HĂ©bergement Concrete CMS

Concrete CMS

concrete5 est un systĂšme de gestion de contenu open source et de construction de site Web.

Installation en 1 clic Concrete CMS

Installation en 1 clic

Mise Ă  jour facile Concrete CMS

Mise Ă  jour facile

Sauvegarde et restauration Concrete CMS

Sauvegarde et restauration


SystĂšmes de gestion de contenu
Version courante
DerniĂšre mise Ă  jour
15 November 2021
Français + 25 autres

Configuration requise

Taille de l'installation
200.00 Mo
Base de données
open source
Vue d'ensemble
Quoi de neuf
8.5.7 (version de sécurité)
15 Novembre 2021 - 200MBBug Fixes
  • Fixed issue where remote updater would read the entire update into memory, leading to potential out of memory errors when updating the core.
  • Fixed error when setting global calendar permissions in the Dashboard.
  • Fixed issue where reset users weren’t properly notified when logging in that their passwords needed to be changed (thanks hissy)
  • Fixed: reCAPTCHA timout after 2min (thanks JeffPaetkau)
  • Fixed: fatal error on upgrade french version 8.5.5 to 8.5.6, "2 plural forms instead of 3" (thanks mlocati)
  • Fixed error with rich text conversation editor not working (Thanks hissy)
  • Fixed issue with URLs being case sensitive in some internationalization cases (thanks dimger)
  • Fixes to topic attribute search index content (thanks hissy)
  • Maintenance mode now returns the 503 HTTP error code when running (thanks hissy)
  • Fix Call to a member function isDefault() on null" error on the site upgraded from 5.7 when using the migration tool (thanks hissy)
  • Fixed issue where rich text attribute type wasn’t showing a full toolbar (note: in the future we want to make this an option, and strongly recommend users use this smaller, sanitized toolbar – but it should be an option, not the default.)
  • If a file has a password in the file manager, you will not be able to view it inline in the rich text editor.
  • Fixed: Changing database charset in dashboard throws error: call to a member function add() on null (thanks myq)

Library Updates
  • Bump CKEditor from 4.16.1 to 4.16.2 (thanks hissy)

  • Fixed CVE-2021-22966 - Privilege escalation from Editor to Admin using Groups in Concrete CMS versions 8.5.6 and below. If a group is granted "view" permissions on the bulkupdate page, then users in that group can escalate to being an administrator with a specially crafted curl. Fixed by adding a bulk update permission security check. Concrete CMS Security team CVSS scoring: 7.1 AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Credit for discovery: "Adrian Tiron from FORTBRIDGE ( https://www.fortbridge.co.uk/ )" This fix is also in Concrete version 9.0.0
  • Fixed CVE-2021-40101: Admin users must now provide their password when changing another user’s password from the Dashboard.Concrete CMS security team CVSS scoring is 6.4 AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H. Credit for discovery: "S1lky”. This fix is also in Concrete version 9.0.0
  • Fixed CVE-2021-22968: A bypass of adding remote files in Concrete CMS File manager lead to remote code execution. We added a check for the allowed file extensions before downloading files to a tmp directory. Concrete CMS Security Team gave this a CVSS v3.1 score of 5.4 AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:N Thanks Joe for reporting! This fix is also in Concrete version 9.0.0
  • Fixed CVE-2021-22951: “Unauthorized individuals could view password protected files using view_inline”. Concrete CMS now checks to see if a file has a password in view_inline and if it does we don’t render the file. Concrete CMS security team CVSS scoring is 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Credit for discovery: "Solar Security Research Team". This fix is also in Concrete version 9.0.0
  • Follow up fix for CVE-2021-40107: Stored XSS in comment section/FileManger via "view_inline" option. We were informed the fix put into version 8.5.6 was not sufficient. Thanks "Solar Security Research Team". We now check to see if a file has a password in view_inline and, if it does, we don’t render the file. Concrete CMS security team CVSS scoring is 5.3: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N This fix is also in Concrete version 9.0.0
  • Fixed CVE-2021-22967: insecure indirect object reference (IDOR); an unauthenticated user was able to access restricted files by attaching them to a message in a conversation. To remediate this, we added a check to see if a user has permissions to view files before attaching the files to a message in "add / edit message”. The Concrete CMS security team gave this a CVSS v3.1 score of 4.3 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Thanks Adrian H for reporting! This fix is also in Concrete version 9.0.0
  • Fixed CVE-2021-22969 : SSRF mitigation bypass using DNS Rebind attack giving an attacker the ability to fetch cloud IAAS (ex AWS) IAM keys. To fix this, Concrete CMS no longer allows downloads from the local network and specifies the validated IP when downloading rather than relying on DNS. The Concrete CMS team gave this a CVSS v3.1 score of 3.5 AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N . Discoverer: Adrian Tiron from FORTBRIDGE (https://www.fortbridge.co.uk/ ) Please note that Cloud IAAS provider mis-configurations are not Concrete CMS vulnerabilities. A mitigation for this vulnerability is to make sure that the IMDS configurations are according to a cloud provider's best practices. This fix is also in Concrete version 9.0.0
  • Fixed CVE-2021-22970: Concrete allowed local IP importing causing the system to be vulnerable to a. SSRF attacks on the private LAN servers and b. SSRF Mitigation Bypass through DNS Rebinding. Concrete now disabes all local IPs through the remote file uploading interface. Concrete CMS security team gave this a CVSS v3.1 score of 3.5 AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N This CVE is shared with HackerOne Reports #1364797 (Thanks Adrian Tiron from FORTBRIDGE (https://www.fortbridge.co.uk/ ) and #1360016 (Thanks Bipul Jaiswal) This fix is also in Concrete v 9.0.1

Lire la suite: https://documentation.concretecms.org/developers/introduction/version-history/857-release-notes

8.5.4 (version majeure)
10 Juin 2020 - 200MB8.5.4

Bug Fixes
  • Fixing update errors that can happen (Update causes exception): https://github.com/concrete5/concrete5/issues/8729 (thanks mlocati)
  • 8.5.3 incorrectly enabled multisite extensions that aren’t ready until version 9. These are disabled in 8.5.4.
  • Fix certain occasions where editing pages would result in composer being unable to load blocks. Fixes error “Unable to load block into composer” (Note: this will fix the issue for pages going forward, but existing pages with this error will not be resolved.)


New Features
  • Added the ability to display the version status on the results page of a Page Search (thanks biplobice)
  • Added the ability to log API requests via a Dashboard setting (thanks Kaapiii)
  • Add phone and email to social links (thanks mlocati)
  • The YouTube Video block now supports lazy loading. (Thanks MrKarlDilkington)
  • Behavioral Improvements
  • Moves the custom block template selector from the advanced tab to buttons (thanks Mesuva)
  • YouTube block: Delete 'show video infomation' option and change option name of showing related videos (thanks yuuminakazawa)
  • Return a response object instead of exiting after saving a block (thanks mlocati)
  • Fixed: We don't have to generate thumbnails if the image is in the private storage location (thanks hissy)
  • Fixed potential errors that could result when adding invalid regular expressions into the Google authentication type whitelist/blacklist (thanks mlocati)
  • When you uncheck “include attribute in search index” then the columns will be fully removed from the search indexing tables (thanks mlocati)
  • Update OAuth password check to use PasswordHasher class (thanks Mesuva)
  • CKEditor: turn off 'Edit Source' before submit (thanks mlocati)
  • Fix issue with sitemap generation in multilingual sites (thanks dimger)
  • concrete5 handle the session garbage collection if a server isn’t going to do it (thanks mlocati)
  • Select Multiple now works from within the file manager again (thanks deek87)
  • When the user opens "Schedule Publishing" dialog, show a warning message if there is another scheduled version (thanks hissy)
  • Add "Cancel Scheduled Publish" button in "Publish Pending" dialog (thanks hissy)
  • Show a logout view to logged in users on the login page
  • More logging during OAuth attach/detach attempts.
  • Added a unique page ID class to each page for page targeting (thanks Shahroq)
  • Added a blacklist of file extensions to ensure that developers can’t easily add PHP to a list of uploadable file types (thanks mlocati)
  • Improves to logout speed under certain circumstances (thanks kkyusuke)
  • Calendar block height set to auto for better display in small width areas (thanks nakazanaka)
  • Fixed: getUserAccessEntityObjects returns guest if no session found (thanks biplobice)
  • The Refresh Token grant is now available for OAuth2 APIs (thanks kkyusuke)
  • Use local date time format in CSV (thanks hissy)
  • Faster and safer duplication of FAQ/Image Slider blocks (thanks mlocati)
  • Added an exception in case there's no template file to render (thanks iampedropiedade)
  • Added raw and samesite options to cookie (thanks iampedropiedade)
  • Improve distinction between log severity icons (thanks JohnTheFish)

