v1.1.11

Security improvements

• Improved the Twig security policy (blocked methods that write, delete, or modify records and attributes in Database/Eloquent and Halcyon models; blocked access to the theme datasource; prevented extensions from being created or directly interacted with). See GHSA-xhw3-4j3m-hq53 for more information.

Full Changelog: v1.1.10...v1.1.11

v1.0.476

Security improvements

• Improved the Twig security policy (blocked methods that write, delete, or modify records and attributes in Database/Eloquent and Halcyon models; blocked access to the theme datasource; prevented extensions from being created or directly interacted with). See GHSA-xhw3-4j3m-hq53 for more information.

Full Changelog: v1.0.475...v1.0.476

v1.2.7

UX/UI Improvements

• Added support for showTotals option for Lists and summable option for columns of type: number to render the totals on a per page and per query basis in the Lists widget.
• Added new user:create CLI command to create a new backend user from the CLI.
• Checkbox lists will now show all of their options, even when disabled or in read-only mode.
• Visiting the backend login page will now redirect to the backend dashboard if the user is already logged in.
• Added additional warning about disabling debug mode in production to the config/app.php file.
• Added additional configuration checks to the Status dashboard widget.
• Improved the UX of drag and drop sorting of tree views.
• Disabled autocomplete on password and sensitive field types by default.
• Fixed minor box shadow issue with the recordfinder clear button.
• Made the entire fileupload field clickable in single file mode.
• Made the entire recordfinder field clickable and added translation support for the default prompt.
• Repeater items can now be extended by clicking on their title rather than just the dropdown arrow.
• Fixed minor styling issues with Select2 inputs.
• Fixed repeater item titles in preview contexts.

DX Improvements

• Added support for the Vite asset compiler (see Laravel docs & Winter docs for more information).
• Added new npm:install, npm:update, npm:run helper CLI commands. Refer to the docs.
• Added new BundleManager that manages the "asset bundles" used by the mix:create and vite:create scaffolding commands.
• Added support for Laravel-style relations (see wintercms/docs#176)
• Added a simple .devcontainer for the Storm library and the main Winter repository.
• Added support for "asset prioritization / load ordering" to the AssetMaker trait through the use of a new order system attribute that can be provided.
• Added support for project relative paths to the SQLite database.
• Changed the default scaffold for create:theme to Tailwind
• Changed the default asset compiler for the tailwind theme scaffold to vite.
• Added support for all abort($code) errors to the CMS module, now you can use abort(404) anywhere and get a nice 404 error page.
• Added winter:install, winter:env, and winter:mirror public to the default post create project composer scripts.
• Improved compatibility with Laravel's artisan migrate command by adding support for the --seed & --isolatable options.
• Added support for using dynamic methods to handle custom list column types.
• Added create:factory command to scaffold model factories in plugins.
• Added support for the --batchable option to the create:job scaffolder.
• Added support for dynamically extending filter scopes even if no scopes have been defined yet.
• Added --sidebar flag to the create:controller scaffolder to create a controller that uses the sidebar layout for form views.
• Fixed display of deleted files when reviewing changes in winter:version.
• Added --only-version|-o option flag to winter:version to display only the version number.
• Added new winter:util purge resized CLI command to delete all previously cached images from the resizer.
• Allowed create:migration to be called with the --update flag even if model does not have a fields.yaml to scan.

API Changes

• Added support for .avif image files.
• Removed the unnecessary Maker class from the core Application container.
• Added support for $table->dropColumnIfExists() in migrations.
• Added support for enabling the Laravel Mix manifest feature.
• Added File::getMaxUploadSize() and File::sizeToBytes() helper methods.
• Added File::copyBetweenDisks() and File::moveBetweenDisks() helper methods.
• Added slave relationship configuration to the DeferredBinding base model.
• Added $routePersistance parameter to Page::resolveMenuItem().
• Removed unnecessary TableData prefix from data returned by the Table widget (also DataTable formwidget) in AJAX requests.
• Added support for translation strings providing options in FormField->options().
• The Stripe Loader provided by Snowboard.js can now be disabled by setting data-request-stripe to false.
• Added support for command names that include a number.
• Core after login logic (runMigrationOnLogin and logging to the access log) has been moved to an event listener to more reliabily work across all methods of logging in.
• Added a default UserAgent of Winter Storm to calls made by the Winter HTTP client.
• Added a nestedArray() scope to the NestedTree trait and a toNestedArray() method to the core TreeCollection class.

