This forum has moved, please join us on github discussions. We will keep these old posts available for reference. Thank you!

Apostrophe 2.97.0-2.97.1: better asset bundle handling, low level asset theme support, DOS, other issues

  • Hotfix for a potential Denial Of Service issue reported by NPM. A user with login privileges could eventually exhaust available memory by submitting thousands of batch job requests.
  • The simplified APOS_BUNDLE=1 feature for asset deployment in the cloud now uses the actual tar utility when extracting assets locally, rather than the tar npm module, as a blocking bug was encountered and the actual utility is faster.
  • Improved support for subclasses of apostrophe-rich-text-widgets. These now receive the same CSS UX considerations and store their content under the appropriate widget name. This opens the door to the new tiptap option offered by the latest release of apostrophe-tiptap-rich-text-widgets, which can be used to selectively enable or disable the use of tiptap as an alternative to CKEditor for some subclasses but not others.
  • Low-level support for namespacing asset themes. By default this has no effect, however if getThemeName is overridden to return a theme name then asset masters, minified assets, bundles in the collection, etc. all get namespaced to play side by side with other themes used by other apos objects in the same project. Meant for use with apostrophe-multisite, this is not equivalent to a Wordpress or Drupal theme as such.
  • The widget editor’s afterShow method takes no callback; removed an invocation that did not make sense. Thanks to Amin Shazrin for this contribution.
  • Improved sizing for video widgets. This is now based on the parent element. Also added empty alt tag to the placeholder image as a hint not to read it aloud.
1 Like