Skip to content

Releases: getkirby/kirby

3.10.0.1

26 Feb 10:07
0a128e4
Compare
Choose a tag to compare

🚨 Security release

This release fixes several vulnerabilities that were all responsibly reported to us in February 2024:

Thanks to Natwara Archeepsamooth (@PlyNatwara) for responsibly reporting the identified issues.

Updated docs on the Markdown safe mode

During our investigation of the security reports, we noticed that the documentation on the Markdown safe mode was inaccurate and incomplete.

The Markdown safe mode protects Markdown and KirbyText content from cross-site scripting (XSS) attacks. We have already documented the risk of raw HTML, however there are also risks in the Markdown syntax itself (e.g. malicious javascript: links). These risks are also mitigated by the safe mode. So we strongly recommend this mode for all Kirby sites that might have potential attackers in the group of authenticated Panel users.

The documentation on the safe mode contained a wrong code example that used an invalid safeMode option instead of the correct safe option. This has now been corrected. If you already use the safe mode, please check your code.

➡️ Read more

3.9.8.1

26 Feb 10:07
d138680
Compare
Choose a tag to compare

🚨 Security release

This release fixes several vulnerabilities that were all responsibly reported to us in February 2024:

Thanks to Natwara Archeepsamooth (@PlyNatwara) for responsibly reporting the identified issues.

Updated docs on the Markdown safe mode

During our investigation of the security reports, we noticed that the documentation on the Markdown safe mode was inaccurate and incomplete.

The Markdown safe mode protects Markdown and KirbyText content from cross-site scripting (XSS) attacks. We have already documented the risk of raw HTML, however there are also risks in the Markdown syntax itself (e.g. malicious javascript: links). These risks are also mitigated by the safe mode. So we strongly recommend this mode for all Kirby sites that might have potential attackers in the group of authenticated Panel users.

The documentation on the safe mode contained a wrong code example that used an invalid safeMode option instead of the correct safe option. This has now been corrected. If you already use the safe mode, please check your code.

➡️ Read more

3.8.4.3

26 Feb 10:07
077d2d6
Compare
Choose a tag to compare

🚨 Security release

This release fixes several vulnerabilities that were all responsibly reported to us in February 2024:

Thanks to Natwara Archeepsamooth (@PlyNatwara) for responsibly reporting the identified issues.

Updated docs on the Markdown safe mode

During our investigation of the security reports, we noticed that the documentation on the Markdown safe mode was inaccurate and incomplete.

The Markdown safe mode protects Markdown and KirbyText content from cross-site scripting (XSS) attacks. We have already documented the risk of raw HTML, however there are also risks in the Markdown syntax itself (e.g. malicious javascript: links). These risks are also mitigated by the safe mode. So we strongly recommend this mode for all Kirby sites that might have potential attackers in the group of authenticated Panel users.

The documentation on the safe mode contained a wrong code example that used an invalid safeMode option instead of the correct safe option. This has now been corrected. If you already use the safe mode, please check your code.

➡️ Read more

3.7.5.4

26 Feb 10:06
ae19b02
Compare
Choose a tag to compare

🚨 Security release

This release fixes several vulnerabilities that were all responsibly reported to us in February 2024:

Thanks to Natwara Archeepsamooth (@PlyNatwara) for responsibly reporting the identified issues.

Updated docs on the Markdown safe mode

During our investigation of the security reports, we noticed that the documentation on the Markdown safe mode was inaccurate and incomplete.

The Markdown safe mode protects Markdown and KirbyText content from cross-site scripting (XSS) attacks. We have already documented the risk of raw HTML, however there are also risks in the Markdown syntax itself (e.g. malicious javascript: links). These risks are also mitigated by the safe mode. So we strongly recommend this mode for all Kirby sites that might have potential attackers in the group of authenticated Panel users.

The documentation on the safe mode contained a wrong code example that used an invalid safeMode option instead of the correct safe option. This has now been corrected. If you already use the safe mode, please check your code.

➡️ Read more

3.6.6.5

26 Feb 10:06
22c2137
Compare
Choose a tag to compare

🚨 Security release

This release fixes several vulnerabilities that were all responsibly reported to us in February 2024:

Thanks to Natwara Archeepsamooth (@PlyNatwara) for responsibly reporting the identified issues.

Updated docs on the Markdown safe mode

During our investigation of the security reports, we noticed that the documentation on the Markdown safe mode was inaccurate and incomplete.

The Markdown safe mode protects Markdown and KirbyText content from cross-site scripting (XSS) attacks. We have already documented the risk of raw HTML, however there are also risks in the Markdown syntax itself (e.g. malicious javascript: links). These risks are also mitigated by the safe mode. So we strongly recommend this mode for all Kirby sites that might have potential attackers in the group of authenticated Panel users.

