- Upgrade to v1.0 resets the "view" permission on all tags (#2941)
- Removed [forum] prefix from Request Password and Email Confirmation emails (a4a81c0)
- Adopt huntr.dev for handling our security vulnerability reports (#2918)
- Maintenance handler can now be replaced through the service container (ioc) (4acff91)
- The colors on the auto generated avatars are now based on the Display Name of the user (#2873)
- Avatar in notifications list are incorrectly aligned (#2906)
- FilesystemManager is not compatible with upstream Laravel implementation (#2936)
- Critical XSS vulnerability
- Installation fails on environments without proc_* functions enabled or mysql client binary (#2890)
- Task scheduling
load()method onApiControllerextender to allow eager loading of relations (#2724)- Installation supports enabling a set of extensions (#2757)
- RequestUtil helper class added to abstract the logic of the actor, session, locale and route name from the request (#2449)
- Code scanning action with GitHub CodeQL (#2744)
- The Formatter extender now has an
unparsemethod to allow extensions to hook into the unparsing of content (#2780) - A Filesystem extender allows direct modification and addition of filesystem disks (#2732)
- A slug driver based on the User ID was introduced (#2787)
- An extensible users list was added to the admin area (#2626)
- Headers hardened by adding Referer Policy, Xss Protection and Content type (#2721)
- Tooltip component (#2843)
- Moved
insertTextandstyleSelectedTextfrom markdown to core (#2826) - A squashed database schema install dump to speed up new installs (#2842)
- Pagination in the canonical URL for discussion pages (#2853)
- PaginatedListState for the DiscussionList and to support paginated lists in the frontend (#2781)
- Introduce the new webpack config and flarum-tsconfig for typehinting (#2856)
- Now tracking bundle sizes to keep an eye on web performance (#2695)
- Eager load relations on ListPostsController to improve performance (#2717)
- Replace classList with clsx library (#2760)
- Replaced the javascript based loading spinner with a pure CSS version (#2764)
- Route names now have to be unique (#2771)
- ActorReference is now available from the error handler middleware (#2410)
- The
migrationstable now has an Auto Increment ID (#2794) - Assets and avatars are now managed using Laravel filesystem disks (#2729)
- Extracted asset publishing (
php flarum assets:publish) from migrating (#2731) - Assets were compiled in the format
<asset>-<revision>.<js|css>, this is now<asset>.<js|css>?v=<revision>(#2805) - The powered by header can now be configured in the config under
headers(#2777) - Switched to the ICU format for translation files (#2759)
- Allow extend and override to apply to multiple methods in one call
- Notifications dropdown and list refactored (#2822)
- Updated validation locale strings based on Laravel 8 changes (#2829)
- Caching of permissions is now taken care of centrally, reducing code duplication (#2832)
- Replaced lodash-es by throttle-debounce to reduce bundle size (#2827)
- Internal API requests are now executed through middleware (#2783)
- Permission changes:
viewDiscussionstoviewForumandviewUserListtosearchUsers(#2854)
- Javascript is shown when editing the title of a discussion (#2693)
- Canonical url logic uses request object which causes wrong URL's when a different page is default (#2674)
- Dropdown toggle has no aria label (#2668)
- Nav drawer is focusable when off-screen on small viewports (#2666)
- Search input has no aria-label and no role (#2669)
- Code duplication exists between SendConfirmationEmailController and AccountActivationMailer (#2493)
- When setting tags as homepage default, visiting a tag will show all posts (#2754)
- Locale cache is cleared twice when cache clearing (#2738)
- When cache clearing fails an exception can be thrown due to a partial flush (#2756)
- Database migrations rely on MyISAM even though the eventual migrated database does not use it (#2442)
- Discussion search result is not sorted by relevance by default (#2773)
- Extensions cannot register custom searcher classes (#2755)
- Searching discussion titles is not possible (#2698)
- Boot errors due to failing extenders throw a generic error (#2740)
- Required argument to
Component.$()isn't really required (#2844) - Component does not allows use of all mithril lifecycle functionality (#2847)
- The
make:migrationcommand has been removed (#2686) - Background fade on the header has been removed (#2685)
- Remove vendor prefixes in less (#2766)
- The session is no longer available from the User class (#2790)
