Skip to content

v4.0.2
Compare
Choose a tag to compare
@zerocrates zerocrates released this 27 Jul 18:11
· 462 commits to develop since this release
v4.0.2
32b0914

Bugs Fixed

  • Vocabulary import could reveal the contents of files it was pointed to when displaying an error, a possible "SSRF" vulnerability
  • SVG asset uploads could contain Javascript that would be executed if the SVG was viewed directly
  • Title not escaped correctly in the browse preview block
  • Batch editing options to clear property values and set value visibility sometimes did not work, depending on what other batch edit operations were used at the same time
  • Issues when displaying a very large number of tabs on admin pages (fix contributed by @Daniel-KM)
  • Misleading page display when user revokes own privileges from a site (#2034)
  • Issues with reporting of empty required fields on the resource add/edit pages (#2041)
  • Overbroad selection for assets on the site edit page
  • Incorrect routing for URLs with "false" site slugs (fix contributed by @Daniel-KM)
  • Property label still displayed even if no values were shown due to the locale filter being enabled on a site (#2045)
  • Miscellaneous translation string issues
  • We unnecessarily checked the database version on each request to decide whether to use database-backed sessions
  • Linked resources/subject values display didn't work properly for non-items
  • Events for Doctrine entities did not always fire correctly
  • Asset upload errors were silent
  • Some advanced search fields were missing labels for accessibility
  • Fulltext search for media caused an unnecessarily high number of queries when multiple media were saved at once
  • Media public resource pages didn't have the media render block configured by default (#2058)
  • The lightgallery block did not correctly read some metadata for text tracks for videos
  • The lightgallery code was missing its license key
  • Temporary files could get left behind when some kinds of errors occurred during file upload

Changes

  • The title column for resources now has an index
  • The list of allowed mime types for assets is now set by config; SVGs are no longer allowed by default as uploaded assets
  • HTML Purifier is now enabled by default for new installs
  • Removed nonfunctioning n3 option for RDF import
  • Updated default theme to 1.7.2

Contributors

Daniel-KM
Assets 3
Loading