Bug Fixes
  • Fixed inability to save blocks or do much of anything on Chrome 83 (relates to Chrome 83 behavioral change) (thanks bikerdave)
  • Fixing not sending password to RedisArray in session and cache drivers (thanks deek87)
  • Fixed bug where unnecessary localized stacks are generated when adding stacks to a multilingual site (thanks hissy)
  • Fixed: 8.5.2 - Chunked file uploads generate multiple files in the backend (thanks ahukkanen)
  • Fix flat sitemap in the trash view (thanks hamzaouibacha)
  • Fixed: Given a calendar event that was starting yesterday and ends tomorrow. It's a strange behavior if this event doesn't show up today in the calendars "events list" block (thanks core77)
  • Fixed multiple issues with user groups (thanks deek87)
  • Failed to upload avatar on user account page because of ccm_token error (thanks deek87)
  • Fix file manager issue with number of items per page (thanks biplobice)
  • Fixed: Thumbnails broken for storage locations outside web root (thanks hissy)
  • Fixed: Unable to detach google account at My Account page due to null exception (thanks deek87)
  • Fixed inability to move multiple pages at once in certain situations (thanks wordish)
  • Unable to paste the screenshot into content block (thanks deek87)
  • Fixed: Failing block validation denies any further access to that block if you cancel editing (thanks jlucki)
  • Fix user-selector events firing more than once (thanks deek87)
  • Fixed: CSS of Free-Form Layouts (or 'Custom Layouts') isn't loaded if the visitor is not logged in (thanks Ruud-Zuiderlicht)
  • Fixed inability to insert a link in Rich Text editor custom attributes in the Dashboard context (thanks mlocati)
  • Fixed XSS issue where admin could insert tags into image slider titles.
  • Fix error caused by invalid sort direction.
  • Build youtube embed url with the league url class to fix issues when malicious admin uses invalid URLs.
  • Fixed: [Bug] Single pages lose their path if location is resaved in sitemap or composer. (thanks dimger)
  • [Fix] Image block hover option doesn't work for responsive images using the picture tag (thanks biplobice)
  • Fixed error when the sortBy column isn't exists on the advanced search result (thanks biplobice)
  • Fixed: Setup on Child Pages updates all pages of the type, not the type / template combination (thanks danklassen)
  • Fixed: getUserAccessEntityObjects returns guest if no session found (thanks deek87)
  • Fixed: The folder name is null when you create it with name '0' (thanks biplobice)
  • Fix setting the emails subject a second time with an undefined variable (thanks Kaapiii)
  • Fixed: 404 does not work in multi language case (thanks Kaapiii)
  • Fixed: CKEDITOR errors shown in console (thanks mlocati)
  • BC Fix: Make it so routes can echo their output (thanks mlocati)
  • Fix token error on flag_conversation_message (thanks guyasyou)
  • Fix document library block error when file node type is other than File or FileFolder (thanks biplobice)
  • Fixed: Unable to save layout if it contains a Form block (thanks mlocati)
  • Fix Fix initializing country/province link (thanks mlocati)
  • Avoid exception on express attribute form during certain edge cases (thanks biplobice)
  • HackerOne security fixes (thanks mlocati)
  • Fix error on submitting workflow request to a deleted user (thanks hissy)
  • Fix height/width of edit folder permissions dialog (thanks deek87)
  • php 7.2 fix for updating a conversation message (thanks danklassen)
  • Replying to a conversation does not clear editor (thanks danklassen)
  • Don't check POSIX permissions of API public key on Windows (thanks mlocati)
  • Fixing draggable zone on filemanager to only accept file/folder nodes (thanks deek87)
  • Fixed: Currently in version 8.5.x sites that have been upgraded from 5.7 sites, you can no longer replace files (thanks deek87)
  • Fixed upgrading from 5.7 under certain database circumstances (thanks mlocati)
  • Fix wrong translatable strings placeholders (thanks mlocati)
  • Fixed: Loading malformed html into a content block does some funky stuff (thanks mlocati)
  • Fix H1 report 753567 (thanks hissy)
  • Aliases are now shown in the Dashboard menu (thanks Ruud-Zicherlicht)
  • make c5:package:uninstall --trash not throw exception if there wasn't a problem (thanks nklatt)
  • Fix: Creating folders in the file manager doesn't create them in the right place
  • Fixed: Deleting a Form block instance for an Existing Express Entity Form can delete the original entity (thanks dimger)
  • Avoid error on save page list block options with empty custom topic node (thanks hissy)
  • FIxed bug in alphabetizing multilingual sections (thanks biplobice)
  • Fixed bug where public date/time page property wasn’t being properly validated if it was marked as required in a composer form (thanks matt9mg)
  • Fixed potential YouTube block exception (thanks matt9mg)
  • Fixed: select filterByAttribute can return all results (thanks matt9mg)
  • Fixed order of parameters in some implode() methods (thanks shahroq)
  • Fixed PHP errors raised when calling View::action() method of an attribute (thanks mlocati)
  • Fixed certain block type errors in advanced permissions and stacks (thanks mlocati)
  • Fixed: CLI update fails if there is a package dependency such as MultiStep Workflow add-on

Developer Improvements
  • Allow nested containers in custom theme layout presets (thanks jneijt)
  • Allow the AuthorFormatter class to be overridden (thanks danklassen)
  • Update concrete5 Translation Library (thanks mlocati)
  • Code cleanup and improvements (thanks mlocati)
  • [Fix] Config command with env option (thanks biplobice)
  • Correctly set express entity package reference during import (thanks olsgreen)
  • Added new buildRedirect method for easily creating redirects that honor the framework middleware from within controller methods (thanks mlocati)
  • We now test installation and upgrades within Docker in our unit test suite (thanks mlocati)
  • Update punic to 3.5.1 (thanks mlocati)
  • Add the ability to easily inject custom Config drivers (loaders/saves) and implement Redis drivers.
  • Fix phpdoc of the \Concrete\Core\Form\Service\Validation::test() (thanks biplobice)
  • Fixed bug where update process wouldn’t use the interface LongRunningMigrationInterface to increase timeout (thanks mlocati)
  • Add ForeignKeyFixer and c5:database:foreignkey:fix CLI command (thanks mlocati)

Lire la suite: https://documentation.concrete5.org/developers/introduction/version-history/854-release-notes

3 Octobre 2019 - 200MBHighlights
  • You can now control the number of results in the file manager from the file manager directly without loading the advanced search dialog
  • You can now delete all entries from an existing Express object without deleting the object.
  • Update CKEditor from 4.11.1 to 4.12, add Placeholder plugin
  • Add the ability for each Express Form block to have its own from address
  • Added the ability to set a background color for thumbnails and for use with the image editor
  • Added the ability to search attributes when adding attributes to the page composer form
  • The Page Attribute block can now use custom templates
  • Add GUI to configure trusted headers received by a proxy
  • Add dashboard page to change database character set / collation
  • ReCaptcha is now included as a captcha option in the core
  • You can now include page aliases in searches in the Dashboard advanced page search
  • Allow email sending enable/disable from the dashboard
  • Make it configurable whether or not to ignore page permissions for RSS feeds
  • Added the ability to show captions by default for the YouTube block
  • Added the ability to display the version status on the results page of a Page Search
  • Added a new install theme console command

  • Add MySQL version and SQL_MODE to environment information
  • Removed the extraneous exception stack trace when the MySQL connection fails during installation
  • Added support for right-to-left languages in the concrete5 translate UI
  • Fix error where sitemap panel would show up even if the user has no access to add pages or to the sitemap.
  • Improved uniformity between search interfaces in the Dashboard and dialogs for things like files, pages. Miscellaneous display bug fixes for search interfaces.
  • Add the author column on express entries CSV export
  • Added file read route to the rest api
  • Use the HTTP 303 code for downloading files instead of HTTP 302
  • Simplify the error message when copying a file to folder
  • Added Choose New File to the top of the file selector menu to help users confused by the “Replace” option further below
  • If the form redirects to a thank you page, pass the entry id so that the page can interact with the entry if desired.
  • We now separate titles and content of installation errors if you encounter them (thanks mlocati).
  • In the desktop draft block, deleting a draft now no longer redirects you to the home page
  • Improved reliability when uploading large files into the file manager
  • RSS feed URL slugs can now have hyphens in them
  • Added rel=noopener noreferer to different places in the core where we link to external pages, enabling better process management
  • Added Twitch Social Link
  • Composer and block editing will no longer log you out while you are editing for a long period of time
  • Remember me 2 weeks value is now configurable
  • Routing system now handles response objects returned by any controller on_start
  • Add a config key to support script-specific locales
  • Added the ability to disable checking for core and package updates when using concrete5 via composer
  • Improvements to the display of the feature block icon selector
  • PageTypeDefaults::SetupOnChildPages: Make Update forked blocks optional
  • Reduced the number of errors Doctrine complains about when inspecting the mapipng information for the core entity classes
  • Spelling errors fixed in certain error messages
  • Set quoted-printable encoding for outgoing emails for better compatibility
  • Improvements to how the My Account menu was displayed in certain themes
  • Don't ask to preserve old page path of external URLs
  • When creating external links, the URL slug we generate is now based off the name of the link instead of the link
  • Better localization in edit mode of calendar, by including localized version of moment.js
  • Brought back the ability to drag a file immediately into the file manager and have it begin uploading
  • Add asset version number to cache bursting query string
  • Show only the message when we have in case of UserMessageException
  • Fixed - SEO issue: tag ignores any actions of page/block controller
  • Attribute controllers can now define the “No Value” text
  • Reduced size of bundled bootstrap libraries; removed missing references to glyphicon font file