- The
mailkey is removed from the laravel related config (#2796)
- Allow event subscribers (#2535)
- Allow Settings extender to have a default value (#2495)
- Allow hooking into the sending of notifications before being send (#2533)
- PHP 8 support (#2507)
- Search extender (#2483)
- User badges to post preview (#2555)
- Optional extension dependencies allow a booting order (#2579)
- Auth extender (#2176)
X-Powered-Byheader added to allow indexers easier data aggregation of Flarum adoption (#2618)
- Run integration tests in transaction (#2304)
- Allow policies to return a boolean for simplified allow/deny (#2534)
- Converted highlight helper to typescript (#2532)
- Add accessibility attributes to Mark as Read button (#2564)
- Dismiss errors on change email modal upon a new request (00913d5)
- Disabled extensions now are marked with a red circle instead of a red dot (#2562)
- Extension dependency errors now show the extension title instead of the ID (#2563)
- Change
mutatemethod on ApiSerializer extender toattributes(#2578) - Moved locale files to the core from the language pack (#2408)
- AdminPage extensibility and generic improvements (#2593)
- Remove entry of authors, link to https://flarum.org/team (#2625)
- Search and filtering are split (#2454)
- Move IP identification into a middleware (#2624)
- Editor Driver abstraction introduced (#2594)
- Allow overriding routes (#2577)
- Split user edit permissions into permissions for editing of user credentials, username, groups and suspending (#2620)
- Reduced number of admin extension categories (#2604)
- Move search related classes to a dedicated Query namespace (#2645)
- Rewrite common helpers into typescript (#2541)
TextEditoris moved to the common namespace for use in the admin frontend (#2649)- Update Laravel/Illuminate components to 8 (#2576)
- Eager load relations in discussion listing to improve performance (#2639)
- Adopt flarum/testing package (#2545)
- Replace
usergambit withauthorgambit (612a57c) - Posts page of on user profile loads posts using username instead of id (30017ee)
- Transform css breaks iOS scroll functionality (#2527)
- Composer header is hidden on mobile devices (#2279)
- Cannot delete a post or discussion of a deleted user (#2521)
- DiscussionListPane jumps around not keeping the scroll position (#2402)
- Infinite scroll on notifications dropdown broken (#2524)
- The show language selector switch remains toggled on (9347b12)
- Model Visibility extender throws exception on extensions that aren't installed or enabled (#2580)
- Extensions are marked as enabled when enabling fails to unmet extension dependencies (#2558)
- Routes to admin extension pages without a valid ID break the admin page (#2584)
- Disabled fieldset use an incorrect CSS property
disallowed(#2585) - Scrolling to a post that is already loaded the Load More button shows and does not trigger (#2388)
- Opening discussions on some mobile devices require a double tap (#2607)
- iOS devices show erratic behavior in the post stream while updating (#2548)
- Small mobile screens partially hides the composer when the keyboard is open (#2631)
- Clearing cache does not clear the template cache in storage/views (#2648)
- Boot errors show critical information (#2633)
- List user endpoint discloses last online even if user choose against it (#2634)
- Group gambit disclosed hidden groups (#2657)
- Search results on small windows not fully visible (#2650)
- Composer goes off screen on Safari when starting to type (#2660)
- A search that has no results shows the search results dropdown (b88a7cb)
- The composer modal moves around when typing on Safari (a64c398)
- Deprecated CSRF wildcard path match
- Deprecated policy and visibility scoping events
- Deprecated post types event
- Deprecated validation events
- Deprecated notification events
- Deprecated floodgate
- Deprecated user preferences event
- Deprecated formatting events
- Deprecated api events
- Deprecated bootstrap.php support
- PHP 7.2 support (#2507)
- Bidi attribute in the rendered HTML (#2602)
AccessToken::find, useAccessToken::findValidinstead (#2651)
GetModelIsPrivateevent (#2587)CheckingPasswordevent (#2176)event()helper (#2608)AccessToken::generateargument$lifetime(#2651)Rememberer::rememberargument$tokenshould receive an instance ofRememberAccessTokenwithAccessTokenbeing deprecated (#2651)Rememberer::rememberUser(#2651)SessionAuthenticator::logInargument$userId, should be replaced withAccessToken(#2651)TextEditorhas been moved tocommon(#2649)UserFilter(91e8b56)
- Slug drivers support (#2456).
