9.2.0 Release Notes
Major New Features
- Refinements to the in-page editing experience: better highlight of editable blocks and areas, better delineation of containers, layouts and in-page areas, better hit areas for draggable blocks and much more.
- New “Site Health” Hub: run reports against your site to ensure that its optimally configured. Extensible reports engine ships with the ability to check site for production status settings, cache settings, unauthorized JavaScript and more. Learn more at https://www.youtube.com/watch?v=K76xk1E6hPE
- Complete 1.0 REST API with coverage of major Concrete CMS features, including pages, users, files, Express objects and more.
New Features
- Added production modes to the Dashboard - tell Concrete whether this copy is in development, staging or production mode. Useful when running security health checks, or automatically displaying a staging notice to admins or visitors on a staging copy of a site.
- Added the ability to view and retry failed queue messages within the Dashboard and through the use of a command line tool. (https://www.loom.com/share/83530934986940b98f74ebe108e49c6e)
- Added a button to clear all running processes in case any get stuck.
- Adds ability to configure Composer form sets to be collapsable (thanks Mesuva)
- Adds option to filter events in Event List by Past, Future or All Events (thanks katalysis)
- Adds option to change sort order by Most Recent First or Oldest First (thanks katalysis)
- Added new password strength meter to user creation and password changing Dashboard pages (thanks shahroq)
- Added new URL Slug Dashboard page to the SEO section, where you can change settings related to URL slugs (thanks hissy)
- We no longer fall back to using the super admin’s email address as the default address if certain specific addresses aren’t set; instead we use a new config value “default email address”, settable in config code and from the Dashboard email options page (Thanks mlocati)
- Added the ability to specify several allowed IP addresses to avoid triggering logout on IP address change. Added user-specific IP address overrides as well (thanks mlocati)
- Improvements to user experience when passwords are reset for users by administrators, either for a single user, or for all users in the site (mlocati). Users will no longer have to enter their email addresses twice, and will no longer be told that they’re in the “forgot password” user flow, when they’re actually in the manual reset user flow.
- Added the ability to force user passwords changes every X days (thanks mlocati)
- Added the ability to mark a password as reset from a Dashboard user detail page (thanks mlocati)
- Add more info in user details dashboard page (thanks mlocati)
- Added a new full page caching setting that determines the lifetime of the page based on the blocks on the page (thanks hissy)
- New user avatar editor component in My Account and Dashboard.
Behavioral Improvements
- Improved display of View Page as User panel.
- Using group paths when group operations are logged instead of group names (thanks mlocati)
- Activating the Elemental or Atomik themes after installation will install required supported templates.
- Added min fields to page list block number fields (thanks ccmEnlil)
- Core guest, registered and admin groups once again forced to be created with the proper initial IDs (thanks mlocati)
- New conversations message notifications now appear in Waiting for Me.
- Top Navigation Bar block now correctly links to the multilingual home pages, and includes nav-path-selected CSS classes on parent pages of active pages.
- Top Navigation Bar now honors nav target custom attribute (thanks ccmEnlil)
- API Integrations can limit which Concrete CMS product areas they cover via custom scopes.
- Add missing for attribute to checkbox label of option list attribute (thanks Mesuva)
- SMTP config page: don't send the SMTP password to the clients (thanks mlocati)
- Fix UI of "Update Languages" dashboard page (thanks mlocati)
- Heartbeat backend call updates “Online Now” user property (thanks mlocati)
- Add option to disable asciify on generate url slug (thanks hissy)
- Performance improvement: All global areas’' blocks no longer loaded on every page load (thanks mnakalay)
- Fixed: Breadcrumb block doesn't respect replace_link_with_first_in_nav attribute (thanks hissy)
- Changed image slider URL field from textarea to text input for better display and less ability to mess up input by putting in newlines (thanks nikolai-nikolajevic)
- Dashboard Environment Information page now wraps its content properly (thanks JohnTheFish)
- Fixed error where containers when used on page would block that page from engaging in automated full-page caching (thanks hissy)
- Added date/time of previous login to Welcome back dashboard and account screens.
- File title is now included when searching via the file manager file/folder interface.
- Much improved, more uniform appearance to select pickers and combo boxes when using autocomplete functionality.
- Better block caching settings for certain core block types (thanks
- Added additionally indexes throughout (thanks jlucki)
- Performance Improvement: Avoid getting same attribute values multiple times (thanks hissy)
Bug Fixes
- Fixed: Express Form Block submission cannot be edited (thanks mnakalay)
- Fixed bug: Viewing versions of a page with permissions does not work
- Fixed bug: Page preview fails if page is protected
- Fixed bug: Unable to view mobile preview, page versions panel detail, custom design before publish the page
- Fixed bug where unapproved conversation messages were being sent to subscribers.
- Fixed bug where advanced search dialogs in the Dashboard weren’t accurately showing default search and sort order selections.
- Add the missing user param on page_version_approve event (thanks chauve-dev)
- Fix sorting results of FolderItemList by file title when only full group by SQL mode is enabled (thanks mlocati)
- Many bug fixes to searchable lists.
- Bug fixes to Tags attribute that fixes inability to remove tags, other problems.
- Fixed: For draft pages, the destination is the Drafts directory if you create the page in another language.
- Fixed inability to use query parameter ccm_order_by broken with block express_entry_list (thanks mnakalay)
- Fixed issue where editing a JPEG using the image editor would save that file with the JPEG extension but the file behind the scenes was actually a PNG.
- Fixed Calendar block not being properly localized.