Bug Fixes
  • Fixed bug where XSS could be passed through to the select form helper under certain conditions.
  • Fixed bug when using the document library when MySQL has ONLY_FULL_GROUP_BY enabled
  • Fixed bug where additional cancel and submit search buttons were showing up in advanced search dialogs.
  • "Order Entries" page is not installed on upgrading from version 7
  • Fixed buggy behavior when searching by associations in Express.
  • Fixed: Search Presets in dialog not actually submitting
  • Fixed: Bugs with search presets not being deletable, searching JS errors when working with search presets
  • Fixed bug with autoplay not starting in YouTube block due to https://developers.google.com/web/updates/2017/09/autoplay-policy-changes
  • Fixed bug when Express form sends notification with an image/file attribute and it’s not filled out
  • Add new Italian Province: South Sardinia
  • Fix error where adding an image or a file to composer would complain about it not being present, even if it was.
  • Fixed error where file usage dialog did not work with files linked in the content block
  • Fixed bug where navigating directly to dispatcher.php would throw PHP errors.
  • Fixed error where global password reset didn’t require typing the confirm code.
  • FIxed inability to unapprove a page version in the versions menu
  • Fixed: Password Requirements dashboard page was not installed via 8.5.0 & 8.5.1 fresh install
  • Fixed bug where clicking publish on a composer page draft could still create an extra version in some cases
  • Fixed: ccmAuthUserHash cookie and "Stay signed in" functionality allows user impersonation if hash table is leaked
  • Remove Guest from "Group to enter on registration" options
  • Fixed: Copy page does not change the mpRelationID of the new page
  • Fixed error with user attribute not calling its method on the correct user object, leading to strange results
  • Fixed: If you dropped an image into the rich text description of an FAQ entry, when you went back to edit the entry, the image didn't show up
  • Fixes error where Download file does not show up for files that aren’t images
  • Fixed: $c->getPageWrapperClass
  • Fixed: UI: Can not select topic in large tree on Page Search
  • Fixed error in Redis cache backend: Password set in config is not sent Redis connection process
  • Fixed untranslated text in the Event List block
  • Fix showing empty error message when a problem occurred using Setup on Child Pages
  • Fixed error where bumping the concrete5 version number without changing a version_db number wouldn’t re-trigger an upgrade.
  • Fixes issue with broken links to files in textarea
  • Check $search_path is set and string in search block view
  • Fixed errors in full page caching under multisite setups.
  • Fixed errors in full page caching with blocks that used special parameters – the page was saved properly but it would replace the contents of the pages without parameters
  • Fixed: 8.5.2RC1 - Adding external link with URL "/" breakes the whole site
  • Fix error on delete user who has express enties
  • Fix: calendar feed parameter and validation
  • Fixed: Calendar events displayed only on starting month when they span multiple months
  • Fixed bug with rich text editor not exporting content properly
  • Fixed bug where we displayed an error when browsing directly to /dashboard/system/environment/entities/update_entity_settings
  • Fixed bug where users who first created would be deactivated if automatic deactivation based on last login were turned on and they hadn’t yet logged in yet.
  • Fixed: blocks added to stacks that use JavaScript or CSS assets in their view templates were not working when the block was cached.
  • Fixed errors in localization class not including the Config class
  • Fixed login error complaining about Groups being a reserved word under Percona MySQL 8.0
  • Fixed issue where in page list block, missing input validation results in mysql-error
  • Fixed: Default Express Entry List search functionality does not allow for searching for multiple fields simultaneously
  • Fixes bug where Express form answers were emailed in a random order, rather than in the order they displayed in the form
  • Login page will now no longer let you render parts of authentication type forms if those types are not enabled.
  • Fixed bug where images or files added to front-end forms wouldn’t be included in the email notification about those forms.
  • Fixed bugs and cleaned up code in the Workflow classes
  • Prevent leading/trailing commas from triggering errors in Legacy Form block
  • Fixed bugs when arranging stack proxy blocks in pages as a non-super user with advanced permissions enabled
  • Blocks no longer remain in their target area if there was something about the move operation that failed
  • Fixed multiple bugs when working with the HTML Upload interaction type in the image/file attribute
  • Fix the layout of the search fields in "Page Report" page
  • Fixed: Migration to ut8mb4 incomplete due to problems with schema
  • Fixed bug where the hovering image in a file manager window didn’t disappear when clicking on the image record
  • Fix inability to connect to marketplace on sites behind SSL when that site is also behing a proxy like Cloudflare
  • Fixed: All Day Events are not determined correctly
  • Fix calendar block issues with all-day events
  • Fixed inconsistencies when using Ctrl key to deselect images in the file manager
  • Fix some issues installing content with the content XML format by disabling request cache during XML installation
  • Fixed Issues when removing Custom Workflow Types
  • Fixed Issues when adding Workflows that have custom workflow types.
  • Refactored Workflow Types Class to use newer code.
  • Upgrading jQuery UI to 1.12.1 and downgrading jQuery to 1.12.2 to fix security issue (
  • Fixed bug when clicking on folders in Document Library
  • Fixed: When you add a datetime attribute into the search form, you'll get a JavaScript error.
  • Fixed: When paging through versions in stacks or on a page, clicking version doesn't show menu
  • Fixed errors when sorting attributes, inability to sort attribute sets as a regular administrator and not the super user
  • Fixed: When opening existing repeated events, selected days were not selected.
  • Fixed: Unpublished repeated events get published after deleting part of events.
  • Bug fixes when updating a site from 5.7
  • Fixed warnings when sending mail with the intl extension enabled
  • Fixed entity not found exception when retrieving author of a file when the author had been deleted
  • Fixed StorageLocationFactory::fetchByName should return an instance
  • Miscellaneous cleanup in URL Resolver classes
  • Fixed null pointer exception when user attempted to view calendars in the Dashboard but didn’t have permission access to the first calendar retrieved
  • Bug fixes when upgrading from previous versions of concrete5
  • Fixed bug where account menu was floating underneath the concrete5 toolbar (thanks mlocati).
  • Fixed problems overriding the Express form context registry
  • Fix block templates that edit the scope variables within the block view
  • Fixed bug where default contact form in Elemental wasn’t set to store its form data in the backend, only to email it.
  • Fix H1 Report 643442

Lire la suite: https://documentation.concrete5.org/developers/background/version-history/852-release-notes

9 Avril 2019 - 200MBFeature Updates
  • Added the ability to filter logs by time (thanks biplobice)

Behavioral Improvements
  • Improved translation of user logging in multilingual environments. (Thanks katzueno )
  • Improvements to code quality and reduction in suppressed errors (thanks mlocati)
  • improvements to using multiple user selectors on a page; miscellaneous bug fixes to user selector (thanks haeflimi)
  • improvements to installation on a cluster where site home page ID may not be 1. (Thanks mlocati)
  • Improved file size of app.css; removed unnecessary and broken CSS.
  • Simplify the warning when the database does not fully support utf8mb4 (thanks mlocati)

Bug Fixes
  • Fixed error where external form actions were not working.
  • Fix Exception already used in CharsetCollation\Manager (thanks mlocati)
  • Fixed error where move/copy didn’t work in site map flat view (thanks biplobice)
  • Fix resuming copy language tree operation (thanks mlocati)
  • Fixed inability to run some user bulk actions in the Dashboard.
  • Fixed JavaScript error when changing default calendar colors in the Dashboard.
  • Fixed error in API where authenticated requests could pass through to read any API route.
  • Fix error on package uninstall while remove the package directory is checked (thanks biplobice)
  • Hide publish now button on versions of pages when user doesn’t have permission to publish (thanks hissy)
  • Make sure custom thumbnails have upscaling enabled (https://github.com/concrete5/concrete5/pull/7697)

Lire la suite: https://documentation.concrete5.org/developers/background/version-history/851-release-notes

Afficher plus de versions
9 Août 2018 - 200MBBehavioral Improvements
  • Added filtering and pagination to the Waiting for Me workflow notification list.
  • Better unsetting/removal of data when users are deleted (useful for GDPR compliance). More details here: https://github.com/concrete5/concrete5/pull/6693
  • Delete unused filesystem files and thumbnails when a file version is removed
  • We have removed the Flash-based avatar editor in favor of a JavaScript-based component
  • Fix typos in Google Maps API check
  • Do not link to non active page in content block

Bug Fixes
  • Fixed error linking to marketplace addon and theme pages on the Connected to Community Pages; Fixed inability to click through to marketplace detail add-on or theme pages in the Dashboard
  • Fixed inability to download free add-ons through the marketplace Dashboard pages.
  • Fixed inability to install new block types via the Block Types Dashboard page
  • Fixed bug where multiple workflows wouldn’t fire if the user could automatically approve the first one.
  • Fixed inability to ctrl-click or command-click file manager results to select them in bulk
  • Fixed error getting temporary directory when running generate sitemap job
  • Fixed: 8.4.0 - An exception occurred while executing 'INSERT INTO UserWorkflowProgress (uID, wpID) VALUES (?, ?)' with params [null, \"25\"]:\n\nSQLSTATE[23000]: Integrity constraint violation: 1048 Column 'uID' cannot be null
  • Fixed bug in migrating data where sites already had the Page Selector add-on installed, and some attribute values were null (Doctrine\DBAL\Exception\ForeignKeyConstraintViolationException)
  • Fixed inability to upgrade to 8.4.1 from
  • Fix JavascriptLocalizedAsset::getAssetContents when concrete5 is installed in subdirectory
  • Fix infinite redirection visiting existing dirs when seo.trailing_slash is false
  • Fixed: Duplicated seo.trailing_slash definition
  • Made it impossible to store XSS in calendar event names.