- Notification type extender (#2424).
- Validation extender (#2102).
- Post extender (#2101).
- Notification channel extender (#2432).
- Service provider extender (#2437).
- API serializer extender (#2438).
- User preferences extender (#2463).
- Settings extender (#2452).
- ApiController extender (#2451).
- Model visibility extender (#2460).
- Policy extender (#2461).
- Time helpers converted to Typescript (#2391).
- Improved the formatter extender (#2098).
- Improve wording on installer when facing file permission issues (#2435).
- Background color of checkbox toggles improved for better usability (#2443).
- Route resolving refactored (#2425).
- Administration panel UX refactored (#2409).
- Floodgate moved to middleware and extender added (#2170).
- DRY up image uploading logic (#2477).
- Process isolation on testing (https://github.com/flarum/core/commit/984f751c718c89501cc09857bc271efa2c7eea8c).
- Forum and admin javascript exports namespaced (#2488).
- Web updater does not take into account subfolder installations (#2426).
- Callables handling in extenders failed (#2423).
- Scrolling on mobile from PostSteam changes didn't work correctly (#2385).
- Side pane covers part of the discussion page due to
app.discussionsbeing empty (https://github.com/flarum/core/commit/102e76b084bf47fdfb4c73f95e1fbb322537f7aa). - Change email modal keeps showing the previous error message even on success (#2467).
- Comment count not updated when discussions are deleted (#2472).
goToIndexin PostStream does not trigger an xhr to retrieve new data (https://github.com/flarum/core/commit/09e2736cbcc267594b660beabbd001d9030f9880).- On refresh the post number is reduced by one (#2476).
- Queue worker would instantiate a new Queue factory, not the bound one (#2481).
- Header accidentally has a border bottom (#2489).
- Namespace mentioned in docblock is incorrect (#2494).
- Scrolling inside longer discussions (especially Firefox) skips posts (https://github.com/flarum/core/commit/210a6b3e253d7917bd1eacd3ed8d2f95073ae99d).
- Uploading avatars that are jpg/jpeg fails with a validation error (#2497).
- MomentJS alias (#2428).
- Deprecated user events
GetDisplayNameandPrepareUserGroups(#2428). - AssertPermissionTrait (#2428).
- Path related helpers and methods in Application (#2428).
- Backward compatibility layers from the frontend rewrite (#2428).
CheckingForFlooding(https://github.com/flarum/core/commit/8e25bcb68f86cc992c46dfa70368419fe9f936ac).
- SuperTextarea component is not exported.
- Symfony dependencies do not match those depended on by Laravel (#2407).
- Scripts from textformatter aren't executed (#2415)
- Sub path installations have no page title.
- Losing focus of Composer area when coming from fullscreen.
- Check dependencies before enabling / disabling extensions (#2188)
- Set up temporary infrastructure for TypeScript in core (#2206)
- Better UI for request error modals (#1929)
- Display name extender, tests, frontend UI (#2174)
- Scroll to post or show alert when editing a post from another page (#2108)
- Feature to test email config by sending an email to the current user (#2023)
- Allow searching users by group ID using the group gambit (#2192)
- Use
liveHumanTimeshelper to update times without reload/rerender (#2208) - View extender, tests (#2134)
- User extender to replace
PrepareUserGroups(#2110) - Increase extensibility of skeleton PHP (#2308, #2318)
- Pass a translator instance to
getEmailSubjectinMailableInterface(#2244) - Force LF line endings on windows (#2321)
- Add a
Linkcomponent for internal and external links (#2315) ConfirmDocumentUnloadcomponent- Error handler middleware can now be manipulated by the middleware extender
- Update to Mithril 2 (#2255)
- Stop storing component instances (#1821, #2144)
- Update to Laravel 6.x (#2055)
Flarum\Foundation\Applicationno longer implementsIlluminate\Contracts\Foundation\Application(#2142)Flarum\Foundation\Applicationno longer inheritsIlluminate\Container\Container(#2142)pathshave been split off fromFlarum\Foundation\ApplicationintoFlarum\Foundation\Paths, which can be injected where needed (#2142)Flarum\User\Gateno longer implementsIlluminate\Contracts\Auth\Access\Gate(#2181)- Improve Group Gambit performance (#2192)
- Switch to
dayjsfrommomentjs(#2219) - Don't create a
