All Versions
38
Latest Version
Avg Release Cycle
221 days
Latest Release
176 days ago

Changelog History
Page 1

  • v0.20.1 Changes

    October 07, 2022

    CVE-2022-39281

  • v0.20.0 Changes

    October 04, 2021

    โšก๏ธ #905 Swap from Marshal.load. Be sure to run bundle exec rake ffcrm:preference_update to migrate your users from old to new format

    0๏ธโƒฃ settings.yml - Background, foreground colors for tasks, accounts, opportunities, and more - these are now defined in CSS by default

    ๐Ÿ”จ Refactoring to Bootstrap for forms, buttons, layouts.

    โฌ‡๏ธ Drop ruby 2.5 support

    โฌ†๏ธ Upgrade to rails 6, papertail 12, devise 4.8

    โšก๏ธ A variety of minor bug fixes and security updates

    946

    947

    950

    951

    952

  • v0.19.2 Changes

    May 09, 2021

    CVE-2021-22885

  • v0.19.1 Changes

    April 04, 2021

    โšก๏ธ Minor gem updates

  • v0.19.0 Changes

    April 04, 2021

    Important changes

    ๐Ÿ›  Fixed XSS flaw in tags_helper

    Credit Antonin Steinhauser (asteinhauser) for discovery and responsible disclosure.

    Devise replaces Authlogic for user authentication

    โœ… Ticket #742 replaces Authlogic with the latest Devise (4.3.0) which has wider adoption. This change requires a database migration on the User model. Please note:

    • Most User fields are renamed and can hence be rolled back. Existing Authlogic passwords will continue to work.
    • Users will be forced logged out. Existing user sessions will not be kept and the fields persistence_token, single_access_token, perishable_token will be dropped from the database.
    • Though the migration is generally safe we recommend to make a backup of your database before migrating.

    Existing OAuth broken

    ๐Ÿ”Œ The Devise change will break any OAuth login plugins which depend on Authlogic. ๐Ÿ”ง You can configure OAuth for Devise using the guides here.

    Login and user-related routes changed

    0๏ธโƒฃ The login URL routes have been changed to use the defaults of Devise.

    ๐Ÿ‘‰ User mailers changed

    0๏ธโƒฃ Mailers related to user password reset, etc. are changed to use the defaults of Devise.

    โšก๏ธ PaperClip version updated from 5.2.1 to 6.0.0

    ๐Ÿ‘€ PaperClip now only depends on aws-sdk-s3 instead of aws-sdk. For more info see https://github.com/thoughtbot/paperclip/pull/2481. Replace the Cocaine gem with Terrapin. https://github.com/thoughtbot/terrapin/ Apart from the namespace change, this is a drop in replacement.

    ๐Ÿš… Rails 5.2

    ๐Ÿš… The underlying framework is now rails 5.2.*

    ๐Ÿ—„ Ruby 2.4 deprecated

    โœ… Ruby 2.4 has reached end of life and is no longer activity tested against.

    Other changes

    • #794 Fix defect with unpermitted params in advanced search
    • 2bc6184779a26070496e6f4caefa0cc9ba555d7b Remove broken support for delete links on arrays.
    • #851 upgrade paper_trail
    • Security fixes CVE-2019-16109, CVE-2019-16676, CVE-2019-5477, CVE-2019-16892
    • Dependency updates
    • Simple Form upgrades to use HTML5 and browser validations by default

  • v0.18.1 Changes

    October 27, 2018

    ๐Ÿ›  Fixed XSS flaw in tags_helper

    Credit Antonin Steinhauser (steinhause) for discovery and responsible disclosure.

  • v0.18.0 Changes

    April 21, 2018

    Important changes

    ๐Ÿ’Ž Mininium ruby version

    ๐Ÿ†“ #665 Support for Ruby 2.3 has been dropped, with test coverage for 2.4 and 2.5 enabled.

    Swap to FactoryBot

    โฌ†๏ธ If you consume fat free crm as an engine and re-use any factories, you'll need to upgrade to FactoryBot.

    โœ‚ Removed methods

    Lead.update_with_permissions is removed, use user_ids and group_ids inside attributes instead and call lead.update_with_account_and_lead_counters
    FatFreeCRM::Permissions.save_with_permissions is removed, use user_ids and group_ids inside attributes and call save
    FatFreeCRM::Permissions.update_with_permissions is removed, use user_ids and group_ids inside attributes and call update_attributes

    Other changes

    • CVE-2018-8048 (loofah gem)
    • ๐Ÿš… CVE-2018-3741 (rails-html-sanitizer gem)
    • ๐Ÿ†“ #768 Fix comment creation on entities
    • ๐Ÿ†“ #762 #764 Fix bug in select menu
    • ๐Ÿ†“ #759 Improve zero revenue display
    • ๐Ÿ†“ #753 Opportunities sort by weighted amount
    • ๐Ÿ†“ #749 Fix unsafe reflection and mass assignment

  • v0.17.3 Changes

    October 27, 2018

    ๐Ÿ›  Fixed XSS flaw in tags_helper

    Credit Antonin Steinhauser (steinhause) for discovery and responsible disclosure.

  • v0.17.2 Changes

    January 24, 2018

    CVE-2017-0889
    ๐Ÿ†“ #724 Fixes #589 Autocomplete regression
    ๐Ÿ†“ #723 Fixes #687 Passing string to define a callback is not supported.

  • v0.17.1 Changes

    January 20, 2018
    • #709 Revert accidental minimum ruby version 2.4 changes (#665)
    • Fix #687 Passing string to define a callback is not supported.