Developer Updates
  • Lots of code cleanup surrounding username and email validation, added a new Username and Email validator
  • Add public properties to next_previous block controller
  • Add CLI command to refresh database entities
  • Updated Translation Library

Lire la suite: https://documentation.concrete5.org/developers/background/version-history/842-release-notes

8.4.1 (version majeure)
3 Août 2018 - 200MB8.4.1

Feature Updates
  • Added the ability to automatically deactivate users based on how long it’s been since they’ve logged in.
  • Added the ability to save search presets for users and pages and Express objects. (thanks marvinde)
  • Added the ability to sort block types and block type sets in the Dashboard (thanks mlocati)
  • Add support for theme-color meta tag in the Basics settings section of the Dashboard (thanks mlocati)
  • Allow upscaling images for thumbnails based on thumbnail type (thanks mlocati, jneijt)
  • Add tooltips to the plugins listed on the Rich Text Editor page in the Dashboard that describe what they do (thanks mlocati)
  • The Page Selector attribute is now integrated into the core (thanks marvinde)
  • Added a Draft List block type to the Waiting for Me screen in the Desktop (thanks marvinde)
  • Added a command line script to generate sitemap.xml (thanks mlocati)

Behavioral Improvements
  • Reworked Add Content Panel Functionality: Make it so that clicking again on the plus/add panel closes the panel (like all others.), If a user option/clicks the panel when opening it, activate the blue/pinned/locked functionality. Clicking to close the panel closes the panel and removes this functionality (thanks marvinde)
  • Use UI localization context in concrete5 toolbar & account menu (thanks mlocati)
  • Fixed: Whoops report is confusing the reporting with the original error when adding or updating blocks that fail (thanks mlocati)
  • Version approved date is now shown in the approved version panel (thanks marvinde)
  • Fixed: Language Switcher's language text should display in their native language (thanks mlocati)
  • We now highlight localized stacks that have been created to override global stacks in a multilingual website (thanks mlocati)
  • Make marketplace error handling more consolidated and handle timeouts
  • Set links color in jquery ui dialogs (thanks mlocati)
  • Better support for with MySQL 8 (thanks mlocati)
  • Support for multiple Page List blocks on a page (thanks marvinde)
  • Fix handling of JavascriptLocalizedAsset URL & path (thanks mlocati)
  • Don't try to get package lists when concrete5 is not installed in language-install CLI command (thanks mlocati)
  • Reduce concurrency problems in FileSystemStashDriver::storeData (can be a problem when clearing a cache on a high traffic site) (thanks mlocati)
  • Added a link to the concrete5 Slack channel on the installation screen (thanks mlocati)
  • Added a link to the concrete5 Sack channel in the welcome screen (thanks mlocati)
  • Improved performance in route resolution (thanks mlocati)
  • Avoid long timeouts when checking the Google API Key in Google Maps block (thanks mlocati)
  • Avoid warning in Securimage::check when no captcha token is received (thanks mlocati)
  • Add $subject to form email templates to make it easier to customize (thanks katzueno)
  • Add option to not create session cookies in multilingual sites (thanks mlocati)
  • Changed Redactor to CKEditor in the Conversations Rich text editor
  • Add ability to change social network icon via config (thanks goesredy)

Bug Fixes
  • Fixed irritating bug where adding multiple express form controls of the same type in a row would cause an error and require form controls to be added and re-saved before proceeding (thanks JeffPaetkau!)
  • Fixed error when trying to login using certain third party authentication types (thanks fabian)
  • Fixed: File Manager - Duplicate and blank search presets created when creating multiple search presets without page refresh (thanks marvinde)
  • Fixed bug where Next/Previous block might skip pages under certain conditions (thanks gfischershaw, mlocati)
  • Fixed: C5 8.4.0 - Unable to select root page (home) when adding a new page in sitemap on a multilingual site
  • Specifying the items per page for an express entity now works.
  • Fixed: 8.4, File Manager in versions, "Invalid file version" when removing old item (thanks mlocati)
  • Fixed Call to a member function generate() on null at index.php/dashboard/extend/update
  • Fixed bug resolving proper Multilingual Section from browser locale under certain situations (thanks mlocati)
  • Fix HackerOne issue 277479 (thanks mlocati)
  • Fixed: Copy page moves cID instead of copy in MultilingualPageRelations table (thanks 1stthomas)
  • Fixed Express Bug: Argument 1 passed to DashboardFormContext::setLocation() must be an instance of TemplateLocator, boolean given
  • Fixed exception thrown when accessing index.php/ccm/system/accept_privacy_policy directly.
  • Fixed: Deleting theme error does not have a method 'getPackageItems
  • Fixed out of memory error happening on non-US systems when a broken legacy package is included in the packages directory (thanks mlocati)
  • Fixed errors with the Page List block not properly filtering by date options (thanks gfischershaw)
  • Fixed 8.4.0RC2 - Search presets cannot be deleted in bulk (as the context menu suggests
  • Fix a bug where the file manager's breadcrumb is behind the search form (thanks marvinde)
  • Fixed inability to disable CKEditor plugins (thanks mlocati)
  • Fix setTrustedProxies for Symfony 3.3.0 (thanks mlocati)
  • Fixed: FileFolder::getNodeByName and duplicated folder names (thanks mlocati)
  • Fix setting the "required" attribute of the privacy agreement on install page (thanks mlocati)
  • Actually add translatable strings extracted from config files to Translations instance (thanks mlocati)

Developer Updates
  • Much improve sitemap.xml generation routine, including better memory usage, better ability for extension, and cleaner code (thanks mlocati)
  • General code cleanup (thanks mlocati)
  • Add "withKey" feature to configuration (thanks mlocati)
  • Add Thumbnail Type events (thanks a3020)
  • Fix returning file objects in Exception classes (thanks a3020)
  • Added on_block_output event (thanks a3020)
  • Added a debug option in the Dashboard to report PHP NOTICE errors (thanks mlocati)
  • Bring back the setNameSpace() method in ItemList (thanks marvinde)

Feature Updates
  • Added ability to specify custom thumbnail types per file sets (e.g. if a file is in the Header file set, the Header thumbnail type will be generated for it, otherwise it will not.) (thanks mlocati)
  • Calendar block has new agenda views for year list, month list, week and day (thanks MrKarldilkington)
  • Added a System Email Addresses Dashboard page that lets you set the default email addresses – previously this had to be done in config code (thanks MrKarlDilkington)
  • Added bulk user commands: activate, deactivate, delete, remove from group and add to gorup (thanks JeRoNZ)!
  • If a site is connected to the concrete5.org marketplace, any packages installed on the site will have their language files automatically downloaded from translate.concrete5.org (thanks mlocati)
  • Adds search header to express entity selector for selecting express entities against pages, users, files, etc
 (thanks sjorssnoeren)
  • Added the ability to specify an end date for page publishing.
  • Added the ability to delete individual Log entries (thanks marvinde, mlocati)
  • Added new “Start Time” option to YouTube block; YouTube block will also respect “Start Time” if specified in the YouTube URL (thanks jlucki)
  • Added a new Reset Edit Mode Dashboard page that allows all currently checked-out pages to be checked in and edit mode to be restored on them.
  • Updated CKEditor to 4.9.1 (thanks MrKarlDilkington)
  • Added a new image slider navigation option in the image slider block: “None” (thanks biplobice)
  • Added the ability to edit topic tree names (thanks gutigrewal)
  • Added the ability to unapprove an approved version through the versions menu.