The documentation on the safe mode contained a wrong code example that used an invalid safeMode option instead of the correct safe option. This has now been corrected. If you already use the safe mode, please check your code.

➡️ Read more

4.1.0

30 Jan 15:39
2965c31
Compare
Choose a tag to compare

🎉 Features

New page create dialog features

The page create dialog now allows to hide the title and/or slug field by defining a string template that will be used instead

create:
  title: "{{ page.location }} – {{ page.date.toDate('M Y') }}"
  slug: "{{ page.location.slug }}-{{ page.date.toDate('Y-m-d') }}"

Custom fields from the create dialog will be accessible through Kirby query starting with page. (in this example the fields location and date. If no custom fields are defined, the create dialog will be skipped and the page immediately created. #6154

Color field: query and API support for options

myColorField:
  type: color
  options:
    type: query
    query: kirby.option('my.colors')
// only values
return [
    'my' => [
        'colors' => [
            '#3e3e3e',
            '#aaa',
            '#ddd',
        ]
    ]
];

// values -> labels
return [
    'my' => [
        'colors' => [
            '#3e3e3e' => 'Color A' ,
            '#aaa'    => 'Color B',
            '#ddd'    => 'Color C',
        ]
    ]
];

New sharpen option for thumbnails

When resizing images, you can now sharpen them. This often enhances the image quality when downscaling images.

$page->image('my-image.jpg')->thumb([
    'width' => 300,
    'height' => 200,
    'sharpen' => true
]);

You can also pass an integer value to control the sharpening effect. Higher numbers create sharper images. The default is 50.

$page->image('my-image.jpg')->thumb([
    'width' => 300,
    'height' => 200,
    'sharpen' => 25
]);

Thank you very much to @dgsiegel for implementing this feature. #6164

Link Field Previews

The link field now has proper previews in structure and object fields #5262

Screenshot 2024-01-22 at 12 10 04

And more …

  • Stats section supports new icon option #6006
  • New A::implode() method that also handles nested arrays #6059

✨ Enhancements

  • Upgrade to Vite 5 #5984
  • Page and files section with table layout will now try to infer the column type from the blueprint of the first model when no type has been provided explicitly #6147
  • When a block fieldset doesn't set a name, the label is now used as fallback #6137
  • The search type can now be pre-defined when opening the search dialog #6158
panel.dialog.open({
    component: "k-search-dialog",
    props: {
        type: "pages"
    }
});
  • Extensive block examples in the lab #6160
  • Added support for emojis and other multi-byte characters in mysql database connections. Thanks to @degoya #6168
  • Improved lab examples with better source code view #6170

🐛 Bug fixes

  • Link field: fixed default type if url option not available #6145
  • Fixed renewal date formatting in the license dialog when using a custom date handler #6138
  • Fix Panel menu button centering #6051
  • Writer toolbar: fix when implicitly inline #6069
  • Support dimensions for avif images #6141
  • Table layout: columns marked as mobile: true are shown again in narrow viewports #6106
  • Respect custom allowed slug characters from Str class in slug field #6049
  • $store.content: fix consistent id pattern #6057
  • Structure field: clone row on duplicate #6073
  • field.isVisible(): fix if statement #6098
  • Many objects are serializable again #6072
  • Helpers::handleErrors() correctly restores the original error handler even if an exception is thrown in the action #6105
  • Fixed PHP warning for structure fields without subfields #6059
  • Fixed PHP warning for F::size() with non-existing file #6059
  • Fixed PHP warning for unserializing Session data #6059
  • Fixed PHP warning for V::message() with nested arrays #6059
  • Fix fallbacks in the Kirby/Api/Api and Kirby/Form/Form classes when no app object is loaded
  • The CLI detection also works for processes not attached to a terminal (e.g. externally called from another script)
  • Fix $store.content.id when deleting page #6111
  • Fix handling image: false in blueprint for Panel preview images #6020
  • Fixes overflow in narrow layout field columns when using a block with preview: fields #6128
  • Blocks: fixed disabled field preview #5818
  • Language argument now gets passed reliably to hooks from dialogs/areas #6117
  • Improve link kirbytag behavior when uuid point to non-existing page #6083
  • Files section: fixed NaN value after sorting files #6067
  • Page create dialog: custom fields in dialogs are prefilled with default values #6137
  • Page create dialog: no error is thrown when directly publishing page with required fields that have a default value #6119
  • Fixed Panel column block gap #5935
  • Consistent disabled state and styling for all block types #5100
  • It is possible again to use the field names field, options, parent, siblings and params inside structure fields #6181
  • $field->toStructure()->field() now returns a copy of the structure field object as intended #6181
  • file KirbyTag that references a non-existing file does not throw an exception anymore, when not text attribute passed #6177
  • New text and html props for the k-tag component #5834
  • New cancel-small icon version #5834
  • New $helper.link #5834
  • Upload of the identical file should not change the UUID #5730
  • Add missing link field id #6169
  • RangeInput: fixed tooltip max-width #6189
  • Link field: no dropdown is shown if only one type option is active #6186
  • Link field: no dropdown icon is shown when field is disabled
  • Sets the default border radius for k-bubble to rounded-sm to be consistent with k-tag. #6188
  • Cropping a jpg with focus point no longer results in wrong aspect ratio #5855
  • Fix type hint on Panel::area() #6217
  • Structure field: Drawer is now closed correctly again when an entry is deleted #6209
  • Structure field: row height fix on mobile #6203

