4.0.1

• #3080871: Case insensitive tags?. This is added in a point release despite technically being a new feature, as it does not affect the rendering of existing lower-case tags.
• #3097296: Missing configure button in module listing page
• #3206579: Compatibility with PHP 8. No changes aside from the Composer platform requirements.

3.2.0

Feature release. Final version of the 8.x-3.x branch - future development will occur in 4.0.x, and be compatible with 8.8.x and 9.0.x.

This release is functionally identical to 4.0.0. If you are using Drupal 8.8.0 or newer, you can and should upgrade to 4.0.0 instead.

• Rework HTML filtering in several ways:
• Only attributes and option values have their HTML filtering reversed.
• Make internal HTML sanitization optional (but still a recommended default).
• Make the HTML sanitizer escape markup instead of deleting it.
• Apply sanitization to tag source and outer source as well as content.
• Cleanup and refactor to pass code inspection.
• Update the sample code in README.md to work correctly.
• Fixed some old encoding bugs in code used by [code], [list], and [table].
• Allow editing the list of attached libraries in the custom tag form.
• Detect and point out duplicate plugins using the same default tag name.

4.0.0

Feature release, and compatibility with Drupal 9.

• Rework HTML filtering in several ways:
• Only attributes and option values have their HTML filtering reversed.
• Make internal HTML sanitization optional (but still a recommended default).
• Make the HTML sanitizer escape markup instead of deleting it.
• Apply sanitization to tag source and outer source as well as content.
• Cleanup and refactor to pass code inspection.
• Update the sample code in README.md to work correctly.
• Fixed some old encoding bugs in code used by [code], [list], and [table].
• Allow editing the list of attached libraries in the custom tag form.
• Detect and point out duplicate plugins using the same default tag name.

This release is compatible with Drupal 8.8+ and Drupal 9.

3.1.0

This is a maintenance release keeping the module up to date with dependencies.

Note that this version requires PHP 7.1.0 or later, as well as Drupal 8.5.0 or later.

3.0.0

After almost two years, this is the first stable release for Drupal 8.

Changes since the last release candidate:

• The [list] tag has been rewritten in the same way the [table] tag has. Both now allow safely nesting further tags (including more tables and lists) inside them.
• The module is up to date with the stable Drupal 8.4.x series.
• Tag attachments are now loaded when rendering the tag preview, so JS-using tags will behave correctly. (Attachments still cannot be manually added via the admin UI, but are transferred when copying existing tags and can be added by modules or config editors.)

To resummarize the major changes since the D7 version:

• The parser now creates and then renders a syntax tree when processing BBCode.
• Tags use the plugin architecture provided by Symfony/Drupal, with tag plugins either defined by annotated PHP classes or derived from a config entity. Custom tags form a subset of the latter.
• Instead of global vs format-specific settings, these settings are now represented by Tag Sets, which map tag names to plugins. This allows multiple BBCode formats to use the same tag set, and the same plugin to be aliased to multiple tag names.
• Custom tags now use the Twig template engine instead of PHPTemplate, greatly improving security.
• The custom tag form is interactive, rendering an AJAX preview and reporting Twig syntax errors.

The parser is now decoupled from the Drupal module, and is also available as a standalone package at https://github.com/cburschka/xbbcode-parser / https://packagist.org/packages/ermarian/xbbcode. As of now, the Drupal module still duplicates this code; in the future, it may switch to using the composer package.

3.0.0 RC3

• Stylesheets are now written in SCSS. The compiled files will remain in git, as there is no straightforward build process for Drupal modules yet.
• The [table] tag plugin is much more robust and powerful now. Instead of tabulating the rendered HTML content (which easily breaks nesting), the element now only processes delimiters in the top-level text content of the tag, ensuring that contained HTML elements remain intact.
• Unquoted attribute values can no longer begin with an unescaped dangling quote. (This avoids regex backtracking.)
• HTML linebreaks are now applied to text elements in the BBCode tree, rather than the output. This avoids rendering linebreaks that were added by Twig templates.
• More tests and refactoring.

3.0.0 RC2

This release fixes several encoding/escaping bugs discovered by the expansion of parser tests, including the following:

• Repeated backslashes in argument strings no longer overload the regex engine with exponential backtracking.
• The [ character must now be escaped in any unquoted argument value (this allows the parser to correctly interpret [a=[b][/b] as a matched [b] preceded by the text [a=, rather than a dangling [a="[b"] followed by a dangling [/b]).
• Literal backslashes must now always be escaped.

3.0.0 RC1

First release candidate of this module for Drupal 8.

Changes since -alpha4 include:

• Entirely rewritten plugin management. Each filter format may now reference a "tag set", which represents a fixed collection of tags, or simply use the default collection. The "tag set" is reusable (thus making it more convenient to use multiple formats that contain the same BBCode tags), and the default collection automatically contains all available plugins (thus saving a step after installing modules or creating new custom tags).
• The parser is now decoupled from Drupal and will be outsourced as a composer package eventually. It can be used separately, without the plugin management provided by Drupal and Symfony.
• The set of standard tags are (once again) in an optional separate module.
• The admin interface is massively improved, providing better plugin management and validation/preview of custom tags.

8.x-3.0-alpha4

Major changes:

• #2627826: Rewrote the parsing algorithm, and used the prepare() phase of the
  filter. Tags are now validated before any other filters are applied,
  and the tag arguments (as well as a copy of the source text) are
  base64-encoded to bypass other filters.
  This means that tag.option, tag.attr.* and tag.source are now raw
  values, and only the content is processed by other filters first.
  Tag contents are rendered on demand, so a [code] tag's content
  will never be rendered in the first place.
• #2633282: Removed self-closing property. All tags must be closed explicitly.
• #2630676: Added some tests for the filter itself. So far it tests attribute
  parsing, as well as parsing of various nested tags.

Bugfixes:

• #2634160: Text after the last closing tag was not appended (including the
  entire input text, if it has no tags).
• #2634170: Escape quotes in unquoted values. This is needed to disambiguate
  between the unquoted value \"foo\", and the double-quoted value
  "foo".
• #2634274: Escape ] in unquoted values. This is needed to ensure the expression
  does not match beyond the end of the opening tag.
• #2634224: Mark content() and outerSource() as safe, after escaping the
  attribute string included in outerSource().

Minor changes:

• Increased minimum size of template textarea to 15 lines.
• Documented tag.source and tag.outerSource variables in the help text.
• Sorting tag plugins by name in the tips and the settings.
• Added final newline to list template.
• Removed double newline in Element.
• #2630152: Reference template files via @module/template.html.twig instead of
  injecting them into the theme registry with hook_theme().
• #2634170: Remove some redundant look-ahead assertions from the regex.
• Call TableTagPlugin::splitComma statically.
• Add a notice about output security to the documentation.
• #2629256: Remove quotes from [font] CSS.

8.x-3.0-alpha3

This iteration adds several new features and greatly expands the unit tests.

Fixes:

• #2629292: An error in 8.x-3.0-alpha2 that prevented custom tags from
  becoming available until the cache was cleared.
• #2629256: Broken [align], [color], [font], [list] and [size] tags fixed,
  because CSS values cannot actually be wrapped in quotes.
• #2629662: Plugins can now be renamed while disabled. This fixes a problem
  that prevented enabling and renaming plugins in the same form
  submission.
• #2629874: Actually block access to the edit/delete forms for uneditable
  tags. The access check had previous just disabled the link.

Features:

• #2629674: All tags, especially uneditable ones, can now be viewed with their
  template code.
• #1754336: A [spoiler] tag has been added to the default tags.