Behavioral Improvements
  • We now only set sessions when you attempt to login or use custom session code, in order to reduce the number of sites that set cookies for GDPR.
  • Added a data collection notice to installation, added a banner to Dashboard for GDPR compliance.
  • Massive improvements to image handling in the core, (thanks mlocati!). Full details found here: https://github.com/concrete5/concrete5/pull/6415
  • ItemList: always included ordered-by columns in select statement (thanks mlocati)
  • Folded registration email notification preferences into the System Email Addresses Dashboard page (thanks biplobice)
  • Much better localization and translation support in the newly introduced calendar components (thanks mlocati)
  • We will now inhibit the execution of automatic updates/installations if one is currently in progress (thanks mlocati).
  • Improved support when using MySQL 8 (thanks mlocati)
  • Improvements to the interactive installation process defaults (thanks mlocati)
  • Fixed errors when the update process may require long time, because of many migrations need to be executed or because a migration requires long time to be executed, and the PHP execution may reach its maximum time limit (thanks mlocati)
  • Improvements to the coding of the installation process (thanks mlocati)
  • Automatically set maintenance mode during core updates (thanks mlocati)
  • Apply nowrap white space on private message box status column (https://github.com/concrete5/concrete5/pull/6350) (thanks biplobice)
  • Send 500 code instead of 200 on creating an error response (https://github.com/concrete5/concrete5/pull/6350) (thanks hissy)
  • Optimizations to UserList classes and group search (thanks deek87)
  • Improvements and optimizations to the auto rotate image processor (thanks mlocati)
  • We now return. 404 response when requesting an invalid tool (thanks mlocati)
  • Improvements to the update process when the calendar add-on was migrated to the new built-in calendar.
  • Fixed: Dashboard Sitemap Tree Deleting items should refresh Trash (thanks marvinde)
  • Fixed: In sitemap, when you delete a page, plus sign doesn't appear next to the trash can 'til after page reload (thanks marvinde)
  • Do not automatically upgrade the core in maintenance mode (thanks mlocati)
  • Fixed: When deleting a layout, the message "Are you sure you wish to delete this block?" is shown (https://github.com/concrete5/concrete5/issues/6289)
  • Improvements to SNS authentication, Facebook authentication specifically (thanks biplobice, deek87). More details here: https://github.com/concrete5/concrete5/pull/6018
  • Better database encoding when databases don’t use UTF-8 by default (thanks upline-pro)
  • Use Selectize for Data Source element select multiple inputs (thanks MrKarlDilkington)
  • Removed old unused Newsflow code (thanks mlocati)
  • Highlight Default Page Template in Defaults and Output for Page Type (thanks MrKarlDilkington)
  • Fixed exception filling logs on invalid file (https://github.com/concrete5/concrete5/issues/6449#issuecomment-366931290)
  • Fixed inability to use theme editor CSS classes in CKEditor when using in the Dashboard and non-pages (Thanks MrKarlDilkington)
  • Consider text/plain images as SVG images (thanks mlocati)
  • Add block type name to delete block modal message (thanks MrKarlDilkington)
  • Actively discouraging certain CLI commands when run as root (thanks mlocati)
  • Show different message when public profile option isn't changed (thanks biplobice)
  • Added cache to core area layout block.
  • Improve performance of file manager in certain editor configurations (thanks hissy)
  • Allow layout presets to optionally have no container element defined (thanks MrKarlDilkington)
  • Better ADA compliance: adding for=”” attributes to label tags in login forms, forgot password forms, all core attributes and express form attributes.
  • Add aria attributes and title to Social Links block links and icons (thanks MrKarlDilkington)
  • The dropdown area on the Add Content menu is now clickable (thanks marvinde)
  • Removed useless 'More Details' link from package upgrade page (thanks a3020)
  • Help prevent block form and file manager modals from blending in with background page content (thanks MrKarlDilkington)
  • Added a link to the concrete5.org privacy policy from the login page where backgrounds are pulled from concrete5.org.
  • Fixed some errors searching express objects in the Dashboard in some cases (https://github.com/concrete5/concrete5/pull/6601) (thanks hissy)
  • Add alt attribute to generic thumbnail icons to increase accessibility in Document Library block (thanks MrKarlDilkington)
  • Fix handling of package dependency errors (Thanks mlocati)
  • Suggestion: Stays at draft page after "Save and Exit" on Composer (thanks marvinde)

Bug Fixes
  • Fixed multiple bugs that arose because actually removing a multilingual section via the Dashboard didn’t delete the pages in the site tree.
  • Fixed error where full page caching was still connecting to the database.
  • Fix block dragging in edit mode – it wasn’t scrolling the page in certain browsers (https://github.com/concrete5/concrete5/issues/6321) (}thanks mlocati)
  • Fixed: no longer using client side code for rating messages (https://github.com/concrete5/concrete5/pull/6337) (thanks mlocati)
  • Fixed bug in survey block where page the survey was on was missing (thanks marvinde)
  • Fix issue where updating page defaults on a multilingual site wouldn't push blocks out to all pages in all locales
  • Fixed: Adding file selector to form fails on element with special characters (thanks jneijt)
  • Fixed bug where pages duplicated would lose custom block cache settings on the resulting pages.
  • Fixes issue when a file with multiple versions is the cursor (thanks deek87)
  • Fixed: JS Cache combined with "use strict" breaks core javascript (thanks mlocati)
  • Fixed: z-index issue when selecting Calendar Events categories (thanks MrKarlDilkington)
  • Fixed bug where pages duplicated would lose custom grid container settings on the resulting pages.
  • Add missing folder icon in Document Library block (thanks MrKarlDilkington)
  • Fixed Error in core_area_layout when activating block cache in 8.4RC2 (thanks mehl)
  • Fix error with folder item list returning too many items when filtering by multiple file sets
  • Fixed bug where replying to messages when logged in would cause replies to show up multiple times before a page refresh (thanks marvinde)
  • Fixed bug where applying custom styles to a global area’s blocks would not refresh those styles without a full browser reload.
  • Fixed: we now sanitize the alt text in avatars (https://github.com/concrete5/concrete5/pull/6339) (thanks Remo)
  • Sanitize output on folder names (https://github.com/concrete5/concrete5/pull/6341) (thanks Remo)
  • Fixed error running command line utilities when a concrete5 installation has been updated through the Dashboard.
  • Fix missing closing h3 tag in Calendar Event block (thanks hissy)
  • Fixed missing CSRF token when deleting a conversation message (https://hackerone.com/reports/87729)
  • Warnings when attempting to install concrete5 on a database that will make the table names lowercase (thanks mlocati)
  • Fixed: Unmapping a locale page, removes the mapping for all locales (thanks Seanom)
  • Fixed: Wrong language used in a single page controller (thanks mlocati)
  • Fix H1 309466 (thanks mlocati)
  • Better permissions checking on Express entry list results in custom Express objects and Express forms.
  • Fixed bug with queues and queueable jobs where one job running might start executing the jobs of another process (thanks ahukkanen)
  • Fixed bug where you couldn’t unset a “More Details” calendar event page link in the calendar event edit popup.
  • Fixed: Google map - multiple API calls if Check API clicked multiple times (thanks MrKarlDilkington)
  • Fixed: Delete user attribute values on user delete (thanks marvinde)
  • Removed unnecessary paragraph tags in output of FAQ block (thanks djkazu)
  • Fix: https://www.concrete5.org/community/forums/customizing_c5/8.3.1-symphony-error
  • Fixing some cases where exporting form results to CSV could result in a 404 error under advanced and custom permission use cases.
  • Fixed: Creating a page alias in another site tree does not modify the siteTreeID
  • Sanitize the link of external pages in the sitemap (https://github.com/concrete5/concrete5/pull/6346/) (thanks mlocati)
  • Fixed: PageList topic filtering MySQL error (mode ONLY_FULL_GROUP_BY) (thanks mlocati)
  • Fixed minor XSS vulnerability in unused $step GET parameter (thanks jordanlev)
  • Fixed: "Schedule Publishing" dialogs are not removed when adding page (thanks marvinde)
  • Fix locale and language of MultilingualPageRelations when site locale changes (thanks mlocati)
  • https://github.com/concrete5/concrete5/issues/6490 (thanks marvinde)
  • Fixed Minor Bug: "Move to Folder" in Filemanager and not selecting a target causes exception
  • Fixed: Deleting a File Leaves it Selected in Form (thanks marvinde)
  • Fixed: Applying a theme to a site in the Dashboard only does it to a single multilingual tree
  • Fixed: Unable to add new options to select attribute in composer under PHP 7.2
  • Fixed Access Denied bug when editing blocks with validation errors under certain conditions (https://github.com/concrete5/concrete5/issues/6425) (thanks marvinde)
  • Fixed: The file manager's breadcrumb appears on the full sitemap page (thanks marvinde)
  • Fixed: Possibility to crash calendar event list if number of events is not specified
  • Sanitize the output of page short description in the pages panel (https://github.com/concrete5/concrete5/pull/6347) (thanks mlocati)
  • Fix: area layout using preset not deleted after deleting area layout (thanks mlocati)
  • Fix migration to version 8 when MultilingualPageRelations contains invalid data (thanks mlocati)
  • Fixed: Unable to decode session object after updating profile information and using database sessions on certain multilingual installations.
  • Fix: The file manager's breadcrumb appears on the full sitemap page (thanks marvinde)
  • Fixed: Running an advanced search on Express forms can produce error in PHP 7.2.
  • Fixed error when upgrading from 5.7 with custom address attribute countries (thanks mlocati)

Developer Updates
  • Add support for the "media" attribute for CSS resources (thanks marvinde)
  • Added on_locale_add, on_locale_delete and on_locale_change events (thanks dimger)
  • Add on_block_before_render event (thanks a3020)
  • Old page statistics code has been removed (thanks a3020)
  • Add on_block_duplicate event (thanks a3020)
  • Removed inline JavaScript from Google Maps block view layer (thanks Remo)
  • Updated to jQuery 1.12.4 (thanks MrKarlDilkington)
  • You can now specify default block templates by a particular page type (thanks haeflimi) (see details here: https://github.com/concrete5/concrete5/pull/6456)
  • Added a console command to rerun certain migrations (thanks mlocati)
  • Add a configuration key to set the Composer autosave idle timeout (thanks mlocati)
  • Update responsive-slides asset from 1.54 to 1.55 (thanks apaccou)
  • Add c5:is-installed CLI command (thanks mlocati)
  • Updated the fullcalendar JavaScript library to version 3.8 (thanks MrKarlDilkington)
  • Updated Punic Unicode library to 3.0.1 (thanks mlocati)
  • dispatch a additional event when File Sets are deleted (thanks haeflimi)
  • Added phpdoc comments for better API documentation (thanks mlocati, AdamBassett)
  • Updated Imagine image procesing library to 0.7 (thanks mlocati)
  • Updated Symfony components to 3.4.7
  • JavaScript is now fully testable (thanks mlocati)
  • Let FileFolderManager filter by file extensions, improve FileManager service (thanks mlocati)