biocolumn inusersfor new installations (#2215) - Start converting core JS to TypeScript (#2207)
- Make Carbon an explicit dependency (https://github.com/flarum/core/commit/3b39c212e0fef7522e7d541a9214ff3817138d5d)
- Use Symfony's translator interface instead of Laravel's (#2243)
- Use newer versions of fontawesome (#2274)
- Use URL generator instead of
app()->url()where possible (#2302) - Move config from
config.phpinto an injectable helper class (#2271) - Use reserved TLD for bogus and test urls (https://github.com/flarum/core/commit/6860b24b70bd04544dde90e537ce021a5fc5a689)
- Replace
m.streamwithflarum/utils/Stream(#2316) - Replace
affixedSidebarutil withAffixedSidebarcomponent - Replace
m.withAttrwithflarum/utils/withAttr - Scroll Listener is now passive, performance improvement (#2387)
generate:migrationcommand for extensions (https://github.com/flarum/core/commit/443949f7b9d7558dbc1e0994cb898cbac59bec87)- Container config for
UninstalledSite(https://github.com/flarum/core/commit/ecdce44d555dd36a365fd472b2916e677ef173cf) - Tooltip glitch on page chang (#2118)
- Using multiple extenders in tests (https://github.com/flarum/core/commit/c4f4f218bf4b175a30880b807f9ccb1a37a25330)
- Header glitch when opening modals (#2131)
- Ensure
SameSiteis explicitly set for cookies (#2159) - Ensure
Flarum\User\Event\AvatarChangedevent is properly dispatched (#2197) - Show correct error message on wrong password when changing email (#2171)
- Discussion unreadCount could be higher than commentCount if posts deleted (#2195)
- Don't show page title on the default route (#2047)
- Add page title to
All Discussionspage when it isn't the default route (#2047) - Accept
'0'asfalseforflarum/components/Checkbox(#2210) - Fix PostStreamScrubber background (#2222)
- Test port on BaseUrl tests (#2226)
UrlGeneratorcan now generate urls with optional parameters (#2246)- Allow
lessto be compiled independently of Flarum (#2252) - Use correct number abbreviation (#2261)
- Ensure avatar html uses alt tags for accessibility (#2269)
- Escape regex when searching (#2273)
- Remove unneeded semicolons inserted during JS compilation (#2280)
- Don't require a username/password for SMTP (#2287)
- Allow uppercase entries for SMTP encryption validation (#2289)
- Ensure that the right number of posts is returned from list posts API (#2291)
- Fix a variety of PostStream bugs (#2160, #2160)
- Sliding discussion glitch on mobile (#2324)
- Sliding discussion button in wrong place (#2330, #2383)
- Sliding discussion glitch on mobile (#2381)
- Fix PostStream for posts with top margins, and scrubber position when scrolling below posts (#2369)
Flarum\Event\AbstractConfigureRoutesevent classFlarum\Event\ConfigureApiRoutesevent classFlarum\Event\ConfigureForumRoutesevent classFlarum\Console\Event\Configuringevent classFlarum\Event\ConfigureModelDatesevent classFlarum\Event\ConfigureLocalesevent classFlarum\Event\ConfigureModelDefaultAttributesevent classFlarum\Event\GetModelRelationshipevent classFlarum\User\Event\BioChangedevent classFlarum\Database\MigrationServiceProvidermoved intoFlarum\Database\DatabaseServiceProvider- Unused
admin/components/Widgetcomponent (admin/component/DashboardWidgetshould be used instead) - Mandrill mail driver (https://github.com/flarum/core/commit/bca833d3f1c34d45d95bf905902368a2753b8908)
Flarum\User\Event\GetDisplayNameevent class- Global path helpers,
Flarum\Foundation\Applicationpath methods (#2155) Flarum\User\AssertPermissionTrait(#2044)
- Console extender (#2057)
- CSRF extender (#2095)
- Event extender (#2097)
- Mail extender (#2012)
- Model extender (#2100)
- Posts by users that started a discussion now have the CSS class
.Post--by-start-user - PHPUnit 8 compatibility
- Composer 2 compatibility
- Permission groups can now be hidden (#2129)
- Confirmation popup when hiding or deleting posts (#2135)
- Updated less.php dependency version to 3.0
- Updated JS dependencies
- All notifications and other emails now processed through the queue, if enabled (#978, #1928, #1931, #2096)
- Simplified uploads, removing need to store intermediate files (#2117)
- Improved date handling for dates older than 1 year (#2034)
- Linting and automatic formatting for JS (#2099)
- Translation files from Language Packs are only loaded for extensions that are enabled (#2020)
