Key Changes
This is our March maintenance release. This release also includes an important security related fix for Commerce users.
New features:
Additional Information
Security
- Resolves an issue in Commerce when tampering with filters could cause errors.
Core
- Improved the efficiency when getting attachments for topic statistics.
- Improved the efficiency of streams when "Content I posted in" is selected.
- Improved the Internal Embeds system to show better error messages for deleted comments & reviews.
- Improved performance of invalidating member sessions when using Redis.
- Added new Moderator actions by action statistics section.
- Fixed Checkbox Overview Statistics not working properly.
- Fixed Moderator Activity statistics table not displaying properly.
- Fixed Warnings over time statistics table not displaying properly.
- Fixed Suspended users over time statistics table not displaying properly.
- Fixed saved charts not displaying data correctly when custom form filters are used.
- Fixed Geographical Charts CSV download not generating properly.
- Fixed an issue where creating an activity stream in the ACP could be missing the clubs filter.
- Fixed an issue where the badge title would be shown as hash value in translated notification emails.
- Fixed an issue where the Posts Per Day Limit was also used for private messages.
- Fixed an issue in the members/warnings endpoint where the POST request could fail while giving a member a warning if warning actions were present.
- Fixed an issue where deleting content may send a delete request to Community Hive, even if it was not enabled.
- Fixed an issue where 3rd party applications with a broken/missing versions file would break the upgrader.
- Fixed an issue where members with a false validation flag would be unable to login.
- Fixed an issue where the Google Maps Autocomplete Integration could display an error message.
- Fixed an issue where not all clubs may be shown on the member profile clubs page.
- Replaced the hardcoded forum_id in the promotion achievement extension.
- Fixed an issue where the Signature Settings page couldn't be accessed to change the signature visibility, without permissions to edit signatures.
- Fixed an issue where new comment notifications posted in anonymous topics were showed as posted by an anonymous member.
- Fixed an issue with the post count value for the Mass Move /Mass Delete action.
- Fixed an issue where delayed deleted content from private clubs isn't shown in the ModCP - Deleted Content area.
-
Fixed the default value for the Manifest related
manifest_details
setting. - Fixed an issue where the guest group settings couldn't be edited.
- Fixed an issue where YouTube embeds may not lazy-load.
- Fixed an issue where the guest group settings couldn't be edited.
- Fixed an issue where admins with permission to manage stored replies could still not manage these.
- Fixed an issue where the club filters could cause an EX0 error when a not existing field was used.
- Fixed an issue where IP address pruning may not prune all IP addresses.
Blogs
- Fixed an issue where moving a blog entry and sending a moderation alert may cause an error.
Forums
- Added new Solved Topics by Group statistics section.
- Added new Unsolved Topics statistics section.
- Added Top Solvers statistics section.
Courses
- Fixed Enrollments statistics table not displaying status correctly.
- Fixed an issue where sorting the enrollments in the ACP by name would throw an error.
- Fixed a missing language string.
- Fixed not translatable module titles.
Pages
- Added ability for database categories to be added to Clubs.
- Views are now tracked for Pages.
- Fixed an issue where pages were not reindexed after WYSIWYG blocks were added/edited.
- Fixed an issue where record thumbnails which were created via the REST API hadn't the proper thumbnail size.
Platform
- Page views for pages will now be included in analytics reports.
- Fixed an issue with the post before registering flow when content was identified as spam.
Commerce
- Fixed an issue with the subscriptions member filter.
-
Fixed a broken default value in the
businessAddress
. - Fixed an issue in the commerce categorySidebar template.
Events
- Added organizer, eventAttendanceMode, and VirtualLocation to events JSON_LD.
- Fixed an issue where guests searching for events could see an error.
Downloads
- Fixed an issue in the Downloads File Embed Template where the comment count was shown for files in categories without comments.
Gallery
- Fixed an issue where the vertical image widget wouldn't show the image in Chrome.
- Fixed missing alt texts for event cover images.
Converters
- Improved conversion of attachments in WordPress, Attachments will now be converted inside posts instead of converting to media files.
Changes affecting third-party developers and designers
-
Added new core/admin/global template
userLinkWithPhoto
. -
Added new
tableLangPrefix
property for Dynamic Charts. - Fixed adding new warning reason throwing an error while IN_DEV.
- Fixed an issue where the radio form template would result in an error if no htmlID was set.
- Fixed an issue where clean IN_DEV installations have a broken serviceworker if no manifest details were set.
- Updated HTMLPurifier to 4.17.0.
- Replaced JShrink with JS-minify for better Javascript compatibility.
- Removed jQuery History, removing deprecated 'onunload' handler.
Our thanks to Egidio Romano, an independent security researcher, from Karma(In)Security, working with SSD Secure Disclosure for reporting the security issue to us.