Feature Updates
  • Updated CKEditor rich text editor component to 4.8.0

Behavioral Improvements
  • Improvements to coding standards and PHP documentation
  • Scan the SRC directory within the application for translatable strings
  • Fixed users being able to delete core and active themes
  • Removal of inline block JavaScript to facilitate more performant websites
  • Certain text field database indexes will be preserve across the upgrade process, leading to better performance

Bug Fixes
  • Express Entity attribute type was not installed due to a bug in 8.3.0 and 8.3.1. This is now fixed.
  • Improvements to the upgrade process: fixes to missing database tables under certain conditions
  • Fixed bug where blocks were not having their output added to the output cache, leading to general slowness, and a slow Dashboard Welcome page.
  • Fixed fatal error on higher traffic websites complaining about timeouts, broken cache files.
  • Fixed: The current "check for updates" dashboard page doesn't report the latest version because of a bug in the cache reading/writing process
  • Fixed: Updating preset layouts destroys database structure which can result in severe errors
  • Fixed: filterByTopic / MySQL 5.7 compatibility
  • Fixed bug where Geolocators table wasn’t created when upgrading from 8.2.1.
  • Fixed: Page duplicated from Versions menu doesn't contains IsDraft state, gets published under drafts.
  • Fixed http://www.concrete5.org/developers/bugs/8-3-1/exception-on-login-page-when-mobile-theme-switcher-is-active-and
  • Fixed issue with no blocks displaying on PHP 7.2
  • Fixed Youtube block video issues with showinfo and loop
  • Removed stray tag in topic list block view template
  • Fix directory name in extract package strings
  • Fixed: Form submission notifications throw an error on the Waiting for Me page if the form data object is deleted.

Developer Improvements
  • UserSelector::selectMultipleUsers can now accepted square brackets in its name, enabling it to be used with custom attributes
  • Move the post-login URL management to a service class


Feature Updates
  • Added support for upgrading from older versions of concrete5. Now you may upgrade from all the way to 8.3.1, and from any version in between.
  • Added the ability to search form results in the Dashboard.
  • Added support for importing and exporting Express entities and their entries to the Migration tool.
  • Added the ability to sort by custom display order to the Express Entry List block

Behavioral Improvements
  • Delete empty global area record when clearing cache (should speed up a sure)
  • Add more information on workflow notification popup window
  • Code cleanup and improvements
  • Miscellaneous code cleanup
  • Multilingual sitemap now remembers which tree you were viewing last, will open to that language in Dashboard Sitemap.
  • Improvements to pages panel sitemap when used in a multilingual site.
  • Added a link from a form results Dashboard view over to its Express data object editor in the system and settings page.
  • Improvements to block/area box-shadow styling when using the design editor
  • Do not allow folder names to be null in file manager
  • Simplified the public registration settings form in Dashboard
  • Moving and updating files in the file manager will now update the modification date of the containing folder
  • Made file inspectors more robust so that broken images or other issues don’t cause them to die

Bug Fixes
  • Fixed bug where block action URLs for blocks in global areas would not work, leading to an inability to edit bugs like the Express Form when the block is in a global area.
  • Fixes #6135 when editing a survey block would delete existing options
  • Fixed: When adding new options to existing options in a survey block, they are saved with a display order starting at 0 so the order is not respected
  • Fixed: Next/Previous showing unapproved pages
  • Fix: All drafts or no drafts are listed in "Add Pages and Navigate Your Site" panel
  • Fixed bug where publishing pages in composer using in-page sitemap wouldn’t show languages in a multlingual site.
  • Fixed: Dashboard's Update pages has been moved, and now link is still unchanged and get 404
  • Fixed bug where blocks that register view assets (like JS and CSS that they require) do not output those assets when the block is pasted throughout the site using the clipboard
  • Fixed bug where errors could occur when submitting an Express Form with incomplete values (failing validation) and having an option list attribute in the same form.


Major New Features
  • The core team’s Calendar add-on is now available in the core! It’s much improved from the version in the marketplace. It includes:
  • The ability to add multiple calendars to your site
  • Join pages to calendar events
  • Calendar events are a separate data model from pages.
  • Custom attributes on calendars
  • Event List, Calendar and Calendar Event blocks
  • Calendar and Calendar Event custom attributes.
  • Detailed permissions at the calendar level.
  • Workflow integration with calendar events.
  • Version control for calendar events (!)
  • A powerful recurring event model that works even with event versioning.
  • Additionally, the core team’s Document Library add-on is now available in the core! The Document Library add-on lets you easily place a list of files on the front-end of your website. Filter by folder or file set, provide a simple search interface, control the styling of results and more.

More New Features
  • New GeoLocation Framework available, along with an included plugin from geoPlugin); geolocate site visitors and get information about where they’re coming from. Ability to automatically populate address attributes from geolocation information. More here: https://github.com/concrete5/concrete5/pull/5837
  • New command line utilities to clear IP blacklists, and dialogs to do the same
  • You can now edit multilingual locates you add through Multilingual Setup
  • Conversation block - toggle display of social sharing links and code update
  • Added the ability to customize CKEditor toolbar groups via the configuration file, without overriding PHP classes. An example of a customized config file that controls editor/toolbar groups can be found here: https://gist.github.com/MrKarlDilkington/5a14cf2c8aca511c8c9d2026e07b297c
  • Added the ability to turn the Select attribute (now called “Option List” into a list of radio buttons.)
  • Mobile Dashboard menu now includes subpages.
  • Improved appearance of CKEditor rich text editor; now closer to concrete5’s UI
  • Allow users to add tags to site pages
  • Make username and confirm password display/hide configurable for registration form from dashboard
  • Improvements to CSV export and import of data.

Behavioral Improvements
  • Added the ability to search by users not in a group to the Dashboard user search interface.
  • Added the ability to see the date of last login to the Dashboard user search interface.
  • Added an icon to notice level logs in the Dashboard logs interface.
  • Added logging into cache clearing.
  • Added ability to open links in Image block in a new window
  • Add date created to csv export for express entities
  • Feature block: increase the preview icon size
  • Let users configure the thumbnail generation strategy via UI
  • Thumbnails for PNG images are now PNG files and not JPEG files
  • UI tweaks and code improvements to External Form block
  • Add option to retain thumbnails when clearing cache from command line
  • Cosmetic improvements to upload dialog
  • Show current language when showing when showing hreflang (https://github.com/concrete5/concrete5/pull/5868)
  • Reset answer type form after adding question
  • PageList and Page List block - sort pages by date modified
  • Removed exception throwing from invalid SQL order by provided by user – instead it will be ignored.
  • You can now search multilingual trees through the page search interface in the Dashboard.
  • Retina/High DPI thumbnails are now controlled via config value that can be disabled
  • Improve image rendering in ImageEditor for browsers that supports it
  • Make Basic Workflow Notification From Address and Name configurable
  • Fix position of dropdown menu in blacklist dashboard page
  • Miscellaneous small performance improvements and optimizations
  • Better error message when saving attributes
  • Fixed package restore after failed package update
  • Refactoring and cleanup of installation process
  • Add Pager Pagination page number
  • File manager is now more mobile friendly.
  • Improvements to the date attributes custom text mode setting
  • captcha improvements https://github.com/concrete5/concrete5/pull/6036
  • Allow customizing the headers of the email attachments
  • Hide block and area design features if disabled
  • Much better performance when grabbing page drafts on a live site.

