- Security fix: uploaded images “in the trash” were still accessible at the same URL in most sizes. This has been corrected. As documented, the only size that now remains accessible is the
one-sixthsize, and this choice can be changed or eliminated entirely. This bug did not affect other file attachments, such as PDFs.
As always, be sure to run the apostrophe-migrations:migrate task. This will make sure the permissions of your files are correct. Harmless warnings may appear for those that were already correct.
-
The
apostrophe-attachments:migrate-to-disabled-file-keyandapostrophe-attachments:migrate-from-disabled-file-keyhave been added for the convenience of those using thedisabledFileKeyoption touploadfsto rename disabled files in a cryptographically sound way rather than changing their permissions. These are relevant only with thelocalstorage option ofuploadfs, since since the option is neither available nor necessary for S3, and is mandatory for Azure from the beginning. -
Although technically part of UploadFS 1.9.0, we’d like to note that the
azurestorage backend is now available and can be part of youruploadfsconfiguration for theapostrophe-attachmentsmodule. -
Server-side modules can now extend the buttons available in the “manage” modal of pieces without overriding templates, similar to the way they are extensible in the “edit” modal.
-
UX fixes.
-
Cropping an image through Apostrophe now works when attachments are stored in S3, Azure, etc. Thanks to Leo Melzer.
-
Date parsing does not generate
momentjswarnings. -
Overrideable block in the outerLayout for the context menu.
-
The
apostrophe-soft-redirectsmodule now accepts astatusCodeoption, which you may change to301to use hard redirects. Thanks to Leo Melzer.