Apostrophe CMS Main Site Forum Home

Apostrophe 2.61.0: extra joins in pieces widgets, UX improvements and fixes, security enhancements, code of conduct



  • New “secrets” feature in apostrophe-users makes it easy to hash other “secrets” similar in spirit to passwords.
  • This feature is now used for password reset tokens, making them more secure.
  • Additional joins can now be added to the schema of a widget that extends apostrophe-pieces-widgets.
  • Brute force password attacks against an Apostrophe server are now more difficult. Thanks to Lars Houmark.
  • Tolerant sanitization of array items while they are still in the editor. This avoids confusion caused by required fields in the array editor.
  • Error messages now behave sensibly when multiple label elements appear in a field. Thanks to Lars Houmark.
  • Fix background color on notification on uploads when file extension is not accepted. Thanks to Lars Houmark.
  • If you can’t move a widget out of an area, you can no longer move widgets into that area either (movable: false is fully enforced). Thanks to Fredrik Ekelund.
  • New browser-side events are emitted during the attachment upload process, and the built-in facility that delays the saving of a form until attachment uploads are complete has been fixed. Thanks to Lars Houmark.
  • Fixes to the active state display of array items. Thanks to Lars Houmark.
  • Contributor Guide expanded with lots of new information about practical ways to contribute to Apostrophe.
  • Contributor Covenant Code of Conduct added to the project. The Apostrophe community is a welcoming place, and now is a great time to lock that in for the future.