- PHP extenders' properties are now
privateinstead ofprotected, intentionally making it harder to extend these classes (#1958) - Preparation for upgrading Laravel components to 5.8 and then 6.0 (#2055, #2117)
- Allowed permission checks based on model classes in addition to instances (#1977)
- Users can no longer restore discussions hidden by admins (#2037)
- Issues of the Modal not showing or auto hiding (#1504, #1813, #2080)
- Columnar layout on admin extensions page was broken in Firefox (#2029, #2111)
- Non-dismissible modals could still be dismissed using the ESC key (#1917)
- New discussions were added to the discussion list above unread sticky posts (#1751, #1868)
- New discussions not visible to users when using Pusher (#2076, #2077)
- Permission icons were aligned unevenly in admin permissions list (#2016, #2018)
- Notification bubble not inversed on mobile with colored header (#1983, #2109)
- Post stream scrubber clicks jumped back to first post (#1945)
- Loading state of Switch toggle component was hard to see (#2039, #1491)
Flarum\Extend\Middleware: The methodsinsertBefore()andinsertAfter()did not work as described (#2063, #2084)
- Support for PHP 7.1 (#2014)
- Zend compatibility bridge (#2010)
- SES mail support (#2011)
- Backward compatibility layer for
Flarum\Mail\DriverInterface, new methods from beta.12 are now required Flarum\Util\Strhelper classFlarum\Event\ConfigureMiddlewareevent
Flarum\Event\AbstractConfigureRoutesevent classFlarum\Event\ConfigureApiRoutesevent classFlarum\Event\ConfigureForumRoutesevent classFlarum\Event\ConfigureLocalesevent class
- Full support for PHP 7.4 (#1980)
- Mail settings: Configure region for the Mailgun driver (#1834, #1850)
- Mail settings: Alert admins about incomplete settings (#1763, #1921)
- New permission that allows users to post without throttling (#1255, #1938)
- Basic transliteration of discussion "slugs" / pretty URLs (#194, #1975)
- User profiles: Render basic content on server side (#1901)
- New extender for configuring middleware (#1919, #1952, #1957, #1971)
- New extender for configuring error handling (#1781, #1970)
- Automated tests for PHP extenders to guarantee their backwards compatibility
- Profile URLs for non-existing users properly return HTTP 404 (#1846, #1901)
- Confirmation email subject no longer contains the forum title (#1613)
- Improved error handling during Flarum's early boot phase (#1607)
- Updated deprecated "Zend" libraries to their new "Laminas" equivalents (#1963)
- Update page did not work when installed in subdirectories (#1947)
- Avatar upload did not work in IE11 / Edge (#1125, #1570)
- Translation fallback was ignored for client-rendered pages (#1774, #1961)
- The success alert when posting replies was invisible (#1976)
- Saving custom css in admin failed (#1946)
- Comments have an additional class
Post--by-actorwhen posted by the user (#1927)
- Improved support for URL identification during installation (#1861)
- KeyboardNavigatable now has a callback ability (#1922)
- Links are no longer opened with target
_blankbut in the same window (#859) - Links now have
nofollow ugcby default as theirrelattribute (#859, #1884) - Improved performance of the full text gambit when searching for users (#1877)
- The Queue implementation is now available under its Illuminate contract
- No error handling was possible in the console/cli (#1789)
- Enable scrollbars in log in modals so it fits for GitHub (#1716)
- Reduce log in modal for SSO so it fits for Facebook (#1727)
- Deleting discussions permanently did not delete its posts (#1909)
- Fixed the queue:restart command (#1932)
- Deleted posts were visible to all visitors (#1827)
- Old avatars weren't being deleted when replaced (#1918)
- The search performance regression was reverted (#1764)
- No profile background could be set for remote images (#445)
- Back button sends to home even though it could actually go back (#1942)
- Debug button no longer visible (#1687)
- Modals on smaller screens use the whole width of the page
- Initial queue support: Infrastructure for offloading long-running tasks (e.g. email sending) to background workers (#1773)
- Notifications can now be marked as read without visiting a discussion (#151)
- SEO: The discussion list now has a