- Fix issue under PHP8 when saving select/option attributes with no selected values (thanks Mesuva)
- Fixed /concrete/single_pages/download_file.php:23 Undefined variable $fID under PHP 8.
- Fixed inability to set home folder when editing a user in the Dashboard.
- Fixed: [V9][Bug] Order by FileSet not working in Document Library Block (thanks mnakalay)
- Fixed: "select fileset" dialog in file manager doesn't retain file set values (thanks mnakalay)
- Fixed error registering users with email validation under PHP 8.
- Exporting users now checks the permission of the access user export permission.
- When running validate-schema via the console no more errors are reported (thanks biplobice)
- Fixed: Dashboard user attributes always required when present and empty even if not required when editing attributes
- Fixed: If ID of the Home page isn't 1, we can't manage access rights to site
- Image attribute causing js error in composer and attribute panel (thanks mlocati)
- Fixed bug where marking a page description as required in composer made it impossible to approve the page version even when description was specified.
- Fixed error when hiding username on new registration form under PHP 8.
- Fixed error using layout sliders on non-Bedrock themes.
- Many small errors and code incompatibilities fixed in group notifications (thanks mlocati)
- Fix handling of page removal when deleting a calendar event (thanks mlocati)
- Fixed PHP errors when using Legacy Form block with PHP 8 (thanks mlocati)
- Fixed some exceptions in BlockController when using PHP8 (thanks biplobice)
- Fixed Wrong params order in the call of View::element(), under elements\workflow\edit_type_form_required.php (thanks BSalaeddin)
- Fixed bug where removing orphaned blocks that are part of page defaults for a page template deletes them from all pages of that type (thanks hissy)
- Fixed error when using Check Automated Groups task.
- Fixed error when saving page type order in the Page Type Order and Group Dashboard page under PHP 8 (thanks hissy)
- Fixed: Presets transparent less variable are replaced by colors when upgrading to concrete version 9 (thanks apaccou)
- Fixes in browsers where certain asynchronous operations could result in a popup saying “undefined” when navigating away from a page
- Fixed: Attempting to delete the "social block" gave displayOrder error under PHP 8.1.
- Fixed: Bugfix: Bulk update for page attributes only saves first selected page (thanks lvanstrijland)
- Fixed some bugs in conversations under PHP 8.
- Fixed error displaying languages in Dashboard Breadcrumb dropdown on Global Areas Dashboard page when multilingual is enabled.
- Fix undefined array key when exporting Express entries on PHP 8 (thanks JeffPaetkau)
- Fixed: Get an antispam library by handle breaks under PHP 8 (thanks mnakalay)
- Fixed: Undefined variable $selectedTemplate" error on design panel when editing single pages in PHP 8 (thanks hissy)
- Fixed error when a user has no rights to do settings on express, but can edit the entities (under PHP 8) (thanks Lemonbrain)
- Fixed: HTML block breaks composer interface on PHP 8.1 (thanks hissy)
- Fixed Unable to install with MariaDB 10.10+ (thanks mlocati)
- Fixed: Adding Core Property 'Text' to Express Form Causes Error under PHP 8.
- Fixed occasional errors that could occur if a config file is written twice in rapid succession (thanks JohnTheFish)
- Fixes to the user registration email template (thanks jlucki)
Add cache lock to fix potential race condition with attribute keys (thanks jlucki)
Fixed: Undefined array key "ptComposerOutputControlID" error on page type default page after removing a composer control under PHP 8
- Fixed behavior where if a custom file storage was set as default it was not selected when adding new folders (thanks hissy)
- Document library block forcing download of files outside default storage location (as attachment)
Backward Compatibility Notes
- The user autocomplete quickSelect method now defaults to showing user avatars and including usernames and email addresses (if the site is configured to use usernames). This is likely desired for an administrative component but if you’re using quickSelect on the frontend you may wish to restrict this behavior. Consider modifying your usage of quickSelect to use the AUTO_MINIMUM constant and enable/disable user avatars as you like.
- Bootstrap Select has been deprecated. It is still shipping with Bedrock but will be removed in a subsequent version update. Update your code to use new Concrete select components instead.
- The encryption service (unused by the core) has been removed; there is no replacement built into the core but many third party libraries are available in packagist.
Developer Updates
- Bedrock updated to 1.4, which includes support for Bootstrap 5.2 and many other updates.
- Numerous minor PHP dependency updates
- New Group selector Vue component (Thanks mlocati)
- New ConcreteSelect, ConcreteUserSelect, ConcretePageSelect and other components.
- Developers can now add to the list of email addresses displayed on the System Email Addresses Dashboard page for their custom add-ons (thanks mlocati)
- Display the php-cs-fixers applied when the phpcs CLI command applies fixes (thanks mlocati)
- FancyTree deprecated errors no longer displayed in Sitemap (thanks mlocati)
- Theme developers may add required additional content XML for their theme in content.xml in the theme root - it will be installed if (and only if) the theme is activated.
- Added an option to hide usernames from the user picker component (thanks mlocati)
- Add the setupSiteInterfaceLocalization in the controller method in ResponseFactory.php (thanks chauve-dev)
- Deprecate Ajax::isAjaxRequest (thanks mlocati)
- Removed more instances of “concrete5” in favor of “Concrete CMS”
- Guzzle PHP Library updated to 7.5.
- Concrete now supports Doctrine ORM 2.14.x+
- Fixed error when running method
getPermissionObject
from theBlockController
class. - Many minor PHP dependency version updates.
- moment.js has been updated to the latest stable version. This file could sometimes trigger insecurity warnings.