Fat Free CRM v0.19.0 Release Notes

Release Date: 2021-04-04 // almost 2 years ago
  • Important changes

    ๐Ÿ›  Fixed XSS flaw in tags_helper

    Credit Antonin Steinhauser (asteinhauser) for discovery and responsible disclosure.

    Devise replaces Authlogic for user authentication

    โœ… Ticket #742 replaces Authlogic with the latest Devise (4.3.0) which has wider adoption. This change requires a database migration on the User model. Please note:

    • Most User fields are renamed and can hence be rolled back. Existing Authlogic passwords will continue to work.
    • Users will be forced logged out. Existing user sessions will not be kept and the fields persistence_token, single_access_token, perishable_token will be dropped from the database.
    • Though the migration is generally safe we recommend to make a backup of your database before migrating.

    Existing OAuth broken

    ๐Ÿ”Œ The Devise change will break any OAuth login plugins which depend on Authlogic. ๐Ÿ”ง You can configure OAuth for Devise using the guides here.

    Login and user-related routes changed

    0๏ธโƒฃ The login URL routes have been changed to use the defaults of Devise.

    ๐Ÿ‘‰ User mailers changed

    0๏ธโƒฃ Mailers related to user password reset, etc. are changed to use the defaults of Devise.

    โšก๏ธ PaperClip version updated from 5.2.1 to 6.0.0

    ๐Ÿ‘€ PaperClip now only depends on aws-sdk-s3 instead of aws-sdk. For more info see https://github.com/thoughtbot/paperclip/pull/2481. Replace the Cocaine gem with Terrapin. https://github.com/thoughtbot/terrapin/ Apart from the namespace change, this is a drop in replacement.

    ๐Ÿš… Rails 5.2

    ๐Ÿš… The underlying framework is now rails 5.2.*

    ๐Ÿ—„ Ruby 2.4 deprecated

    โœ… Ruby 2.4 has reached end of life and is no longer activity tested against.

    Other changes

    • #794 Fix defect with unpermitted params in advanced search
    • 2bc6184779a26070496e6f4caefa0cc9ba555d7b Remove broken support for delete links on arrays.
    • #851 upgrade paper_trail
    • Security fixes CVE-2019-16109, CVE-2019-16676, CVE-2019-5477, CVE-2019-16892
    • Dependency updates
    • Simple Form upgrades to use HTML5 and browser validations by default