All Versions
35
Latest Version
Avg Release Cycle
239 days
Latest Release
195 days ago

Changelog History
Page 1

  • v0.19.1 Changes

    April 04, 2021

    โšก๏ธ Minor gem updates

  • v0.19.0 Changes

    April 04, 2021

    Important changes

    ๐Ÿ›  Fixed XSS flaw in tags_helper

    Credit Antonin Steinhauser (asteinhauser) for discovery and responsible disclosure.

    Devise replaces Authlogic for user authentication

    โœ… Ticket #742 replaces Authlogic with the latest Devise (4.3.0) which has wider adoption. This change requires a database migration on the User model. Please note:

    • Most User fields are renamed and can hence be rolled back. Existing Authlogic passwords will continue to work.
    • Users will be forced logged out. Existing user sessions will not be kept and the fields persistence_token, single_access_token, perishable_token will be dropped from the database.
    • Though the migration is generally safe we recommend to make a backup of your database before migrating.

    Existing OAuth broken

    ๐Ÿ”Œ The Devise change will break any OAuth login plugins which depend on Authlogic. ๐Ÿ”ง You can configure OAuth for Devise using the guides here.

    Login and user-related routes changed

    0๏ธโƒฃ The login URL routes have been changed to use the defaults of Devise.

    ๐Ÿ‘‰ User mailers changed

    0๏ธโƒฃ Mailers related to user password reset, etc. are changed to use the defaults of Devise.

    โšก๏ธ PaperClip version updated from 5.2.1 to 6.0.0

    ๐Ÿ‘€ PaperClip now only depends on aws-sdk-s3 instead of aws-sdk. For more info see https://github.com/thoughtbot/paperclip/pull/2481. Replace the Cocaine gem with Terrapin. https://github.com/thoughtbot/terrapin/ Apart from the namespace change, this is a drop in replacement.

    ๐Ÿš… Rails 5.2

    ๐Ÿš… The underlying framework is now rails 5.2.*

    ๐Ÿ—„ Ruby 2.4 deprecated

    โœ… Ruby 2.4 has reached end of life and is no longer activity tested against.

    Other changes

    • #794 Fix defect with unpermitted params in advanced search
    • 2bc6184779a26070496e6f4caefa0cc9ba555d7b Remove broken support for delete links on arrays.
    • #851 upgrade paper_trail
    • Security fixes CVE-2019-16109, CVE-2019-16676, CVE-2019-5477, CVE-2019-16892
    • Dependency updates
  • v0.18.1 Changes

    October 27, 2018

    ๐Ÿ›  Fixed XSS flaw in tags_helper

    Credit Antonin Steinhauser (steinhause) for discovery and responsible disclosure.

  • v0.18.0 Changes

    April 21, 2018

    Important changes

    ๐Ÿ’Ž Mininium ruby version

    ๐Ÿ†“ #665 Support for Ruby 2.3 has been dropped, with test coverage for 2.4 and 2.5 enabled.

    Swap to FactoryBot

    โฌ†๏ธ If you consume fat free crm as an engine and re-use any factories, you'll need to upgrade to FactoryBot.

    โœ‚ Removed methods

    Lead.update_with_permissions is removed, use user_ids and group_ids inside attributes instead and call lead.update_with_account_and_lead_counters
    FatFreeCRM::Permissions.save_with_permissions is removed, use user_ids and group_ids inside attributes and call save
    FatFreeCRM::Permissions.update_with_permissions is removed, use user_ids and group_ids inside attributes and call update_attributes

    Other changes

    • CVE-2018-8048 (loofah gem)
    • ๐Ÿš… CVE-2018-3741 (rails-html-sanitizer gem)
    • ๐Ÿ†“ #768 Fix comment creation on entities
    • ๐Ÿ†“ #762 #764 Fix bug in select menu
    • ๐Ÿ†“ #759 Improve zero revenue display
    • ๐Ÿ†“ #753 Opportunities sort by weighted amount
    • ๐Ÿ†“ #749 Fix unsafe reflection and mass assignment
  • v0.17.3 Changes

    October 27, 2018

    ๐Ÿ›  Fixed XSS flaw in tags_helper

    Credit Antonin Steinhauser (steinhause) for discovery and responsible disclosure.

  • v0.17.2 Changes

    January 24, 2018

    CVE-2017-0889
    ๐Ÿ†“ #724 Fixes #589 Autocomplete regression
    ๐Ÿ†“ #723 Fixes #687 Passing string to define a callback is not supported.

  • v0.17.1 Changes

    January 20, 2018
    • #709 Revert accidental minimum ruby version 2.4 changes (#665)
    • Fix #687 Passing string to define a callback is not supported.
  • v0.17.0 Changes

    January 20, 2018

    Important changes

    Select2 for select boxes

    ๐Ÿš€ This release replaces Chozen with Select2 consistently across the app. ๐Ÿ”Œ This may break plugins which rely on Chozen. To fix any issues please ๐Ÿ”Œ migrate to Select2 or add Chozen to your plugins.

    Counter caches

    ๐ŸŽ To improve performance, a number of counter caches have been added.

    ๐Ÿ†“ Users with large amounts of records may find certain database migrations taking a large amount of time, as each record is cached upfront.

    ๐Ÿ’Ž Minimum ruby version is now Ruby 2.3

    ๐Ÿ‘€ See #647 #654 Adopt min ruby version of 2.3.0 and apply safe navigiation rubocop rules

    Other changes

    • #691 Wording
    • #688 Preparation for Devise
    • #686 Bundle update
    • #683 Rubocop: Refactoring
    • #680 Alternative build setup
    • #682 Rubocop: Hashrockets
    • #693 Update Japanese translations
    • #697 Minor security improvements
    • #703 #696 Replace Chozen with select2
    • #678 Find an account by name when name is in params (fixes #397)
    • #673 Improve JS escaping
    • #671 Devise Readiness (+ thread-safety): Refactor User.my scope
    • #670 Fix #563 invalid default custom field minlength
    • #668 Rubocop fixes for xls/rss builder classes
    • #667 Rubocop: Autocorrect various assignment-if statements, case statements, etc.
    • #666 Various rubocop corrected items
    • #661 Bundle Update on 2018-01-06
    • 655 Upgrade rubocop

    • 658 Upgrade Bootsnap gem, fixing an issue with windows

  • v0.16.4 Changes

    October 27, 2018

    ๐Ÿ›  Fixed XSS flaw in tags_helper

    Credit Antonin Steinhauser (steinhause) for discovery and responsible disclosure.

  • v0.16.3 Changes

    January 24, 2018