Bug Fixes

• Fixed the argument order for paginate() and simplePaginate() in BelongsToOrMorphsMany relationships.
• Fixed issue where attempting to use the SortableScope could conflict with columns in pivot tables.
• Fixed infinite loop when using HasSortableRelations on a model with a self-referencing relationship.
• Restored the previous default value of true for showPageNumbers in the RelationController's view and manage configuration scopes.
• Fixed support for empty calls to date() in Twig.
• Fixed issue where FormWidgets would return null even when their raw field values aren't present in the save data.
• Fixed issue with some styling elements in the backend due to the switch of asset compilation systems for the backend styles in 1.2.6.
• Fixed error when using taglist with a single value.
• Fixed issue where the RelationManager FormWidget was overriding the default configuration of the RelationController even when the overrides were not explicitly set on the field instance.
• Fixed issue where creating themes from the backend using the blank scaffold would fail.
• Fixed issue where custom File models could not use string keys (i.e. UUIDs) as their primary key when using the default backend partials.
• Fixed issue where Pivot models were not being properly initialized with their attributes causing problems when the pivot record contained jsonable attributes used by repeaters / nested forms.
• Improved trace_log helper's handling of objects
• Fixed support for viewing complex (jsonable) pivot data in the RelationController.
• Fixed issue where the job class was generated twice when using create:job with the --sync option.
• Fixed issue where maxItems: 1 didn't work for the first item on repeaters.
• Fixed nested form data in Snowboard requests.
• Fixed issue where the Mix webpack config wasn't being removed after it was no longer required.
• Fixed issue where sometimes event listeners for model events would be bound multiple times.
• Disabled the --relative flag for winter:mirror on Windows because Windows doesn't support relative symlinks.
• Properly escape the SQLite database path when running winter:env on Windows.

Security Improvements

• Added the $requiredPermissions property to the default controller stub used by create:controller.
• Hardened theme objects, preventing certain properties from being passed through to the ThemeData object.
• Improved the Twig security policy (blocked methods that write, delete, or modify records and attributes in Database/Eloquent and Halcyon models; blocked access to the theme datasource; prevented extensions from being created or directly interacted with). See GHSA-xhw3-4j3m-hq53 for more information.

Translation Improvements

• Improved Latvian translation.
• Improved French translation.
• Improved Russian translation.

Performance Improvements

• Winter\Storm\Database\Traits\ArraySource now supports using generators to return records in the getRecords() method.

Community Improvements

• Fixed links to documentation in composer.json

Dependencies

• Bumped minimum required version of Twig to v3.14 to fix potential security issue.

New Contributors

• @Quendi6 made their first contribution in #1134
• @sephyld made their first contribution in #1209

Full Changelog: v1.2.6...v1.2.7

v1.2.6

UX/UI Improvements

• Improved UX when invalid dates are present in a datepicker field by displaying a warning message and allowing the user to edit those values. Also improved support for date values that use . as a separator.
• Removed the encryption setting from the backend Mail Settings page as it is redundant now.

API Changes

• The Illuminate\Http\Middleware\HandleCors middleware is now included in the core HTTP kernel by default. In order to start using the CORS support added by this change add the config/cors.php file to your project and configure it accordingly.
• Added --no-progress and --json options to mix:compile, mix:watch, & mix:list commands.
• Added support for the List widget's showPageNumbers in RelationController's view and manage configuration scopes.
• Added support for logging context data in the backend EventLog.
• Added support for the array_*() helper functions in the System Twig environment.
• The date() Twig filter and function now run through the System\Helpers\DateTime helper to process them with Carbon.

Bug Fixes

• Fixed an issue where HasOneThrough and HasManyThrough relationships were not taking the count and scope relationship configuration options into account.
• Fixed an issue where ignore_missing wasn't being respected in the source() Twig function.
• Hidden / disabled fields are no longer excluded from the form data in the Form's onRefresh handler.

