3.4.2

Fixed

• Fix an infinite recursion problem in the FilesModel class (see #7588).

3.4.1

Fixed

• Fix the position of the input field hints (see #7561).
• Do not apply the GDlib maximum dimensions to SVG images (see #7435).
• Do not show the diff icon if a record has been deleted (see #7429).
• Remove a left-over headline from the ce_text.xhtml template (see #7502).
• Preserve comments when exporting CSS files (see #7482).
• Fix the LESS import path in the Combiner (see #7533).
• Hide the width and height attributes if there is a sizes attribute (see #7500).
• Remove the hardcoded figcaption width (see #7549).
• Only load the model in the file/page picker if the class exists (see #7490).
• Romanize style sheet names (see #7526).
• Add the username to the "account has been locked" log entry (see #7551).
• Consider the suhosin.memory_limit when raising the PHP limits (see #7035).
• Added two missing exclude flags in the tl_page data container (see #7522).
• Send an UTF-8 charset header in the die_nicely() function (see #7519).
• Correctly validate dates in the Widget class (see #7498).
• Back port the fixes from #7475 and #7473.
• Send the same cache headers for cached and uncached pages (see #7455).
• Fix the current() expects parameter 1 to be array issue (see #6739).
• Correctly replace the *_teaser insert tags (see #7488).
• Adjust the last and previous login labels (see #7426).
• Unset the postUnsafeRaw cache in Input::setPost() (see #7481).

3.2.17

Fixed

• Romanize style sheet names (see #7526).
• Add the username to the "account has been locked" log entry (see #7551).
• Consider the suhosin.memory_limit when raising the PHP limits (see #7035).
• Added two missing exclude flags in the tl_page data container (see #7522).
• Send an UTF-8 charset header in the die_nicely() function (see #7519).
• Correctly validate dates in the Widget class (see #7498).
• Back port the fixes from #7475 and #7473.
• Send the same cache headers for cached and uncached pages (see #7455).
• Fix the current() expects parameter 1 to be array issue (see #6739).
• Correctly replace the *_teaser insert tags (see #7488).
• Adjust the last and previous login labels (see #7426).
• Unset the postUnsafeRaw cache in Input::setPost() (see #7481).

3.4.0

Fixed

• Consider image size IDs when overriding the default image size (see #7470).
• Do not require to set a media query in the image sizes.
• Fixed a potential directory traversal vulnerability.
• Fixed a severe XSS vulnerability. In this context, the insert tag flags base64_encode and base64_decode have - been removed.
• Also use simple tokens for the newsletter subscription modules (see #7446).
• Only show the root page languages in the meta wizard (see #7112).
• Correctly create the initial version in the personal data module (see #7415).
• Check if a DB driver has been configured in Config::isComplete() (see #7412).
• Correctly mark deleted versions in Versions::addToTemplate() (see #7442).
• Replace insert tags of RTE fields in the back end preview (see #7428).
• Handle nested insert tags in strip_insert_tags().
• Correctly store the model in Dbafs::addResource() (see #7440).
• Send the request token when toggling the visibility of an element (see #7406).
• Always apply the IE security fix in the Environment class (see #7453).
• Added the CSS units vw, vh, vmin and vmax (see #7417).
• Replace leafo/lessphp with oyejorge/less.php (see 7012).
• Show the correct root icon in the page/file picker (see #7409).
• Add an empty option to the image size select menu (see #7436).
• Nest wrapper elements in the back end preview (see #7434).
• Correctly handle archives being part of multiple RSS feeds (see #7398).
• Correctly handle 0 in utf8_convert_encoding() (see #7403).
• Send a 301 redirect to forward to the language root page (see #7420).
• Handle SVG images in the default back end uploader.

3.3.7

Fixed

• Fixed a potential directory traversal vulnerability.
• Fixed a severe XSS vulnerability. In this context, the insert tag flags base64_encode and base64_decode have been removed.
• Handle nested insert tags in strip_insert_tags().
• Correctly store the model in Dbafs::addResource() (see #7440).
• Send the request token when toggling the visibility of an element (see #7406).
• Always apply the IE security fix in the Environment class (see #7453).
• Correctly handle archives being part of multiple RSS feeds (see #7398).
• Correctly handle 0 in utf8_convert_encoding() (see #7403).
• Send a 301 redirect to forward to the language root page (see #7420).

3.2.16

Fixed

• Fixed a potential directory traversal vulnerability.
• Fixed a severe XSS vulnerability. In this context, the insert tag flags base64_encode and base64_decode have been removed.
• Handle nested insert tags in strip_insert_tags().
• Correctly store the model in Dbafs::addResource() (see #7440).
• Send the request token when toggling the visibility of an element (see #7406).
• Always apply the IE security fix in the Environment class (see #7453).
• Correctly handle archives being part of multiple RSS feeds (see #7398).
• Correctly handle 0 in utf8_convert_encoding() (see #7403).
• Send a 301 redirect to forward to the language root page (see #7420).

3.4.0-RC1

New

• Pass the parent ID of a page to the navigation template (see #7391).
• Added the "executeResize" hook (see #7404).