♻️ Refactored

  • New this.$helper.array. functions: fromObjectsortBysplitwrap #6140
  • The license file included in the Kirby repo is now formatted correctly on GitHub #6060
  • PHPUnit test provider methods are now static
    • FileActionsTest: static provider methods #6092
  • Prepare for Vue 3
    • Replace instanceof Vue #6100
    • Added emits definition to all Vue components #6110
    • Fix counter.js for stricter Vue 3 checks #6108
    • Removed this._uuid usage #6097
  • Remove input theme field mentions #6102
  • Use more PHP arrow functions #6125
  • DRY tests with Kirby\TestCase #6124
  • Blocks and layouts reuse props across components #5818
  • Color field: options sh...
Read more

4.1.0-rc.3

26 Jan 14:11
575f081
Compare
Choose a tag to compare
4.1.0-rc.3 Pre-release
Pre-release

What's changed since 4.1.0-rc.2

  • Refactor the link field input event handling to improve link detection #6198
  • ColorField: proper HTML/XSS handling #6195
  • ImageMagick: remove optimization that breaks focus #6205

Full Changelog: 4.1.0-rc.2...4.1.0-rc.3

4.1.0-rc.2

24 Jan 14:56
f980bd9
Compare
Choose a tag to compare
4.1.0-rc.2 Pre-release
Pre-release

What's changed since 4.1.0-rc.1

  • LinkField: fix dropdown for only option #6192
  • Fix link field console error #6197
  • Fix border radius inconsistency #6196
  • Fix structure field sort method #6200
  • RangeInput: fix tooltip max width #6189

4.1.0-rc.1

23 Jan 12:09
4e2f0fe
Compare
Choose a tag to compare
4.1.0-rc.1 Pre-release
Pre-release

🎉 Features

New page create dialog features

The page create dialog now allows to hide the title and/or slug field by defining a string template that will be used instead

create:
  title: "{{ page.location }} – {{ page.date.toDate('M Y') }}"
  slug: "{{ page.location.slug }}-{{ page.date.toDate('Y-m-d') }}"

Custom fields from the create dialog will be accessible through Kirby query starting with page. (in this example the fields location and date. If no custom fields are defined, the create dialog will be skipped and the page immediately created. #6154

Color field: query and API support for options

myColorField:
  type: color
  options:
    type: query
    query: kirby.option('my.colors')
// only values
return [
    'my' => [
        'colors' => [
            '#3e3e3e',
            '#aaa',
            '#ddd',
        ]
    ]
];

// values -> labels
return [
    'my' => [
        'colors' => [
            '#3e3e3e' => 'Color A' ,
            '#aaa'    => 'Color B',
            '#ddd'    => 'Color C',
        ]
    ]
];

New sharpen option for thumbnails

When resizing images, you can now sharpen them. This often enhances the image quality when downscaling images.

$page->image('my-image.jpg')->thumb([
    'width' => 300,
    'height' => 200,
    'sharpen' => true
]);

You can also pass an integer value to control the sharpening effect. Higher numbers create sharper images. The default is 50.