Dependencies

• Twig has been locked to 3.8 as 3.9 introduces a breaking change. 3.9+ will be supported in the next release.
• FontAwesome has been updated to 6.5.2 and the asset compilation step has been moved to Winter Mix for easier upgrades in the future. This also removes the vendor files for FontAwesome from the repository.
• The customized styles for Select2 in the Winter backend are now compiled to a standalone file (/modules/system/assets/ui/vendor/select2/css/select2.css).

New Contributors

• @Nimdoc made their first contribution in #1087
• @interworks-morr made their first contribution in #1098

Full Changelog: v1.2.5...v1.2.6

v1.2.5

UX/UI Improvements

• Added support for mass enabling / disabling of permissions in the PermissionEditor FormWidget by clicking on the column headers.
• Added support for allowCustom in dropdown fields to allow for custom values to be entered by the user.
• Added support for balloon-selector fields as titleFrom sources in Repeaters.
• Added support for custom disks in the winter:util purge uploads command.
• Removed the unnecessary <p> tag from the email button partial.
• Added disabled state styling for switch fields.
• Added dynamic file extension icons to the Media Manager for files without thumbnails.

API Changes

• Increased the default cache time of CombinedAssets to the 1 year, the current Google recommendation, instead of the previous recommendation of 1 week.
• The .env.example file will no longer be automatically copied to .env on project creation.

Bug Fixes

• Winter\Storm\Database\Attach\File will now correctly respect the visibility property set on the disk configuration when storing files on the disk.
• Improved support for legacy plugins directly using the October\Rain\Extension\ExtendableTrait trait.
• Improved the HTML Helper's reduceNameHeirachy() method's ability to handle field names from nestedforms.
• Fixed support for dynamicProperties on PHP 8.2+ by no longer actually setting the properties on the object but instead using the existing dynamicProperties store to manage the values.
• Event::forget() now also removes prioritized event listeners.
• Fixed parameter typing for the Http::data() method that was causing issues on the Plugin Updates page.
• Improved support for reordering records in the backend when the sort order values on the existing records are in an inconsistent state.
• Improved support for PHP 8.2+ by replacing deprecated usage of ${} in strings with {$}.
• Improved support for PHP 8.3 in the migration system.
• Improved support for BackedEnum values in the FormField's isSelected() method.
• Improved support for arbitrary depth of dependsOn in backend fields.
• Fixed issue where null values passed to the md Twig filters would cause an error.

Translation Improvements

• Added localization support for the System DateTime helper's timeTense() helper.
• Added lang keys to plugin controller scaffolding.

Community Improvements

• Winter CMS is a Community Sponsor of Laracon US 2024.

Dependencies

• Updated jQuery to 3.7.1 and jQuery Migrate to 3.4.1.

New Contributors

• @koesper made their first contribution in #1026
• @Mrkbingham made their first contribution in #1059

Full Changelog: v1.2.4...v1.2.5

v1.2.4

UX/UI Improvements

• theme:list, plugin:list, and mix:list now display nicely formatted tables.
• Added support for "grid" repeaters via new mode: grid, columns, and rowHeight options.
• Added new Asset URL helper to Snowboard.js: Snowboard.url().asset() that will use the configured app.asset_url value to generate URLs to asset files.
• Field option values can now be specified as a language key that points to an array of keys & values that will be automatically translated (ex. options: author.plugin::lang.departments).
• The MediaManager's sort type, direction, and view mode are now persisted to the user's preferences keyed by the usage of the media manager (i.e. all mediafinder usages are one key, the main media library is another). This means that the media manager will now remember your preferences between logins and in different contexts. The preferences are still overridden on a per-session, per-instance basis.
• Improved the error message when attempting to register an invalid extension to Twig (i.e. a non-callable extension).
• Added support for overscrolling in the codeeditor FormWidget via the scrollPastEnd option that allows the editor to scroll past the end of the document by the specified number of lines.
• Added a "Refresh" button to the RelationController.
• Toolbar widget will now only render its container HTML when it has at least one sub-widget to display.
• Minor styling improvements to the FileUpload thumbnail styles.
• Added new RelationManager FormWidget to simplify rendering the RelationController.
• Improved progress bar styling within List widgets.
• Added support for populating migrations created via create:migration with columns defined from the field configuration for the provided model.
• Added support for showSetup in list views of the RelationController.
• Added support for scaffolding tests in plugins via the create:test command.