Bug Fixes
  • Fixed bug where cache directory and thumbnail cache was cleared any time an override cache was cleared. (Note: this fixed an issue with the new asynchronous thumbnail generation strategy that left thumbnails unable to rebuild.)
  • Dashboard mobile menu works again.
  • Fixed user account menu not showing account operations like Edit Profile, Edit User Picture unless the user was a user with access to the dashboard.
  • Fixed issue when using the Page Selector and choosing an alias the original would be selected instead
  • Fixed: Survey Dashboard page broken.
  • Fixed: Empty file & image blocks get exposed when block cache is enabled after quitting edit mode without doing anything
  • Fixed bug where topic order wasn’t being saved properly in the topic trees
  • Fixed bug where new drafts had the locale of the default site tree, in multilingual sites. Fixed bug where they could not be duplicated into a new part of the site properly.
  • Fixed checkbox attribute not honoring settings when editing attributes with values.
  • Fixed: Error on file_manager_detail thumbnail creation (no height set on installation.)
  • Fixed: Saving and re-editing content won't allow you to edit links
  • Fixed bug where searching express entities by a many association wasn’t selecting the entries on returning to the form.
  • Fixed: Multilingual redirect based on browser locale not always working
  • Fixed bug where CSS and JS provided by block view templates was wrong in certain situations
  • Fixed bugs where thumbnails were removed from the cache directory even when that setting wasn’t checked
  • Fixed inability to search in “all pages” in Dashboard Page search in a particular multilingual site tree.
  • Fix the site tree filter of MultilingualPageList in multilingual/page_report
  • Fixed in ability to create page from multilingual page report
  • Fixed http://www.concrete5.org/community/forums/internationalization/multilingual-site-error-after-upgrade-to-8.2
  • Fixed inability to post results to a different page when using the search block
  • Fixed: Editing Express Entries uses the default view form instead of the edit form.
  • Snippets in CKEditor work again (along with improved performance) - thanks mnakalay
  • Fixed bug in Express where entities listed in an association could not be clicked into from associated entities.
  • Fixed: Conversation block generates ccm_addHeaderItem error when not logged in
  • Fixed error when adding attribute from a package into a Form block.
  • Prevent uncaught type error when editing links in CKEditor
  • Fix multiple files showing up when browsing folders in the file manager as the non admin user.
  • Fixed: Global Password reset process fails when email registration is enabled
  • Fixed possible errors when rescanning files are stuck in the queue and they no longer exist.
  • Following an expired Forgot password token no longer gives you a message about it being an ‘Unexpected Error’
  • Fixes a bug with using Group Sets in the "Approve or Deny" permission on the Workflows settings screen for a workflow
  • Fixed: When duplicating a file, two copies of it gets created
  • Fixed possible XSS in stored URL locations dialog
  • Fixed: When we adding a new Storage Location that's set as as the default one, we currently end up having two default storage locations in the database
  • Image Block: checkbox formatting and prevents the "Open link in new window" value from always being true *Fixed: FAQ block: Entries with " are not properly saved
  • Fixed: Upgrade to 8.2.1 fails on duplicate key
  • Fixed error message “Unable to get permission key for view_edit_interface” showing up when an invalid block was specified in an edit interface.
  • Fixes duplicating a duplicated file in a folder
  • Fixed bug where duplicated files weren’t duplicate thumbnails
  • Fixed bug where CSV files exported from Express sometimes didn’t have a filename (only an extension)
  • Fixed issue with existing ratings not being populated in edit mode
  • Calls to getContents (a wrapper for the HTTP client) now honor the $timeout argument
  • Faster file rescan when using image constraints
  • Prevent image upload resizing of SVG files
  • Fixed: It is not possible to make default / main language invisible for a group and show another language sitemap
  • Fix saving "thumbnail is built" in ThumbnailMiddleware
  • Fixed bug with uncaught exception in authentication types.
  • Fixed: Adding a new page via the sitemap with a required user prevents the page from being created
  • Fixed bug where folders and files were showing up as translatable in translate site interface.
  • Fixed bug where concrete5 couldn’t be installed on versions of PHP 5.5 before 5.5.21.
  • Fixed: Disable intelligent search for marketplace when setting warrants it.
  • Page Templates can now be uninstalled from packages that install them
  • Show only accessible languages in switch_language blocks
  • Fix to allow strings to be passed to getThumbnail method
  • Fix clearing cache but keep thumbnails on Windows
  • Fixed https://github.com/concrete5/concrete5/issues/5798
  • Incorrect CSRF token validation no longer throws an exception in the legacy form.
  • Miscellaneous bug fixes to asynchronous thumbnail generation strategy.
  • https://github.com/concrete5/concrete5/pull/5968
  • Fixed: Avatar upload should use global jpeg quality settings
  • Fixed: File Manager - Advanced search Customize Results don't persist
  • Fixed: Password url lifetime doesn't work for different hash type
  • Fixed: File Manager - Replaced files are not resized to match the image uploading resize dimension
  • Fixed display bug when editing conversation messages.
  • fix inline edit detection for blocks pasted from the clipboard
  • Fixed: Upgraded concrete5 caused duplicated results of topic filter
  • Miscellaneous content exporter fixes
  • Fixed inability to hard code a block’s custom template in a theme template file and provide that custom template in the theme.
  • fixes bug where fill records were orphaned when deleting a file set.
  • Fix hacker One report #243865
  • Sanitized display value for file nodes
  • Prevent XSS in group badge description
  • Fixed User date attribute can cause error on profile page
  • fixed: When trying to save an edited video block you get the error An invalid form control with name='width' is not focusable.
  • fixes filterByBlockType on PageLists so that it works with strict versions of mySQL.
  • Fix W3C HTML Validator Error for Meta Canonical
  • Fix possible self-xss on installation screen.
  • Better conversation message sanitization when using the rich text editor conversation editor.

Developer Updates
  • Added the ability to specify package dependencies in a package controller
  • Updated Laravel Config dependency to 5.2.x.
  • Improvements to command line/composer integration in Windows
  • Lots of minor updates to third party libraries.
  • Simple syntax for obtaining an error message by field: https://github.com/concrete5/concrete5/pull/5939
  • Support for handling multiple entity managers in a package
  • Add support to foreign keys in attribute index tables
  • Content Interchange Format can now associate attribute categories to existing attribute types
  • Allow converting an error list to plain text
  • Added API methods for easily adding a country and state/province selector (used by the address attribute type.)
  • Fixed namespace when generating migrations.
  • raise event when page not found is shown

Backward Compatibility
  • Captcha updates make affect backward Compatibility.

Lire la suite: https://documentation.concrete5.org/developers/background/version-history/841-release-notes

8.1.0 (version majeure)
27 Juin 2017 - 200MB8.1.0
New Features
  • The Form block can now display output from an existing Express entity object, as well as create a new custom form from scratch.
  • Multilingual sites can output for related pages by setting the site.sites.default.multilingual.set_alternate_hreflang config variable to true (thanks mlocati!)
  • You can now hide the footer My Account menu with a setting in the Profiles Dashboard page (thanks mlocati)

Behavioral Improvements
  • Much improved time zone support; fixes a number of bugs, inconsistencies, tests for database and PHP time zone matching (thanks mlocati)
  • Updated CKEditor to 4.6; much better CKEditor appearance and button wrapping behavior (thanks MrKarlDilkington!)
  • More reliable URL slug generation JavaScript (thanks seebaermichi)
  • Make welcome background image cover full width and height (thanks MrKarlDilkington)
  • DateTime widget - change default displayed past years from 10 to 100 (thanks MrKarlDilkington)
  • Fixed; File Manager Upload does not reflect most recently uploaded files if user doesn't select "View Uploaded"
  • Improved thumbnail generation when using the BasicThumbnailer classes – better support for page caching while generating thumbnails, throttling and better performance when generating thumbnails.
  • Added toolbar tooltips, defaulted to true but with options to disable in Accessibility settings (thanks seebaermichi)
  • Share This Page block now includes full request URI, making it easier to share pages with custom URL parameters (thanks HamedDarragi)
  • Image Slider block now includes option for both bullets and arrows (thanks Siton-Design)
  • Fixed Resize images client side using 2x downsampling on upload results in jagged images (thanks MrKarldilkington)
  • Page Attribute Display block delimiter option works with topics (thanks MrKarlDilkington)
  • Add a semi colon to separate JS scripts in cache
  • Page Type Form shows its icons at all times, appears nicer (thanks MrKarlDilkington)
  • Miscellaneous style improvements (thanks ramonleenders, MrKarlDilkington)
  • Escape translations to prevent JavaScript errors because of containing apostrophes (thanks Ruud-Zuiderlicht)
  • Upgrade improvements and bug fixes
  • When moving a file from one storage location to another the thumbnails will also be moved (thanks Mnkras)
  • Increased max amount of size slider (thanks MrKarlDilkington)

Express Bug Fixes
  • Fix success error when submitting Express Form with two forms on a page.
  • Fixed bug where Express many to many associations weren’t named correctly, so working with them programmatically didn’t work.
  • More reliable deletion of express objects when they have associations to other objects"
  • Fixed Express Entities can't be used in a form unless the user is an administrator
  • Fixed Script error when express attribute edited in dashboard form results

Other Bug Fixes
  • Removed dummy autoloader added to bootstrap/app.php (shouldn’t affect any applications, but shouldn’t be there anyway.)
  • Permissions fixed in the file manager.
  • Fixed incorrect characters displaying when dragging a stack icon (thanks katzueno)
  • Fixed Embedding CKEditor in single pages triggers fatal error when CSS and JavaScript Cache is enabled
  • Fixed bug where some sites could start rendering -1/ in their paths when editing the home page.
  • Fixed double submit bugs when forms or external forms were placed on the home page.
  • Fixed errors that would occur when moving or copying aliases
  • Fixed http://www.concrete5.org/developers/bugs/8-0-3/404-for-the-dashboard-page-cmsindex.phpdashboardhome/
  • Fixed Dashboard file manager menu clipping on in folders without a lot of files (thanks MrKarlDilkington)
  • Fix exception being thrown when the workflow requester was deleted (thanks jaromirdalecky)
  • Better permissions protection on file manager with File Uploader access entity; better permissions protection on moving files in file manager.
  • Fixed PageList::filterByPath returning no pages when working on multilingual sections (thanks OlegsHanins)
  • Minor localization issues with Punic calendar library fixed (thanks ahukkanen)
  • Fixed File manager file menu does not reflect accurate file after moving files
  • Fixed bug where sitemap selector widget didn’t select pages (thanks Mesuva)
  • Fixed: Page types with attributes throw errors when copied
  • Fixed: Validate Password tokens don’t reset when email is changed (thanks Mnkras)
  • Fixed Manual global cache time is displayed wrong on page cache settings (thanks mlocati)
  • Fixed delete file storage location ERROR
  • Fix filtering of topics in page list block when filtering by topic category
  • Fixed FAQ - Delete Entry breaks the Save button (thanks MrKarlDilkington)
  • Fixed Invalid block type handle exception during upgrade from to 8.0.3 on sites where the RSS DIsplayer block was removed.
  • Fixed: Setting a select attribute default value for page types results in foreign key constraint error in composer
  • Fixed: Default Page Attributes do not persist
  • Fixed bugs where discarding page drafts might cause page blocks to no longer be editable in composer.
  • Fixed: Page Attribute default value not set in composer view
  • Fixed exception when dealing with Oauth in bindUser method in some setups.
  • Updated Zend Mail component to 2.7.2 to fix security issues.
  • Fixed: https://www.concrete5.org/developers/bugs/8-0-3/author-attribute-is-very-tall-when-editing-attributes-from-the-d/
  • Added CSRF protection to Forgot Password (thanks Mnkras)
  • Fixed Page Attribute - Issue with deleting Rich Text Attribute
  • Fix unsanitized file set name displayed in add to sets dialog.

