problems accessing the system-wide tmp path for storing JS file maps (54660eb)
• Content length of posts.content was not migrated to mediumText in 2017 (590b311)
• An error occurred when going to the previous route if there was no previous route found (985b87da)

Removed

• php flarum install --defaults - this was meant to be used in our old development VM (44c9109)
• Obsolete id attributes in JSON-API responses (ecc3b5e and 7a44086)

v0.1.0-beta.8.2

Fixed

• Installation / update problems due to FontAwesome upgrade (more details)

v0.1.0-beta.8.1

Stability fixes for the beta.8 line

Fixed

• InnoDB is now specified as the default table type to prevent SQL errors on foreign keys
• Setting a meta description in the admin Basics tab will no longer generate an empty tag
• If Likes fail to load properly, a discussion page will still function and not crash
• Pusher is now functional again when creating new discussions
• Admin users created by installation will have a valid join date
• Searching the text inside posts will now work even with a database prefix
• php flarum migrate:reset commands will now run without warnings

See https://discuss.flarum.org/d/17745-flarum-0-1-0-beta-8-released/128.

v0.1.0-beta.8

See the release announcement.

Added

• PHP Extender API (docs)
• Add ItemList#isEmpty method (#1218)
• Allow setting the raw content of a CommentPost (084f749)
• Allow full URLs to be used as the avatar path (c31c1ea)
• Add user display names API (#1246)
• Add apiKey request attribute (096e552)
• Allow configuring cookie attributes (87bf84e)
• Add LESS variable to configure expansion of sideNav dropdowns (2754a8c)
• Add drag and drop avatar uploading (#1261)
• New design for Reset Password page (9392e1b)
• Add log out confirmation if CSRF token is invalid (e8a4e5e)
• New design for error pages (b7c1cc5)
• Basic implementation of admin dashboard widgets (1ef9217)
• Add infinite scrolling in the notifications list (77c25ab)
• Add custom footer HTML setting (#1315)
• Automatically load an extend.php file at the forum root (#1559)
• Add console configuration event (#1349)
• Improve search performance and design (#1339, 7e95b80)
• Allow notification methods to be extended (#1361)
• Add flarum migrate:reset command (#1363)
• Add message to exceptions thrown in DispatchRoute middleware (#1376)
• Warn about debug mode in flarum info command (0cf351e, 5374f8a)
• JS Extender API foundation (#1468)
• Add support for JS sourcemaps (#1471)
• Add canonical URL to discussion HTML (551ca23)
• Add event to override floodgate behaviour (#1411)
• Use ItemList for signup and login modals (#1420)
• Display extensions in a table in flarum info command (#1562)
• Add oldUsername parameter to User\Event\Renamed (#1563)
• Live output of migrator notes in console (9e487b4)
• Use ItemList for edit group modal (#1625)
• Use ItemList for edit user modal (#1593)
• Track API key last activity and allow keys to reference specific users (#1622)
• Add a toolbar area to the TextEditor component (c13dfa2)
• Add a tooltip to the Preview button (bf3934d)
• Add database indices (#1577)
• Log errors that occur in the API stack (222e3c3)
• Add "clear cache" button to admin dashboard (2ef66ac)
• New extensions page layout (#1496)

Changed

• Upgrade to Laravel 5.5 (#1252)
• PHP namespace restructure (#1308)
• Performance: Don't include post content in the "basic" serializer (37cf95f)
• Only apply custom CSS and header HTML on forum frontend, not admin (40ebc13)
• Performance: Load only basic information about terminal/relevant posts (dedcbae)
• Performance: Load only basic information about post discussion/users (3c80612)
• Organise views into directories (479e44d)
• Use more sensible installation default data (b760d11)
• Manage Composer height with overridable methods (#1272)
• Rename AbstractPolicy::after to can to reflect removal of event priorities (ae2e07e)
• Overhaul model visibility scoping (#1342)
• Remove - separator in discussion URL if there is no slug (#1351)
• API: Provide forum info under / (f0cea11)
• Upgrade to Font Awesome 5 (#1372)
• Upgrade to zend-stratigility v2.2 (9d30be1)
• Use Illuminate Session component instead of Symfony (#1366)
• Use PSR-15 middleware standard (#1441, #1443)
• Simplify interface of migration-related classes (#1445)
• Rename Api\Controller\TokenController to CreateTokenController (#1451)
• Replace gulp with webpack and npm scripts for JS compilation (#1367)
• Rename database columns and JSON-API attributes (#1344)
• Refactor frontend code (#1471, edaca31)
• Remove need for page reload if JS application will not boot (#1471)
• Split permission for editing and deleting posts (#1466)
• Upgrade to TextFormatter 1.2 (#1457)
• Require PHP 7.1 (0278d52)
• Rename extension bootstrap.php to extend.php (#1556)
• Use default system font instead of Open Sans (07298e1)
• Change composer submit button icon to paper plane (bf3934d)
• New heading styles in posts (6fadc0b)

Removed

• Remove user bio feature (#1214)
• Remove FastClick (a8826dc)
• Remove server-side JavaScript minification, because it is done by Webpack (#1471)
• Remove the "debug" button from request error alerts (64686ef)
• Remove fileinfo dependency (105dd09)