API Changes

• Added the bootstrap/cache folder to the wintercms/winter repo as it is expected to exist by Laravel core commands related to caching.
• When running any commands from the CLI while your application has a database connection configured but the migrations table is not yet present on it, the application will also be considered in a protected state and only elevated plugins will be loaded. This is to prevent issues with commands that may attempt to access the database before migrations have been run.
• filterFields() and model.filterFields() will now be called immediately before the Form widget returns the save data in getSaveData().
• New partials have been added to the RelationController to enable more easily extending the default footer used in RelationController modals.
• The application container will now create cache directories if they don't exist for anything passed to App::normalizeCachePath().
• Added support for the event:cache, event:clear, and event:list commands.
• Added App::hasDatabaseTable() helper to check if the configured database connection has a specific table.
• Added Model::hasDatabaseTable() and Model->isDatabaseReady() helpers to check if the model's table is present in the model's database connection.
• Added Model->hasAttribute($attribute) helper to check if the provided attribute would be processed by the model's getAttributeValue() method (i.e. it exists in attributes, is castable, or has a mutator / accessor).
• Added the json() helper to the Http network utility class to send requests with a JSON body.
• Added support for the limit property on list column relation value queries.
• develop.debugSnowboard will no longer fallback to the value of app.debug, instead it will default to false.
• CmsObject::listInTheme() will no longer include null entries in the returned list.
• Variables shared via View::share() will now also be shared with CMS Twig templates as global variables.
• Added support for appending and prepending datasources to the AutoDatasource.
• Added support for soft deleting Backend User Groups.
• Added new backend.list.extendColumnsBefore event to match backend.forms.extendFieldsBefore.
• Added new model.getValidationAttributes event.
• Model event methods (i.e. afterSave(), etc) will now be bound to and fired by the event dispatcher instead of firing directly. This allows for more flexibility in the order of event listeners and allows for the event to be cancelled before reaching the original model listener method.
• Added new Encryptable database behavior that functions the same as the existing trait but can be dynamically applied to models.
• Improved automatic detaching / deletion of relations. Adds support for deletedAtColumn to relation pivot configurations.
• Added support for job batches (originally introduced in Laravel 8).
• Made Winter\Storm\Support\Svg::sanitize() a public method.
• Added support for Throwable exceptions to the SystemException base class.

Bug Fixes

• Fixed an issue when attempting to access a SettingsModel after the database exists but before any migrations have been run.
• Fixed issue where Snowboard.js extras weren't being loaded from the configured app.asset_url when using custom CDNs.
• Mail template style tags are now put in the <head> element instead of the <body> element.
• Snowboard.js will now resolve promises even if the beforeUpdate() event is cancelled, which provides a way to cancel the updating of partials while still allowing the rest of the request lifecycle to proceed.
• Added support for setting stripe: false in the options for a Snowboard.js request when the snowboard extras are present to disable the stripe loading indicator for that request.
• Fixed an issue where Winter would fail to load on some systems when an open_basedir restriction was in place.
• Fixed an issue where the Repeater's form configuration wasn't allowing stdClass or string values.
• Fixed an issue where recompiling the backend styles would cause the User Impersonation Notice styles to be lost.
• Improved support for BackedEnum values in lists and forms.
• Fixed issue where asset URLs weren't being cached by the current host / scheme causing mixed type errors.
• Fixed issue where RichEditor popups (i.e. when inserting links) would open and then rapidly close when interacted with; caused by change events being fired on the editor when the popup was opened.
• Fixed issue where pages with no components would cause a crash when getComponentProperties() was called.
• Fixed issue where the showTree config value would be cleared when the search term was cleared instead of being preserved.
• Fixed issue where installing Winter in certain directories would fail to work.
• The in-memory DB cache will now be cleared when an upsert is performed.
• Improved support for PHP 8.3 with the Extendable trait.

Security Improvements

• Added validation to the ColorPicker FormWidget to prevent non-color values from being saved.
• Stored values in the ColorPicker FormWidget will now be escaped before rendering to prevent XSS attacks.
• Files in the Media Manager will now be passed through the Svg::sanitize() method before being renamed to .svg files to prevent potential stored XSS attacks.

Translation Improvements

• Improved Latvian translation.
• Improved Russian translation.
• Improved Turkish translation.