Developer Updates
  • A new search indexing service provider is available, enabling the use of third party search platforms rather than built-in MySQL search for pages. Currently relatively low level and offering our single MySQL implementation, it nevertheless is a good start for adding support for other services like Elasticsearch, Solr and more.
  • Developers can implement getPackageTranslatableStrings() in their package controller in order to specify custom strings to add to the translation repository.
  • Bug fixes in custom package entity manager configurations (thanks Kaapiii)
  • Miscellaneous code commenting (thanks Mnkras)
  • Upgrade Monolog to v1.22.0 (thanks mlocati)
  • Upgrade Punic to 1.6.4, fixes certain incompatibilities with Symfony Intl.

This was a bug fix release.

This was a bug fix release.

This was a bug fix release.

New Features
  • Express: Extensible, Custom Data Objects that can be created by Editors. Easily search, sort, manage permissions on and display these objects in the front-end and the Dashboard.
  • User Desktops: a fully customizable landing page for users when they login to the system, available even if user profiles are not. Functions within the Dashboard or outside of it.
  • Revamped Waiting for Me: can include a large number of notification types (like user signup, workflow, form submissions, private messages, concrete5 updates and more) and is extendable by third parties.

Block Improvements
  • Completely overhauled Form block: now powered by Express, form block fields are attribute-based. This means they can be added to with new attributes. Additionally, you can intersperse text with form controls. The Form block creates Express entities in the Dashboard, which you can grant permissions to, related to other entities, and more.
  • More control over page defaults – ability to choose whether to delete all blocks based on defaults or just the unforked versions, and the ability to publish updates to page defaults over previously forked versions of defaults blocks.
  • Added the ability to add a delimiter to multiple items displayed by the Page Attribute Display block (thanks cryophallion)
  • Add topic, tag, and date filtering to the Page Title block (thanks MrKarlDilkington)
  • Add an option to list pages at the current level in Page List (thanks juhotalus)
  • Fix image slider composer view (thanks ob7)

Page Improvements
  • Page versions can now be scheduled for approval in the future.

File Improvements
  • Revamped file manager, with support for folders, better support for saved searches, and more.
  • Automatically generated thumbnails now work with storage locations (thanks Mnkras)
  • New attractive file type icons that better match concrete5’s current UI (thanks Freepik – http://www.flaticon.com/authors/freepik)
  • SVG files now will create thumbnails when uploaded if the system has ImageMagick installed (thanks mlocati)

Stack Improvements
  • Stack Folders: Stacks now support folders, which should enable developers to use stacks more efficiently.

Dashboard Improvements
  • Dashboard Favorites are now Chooseable via the Bookmark Icon in the Dashboard Header

User Improvements
  • User approval is now handled through the use of concrete5 workflow. Enable workflows on user activation to control how users register for your concrete5 site. Control which administrators can edit which users. (thanks Mainio!)
  • All user passwords can be globally reset from the Dashboard. Users will have to reauthenticate immediately, and change their password immediately.

SEO Improvements
  • There are now separate tracking codes for header and footer locations (thanks MrKarlDillkington, mlocati)

  • Multilingual stacks and global areas work nicely with folders.
  • Drafts now use the target page location property to determine their locale and language, allowing you to create related drafts for different languages.
  • Multilingual sites now appear as their own trees in a tabbed sitemap, rather than within the main site.

Permissions/Workflow Improvements:
  • Waiting for Me Workflow List now shows all workflow types instead of just Pages, is fully extendable, more attractive, and available outside of the Dashboard via Desktop Block.

Attribute Updates
  • Added Telephone, URL and Email Address attributes
  • Image/File attribute now has an "HTML Input" display mode.
  • Text attributes now have a placeholder as an option (thanks avdevs)
  • Custom attributes can now be globally applied to your site, and easily accessed By Calling \Site::getSite()->getAttribute(‘attribute_handle’);

Other Improvements
  • Updated installation process; more attractive, gives users something to do while installation is ocurring, added the ability to specify canonical URL and session handler during installation (thanks mlocati)
  • If a site is running on an updated core, the database migrations will automatically be run (saves potential database until the update has to be run manually)
  • The command line installer now features an interactive mode when used with -i
  • Better checking of .htaccess status when updating pretty URLs (thanks mlocati)
  • You can now add page redirects for the home page (thanks edtrist)
  • Code cleanup and optimization (thanks a3020, mlocati, Korvinszanto)
  • Invalidate browser cache when CSS files are edited (thanks joostrijneveld)
  • Switch Site name and page title on default (thanks katzueno)
  • We added ID back to the custom style panel for blocks (thanks MrKarlDilkington)
  • Improvements to composer autosave behavior.
  • We now use relative URLs when the canonical URL isn’t set.
  • Nicer display of image slider in edit mode (thanks Siton-Design)
  • Fixed linking to twitter tweets so they don’t redirect (thanks clarkwinkelmann)

Bug Fixes
  • Big thanks to olsgreen for fixing a long standing bug with page edit mode checking and timestamps, leading to a fix of buggy edit mode behaviors like layouts not rendering post add, edit mode not being respected, etc...
  • Bug fixes to Image Slider (thanks MrKarlDilkington)
  • https://www.concrete5.org/developers/bugs/5-7-5-8/file-manager-edit-image-doesnt-work-when-jscss-cache-is-on-becau/ (thanks mlocati)
  • Fixed bug where custom styles in stacks weren’t showing up if the stack was added to the front-end (thanks olsgreen)
  • Added CSRF Tokens to Legacy Form Block (thanks ryantyler)
  • Tiny issue: Add missing "/" in $title end tag (thanks Siton-Design)
  • Fix issue to generate thumbnail of vertical long image (thanks hissy)
  • Fix: loop Setting not working in youtube block (thanks jordif)
  • Fix: Switching from a theme with grid support to one without grid support errors out (thanks olsgreen)
  • Bug fixes with thumbnail creation logic when the width of the image exactly matches the width of the thumbnail (thanks Mesuva)

Developer Updates
  • Big update to Doctrine internals (thanks Kaapiii!)
  • Symfony components updated to version 3.
  • Font Awesome icon set updated to version 4.5.
  • Search block URLs support URL Resolver so they can be overridden (thanks ahukkanen)
  • Completely new translation subsystem, with better support for language contexts, and an improved API (thanks ahukkanen and mlocati)
  • Bootstrap components updated to 3.3.7.
  • Updated Laravel Dependency Injection Component to version 5.
  • Zend Framework libraries updated to their latest versions
  • Added on_form_submission event for Legacy form (thanks Jozzeh)
  • Additional commands added to command line tool (thanks mlocati)
  • jQuery UI updated to 1.11.4

Lire la suite: http://documentation.concrete5.org/developers/background/version-history/810-release-notes

Nos hébergements Web compatibles avec
Concrete CMS


Uniquement l'hébergement Web

HĂ©bergement Web 100% SSD
100 Go et +
Gestion multisites
Gestion avancée des certificats SSL EV et DV
Protection Anti-DDoS
10 Go de VOD

En savoir plus

Ă  partir de CHF 9.92 / mois


L'offre complĂšte Web+Mail

HĂ©bergement Web 100% SSD
100 Go et +
Gestion multisites
Gestion avancée des certificats SSL EV et DV
Protection Anti-DDoS
10 Go de VOD

Messagerie professionnelle
5 adresses email avec stockage illimité

Messagerie en ligne
Messagerie instantanée
Synchronisation des contacts et agendas

En savoir plus

Ă  partir de CHF 12.00 / mois

Serveur Cloud


HĂ©bergement Web 100% SSD
100 Go et +
Gestion multisites
Gestion avancée des certificats SSL EV et DV
Protection Anti-DDoS
10 Go de VOD

2 CPU et +
6 Go de RAM et +
100% SSD
Ressources 100% dédiées

Infomaniak gĂšre votre serveur

En savoir plus

Ă  partir de CHF 39.00 / mois

Prix en CHF