Hébergement Dotclear

2.14.2
 (version majeure) (version de sécurité)
10 Septembre - 20MB2.14.2

Security: Authenticated cross-site scripting (XSS) was possible due to the .ahtml (or .bhtml, .chtml, …) file extension being allowed in the media manager. Thank's Josiah Pierce for report (CVE-2018-16358)

Security: Unregister phar wrapper in order to avoid PHP Phar extension vulnerability

Enter key in some input fields were not redirect to the parent form

Unable to save modified theme's files in theme editor, when Codemirror is used

Back to the original global_filters() template function (will be rewritten in the next 2.15)



2.14.1

Install wizzard was broken

Smallest admin font size was set when saving user prefs

Minifying JS scripts may cause problems with regular expressions

Empty JS var was set for syntax coloration if disabled



2.14

PHP 7.2 compliance, with minimum PHP 5.6

Use specialized fields whenever it's possible (email, ...)

Add definition list capabilities (dl, dt, dd) to wiki (= , : )

Add ... support in wiki, syntax : ^exponant^

Add syntax property/method to dblayer driver

Replace some js oriented background fading by CSS3 animation

Enhance some visual focus indicators

Enhance key event management in popup (Esc, Enter, ...)

Template filters may now be extended (or modified) by 3rd party plugins (via behaviors)

PSR-2 code formatting as far as possible (work in progress)

Add two new ways to order tags (by oldest or newest associated post publication date)

Update Codemirror to 5.38.0

Update CKEditor to 4.9.2

Update jQuery migrate plugin to 1.4.1

Update jQuery UI (custom) 1.12.1

Add a dark mode (via user preferences) for administration, CSS refactoring

Animate some counters on dashboard icons (nb of comments, spam comments and posts)

Various bugs and typos fixed

Some locales and cosmetic adjustments

Lire la suite: https://dotclear.org/blog/






2.13.1
 (version majeure) (version de sécurité)
11 Juin - 20MB2.13.1

 

Bug Fixes

Weird behaviour of theme editor when typing any of "t", "r", "u" and "e" characters

Unable to save an entry with dcLegacyEditor in XHTML mode, visual pane



2.13



Security

New password management system (including silent migration)

Add Referrer-Policy header in admin pages

Fix potential XSS - thank's Trí Chim Trích for report



Highlights

PHP 5.5+ is required

Dotclear news are now displayed in async way by js

Dotclear core update check is now done by async js - a forced check may still be done on /update.php page

Add utf8mb4 driver (MySQL server 5.7.7+)

Add target="blank" option in simpleMenu

Update CKEditor from 4.6.2 to 4.7.3

Update CodeMirror from 5.25.1 to 5.32.1

Add required attribute for mandatory fields



Bug Fixes

Avoid horizontal scrolling table when longest comment's usernames in list of comments

Cope with MySQLi connection via socket

Error messages markup and styling

Set caret at the end of the inserted thing (img, url, blockquote, …) in Legacy editor if current selection is empty

Cope with query part only in SimpleMenu URLs

Various bugs and typos fixed

Some locales and cosmetic adjustments



2.12.2



Bug Fixes

lang attribute was missing on entry alone contexts for currywurst and dotty templatesets

Add http:// protocol before media.dotaddict.org for csp_admin_img

tpl:sysIf blog_lang generated code

Duplicate auto-generated URI (entries)

Do not use border and background on select to use the system aspect of them in Firefox.

For select element, target Safari to cope with font-size select/option problem.

Error messages styling

Lire la suite: https://dotclear.org/blog/






2.12.1
 (version majeure) (version de sécurité)
23 Octobre 2017 - 10MBThere is no new functionality, only improvements and bug fixes.



What's New

Security: Fix potential XSS

Security: Enforce uniqness of the recovery key

Security: Switch hash method from sha1 to sha512 (new installation only)

Two new values for base font size (37.5% and 87.5%)

Adaptive admin font size is now optional

Reduce base font size on very small devices

Refactor some functions to closures

No CSP directives in safe mode

Add current blog domain for script and style CSP directives

Backlinks:

Retrieving ping URLs, let trackback first, then pingback, then finally webmention

Get source post content to compose webmention excerpt and retrieve title

Use source post title as blog name if this one is unknown (Anonymous blog is used if neither title nor blog name are known)

Datepicker's look refreshed

Allow 3rd party additional headers (URL handler)

Dublin core metadata removed

Using theme\ namespace for _public.php and _prepend.php, in order to simplify theme copy and hack

Temporary password will have to be changed at first login (after resetting password)