Performance Improvements

• Added indexes to the sessions table.

Community Improvements

• Launched the rebuilt version of the WinterCMS.com website and project documentation.
• Automated the generation of the build manifest file for new releases of Winter CMS.
• Added support for Block template files (.block, see Winter.Blocks) to the Winter CMS VS Code extension.
• Added link to get paid support from the core team to the Winter CMS website and repository.
• Improved support for dark mode on the Winter.TailwindUI plugin.
• Core team founded Frostbyte Foundation, Inc.; a non-profit incorporated in Canada to support the Winter CMS project and community.

v1.2.3

UX/UI Improvements

• Display an inspirational quote after generating code files with the create:* scaffolding commands, can be disabled by passing the --uninspiring option.
• InvalidArgumentException exceptions in scaffolding commands are now caught and displayed as an error in the console.
• Support for uploading SVGs is now present and enabled by default in the core. SVGs are sanitized on upload to avoid potential XSS attacks.
• Minor improvements to the backend brand settings page on mobile.
• Added a visual indicator to ignored packages when running artisan mix:list.
• Added ability to select the desired theme scaffold to use when scaffolding themes from the backend, also will now automatically pre-fill more fields.
• Migration messages will now be show when running migrations in the console, even if an exception is thrown.
• Finished implementing the artisan create:migration command, with support for the --version, --create, --update, --table, and --model options. This command supports generating the required versions in updates/version.yaml now as well.
• A default .env.example file is now included in the wintercms/winter repository.
• Fixed an issue where the Clear button on the recordfinder wasn't visible.

API Changes

• Local extensions are now initialized after all behaviours have been loaded. See wintercms/storm@004159.
• Ignored Mix packages are now excluded from MixAssets::getPackages() unless the $includeIgnored argument is true.
• Added getPluginVersions() method to the PluginBase class to get a sorted list of the plugin's versions as defined in updates/version.yaml.
• cms.beforeRoute is now a halting event in order to enable preventing the CMS catch-all route from being registered.

Bug Fixes

• When updating the sort_order on sortable relations, find() is now called on the related model directly rather than the Relation object. See wintercms/storm#146.
• Fixed issue preventing users from being able to create themes from the backend (Return value must be of type string, null returned).
• Fixed issue with case sensitivity when determining "upload_max_filesize" size.
• Fixed race condition with maxItem limit check after adding a new repeater item
• Fixed issue where keyboards could appear on mobile when attempting to use a datepicker field.
• Fixed issue where an error message was being logged unnecessarily.
• Fixed issue where dynamically switching between multiple themes on the same instance coud result in assets from the wrong theme being loaded.

Security Improvements

• SVGs are now sanitized on upload to avoid potential XSS attacks. See wintercms/winter#GHSA-wjw2-4j7j-6gc3.

Translation Improvements

• Improved Hungarian translation.

Community Improvements

• The Winter.Blocks plugin has been released, offering a visual, block-based content editor for Winter CMS.
• The Winter.Ray plugin now supports loading the Ray configuration through the normal Winter CMS config system rather than requiring a ray.php file to be present in your project root.

Dependencies

• winter/storm and wintercms/winter now include PHP 8.2 in their automated test suites.
• Support for symfony/console up to 6.3 has been added.

New Contributors

• @lex0r made their first contribution in #919
• @marvindurot made their first contribution in #939

Full Changelog: v1.2.2...v1.2.3

v1.2.2

UX/UI Improvements

• Added support for Child Themes by defining a theme code in the parent property of a theme's configuration file (theme.yaml).
• Added support "virtual" themes (theme.yaml files present in the DatabaseDatasource when using the Database Templates feature).
• Added iconpicker FormWidget with support for custom icon libraries.
• Component assets stored in an assets directory within the component directory will now be mirrored by the winter:mirror command.
• The AJAX form validation feature documented in Snowboard that was missed during the initial implementation of Snowboard is now included by default with the extras package.
• Lists can now be sorted by invisible columns.
• The alert() & error() methods on Winter\Storm\Console\Command now implement Laravel's CLI components for rendering messages.
• Number of items in a folder in the Media Manager is now correctly pluralized.
• Fixed the icon for the "Return to parent" folder item in the Media Manager.
• Tweaked sizing of the inputs for a datepicker field in datetime mode - the date input size has been slightly increased, and the time input size has been slightly decreased, to better fit their respective content.
• Checkbox fields marked required will now show the required indicator.
• Fixed issues with the fancy layout styles affecting nested form styles.
• Fixed issue where an empty option element was present when adding a widget to the dashboard.