rel="canonical"meta tag, preventing duplicate content (#1134, #1814) - The "Edit User" permission can now be edited in the UI (#1845)
- New status message and redirect after user deletion (#1750, #1777)
- Errors in Flarum's boot process are now presented with more detailed information (#1607)
- Better, more detailed and extensible error handling (#1641, #1843)
- Error pages in debug mode now return the same HTTP status codes as in production (#1648)
- Tweak HTTP status codes for authentication / authorization errors (#1854)
- Already-used links from account activation emails now show a better error message (#1337)
- Security vulnerabilities in dependencies
- Performance: High CPU usage when scrolling in a discussion (#1222)
- Special characters crashed the search (#1498)
- Missing declarations for language and text direction in HTML output (#1772)
- Private messages were counted in user post counts (#1695)
- Extensions could not change the forum's default page (#1819)
- API requests authenticated using access tokens needed to provide a CSRF token (#1828)
- Accessibility: Screenreaders did not read the "Back to discussion list" link (#1835)
- New
hasPermission()helper method forGroupobjects (9684fbc) - Expose supported mail drivers in IoC container (208bad3)
- More test for some API endpoints (1670590)
- The
Formatter\Renderingevent now receives the HTTP request instance as well (0ab9fac) - More and better validation in installer UIs
- Check and enforce minimum MariaDB (7ff9a90)
- Revert publication of assets when installation fails (ed9591c)
- Benefit from Laravel's database reconnection logic in long-running tasks (e0becd0)
- The "vendor path" (where Composer dependencies can be found) can now be configured (5e1680c)
- Performance: Actually cache translations on disk (0d16fac)
- Allow per-site extenders to override extension extenders (ba594de)
- Do not resolve objects from the IoC container (in service providers and extenders) until they are actually used
- Replace event subscribers (that resolve objects from the IoC container) with listeners (that resolve lazily)
- Use custom service provider for Mail component (ac5e26a)
- Update to Laravel 5.7, revert custom logic for building database index names
- Refactored installer, extracted Installation class and pipeline for reuse in CLI and web installers (790d5be)
- Use whitelist for enabling pre-installed extensions during installation (4585f03)
- Update minimum MySQL version (7ff9a90)
- Signing up via OAuth providers was broken (67f9375)
- Group badges were overlapping (16eb1fa)
- API: Endpoint for uninstalling extensions returned an error (c761802)
- Documentation links in installer were outdated (b58380e)
- Event posts where counted when aggregating user posts (671fdec)
- Admins could not reset user passwords (c67fb2d)
- Several down migrations were invalid
- Validation errors on reset password page resulted in HTTP 404 (4611abe)
is:unreadgambit generated an invalid query (e17bb0b)- Entire forum was breaking when the
custom_lesssetting was missing from the database (bf2c5a5) - Dropdown icon was not showing in user card when on user page (12fdfc9)
- Requests were missing the
original*attributes, which broke installations in subfolders (56fde28) - Special characters such as
%and_could return incorrect results (ee3640e) - FontAwesome component package changed paths in version 5.9.0 (5eb69e1)
- Some server environments had problems accessing the system-wide tmp path for storing JS file maps (54660eb)
- Content length of posts.content was not migrated to mediumText in 2017 (590b311)
- An error occurred when going to the previous route if there was no previous route found (985b87da)
php flarum install --defaults- this was meant to be used in our old development VM (44c9109)- Obsolete
idattributes in JSON-API responses (ecc3b5e and 7a44086)
- Fix live output in
migrate:resetcommand (f591585) - Fix search with database prefix (7705a2b)
- Fix invalid join time of admin user created by installer (57f73c9)
- Ensure InnoDB engine is used for all tables (fb6b51b, 6370f7e)
- Fix dropping foreign keys in
downmigrations (57d5846) - Fix discussion list scroll position not being maintained when hero is not visible (40dc6ac)
- Fix empty meta description tag (88e43cc)
- Remove empty attributes on
<html>tag (796b577)