Add ukrainian language

French help updated for theme editor

Fix: Blogs’ admin (ie not super-admin) got back their blogs’ list but only super-admin may do actions

Fix: Post/page edition layout on different screen sizes

Fix: x-frame-options URL in admin

Fix: Cope with several copies of a same smiley in content

Fix: Allow 3rd party filters for template tags

Fix: Use getURLFor instead of old getBase function for breadcrumb

Fix: Give mysql/mysqli driver choice for DC 1.2 import

Clearbricks lib update from 0.9 to 1.0

jQuery lib update from 2.2.0 to 2.2.4 (last release of jQuery 2.n branch)

CKEditor lib update from 4.6.1 to 4.6.2

CodeMirror lib update from 5.15.3 to 5.25.1

Various bugs and typos fixed

Some locales and cosmetic adjustments

Lire la suite: https://dotclear.org/blog/






2.11.2
 (version majeure)
23 Janvier 2017 - 10MBThis version does not bring anything extraordinary except that it facilitates the use of Dotclear, and it corrects some bugs sometimes annoying on a daily basis.



What's New

Easier access to plugin settings.
A more advanced customization (text size, display or not of additional information, ...).
Some additional attributes for theme developers / hackers.
The webmentions which are added to the existing trackbacks and pingbacks.
The Berlin theme is now based on the template set dotty, which exploits at best HTML5.

Lire la suite: http://dotclear.org/blog/post/2016/12/28/Dotclear-2.11



Afficher plus de versions




2.10.4
 (version de sécurité)
2 Novembre 2016 - 10MBA tiny update to fix two minor security vulnerabilities and to allow some specific proxy/ssl server configuration.



What's New

Security: Fix CVE-2016-7903: Password Reset Address Spoof - Thank's Hongkun Zeng for report
Security: Fix CVE-2016-7902: Media Manager, unrestricted File Upload — Thank's Hongkun Zeng for report
CSP: Cope with external sources used in editor's iframe to preview public external content
Fix: Cope with post.post_position field during flat import
Fix: Prevents precondition failed during currently activated theme update
Fix: Remove unecessary header (cope by dotclear) in page plugin
Fix: Let some proxies playing with standard http and https ports
Fix: Let SSL runs through a proxy, it may be ok, sometimes
Various bugs and typos fixed

Lire la suite: http://dotclear.org/blog/post/2016/11/02/Dotclear-2.10.4






2.10.2
 (version majeure)
22 Août 2016 - 10MBWe should celebrate the 13th anniversary of Dotclear today!



Highlights

PHP 7 support
Some vulnerabilities have been fixed
Lot of bugs killed (some may still remain)
A new template-set, named dotty, using as far as possible the new HTML5 semantic tags
New options to customize and use more easily your Dotclear backend (favorites folders in media manager, optional columns for posts and pages lists, ...)
Implementation of the Content-Security-Policies for the backend, prelude to an implementation in public side (blogs) for the future 2.11 release[2]
New facilities and opportunities for plugins developers (they are detailed below)
Some javascript libraries have been updated (CKEditor, Codemirror, ...)
Patch 2.10.1: A new maintenance release which fixes several bugs of the previous 2.9.
Patch 2.10.2: A tiny update to fix a problem which prevents correct update on installation using PostgreSQL database system.

Lire la suite: http://dotclear.org/blog/post/2016/08/13/Dotclear-2.10






2.9.1

30 Mars 2016 - 10MBA new maintenance release which fixes several bugs of the previous 2.9. I remind you that Dotclear is fully compatible with the new PHP 7 (it's performances are highly improved comparing with PHP 5.n)[1].
Lire la suite: http://dotclear.org/blog/post/2016/03/27/Dotclear-2.9.1






2.9
 (version majeure)
29 Février 2016 - 10MBOn the menu of this version essentially what make life a little easier for those who spend time on the side of the administration of their(s) blog(s). A search and last visited folders available in the media manager, better sorted menus and lists some more filterable, some welcome updates for the javascript libraries used.



And then we also need to make Dotclear run properly with the new version 7 of PHP, quite impressive release in terms of speed gain, and you will note in passing that the minimum required version of PHP 5.3, as it is had announced at the time of the release of the release of the version 2.8.



