CHANGELOG.md in fat_free_crm-0.18.2 vs CHANGELOG.md in fat_free_crm-0.19.0

- old
+ new

@@ -2,44 +2,59 @@ -- Confucius First they ignore you, then they laugh at you, then they fight you, then you win. –- Mahatma Gandhi -Sat Apr 7, 2021 (0.18.2) ---------------------------------------------------------------------- +Wed Apr 04, 2021 (0.19.0) +====== -#### Security fixes -CVE-2018-1000544 -CVE-2019-16892 -CVE-2018-16470 -CVE-2018-16471 -CVE-2018-3760 -CVE-2018-8048 -CVE-2019-11068 -CVE-2019-5477 -CVE-2018-14404 -CVE-2018-1000201 -CVE-2018-16476 -CVE-2019-5418 -CVE-2019-5419 -CVE-2019-15587 -CVE-2018-16468 -CVE-2019-16676 +### Important changes - -Sat Oct 27, 2018 (0.18.1) ---------------------------------------------------------------------- - #### Fixed XSS flaw in tags_helper Credit Antonin Steinhauser (asteinhauser) for discovery and responsible disclosure. +#### Devise replaces Authlogic for user authentication +Ticket #742 replaces Authlogic with the latest Devise (4.3.0) which has wider adoption. +This change requires a database migration on the User model. Please note: + - Most User fields are renamed and can hence be rolled back. Existing Authlogic passwords will continue to work. + - Users will be forced logged out. Existing user sessions will not be kept and the fields `persistence_token, single_access_token, perishable_token` will be dropped from the database. + - Though the migration is generally safe **we recommend to make a backup of your database** before migrating. +#### Existing OAuth broken +The Devise change will break any OAuth login plugins which depend on Authlogic. +You can [configure OAuth for Devise using the guides here](https://github.com/plataformatec/devise/wiki/omniauth:-overview). + +#### Login and user-related routes changed +The login URL routes have been changed to use the defaults of Devise. + +#### User mailers changed +Mailers related to user password reset, etc. are changed to use the defaults of Devise. + +#### PaperClip version updated from 5.2.1 to 6.0.0 +PaperClip now only depends on `aws-sdk-s3` instead of `aws-sdk`. For more info see https://github.com/thoughtbot/paperclip/pull/2481. +Replace the Cocaine gem with Terrapin. https://github.com/thoughtbot/terrapin/ Apart from the namespace change, this is a drop in replacement. + +#### Rails 5.2 +The underlying framework is now rails 5.2.* + +#### Ruby 2.4 deprecated +Ruby 2.4 has reached end of life and is no longer activity tested against. + +#### Other changes + * #794 Fix defect with unpermitted params in advanced search + * 2bc6184779a26070496e6f4caefa0cc9ba555d7b Remove broken support for delete links on arrays. + * #851 upgrade paper_trail + * Security fixes CVE-2019-16109, CVE-2019-16676, CVE-2019-5477, CVE-2019-16892 + * Dependency updates + + Sat Apr 21, 2018 (0.18.0) --------------------------------------------------------------------- ### Important changes -#### Mininium ruby version + +#### Minimum Ruby version #665 Support for Ruby 2.3 has been dropped, with test coverage for 2.4 and 2.5 enabled. #### Swap to FactoryBot If you consume fat free crm as an engine and re-use any factories, you'll need to [upgrade to FactoryBot](https://github.com/thoughtbot/factory_bot/blob/4-9-0-stable/UPGRADE_FROM_FACTORY_GIRL.md). @@ -86,9 +101,10 @@ Sat Jan 20, 2018 (0.17.0) --------------------------------------------------------------------- ### Important changes + #### Select2 for select boxes This release replaces [Chozen](https://harvesthq.github.io/chosen/) with [Select2](https://select2.org/) consistently across the app. This may break plugins which rely on Chozen. To fix any issues please migrate to Select2 or add Chozen to your plugins.