8.5.5 Release Notes


Let us know by posting here.

New Features

  • Let user specify the SMTP HELO/EHLO domain for their SMTP server (thanks mlocati)

Behavioral Improvements

  • Removed version from meta generator tag.
  • CKEditor updated to 4.15.0 (thanks mlocati)
  • Page drafts are now viewable by the view page draft permission (thanks HMone23)
  • Updated list of UK counties (thanks Mesuva)
  • Update CKEditor from 4.15.0 to 4.15.1 (thanks mlocati)
  • Fix: make email log readable by decode quoted printable text (thanks hissy)

Bug Fixes

  • Fixing bug where accidentally re-saving a theme preset layout (e.g. “Left Sidebar”) as a user preset would cause a site to become unresponsive.
  • Fixed bug where pages indexed through the CLI search index job weren’t indexed properly (thanks haeflimi)
  • Page Selector attribute now properly searchable (thanks dimger)
  • No longer fire event execute_job twice (thanks deek87)
  • Fixing error when rescanning a multilingual locale (thanks mlocati)
  • Fixed error or max execution timeout that can occur when logging out of multilingual websites (thanks hissy)
  • Fixed: [CKEDITOR] Error code: editor-element-conflict. (thanks mlocati)
  • Fixed error: No such file or directory error when editing an aliased block which is not editable (thanks mlocati)
  • Fix some issues when using tags on multilingual site (thanks hissy)
  • Fix duration of IP bans (they were supposed to last seconds but instead used the same value and in minutes) (thanks mlocati)
  • Fixed: Stacks don't update if caching is enabled (thanks hissy)
  • Correctly parse non-decimal IP addresses (thanks mlocati)
  • Fix: enable to send private message to all groups at once (thanks hissy)
  • Fixed: Redis cookie handler always use the session name as a prefix (thanks mlocati)
  • Fixed an error where 404 does not work in multi language cases under certain situations (thanks hissy)
  • More resilient upgrade routine when dealing with conflicting character sets in mysql (thanks mlocati)
  • Fix issue where a rich text field on a form block doesn't re-populate contents after submit (thanks Mesuva)
  • Fixed: Express Forms - CSV Export does not respect datetime format from config (thanks 1stthomas)
  • Fix bug: Express Form can generate same attribute keys for multiple attribute keys (thanks hissy)
  • Fixes filtering by multiple topic attributes on an item list (thanks hissy)
  • Banned words with multibyte characters are now accurately detected (thanks hissy)
  • Use UserMessageException when invalid path traversal is detected (thanks mlocati)
    • Do not remove picture elements on rendering textarea attribute value (thanks hissy)
  • Fix "call to a member function overrideCollectionPermissions() on a non-object" in AreaAssignment (thanks mlocati)

Security Fixes

  • Fixed CVE-2021-28145 XSS in Surveys fixed (thanks deek87)
  • Fixed CVE-2021-3111 Stored XSS on express entries H1 report 873474
  • Fixed CVE-2021-22958 SSRF Bypass (Hacker One report 863221)

Developer Updates

  • Allow routes with optional arguments (thanks mlocati)