WinterCMS

UX/UI Improvements

• Added support for tel form field.

Bug Fixes

• Fixed z-index on MediaManager move dropdown.
• Fixed support for config properties on URL fields.
• Fixed issue where dynamically extending a class to add behaviors could fail if the behavior had been added before.

Security Improvements

• Added protection against privilege escalation attack from authenticated backend users.

Performance Improvements

• Moved Vite rendering to {% styles %} Twig tag instead of {% scripts %} to prevent FOUC.

Dependencies

• Improved support for PHP 8.4.

Full Changelog: https://github.com/wintercms/winter/compare/v1.2.11...v1.2.12

Security improvements

• Added protection against privilege escalation attack from authenticated backend users.

Full Changelog: https://github.com/wintercms/winter/compare/v1.1.11...v1.1.12

Security improvements

• Added protection against privilege escalation attack from authenticated backend users.

Full Changelog: https://github.com/wintercms/winter/compare/v1.0.476...v1.0.477

UX/UI Improvements

• Added "Failed Logins" tab to the User account form in the backend to view the throttle records of users and be able to manually unthrottle IPs.
• Reorganized the fields on the user account page in the backend for ease of use.
• Added support for autogenerating passwords when creating users in the backend (requires notification email to be sent to the user).
• Added ability for the CodeEditor to restore its original line location when restoring after being disposed of on a page (i.e. when switching between on-page tabs with multiple codeeditors, like in the CMS Theme Editor).

API Changes

• Added auto detection of LICENCE and LICENSE files in plugins as their license files.

Bug Fixes

• Fixed bug introduced in v1.2.10 where collections weren't being supported as a possible value for form field's options property.
• Fixed bug introduced in v1.2.10 where LESS, SASS, and SCSS files were being treated as PHP files by the CodeEditor in the CMS Theme Editor.
• Fixed support for type="module" inline script tags when using the Twig language mode with the Monaco CodeEditor.
• Fixed bug introduced in v1.2.10 where event listeners attached to Theme events from within plugin boot() methods weren't being fired.

Security Improvements

• Improved automatic sanitization of SVGs through the CMS AssetList widget.

Community Improvements

• Fix PHP Code block examples for the model.* events in the Winter CMS documentation.

Full Changelog: https://github.com/wintercms/winter/compare/v1.2.10...v1.2.11

UX/UI Improvements

• Replaced the codeeditor's implementation from Ace Editor to Monaco.
• Improved grouped repeater UX by adding search and multiple columns.
• Removed the . from the end of the generated password in the output of the winter:passwd command to make it easier to copy.

DX Improvements

• Fixed support for the Laravel Maintenance mode (artisan down, artisan up) which was broken with the move to Laravel 9 (note: this is separate from the backend / CMS "soft" maintenance mode).
• Added support for the schedule:list and schedule:work commands from Laravel
• AutoDatasource caching is now disabled when app.debug is true to avoid issues caused by stale path caches when developing locally.
• Added llms.txt and .user.ini to the list of mirrored files.
• Made the dropdown field use the Form::select() helper internally for consistency.
• Made the repeater's titleFrom property less picky about what type of field it can pull the value from.

API Changes

• Add support for images / icons in options with the Form::select() helper.

Bug Fixes

• Fixed issue where emptyOption wasn't being removed in the Form::select() helper after being used to populate the placeholder.
• Fixed issue where the FontAwesome assets downloaded by the winter:util compile less command weren't being pinned to a specific version.
• Fixed issue where fancy layout form styles were bleeding into modals.
• Fixed issue where the loading indicator wouldn't hide after receiving a RedirectResponse for file downloads through the AJAX framework.

Security Improvements

• Sanitize SVG files when uploaded to the theme assets.
• Improved escaping of EditorSettings, BrandSettings, & MailBrandSettings.

Translation Improvements

• Improved Ukrainian translation.

Community Improvements

• OFFLINE.Mall has been forked as a first-party plugin (Winter.Mall).
• Added mail driver that adds support for the MS Graph API mailer (Winter.DriverMSGraph).
• Improved support for external SSO provider driver plugins in the Winter.SSO plugin.
• Added Winter.SSOProviderMicrosoft - Microsoft 365 and Azure AD authentication provider for Winter.SSO.

New Contributors

• @gviabcua made their first contribution in https://github.com/wintercms/winter/pull/1444

Full Changelog: https://github.com/wintercms/winter/compare/v1.2.9...v1.2.10