Omeka S 4.0.2
31 July 2023
Omeka S version 4.0.2 is now available.
Upgrading to Omeka S 4.0.2
Omeka S 4.0.2 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply Omeka S updates as new versions are released, or use Installatron's Clone feature to duplicate an existing Omeka S install to test the 4.0.2 upgrade prior to applying it live. Get started managing your Omeka S installations with Installatron
What's New in Omeka S 4.0.2
Bugs Fixed
- Vocabulary import could reveal the contents of files it was pointed to when displaying an error, a possible "SSRF" vulnerability
- SVG asset uploads could contain Javascript that would be executed if the SVG was viewed directly
- Title not escaped correctly in the browse preview block
- Batch editing options to clear property values and set value visibility sometimes did not work, depending on what other batch edit operations were used at the same time
- Issues when displaying a very large number of tabs on admin pages (fix contributed by @Daniel-KM)
- Misleading page display when user revokes own privileges from a site (#2034)
- Issues with reporting of empty required fields on the resource add/edit pages (#2041)
- Overbroad selection for assets on the site edit page
- Incorrect routing for URLs with "false" site slugs (fix contributed by @Daniel-KM)
- Property label still displayed even if no values were shown due to the locale filter being enabled on a site (#2045)
- Miscellaneous translation string issues
- We unnecessarily checked the database version on each request to decide whether to use database-backed sessions
- Linked resources/subject values display didn't work properly for non-items
- Events for Doctrine entities did not always fire correctly
- Asset upload errors were silent
- Some advanced search fields were missing labels for accessibility
- Fulltext search for media caused an unnecessarily high number of queries when multiple media were saved at once
- Media public resource pages didn't have the media render block configured by default (#2058)
- The lightgallery block did not correctly read some metadata for text tracks for videos
- The lightgallery code was missing its license key
- Temporary files could get left behind when some kinds of errors occurred during file upload
Changes
- The title column for resources now has an index
- The list of allowed mime types for assets is now set by config; SVGs are no longer allowed by default as uploaded assets
- HTML Purifier is now enabled by default for new installs
- Removed nonfunctioning n3 option for RDF import
- Updated default theme to 1.7.2