Fixed

• Fix dropdown menu icon width (7ec9281)
• Fix user online indicator spacing (57f828b)
• Remove faulty default value for forum description (a2e0dae)
• Fix scrubber icon alignment (287085d)
• Don't hardcode admin URL (c037658)
• Update zend-diactoros to v1.6 to fix Content-Length problems (1e8399c)
• Security: Remove execute permissions from .php/.less files (#1338)
• Fix post contentHtml sometimes breaking script par...

v0.1.0-beta.7.2

Security

• Fix leak of private information when updating users. (more details)

v0.1.0-beta.7.1

Security

• Fixed a vulnerability that allows an attacker to bypass the email verification step during registration. (@clarkwinkelmann) (more details)

v0.1.0-beta.7

Added

• Add "remember me" checkbox in login from.
• Update notification count when discussion list refresh button is clicked. (@datitisev)
• Add event to allow custom user password validation.
• Support module prefixing of locale resources.
• Allow accessing the session via the actor.
• Add group gambit to support search user by group name. (@liji)
• Ability to manually activate users. (@renyuneyun)
• Add dir and lang attribute in app.blade.php. (@datitisev)
• Prevent crawlers from indexing nojs pages.
• Add option to hide the language selector. (@datitisev)
• Add link() and setCanonicalUrl() methods to the WebAppView.
• Add viewUserList permission. (@datitisev)
• Allow JSON config to be used for command-line installation. (@dav-is)
• Add API for extensions to mark discussions and posts as private. (@luceos)
• Improve password reset validation/error handling.
• Added a migration helper for adding default permissions.
• Turn Rename Discussion dialog into a modal. (@datitisev)

Fixed

• Prevent deletion of default locale. (@dav-is)
• Prevent overwriting of user attributes on authenticated registration. (@dav-is)
• Prevent notice if bootstrapping app in command line environment.
• Make Add Extension modal's title translatable. (@milescellaro)
• Fix asset path when unpublishing. (@clarkwinkelmann)
• Update affix sidebars when window is resized.
• Fix login remember in MS EDGE.
• Prevent reverting editable user bio on click.
• Fix API sorting of users by post count.
• Support PNG avatars with transparent backgrounds and fix EXIF rotation. (@oanhnn, @Zeokat)
• Fix /api/posts returning 500. (@datitisev)
• Make extension event attributes public.
• Prevent admins from demoting themselves through the API. (@datitisev)
• Fix incorrect migration notes for extensions without any migrations.

Changed

• Upgrade s9e\TextFormatter to 0.8.1. (@JoshyPHP)
• Upgrade zendframework/zend-stratigility to 1.3.
• Update minimum required PHP version to 5.6.
• Add specific error message for username validation.
• Remove fa-fw class from all icons. Manually apply the fa-fw class or other styles if needed.
• Simplify global back button behaviour and appearance.

Also see the release notes for: approval flags lock mentions sticky suspend tags

v0.1.0-beta.6

Added

• Allow separation of public and base directories. (@bmalex88)
• Introduce superficial permission dependency tree to make UI more intuitive.
• Add specific error message when an email address is not found in forgot password modal. (@datitisev)
• Pull in FontAwesome as a Composer dependency, and update to 4.6.
• Add ability to view the IP address for a post in its meta dropdown. (@dav-is)
• Show an upload icon instead of a user's default avatar on their own profile. (@datitisev)
• Add admin pane to configure SMTP settings. (@datitisev)
• Add ability to upload forum logo and favicon.
• Add ability to add custom HTML above the Flarum header.
• Log exceptions in error handler middleware.
• Add CLI installer option to write the config file to a different path.
• Allow extensions to add default model attributes.
• Add Server extend API to allow skeleton to customise the Application instance.
• Automatically support basic HTML tags in translations.
• Add cache:clear CLI command.

Changed

• Updated s9e\TextFormatter to 0.5.0. (@JoshyPHP)
• Improve inline code styling. (@datitisev)
• Use group ID instead of name in generated class names.
• Scroll to reply preview immediately when opening composer.
• Change post edited icon into text. (@datitisev)
• Clean up discussion renamed posts to only show the new title.
• Extract list keyboard navigation code from search into a reusable class.
• Improve text contrast, especially in dark mode.
• Change permission logic priorities; change policy catch-all method from before to after.
• Simplify deleted post toggle CSS.
• Refactor web app bootstrapping code.

Deprecated

• Deprecated ConfigureClientView event; use ConfigureWebApp instead.

Removed

• Removed AbstractPolicy@before method; use after instead.
• Removed broken extension generator CLI command.

Fixed

• Prevent scrubber post count from exceeding maximum value. (@augiwan)
• Validate password when resetting. (@poush)
• Only check for reply permission for actual replies.
• Fix post controls not being clickable in some circumstances.
• Don't show username/email fields when editing own account.
• Prevent images from loading when generating excerpt post content. (@dav-is)
• Fix avatar upload on Windows servers. (@KazeFlame)
• Prevent humanTime helper from generating future times.
• Fix settings not automatically showing when an extension is enabled.
• Fix post header items sometimes getting out of order.
• Remove temporary file after avatar upload failure.
• Make search dropdown filtering case-insensitive.
• Automatically focus on composer textarea when tapped on iOS.
• Prevent page zoom on input focus in iOS 10.

Also see the 0.1.0-beta.6 release notes for: akismet approval auth-facebook auth-github auth-twitter bbcode emoji english flags likes lock markdown mentions pusher sticky subscriptions suspend tags