Apostrophe 3.28.1: Fixes, new security options, and some docs

[BoDonkey]

Hola Apostrophe Universe,

This release brings several fixes to the Apostrophe core and several modules. Shout out to open-source community member Kedar Chandrayan for submitting one of the fixes. Also in this release are new modules for the addition of hCaptcha as an option to screen your login page for malicious bots. Our push to update our documentation continues, along with a request to the community to give us feedback.

Moving forward, our next release should be a big love fest for editors! Our expanded widget preview menu is nearly finished. This will significantly enhance the editor experience by allowing the selection of area widgets from a graphical menu. This will be paired with widget placeholders, which will give a preview of what the widget will look like on the page before having to add content.

Thanks for reading and helping us keep this vibrant community moving forward!

 

Apostrophe 3.28.1

Fixes

• AposInputBoolean can now be required and have the value false.
• Schema fields containing boolean filters can now list both yes and no choices according to available values in the database.
• Fix attachment getHeight() and getWidth() template helpers by changing the assignment of the attachment._crop property.
• Change assignment of attachment._focalPoint for consistency.

 

Enterprise modules

@apostrophecms-pro/advanced-permission 1.1.0

Note: this module allows admins much greater power in creating and assigning permissions to custom groups, but this requires license upgrade. Contact us learn more.

Adds

• Complete documentation, with screenshots.
• Restore @apostrophecms/user pieces' role field and stop migrating it to originalRole.
  This prevents issues during deployment if some servers are slow to transition to the new version of the code.

 

Apostrophe 3.x modules

@apostrophecms/login-hcaptcha 1.0.0

This module causes the login page to always display an hCaptcha prompt, requiring the user to prove they are human before logging in.

Adds

• Initial release

 

@apostrophecms/scheduled-publishing 1.0.3

This module allows you to schedule publishing of your pieces (which includes pages) on specific dates.

Fixes

• Add missing permission.type in schema fields. @apostrophecms/scheduled-publising fields were missing on all pieces and pages when the module was used with @apostrophecms-pro/advanced-permission enabled.

 

Apostrophe 2.x modules

apostrophe-login-hcaptcha 1.0.0

This module causes the login page to always display an hCaptcha prompt, requiring the user to prove they are human before logging in.

Adds

• Initial release

 

apostrophe-pieces-import 2.3.1

This module adds an optional import feature to all apostrophe-pieces in an Apostrophe project.

Fixes

• Fix a denial-of-service vulnerability by bumping xlsx package to its latest version.

 

apostrophe-tiptap-rich-text-widgets 0.3.9

Fixes

• Fix a denial-of-service vulnerability by bumping xlsx package to its latest version.

 

Utilities

@apostrophecms/cli 3.1.2

The Apostrophe CLI is a cross-platform starting point for creating and configuring ApostropheCMS projects, providing a simple boilerplate generator and wrapping other useful functions into an easy to use command line tool.

Fixes

• Fixes apostrophe 3 paths in console output.
• Fixed typo in CLI help to clarify install options.

 

sanitize-html 2.7.2

sanitize-html provides a simple HTML sanitizer with a clear API.

Fixes

• Closing tags must agree with opening tags. This fixes issue #549, in which closing tags not associated with any permitted opening tag could be passed through. No known exploit exists, but it's better not to permit this. Thanks to
  Kedar Chandrayan for the report and the fix.