X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=CHANGELOG.md;h=33feac2096c173645b5c3a400e7d191e16a0edaf;hb=76c3a4dbed11b9a5df2437db00e96608244bd693;hp=5bd16dcd285e62ecf0058f632ce672365fae0147;hpb=918bd5b9122f929268e0979063c4844e85090858;p=github%2Fshaarli%2FShaarli.git diff --git a/CHANGELOG.md b/CHANGELOG.md index 5bd16dcd..33feac20 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,26 +4,230 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/) and this project adheres to [Semantic Versioning](http://semver.org/). +## [v0.9.2](https://github.com/shaarli/Shaarli/releases/tag/v0.9.2) - 2017-10-07 + +**Major security issue fixed. Please update.** + +### Added +- Tag search now supports wildcards `*` +- New setting `privacy.force_login` which can be used with `privacy.hide_public_links` to redirect anonymous users to the login page. +- New setting `general.default_note_title` used to override default `Note:` title prefix for notes. +- Add a version hash for asset loading to prevent browser's cache issue + +### Changed +- The "Remember me" checkbox is unchecked by default +- The default value of the "Remember me" checkbox can be configured under `data/config.json.php` + +### Removed +- Remove obsolete PHP magic quote support + +### Fixed +- Generates a permalink URL if the URL is set to blank +- Replace links to the old GitHub wiki with ReadTheDocs URIs +- Use single quotes in the note bookmarklet +- Daily page if there is no link +- Bulk link deletion with a single link +- HTTPS detection behind a reverse proxy +- Travis tests environment and localization +- Improve template paths robustness (trailing slash) +- Robustness: safer gzinflate/zlib usage +- Description links parsing with parenthesis (without Markdown) +- Templates: + - Sort the tag cloud alphabetically + - Firefox social title + - Improved visited link color + - Fix jumpy textarea with long content in post edit + +### Security + +- Fixed reflected XSS vulnerability introduced in v0.9.1, discovered by @chb9 ([CVE-2017-15215](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15215)). + +## [v0.9.1](https://github.com/shaarli/Shaarli/releases/tag/v0.9.1) - 2017-08-23 + +The documentation has been migrated to ReadTheDocs: +- https://shaarli.readthedocs.io/ +- edits are submitted as pull requests + +### Added +- Allow bulk link deletion +- Display subtags in the tag cloud +- Add an endpoint to refresh the token +- Add a token on every page +- Add a tag list view for management +- Add Note bookmarklet +- Add creation date when editing a link + +### Changed +- Documentation: + - Generate static HTML documentation with [mkdocs](http://www.mkdocs.org/) + - Host documentation on [ReadTheDocs](http://www.mkdocs.org/) + - Update documentation structure + - Update Makefile targets to: + - Build the docs locally + - Include the generated docs in the release archives +- Theme: + - Use the new theme as the default + - Rename the tag cloud template to `tag.cloud.html` + - Display visited links in grey + - Use only one search form in `linklist.html` + - Hide the "search links with these tags" option when an empty `searchtags` is passed to `tag.list.html` +- Improve HTTP header handling when hosting Shaarli with Docker behind a reverse proxy +- Searching for tags with an empty value returns untagged links only +- Set Travis environment to `precise` until the new `trusty` environment is ready + +### Removed +- Remove dead Pubsubhubbub code +- Disable the GitHub wiki (see changed/documentation) +- Remove Docker `dev` image and resources +- Theme: + - Remove the bottom "Sort by" menu in `tag.list.html` + +### Fixed +- Fix file existence check for `user.css` +- Limit selection to 2k characters when using the bookmarklet +- Fix JS error `uncaught type error` +- Fix Firefox Social button +- Use pinned PHP dependencies when generating release archives +- Make sure that the tag exists before altering/removing it + +### Security +- Add a whitelist for protocols for URLs + + +## [v0.9.0](https://github.com/shaarli/Shaarli/releases/tag/v0.9.0) - 2017-05-07 + +This release introduces the REST API, and requires updating HTTP server +configuration to enable URL rewriting, see: +- https://shaarli.github.io/api-documentation/ +- https://shaarli.readthedocs.io/en/master/Server-configuration/ + +**WARNING**: Shaarli now requires PHP 5.5+. + +### Added +- REST API v1 + - [Slim](https://www.slimframework.com/) framework + - [JSON Web Token](https://jwt.io/introduction/) (JWT) authentication + - versioned API endpoints: + - `/api/v1/info`: get general information on the Shaarli instance + - `/api/v1/links`: get a list of shaared links + - `/api/v1/history`: get a list of latest actions +Theming: + - Introduce a new theme + - Allow selecting themes/templates from the configuration page + - New/Edit link form can be submitted using CTRL+Enter in the textarea + - Shaarli version is displayed in the footer when logged in +- Add plugin placeholders to Atom/RSS feed templates +- Add OpenSearch to feed templates +- Add `campaign_` to the URL cleanup pattern list +- Add an AUTHORS file and Makefile target to list authors from Git commit data +- Link imports are now logged in `data/` folder, and can be debug using `dev.debug=true` setting. +- `composer.lock` is now included in git file to allow proper `composer install` +- History mechanism which logs link addition/modification/deletion + +### Changed +- Docker: enable nginx URL rewriting for the REST API +- Theming: + - Move `user.css` to the `data` folder + - Move default template files to a subfolder (`default`) + - Rename the legacy theme to `vintage` + - Private only filter is now displayed as a search parameter + - Autocomplete: pre-select the first element + - Display daily date in the page title (browser title) + - Timezone lists are now passed as an array instead of raw HTML +- Move PubSubHub to a dedicated plugin +- Coding style: + - explicit method visibility + - safe boolean comparisons + - remove unused variables +- The updater now keeps custom theme preferences +- Simplify the COPYING information +- Improved client locale detection +- Improved date time display depending on the locale +- Partial namespace support for Shaarli classes +- Shaarli version is now only present in `shaarli_version.php` +- Human readable maximum file size upload + + +### Removed +- PHP < 5.5 compatibility +- ReadItYourself plugin + +### Fixed +- Ignore generated release tarballs +- Hide default port when behind a reverse proxy +- Fix a typo in the Markdown plugin description +- Fix the presence of empty tags for private tags and in search results +- Fix a fatal error during the install +- Fix permalink image alignment in daily page +- Fix the delete button in `editlink` +- Fix redirection after link deletion +- Do not access LinkDB links by ID before the Updater applies migrations +- Remove extra spaces in the bookmarklet's name +- Piwik plugin: Piwik URL protocol can now be set (http or https) +- All inline JS has been moved to dedicated JS files +- Keep tags after login redirection + +### Security +- Markdown plugin: escape HTML entities by default + + +## [v0.8.4](https://github.com/shaarli/Shaarli/releases/tag/v0.8.4) - 2017-03-04 +### Security +- Markdown plugin: escape HTML entities by default + +## [v0.8.3](https://github.com/shaarli/Shaarli/releases/tag/v0.8.3) - 2017-01-20 +### Fixed +- PHP 7.1 compatibility: add ConfigManager parameter to anti-bruteforce function call in login template. + +## [v0.8.2](https://github.com/shaarli/Shaarli/releases/tag/v0.8.2) - 2016-12-15 +### Fixed + +- Editing a link created before the new ID system would change its permalink. + +## [v0.8.1](https://github.com/shaarli/Shaarli/releases/tag/v0.8.1) - 2016-12-12 + +> Note: this version will create an automatic backup of your database if anything goes wrong. -## [v0.8.1](https://github.com/shaarli/Shaarli/releases/tag/v0.8.1) - UNPUBLISHED ### Added - Add CHANGELOG.md to track the whole project's history +- Enable Composer cache for Travis builds - Save the last edition date for shaares and use it in Atom/RSS feeds - Plugins: - Add an [Isso](https://posativ.org/isso/) plugin to enable user comments on permalinks - Allow defining init functions, e.g. for performing checks and error processing + - Add a Piwik plugin for analytics. + - Markdown: add warning notice regarding HTML rendering +- Meta tag to *not* send the referrer to external resources. ### Changed -- Cleanup `{loop}` declarations in templates +- Link ID complete refactoring: + - Links now have a numeric ID instead of dates + - Short URLs are now created once and can't change over time (previous URL are kept) +- Templates: + - Changed placeholder behaviour for: `buttons_toolbar`, `fields_toolbar` and `action_plugin` + - Cleanup `{loop}` declarations in templates + - Tools: hide Firefox Social button when not in HTTPS + - Firefox Social: show Shaarli's title when shaaring using Firefox Social - Release archives now have the same structure as GitHub-generated archives: - archives contain a `Shaarli` directory, itself containing sources + dependencies - the tarball is now gzipped +- Plugins: + - Markdown: Parsedown library is now imported through Composer +- Minor code cleanup: PHPDoc, spelling, unused variables, etc. +- Docker: explicitly set the maximum file upload size to 10 MiB ### Fixed - Fix the server `` value in Atom/RSS feeds - Plugins: - Tools: only display parameter description when it exists - archive.org: do not propose archival of private notes + - Markdown: + - render links properly in code blocks + - bug regarding the `nomarkdown` tag + - W3C compliance +- Use absolute URL for hashtags in RSS and ATOM feeds +- Docker: specify the location of the favicon +- ATOM feed: remove new line between content tag and data ### Security - Allow whitelisting trusted IPs, else continue banning clients upon login failure @@ -65,6 +269,10 @@ Please use our release archives, or follow the - XSRF token now generated each time a page is rendered +## [v0.7.1](https://github.com/shaarli/Shaarli/releases/tag/v0.7.1) - 2017-03-08 +### Security +- Markdown plugin: escape HTML entities by default + ## [v0.7.0](https://github.com/shaarli/Shaarli/releases/tag/v0.7.0) - 2016-05-14 ### Added - Adds an option to encode redirector URL parameter