Fat Free CRM v0.19.0 Release NotesRelease Date: 2021-04-04 // over 1 year ago
🛠 Fixed XSS flaw in tags_helper
Credit Antonin Steinhauser (asteinhauser) for discovery and responsible disclosure.
Devise replaces Authlogic for user authentication
✅ Ticket #742 replaces Authlogic with the latest Devise (4.3.0) which has wider adoption. This change requires a database migration on the User model. Please note:
- Most User fields are renamed and can hence be rolled back. Existing Authlogic passwords will continue to work.
- Users will be forced logged out. Existing user sessions will not be kept and the fields
persistence_token, single_access_token, perishable_tokenwill be dropped from the database.
- Though the migration is generally safe we recommend to make a backup of your database before migrating.
Existing OAuth broken
🔌 The Devise change will break any OAuth login plugins which depend on Authlogic. 🔧 You can configure OAuth for Devise using the guides here.
Login and user-related routes changed
0️⃣ The login URL routes have been changed to use the defaults of Devise.
👉 User mailers changed
0️⃣ Mailers related to user password reset, etc. are changed to use the defaults of Devise.
⚡️ PaperClip version updated from 5.2.1 to 6.0.0
👀 PaperClip now only depends on
aws-sdk. For more info see https://github.com/thoughtbot/paperclip/pull/2481. Replace the Cocaine gem with Terrapin. https://github.com/thoughtbot/terrapin/ Apart from the namespace change, this is a drop in replacement.
🚅 Rails 5.2
🚅 The underlying framework is now rails 5.2.*
🗄 Ruby 2.4 deprecated
✅ Ruby 2.4 has reached end of life and is no longer activity tested against.
- #794 Fix defect with unpermitted params in advanced search
- 2bc6184779a26070496e6f4caefa0cc9ba555d7b Remove broken support for delete links on arrays.
- #851 upgrade paper_trail
- Security fixes CVE-2019-16109, CVE-2019-16676, CVE-2019-5477, CVE-2019-16892
- Dependency updates