7.1.1 Maintenance Release

[BUGFIX] Notification email to admin now sends changes again
[BUGFIX] Notification email to admin is also sent when adding recipient's address to flex form only
[TASK] Removes configPID from ext_typoscript_setup.typoscript

6.3.6 Maintenance Release

[BUGFIX] Removes configPID from ext_typoscript_setup.typoscript: The removed configuration can only be overwritten by another preset file in another extension, it can not be overwritten by PageTS.

6.3.5 Maintenance Release

[BUGFIX] Notification email to admin is also sent when adding recipient's address to flex form only
[BUGFIX] v5 backport: Notification mail to admin shows changes

6.3.4 Security Update

!!! Breaking change in fluid template for the invitation controller
!!! Security Update please update as soon as possible

• thx to Max Schäfer & Dennis Schober-Wenger for reporting

Upgrade Instruction:

Invitation Template

If you are using customized templates for the invitation function, please check the Resources/Private/Templates/Invitation/Edit.html

You need to add

<f:form.hidden name="hash" value="{hash}"/>

in order,that the function is working.

5.5.3 Security Update

!!! Breaking change in fluid template for the invitation controller (please read the upgrade instruction)
!!! Security Update please update as soon as possible

thx to Max Schäfer & Dennis Schober-Wenger for reporting

7.1 Feauture and Security Release

• [FEATURE] Add support for PHP 8 and 8.1 - thx to Stefan Busemann, Bastien Lutz, Mathias Bolt Lesniak, Thomas Löffler, Johannes Seipelt
• [BUGFIX] Re-fetch session from database to update 'userSession' property of TSFE. Thx to Thomas Off thomas.off@retiolum.de
• [BUGFIX] Add hash check for inivtation action - thx to Max Schäfer & Dennis Schober-Wenger
• [REFACTOR] Remove deprecated code and introduce rector - thx to Thomas Löffler

Upgrade Instruction:

If you are using customized templates for the invitation function, please check the Resources/Private/Templates/Invitation/Edit.html

You need to add

<f:form.hidden name="hash" value="{hash}"/>
in order,that the function is working.

6.3.3 Security Release

• [BUGFIX] (!!!) Security Fix - Broken Access Control in Usergroup Validation (Andreas Nedbal - in2code) - thx to TYPO3 Security Team
• [BUGFIX] CleanUserGroup DataProcessor - thx to Daniel Hoffmann (in2code)

5.5.2 Security Update

[BUGFIX] (!!!) Security Fix - Broken Access Control in Usergroup Validation (Andreas Nedbal - in2code) - thx to TYPO3 Security Team

7.0.1 Security Release

• [BUGFIX] (!!!) Security Fix - Broken Access Control in Usergroup Validation (Andreas Nedbal - in2code) - thx to TYPO3 Security Team
• [BUGFIX] login after registration (Re-fetch session from database to update 'userSession' property of TSFE) - thx to Thomas Off
• [BUGFIX] CleanUserGroup DataProcessor - thx to Daniel Hoffmann (in2code)

2.7.0 Security Release

You will find here security backports for TYPO3 7.6 LTS. If you use TYPO3 8 or 9 please use version 5.x

Upgrade

Due to changes in some templates, you need to adjust your templates, if you use your own ones.

1. Added element id for new / edit / invitation templates: If you use your own HTML templates of new/edit/invitation-templates you should compare them with the one from EXT:femanager. There is a new additional attribute inside the form viewhelper: data-femanager-plugin, which contains the content element id.
2. If you use a modified version of the Validation.js, there are also changes: plugin and action parameter is send to
   the eID-Script now
3. The edit template has to be adjusted, as there is a new parameter 'token' is introduced. (see example below)

Example

Please update these partials:

:file:/Partials/Misc/DeleteLink.html

The argument token was introduced :html:(token:token)

old template code

	<f:link.action
		action="delete"
		arguments="{user:user}"
		class="btn btn-warning btn-large"
		additionalAttributes="{data-confirm:'{f:translate(key:\'UserDeleteConfirmation\')}'}">
		<i class="icon-trash icon-white"></i>
		<f:translate key="deleteProfile" />
	</f:link.action>

new template code:

	<f:link.action
		action="delete"
		arguments="{user:user, token:token}"
		class="btn btn-warning btn-large"
		additionalAttributes="{data-confirm:'{f:translate(key:\'UserDeleteConfirmation\')}'}">
		<i class="icon-trash icon-white"></i>
		<f:translate key="deleteProfile" />
	</f:link.action>

:file:/Templates/Edit/Edit.html

You need to add: :html:<f:form.hidden name="token" value="{token}" /> between the form tag.

Example:

	<f:form
		name="user"
		object="{user}"
		action="update"
		enctype="multipart/form-data"
		additionalAttributes="{data-femanager-plugin:data.uid}"
		class="form-horizontal {f:if(condition:'{settings.edit.validation._enable.client}',then:'feManagerValidation',else:'')}">
	<fieldset>
		<legend>
			<f:translate key="titleUpdateProfile" />
		</legend>

		<f:form.hidden name="token" value="{token}" />

		more stuff here in the template file…

	</f:form>