Improved

• Support the "min", "max" and "step" attributes on number fields (see #7363).
• Show the database query duration in debug mode (see #7323).

3.3.6

Updated

• Updated TinyMCE to version 4.1.6 and added the "lists" plugin (see #7349).
• Updated MooTools to version 1.5.1 (see #7267).
• Updated swipe.js to version 2.0.1 (see #7307).
• Updated the ACE editor to version 1.1.6 (see #7278).

Fixed

• Always pass a DC object in the toggleVisibility callback (see #7314).
• Correctly render the "read more" and article navigation links (see #7300).
• Fix the markup of the form submit button (see #7396).
• Do not generally remove insert tags from page titles (see #7198).
• Consider the useSSL flag of the root page when generating URLs (see #7390).
• Correctly create the template object in BaseTemplate::insert() (see #7366).
• Fixed the FAQ sorting in the back end (see #7362).
• Added the Widget::__isset() method (see #7290).
• Correctly handle dynamic parent tables in the DC_Table driver (see #7335).
• Correctly shortend HTML strings in String::substrHtml() (see #7311).
• Use an .invisible class which plays nicely with screen readers (see #7372).
• Handle disabled modules in the module loader (see #7380).
• Fixed the "link_target" insert tag.
• Correctly mark CAPTCHA fields as mandatory (see #7283).
• Fix the Database::list_fields() method (see #7277).
• Correctly assign "col_first" and "col_last" in the image gallery (see #7250).
• Set the correct path to TCPDF in system/config/tcpdf.php (see #7264).

3.2.15

Updated

• Updated MooTools to version 1.5.1 (see #7267).
• Updated swipe.js to version 2.0.1 (see #7307).
• Updated the ACE editor to version 1.1.6 (see #7278).

Fixed

• Always pass a DC object in the toggleVisibility callback (see #7314).
• Correctly render the "read more" and article navigation links (see #7300).
• Consider the useSSL flag of the root page when generating URLs (see #7390).
• Fixed the FAQ sorting in the back end (see #7362).
• Added the Widget::__isset() method (see #7290).
• Correctly handle dynamic parent tables in the DC_Table driver (see #7335).
• Correctly shortend HTML strings in String::substrHtml() (see #7311).
• Use an .invisible class which plays nicely with screen readers (see #7372).
• Handle disabled modules in the module loader (see #7380).
• Fixed the "link_target" insert tag.
• Fix the Database::list_fields() method (see #7277).
• Correctly assign "col_first" and "col_last" in the image gallery (see #7250).

3.4.0-beta1

New

• Support responsive images and the <picture> element (see #7296).
• Added the "compareThemeFiles", "extractThemeFiles" and "exportTheme" hooks.
• Add the dir="rtl" attribute if the page language is RTL (see #7171).
• Added the "sendNewsletter" hook (see #7222).
• Prevent timing attacks when verifying passwords (see #7115, #5853).
• Support the backlink configuration setting in the parent view (see #7083).
• Added a regex to check for nonnegative natural numbers (see #4392).
• Preserve the original CSS ID and classes in the alias elements (see #6638).
• Added the "doNoTrim" flag to the Widget class (see #4287).
• Support SVG and SVGZ images (see #7108, #5908).
• Added the sort flag to the eval section of the DCA (see #4072).
• Added the "onundo_callback" (see #7258).
• Add an option to export style sheets (see #7049).
• Added widget-* CSS classes to front end form fields (see #7041).
• Added $item['isTrail'] to the navigation menu templates (see #7096).
• Added the "link_name" insert tag (see #7218).

Improved

• Use the image meta data in Controller::addEnclosuresToTemplate() (see #6746).
• Export .sql files in the theme folder and allow to reimport them (see #7048).
• Only create one DcaExtractor instance per table (see #7324).
• Add a CSS class indicating the number of columns in a gallery (see #7138).
• Allow to switch between the page and file picker in TinyMCE (see #6974).
• Show a message if logging in is required to comment (see #7031).
• Make the pagination template more flexible (see #7174).
• Limit the selectable file types depending on the element type (see #7003).
• Optionally hide files without matching meta data in downloads (see #6874).
• Do not directly query the INFORMATION_SCHEMA database (see #7302).
• Support simple tokens in registration and lost password mails (see #7101).
• Consider the values of referenced fields in the back end search (see #4376).
• Make the loading order of the style sheets configurable (see #6937).
• Handle data- and ng- attributes in Widget::addAttributes() (see #7095).
• Added the |async flag to $GLOBALS['TL_JAVASCRIPT'] (see #7172).
• Simplify the "member_grouped" template (see #7015).

Changed

• Do not mark pages as active if there are query parameters (see #7189).
• Use addImageToTemplate() in the ContentHyperlink class (see #7296).
• Removed the H2 sub-headlines in the back end (see #7248).
• Hide the "start" and "stop" fields if an element is not published (see #7148).
• Consider the options array in Model::countBy() (see #7033).
• Move the mime types array to a configuration file (see #6843).
• Add the class "tableless" to the member_ templates (see #7207).
• Make the front controller classes overwritable.

Removed

• Remove the rel="author support (see #7291).