A lot of bugs were eradicated, a few new opportunities have been implemented for developers of plugins and theme designers, and finally a more robust application for everyone.
Lire la suite: http://dotclear.org/blog/post/2016/02/29/Dotclear-2.9






2.8.2
 (version de sécurité)
26 Octobre 2015 - 10MBThis release is a maintenance release which fixes one potential XSS vulnerability in comments's list and enforce media extension before upload[1] (thanks to Tim Coen, Curesec Gmbh, for reporting them) and two other bugfixes.
Lire la suite: http://dotclear.org/blog/post/2015/10/25/Dotclear-2.8.2






2.8.1
 (version de sécurité)
24 Septembre 2015 - 10MBThis new version is a maintenance release which fixes one potential XSS vulnerabilities (thanks to Keiko Yashiki from JPCERT/CC) and two other bugfixes.
Lire la suite: http://dotclear.org/blog/post/2015/09/23/Dotclear-2.8.1






2.8
 (version majeure)
17 Août 2015 - 10MBThis new version introduces a new mechanism to cope with module dependencies (plugins for this release and will be declined for themes soon), also includes the Breadcrumb plugin that some of you already use, updates the CKEditor editor and the jQuery library, and fixes lots of bugs et somes minor cosmetic issues.



The heritage/extension templating system has been applied to the legacy mustek templateset, in order to simplify the developpement of themes using it; some new criteria and filters have been added for posts and comments (and spams) lists; the tags and widgets are now lexically sorted for latin languages, and so on.



Important: If you have already installed the breadcrumb plugin, please uninstall it before doing this update.
Lire la suite: http://dotclear.org/blog/post/2015/08/13/Dotclear-2.8






2.7.5
 (version de sécurité)
25 Mars 2015 - 10MBThis maintenance release fixes two potential XSS vulnerabilities (thanks to the SecPod Research Team Member Shakeel) and three other bugfixes.



Changelog

Security : Fixed SecPod 1055, Multiple Stored Cross-site Scripting Vulnerabilities
Admins (not super admins) cannot change blog parameters : fixed
Allow radio button in widget settings
Typo in mustek page template

Lire la suite: http://dotclear.org/blog/post/2015/03/25/Dotclear-2.7.5






2.7.4

14 Février 2015 - 10MBThis maintenance release provides some bugfixes and improvements.



Changelog

Berlin theme: resources usage has been optimized
currywurst templateset: head-linkrel block name fixed
Current editor syntax: now displayed near edited field (post/page/quick entry)
Some admin URLs were malformed: fixed
Post/page preview: anti-clickjacking system fixed
The cat is valid now

Lire la suite: http://dotclear.org/blog/post/2015/02/13/Dotclear-2.7.4






2.7.3

13 Janvier 2015 - 10MBThis bugfix release restores advanced editing of category descriptions, fixes some non-required warning messages, and fixes pagination in some specific contexts.



Changelog

Restore advanced edition of category description (as in 2.6)
Various bug fixes
Some cosmetic adjustments

Lire la suite: http://dotclear.org/blog/post/2015/01/13/Dotclear-2.7.3






2.7.2

26 Décembre 2014 - 10MBThis is a bugfix release in order to allow again normal user (not admin) to use the Dotclear Wiki editor.



Changelog

Dotclear wiki could not be used by standard user: fixed

Lire la suite: http://dotclear.org/blog/post/2014/12/25/Dotclear-2.7.2






2.7
 (version majeure)
15 Décembre 2014 - 10MBIt's now been thirteen months since 2.6 came out. It's now about time (at last!) to move on. Dotclear 2.7, being released today, is less spectacular than the previous version, with its updated administration graphics chart, but it brings forth significative changes for users (on the admin side) and its rendering (on the public side).



Changelog

Security : protection against clickjacking may be activated (see blog parameters)
Switch to HTML5 : backend, templatesets and themes
ARIA roles in da place (a11y)
Multiple templatesets : mustek (legacy) and currywurst
Themes may use extension/heritage template mechanisms
New theme (Berlin) based on currywurst templateset
New WYSIWYG editor (CKEditor)
Dotclear Wiki now produces HTML5 compatible markup
Video and audio HTML5 tags are now used (with fallback to flash if possible)
Copying default theme to user-defined theme folder is not more necessary
Preview of comment may be optional (see blog parameters)
Widgets may be put offline without deleting them
jQuery version may be choosen between 1.4.2 (default) and 1.11.1 (see blog parameters)
Number of posts listed on home page may be different than other pages (see blog parameters)
Hidden folders are now hidden in media manager (set DC_SHOW_HIDDEN_DIRS to true in config.php to display them)
User-defined template files may be reset (deleted) in theme editor
Drag'n'drop now enabled on touch screens
Alternative syntax may be set for comments by third-party plugins
A lot of bug fixes
Much more cosmetic adjustements and enhancements

Lire la suite: http://dotclear.org/blog/post/2014/12/13/Dotclear-2.7






2.6.4

26 Novembre 2014 - 10MB