Fat Free CRM v0.18.1 Release Notes

Release Date: 2018-10-27 // almost 2 years ago
  • 🛠 Fixed XSS flaw in tags_helper

    Credit Antonin Steinhauser (steinhause) for discovery and responsible disclosure.


Previous changes from v0.18.0

  • Important changes

    💎 Mininium ruby version

    🆓 #665 Support for Ruby 2.3 has been dropped, with test coverage for 2.4 and 2.5 enabled.

    Swap to FactoryBot

    ⬆️ If you consume fat free crm as an engine and re-use any factories, you'll need to upgrade to FactoryBot.

    ✂ Removed methods

    Lead.update_with_permissions is removed, use user_ids and group_ids inside attributes instead and call lead.update_with_account_and_lead_counters
    FatFreeCRM::Permissions.save_with_permissions is removed, use user_ids and group_ids inside attributes and call save
    FatFreeCRM::Permissions.update_with_permissions is removed, use user_ids and group_ids inside attributes and call update_attributes

    Other changes

    • CVE-2018-8048 (loofah gem)
    • 🚅 CVE-2018-3741 (rails-html-sanitizer gem)
    • 🆓 #768 Fix comment creation on entities
    • 🆓 #762 #764 Fix bug in select menu
    • 🆓 #759 Improve zero revenue display
    • 🆓 #753 Opportunities sort by weighted amount
    • 🆓 #749 Fix unsafe reflection and mass assignment