Fat Free CRM v0.19.0 Release Notes
Release Date: 2021-04-04 // about 3 years ago-
Important changes
๐ Fixed XSS flaw in tags_helper
Credit Antonin Steinhauser (asteinhauser) for discovery and responsible disclosure.
Devise replaces Authlogic for user authentication
โ Ticket #742 replaces Authlogic with the latest Devise (4.3.0) which has wider adoption. This change requires a database migration on the User model. Please note:
- Most User fields are renamed and can hence be rolled back. Existing Authlogic passwords will continue to work.
- Users will be forced logged out. Existing user sessions will not be kept and the fields
persistence_token, single_access_token, perishable_token
will be dropped from the database. - Though the migration is generally safe we recommend to make a backup of your database before migrating.
Existing OAuth broken
๐ The Devise change will break any OAuth login plugins which depend on Authlogic. ๐ง You can configure OAuth for Devise using the guides here.
Login and user-related routes changed
0๏ธโฃ The login URL routes have been changed to use the defaults of Devise.
๐ User mailers changed
0๏ธโฃ Mailers related to user password reset, etc. are changed to use the defaults of Devise.
โก๏ธ PaperClip version updated from 5.2.1 to 6.0.0
๐ PaperClip now only depends on
aws-sdk-s3
instead ofaws-sdk
. For more info see https://github.com/thoughtbot/paperclip/pull/2481. Replace the Cocaine gem with Terrapin. https://github.com/thoughtbot/terrapin/ Apart from the namespace change, this is a drop in replacement.๐ Rails 5.2
๐ The underlying framework is now rails 5.2.*
๐ Ruby 2.4 deprecated
โ Ruby 2.4 has reached end of life and is no longer activity tested against.
Other changes
- #794 Fix defect with unpermitted params in advanced search
- 2bc6184779a26070496e6f4caefa0cc9ba555d7b Remove broken support for delete links on arrays.
- #851 upgrade paper_trail
- Security fixes CVE-2019-16109, CVE-2019-16676, CVE-2019-5477, CVE-2019-16892
- Dependency updates
- Simple Form upgrades to use HTML5 and browser validations by default