$page->image('my-image.jpg')->thumb([
    'width' => 300,
    'height' => 200,
    'sharpen' => 25
]);

Thank you very much to @dgsiegel for implementing this feature. #6164

Link Field Previews

The link field now has proper previews in structure and object fields #5262

Screenshot 2024-01-22 at 12 10 04

And more …

  • Stats section supports new icon option #6006
  • New A::implode() method that also handles nested arrays #6059

✨ Enhancements

  • Upgrade to Vite 5 #5984
  • Page and files section with table layout will now try to infer the column type from the blueprint of the first model when no type has been provided explicitly #6147
  • When a block fieldset doesn't set a name, the label is now used as fallback #6137
  • The search type can now be pre-defined when opening the search dialog #6158
panel.dialog.open({
    component: "k-search-dialog",
    props: {
        type: "pages"
    }
});
  • Extensive block examples in the lab #6160
  • Added support for emojis and other multi-byte characters in mysql database connections. Thanks to @degoya #6168
  • Improved lab examples with better source code view #6170

🐛 Bug fixes

  • Link field: fixed default type if url option not available #6145
  • Fixed renewal date formatting in the license dialog when using a custom date handler #6138
  • Fix Panel menu button centering #6051
  • Writer toolbar: fix when implicitly inline #6069
  • Support dimensions for avif images #6141
  • Table layout: columns marked as mobile: true are shown again in narrow viewports #6106
  • Respect custom allowed slug characters from Str class in slug field #6049
  • $store.content: fix consistent id pattern #6057
  • Structure field: clone row on duplicate #6073
  • field.isVisible(): fix if statement #6098
  • Many objects are serializable again #6072
  • Helpers::handleErrors() correctly restores the original error handler even if an exception is thrown in the action #6105
  • Fixed PHP warning for structure fields without subfields #6059
  • Fixed PHP warning for F::size() with non-existing file #6059
  • Fixed PHP warning for unserializing Session data #6059
  • Fixed PHP warning for V::message() with nested arrays #6059
  • Fix fallbacks in the Kirby/Api/Api and Kirby/Form/Form classes when no app object is loaded
  • The CLI detection also works for processes not attached to a terminal (e.g. externally called from another script)
  • Fix $store.content.id when deleting page #6111
  • Fix handling image: false in blueprint for Panel preview images #6020
  • Fixes overflow in narrow layout field columns when using a block with preview: fields #6128
  • Blocks: fixed disabled field preview #5818
  • Language argument now gets passed reliably to hooks from dialogs/areas #6117
  • Improve link kirbytag behavior when uuid point to non-existing page #6083
  • Files section: fixed NaN value after sorting files #6067
  • Page create dialog: custom fields in dialogs are prefilled with default values #6137
  • Page create dialog: no error is thrown when directly publishing page with required fields that have a default value #6119
  • Fixed Panel column block gap #5935
  • Consistent disabled state and styling for all block types #5100
  • It is possible again to use the field names field, options, parent, siblings and params inside structure fields #6181
  • $field->toStructure()->field() now returns a copy of the structure field object as intended #6181
  • file KirbyTag that references a non-existing file does not throw an exception anymore, when not text attribute passed #6177
  • New text and html props for the k-tag component #5834
  • New cancel-small icon version #5834
  • New $helper.link #5834
  • Upload of the identical file should not change the UUID #5730
  • Add missing link field id #6169

♻️ Refactored

  • New this.$helper.array. functions: fromObjectsortBysplitwrap #6140
  • The license file included in the Kirby repo is now formatted correctly on GitHub #6060
  • PHPUnit test provider methods are now static
    • FileActionsTest: static provider methods #6092
  • Prepare for Vue 3
    • Replace instanceof Vue #6100
    • Added emits definition to all Vue components #6110
    • Fix counter.js for stricter Vue 3 checks #6108
    • Removed this._uuid usage #6097
  • Remove input theme field mentions #6102
  • Use more PHP arrow functions #6125
  • DRY tests with Kirby\TestCase #6124
  • Blocks and layouts reuse props across components #5818
  • Color field: options should be written as $value => $name, e.g. #6152
options:
  "#F8B195": "Sunny rays"
  "#F67280": "First-love blush"
  "#C06C84": "Cherry blossom"
  "#6C5B7B": "Morning gloom"
  "#355C7D": "Midnight rain"
  • Improved performance due to caching blueprint section objects #6175

☠️ Deprecated

  • Color field: writing options as $name => value has been deprecated #6152
  • $helper.object.clone() has been deprecated. Use the native structuredClone function instead. #6086
  • Array.fromObject() has been deprecated. Use this.$helper.array.fromObject() instead.
  • Array.wrap() has been deprecated. Use this.$helper.array.wrap() instead.
  • `myArray.sortBy...
Read more

4.0.3

10 Jan 10:32
a537a4d
Compare
Choose a tag to compare

✨ Enhancements

  • DDEV development environments are now treated as local and allow setting up the Panel by default #6091
  • Kirby 3 licenses can now activated from the Kirby 4 Panel to allow direct renewal #6089
  • Updated translations (de, it, pt_BR, pt_PT, tr)

🐛 Bug fixes

  • No more deprecation warning when passing empty string to Url::short() #6126

🧹 Housekeeping

  • Replace remote testing domain with example.com