Concrete CMS 8.5.2

3 October 2019

Concrete CMS version 8.5.2 is now available.

Upgrading to Concrete CMS 8.5.2

What's New in Concrete CMS 8.5.2

• You can now control the number of results in the file manager from the file manager directly without loading the advanced search dialog
  
• You can now delete all entries from an existing Express object without deleting the object.
  
• Update CKEditor from 4.11.1 to 4.12, add Placeholder plugin
  
• Add the ability for each Express Form block to have its own from address
  
• Added the ability to set a background color for thumbnails and for use with the image editor
  
• Added the ability to search attributes when adding attributes to the page composer form
  
• The Page Attribute block can now use custom templates
  
• Add GUI to configure trusted headers received by a proxy
  
• Add dashboard page to change database character set / collation
  
• ReCaptcha is now included as a captcha option in the core
  
• You can now include page aliases in searches in the Dashboard advanced page search
  
• Allow email sending enable/disable from the dashboard
  
• Make it configurable whether or not to ignore page permissions for RSS feeds
  
• Added the ability to show captions by default for the YouTube block
  
• Added the ability to display the version status on the results page of a Page Search
  
• Added a new install theme console command
  

• Add MySQL version and SQL_MODE to environment information
  
• Removed the extraneous exception stack trace when the MySQL connection fails during installation
  
• Added support for right-to-left languages in the concrete5 translate UI
  
• Fix error where sitemap panel would show up even if the user has no access to add pages or to the sitemap.
  
• Improved uniformity between search interfaces in the Dashboard and dialogs for things like files, pages. Miscellaneous display bug fixes for search interfaces.
  
• Add the author column on express entries CSV export
  
• Added file read route to the rest api
  
• Use the HTTP 303 code for downloading files instead of HTTP 302
  
• Simplify the error message when copying a file to folder
  
• Added Choose New File to the top of the file selector menu to help users confused by the “Replace” option further below
  
• If the form redirects to a thank you page, pass the entry id so that the page can interact with the entry if desired.
  
• We now separate titles and content of installation errors if you encounter them (thanks mlocati).
  
• In the desktop draft block, deleting a draft now no longer redirects you to the home page
  
• Improved reliability when uploading large files into the file manager
  
• RSS feed URL slugs can now have hyphens in them
  
• Added rel=noopener noreferer to different places in the core where we link to external pages, enabling better process management
  
• Added Twitch Social Link
  
• Composer and block editing will no longer log you out while you are editing for a long period of time
  
• Remember me 2 weeks value is now configurable
  
• Routing system now handles response objects returned by any controller on_start
  
• Add a config key to support script-specific locales
  
• Added the ability to disable checking for core and package updates when using concrete5 via composer
  
• Improvements to the display of the feature block icon selector
  
• PageTypeDefaults::SetupOnChildPages: Make Update forked blocks optional
  
• Reduced the number of errors Doctrine complains about when inspecting the mapipng information for the core entity classes
  
• Spelling errors fixed in certain error messages
  
• Set quoted-printable encoding for outgoing emails for better compatibility
  
• Improvements to how the My Account menu was displayed in certain themes
  
• Don't ask to preserve old page path of external URLs
  
• When creating external links, the URL slug we generate is now based off the name of the link instead of the link
  
• Better localization in edit mode of calendar, by including localized version of moment.js
  
• Brought back the ability to drag a file immediately into the file manager and have it begin uploading
  
• Add asset version number to cache bursting query string
  
• Show only the message when we have in case of UserMessageException
  
• Fixed - SEO issue: tag ignores any actions of page/block controller
  
• Attribute controllers can now define the “No Value” text
  
• Reduced size of bundled bootstrap libraries; removed missing references to glyphicon font file
  

• Fixed bug where XSS could be passed through to the select form helper under certain conditions.
  
• Fixed bug when using the document library when MySQL has ONLY_FULL_GROUP_BY enabled
  
• Fixed bug where additional cancel and submit search buttons were showing up in advanced search dialogs.
  
• "Order Entries" page is not installed on upgrading from version 7
  
• Fixed buggy behavior when searching by associations in Express.
  
• Fixed: Search Presets in dialog not actually submitting
  
• Fixed: Bugs with search presets not being deletable, searching JS errors when working with search presets
  
• Fixed bug with autoplay not starting in YouTube block due to https://developers.google.com/web/updates/2017/09/autoplay-policy-changes
  
• Fixed bug when Express form sends notification with an image/file attribute and it’s not filled out
  
• Add new Italian Province: South Sardinia
  
• Fix error where adding an image or a file to composer would complain about it not being present, even if it was.
  
• Fixed error where file usage dialog did not work with files linked in the content block
  
• Fixed bug where navigating directly to dispatcher.php would throw PHP errors.
  
• Fixed error where global password reset didn’t require typing the confirm code.
  
• FIxed inability to unapprove a page version in the versions menu
  
• Fixed: Password Requirements dashboard page was not installed via 8.5.0 & 8.5.1 fresh install
  
• Fixed bug where clicking publish on a composer page draft could still create an extra version in some cases
  
• Fixed: ccmAuthUserHash cookie and "Stay signed in" functionality allows user impersonation if hash table is leaked
  
• Remove Guest from "Group to enter on registration" options
  
• Fixed: Copy page does not change the mpRelationID of the new page
  
• Fixed error with user attribute not calling its method on the correct user object, leading to strange results
  
• Fixed: If you dropped an image into the rich text description of an FAQ entry, when you went back to edit the entry, the image didn't show up
  
• Fixes error where Download file does not show up for files that aren’t images
  
• Fixed: $c->getPageWrapperClass
  
• Fixed: UI: Can not select topic in large tree on Page Search
  
• Fixed error in Redis cache backend: Password set in config is not sent Redis connection process
  
• Fixed untranslated text in the Event List block
  
• Fix showing empty error message when a problem occurred using Setup on Child Pages
  
• Fixed error where bumping the concrete5 version number without changing a version_db number wouldn’t re-trigger an upgrade.
  
• Fixes issue with broken links to files in textarea
  
• Check $search_path is set and string in search block view
  
• Fixed errors in full page caching under multisite setups.
  
• Fixed errors in full page caching with blocks that used special parameters – the page was saved properly but it would replace the contents of the pages without parameters
  
• Fixed: 8.5.2RC1 - Adding external link with URL "/" breakes the whole site
  
• Fix error on delete user who has express enties
  
• Fix: calendar feed parameter and validation
  
• Fixed: Calendar events displayed only on starting month when they span multiple months
  
• Fixed bug with rich text editor not exporting content properly
  
• Fixed bug where we displayed an error when browsing directly to /dashboard/system/environment/entities/update_entity_settings
  
• Fixed bug where users who first created would be deactivated if automatic deactivation based on last login were turned on and they hadn’t yet logged in yet.
  
• Fixed: blocks added to stacks that use JavaScript or CSS assets in their view templates were not working when the block was cached.
  
• Fixed errors in localization class not including the Config class
  
• Fixed login error complaining about Groups being a reserved word under Percona MySQL 8.0
  
• Fixed issue where in page list block, missing input validation results in mysql-error
  
• Fixed: Default Express Entry List search functionality does not allow for searching for multiple fields simultaneously
  
• Fixes bug where Express form answers were emailed in a random order, rather than in the order they displayed in the form
  
• Login page will now no longer let you render parts of authentication type forms if those types are not enabled.
  
• Fixed bug where images or files added to front-end forms wouldn’t be included in the email notification about those forms.
  
• Fixed bugs and cleaned up code in the Workflow classes
  
• Prevent leading/trailing commas from triggering errors in Legacy Form block
  
• Fixed bugs when arranging stack proxy blocks in pages as a non-super user with advanced permissions enabled
  
• Blocks no longer remain in their target area if there was something about the move operation that failed
  
• Fixed multiple bugs when working with the HTML Upload interaction type in the image/file attribute
  
• Fix the layout of the search fields in "Page Report" page
  
• Fixed: Migration to ut8mb4 incomplete due to problems with schema
  
• Fixed bug where the hovering image in a file manager window didn’t disappear when clicking on the image record
  
• Fix inability to connect to marketplace on sites behind SSL when that site is also behing a proxy like Cloudflare
  
• Fixed: All Day Events are not determined correctly
  
• Fix calendar block issues with all-day events
  
• Fixed inconsistencies when using Ctrl key to deselect images in the file manager
  
• Fix some issues installing content with the content XML format by disabling request cache during XML installation
  
• Fixed Issues when removing Custom Workflow Types
  
• Fixed Issues when adding Workflows that have custom workflow types.
  
• Refactored Workflow Types Class to use newer code.
  
• Upgrading jQuery UI to 1.12.1 and downgrading jQuery to 1.12.2 to fix security issue (
  
• Fixed bug when clicking on folders in Document Library
  
• Fixed: When you add a datetime attribute into the search form, you'll get a JavaScript error.
  
• Fixed: When paging through versions in stacks or on a page, clicking version doesn't show menu
  
• Fixed errors when sorting attributes, inability to sort attribute sets as a regular administrator and not the super user
  
• Fixed: When opening existing repeated events, selected days were not selected.
  
• Fixed: Unpublished repeated events get published after deleting part of events.
  
• Bug fixes when updating a site from 5.7
  
• Fixed warnings when sending mail with the intl extension enabled
  
• Fixed entity not found exception when retrieving author of a file when the author had been deleted
  
• Fixed StorageLocationFactory::fetchByName should return an instance
  
• Miscellaneous cleanup in URL Resolver classes
  
• Fixed null pointer exception when user attempted to view calendars in the Dashboard but didn’t have permission access to the first calendar retrieved
  
• Bug fixes when upgrading from previous versions of concrete5
  
• Fixed bug where account menu was floating underneath the concrete5 toolbar (thanks mlocati).
  
• Fixed problems overriding the Express form context registry
  
• Fix block templates that edit the scope variables within the block view
  
• Fixed bug where default contact form in Elemental wasn’t set to store its form data in the backend, only to email it.
  
• Fix H1 Report 643442