API Changes

• Vue 3 is now available in the backend via the window.Vue variable.
• Added new slug validation rule that validates a string as a valid URL slug (alpha-numeric and a defined separator, defaults to -).
• Added new Str::isJson() method to check if a string is valid JSON as well as the is_json() global helper function.
• Added new File::isAbsolutePath() method to the Winter\Storm\Filesystem\Filesystem class to check if a path is absolute.
• Added support for the mode property for the mediafinder FormWidget. Supported modes include: image. video, audio, document, file, and all.
• Added a new metadata JSON blob column to the backend_users table.
• Added support for extending the head block in the backend views via Block::append('head', $html).
• Added sizeBytes and lastModified attributes to media items returned by the Media Manager's getItems() JS function.
• Added $formWidget as a variable made available to partial fields.
• Locally defined dynamic methods are now prioritized over behavior-defined methods, allowing you to override behavior methods in your Extendable classes.
• Added support for scoped dynamic code extension. You can now pass true as the second parameter to the ::extend() static method in order to run extension code within the context of the class being extended giving the code access to protected and private properties and methods.
• Added support for local dynamic code extension. You can now call the extend() method on an instance of an Extendable class to have that extension apply only to that instance of the object.
• Refactored backend JS widget loading, added backend.ui.eventHandler and backend.ui.widgetHandler Snowboard plugins, refactored the IconPicker, ColorPicker, & Sensitive FormWidgets widgets as Snowboard plugins.
• Snowboard.js event listeners now support closures.
• A new configuration, develop.debugSnowboard, has been added to config/develop.php, to allow overriding if Snowboard debugging and console logging is enabled, independent of the app.debug setting.
• Added support for the RESTRICT_BASE_DIR environment variable to control the cms.restrictBaseDir config setting.
• The content function in Twig now can return a boolean, thus allowing usage as a conditional for fallback content if a content file does not exist.
• The Markdown parser now uses the CommonMark library by the PHP League, as this library is already a Laravel dependency.
• A $settingsCacheTtl property may be provided for models that implement the SettingsModel behavior. This property accepts an integer and allows you to set the length of time (in seconds) that settings in this model will be cached for, defaulting to 1440 seconds (24 minutes).
• Split the render() method of Winter\Storm\Halcyon\Processors\SectionParser into three methods (renderSettings(), renderCode(), and renderMarkup()) as well as added three methods for parsing the sections (parseSettings(), parseCode(), and parseMarkup()). This makes it much easier to extend the SectionParser to build customer parsers. Demonstrated in the Winter.Blocks plugin.
• Added support for setting the cache key per instance of the AutoDatasource.
• Refactored the ClassLoader to support PSR-4 autoloading for packages added via the autoloadPackage($namespace, $path) method (modules & plugins). The old method of lowercase folders with proper case files is still supported as well.

Bug Fixes

• Refactored the Winter\Storm\Support\Traits\Singleton trait to bind to the application container instead of the global scope, which was causing issues with running multiple instances of Winter CMS in the same PHP process (i.e. unit tests, Laravel Vapor, Octane, etc).
• Fixed an issue where add() and remove() methods on the Winter\Storm\Database\Concerns\BelongsToOrMorphsToMany relation were passing the model key instead of the model instance to the attach() and detach() methods.
• Fixed an issue with generating thumbnails on disks with custom root paths, also simplified the logic for generating thumbnails.
• Improved support for multiple database connections in a single Winter project by using the parent model's connection when creating a new model instance from a relation, specifically when using Deferred Binding.
• Fixed support for class castable attributes on models.
• Fixed support for artisan route:cache.
• Fixed issue where the FormBuilder would generate elements with empty id attributes.
• Improved support for asset URLs in multiple places.
• Fixed incorrect return type for the onLoadMovePopup() MediaManager AJAX handler.
• Fixed the usage of POST arrays when using the original AJAX framework, which sometimes were incorrectly collated by the nested parent forms functionality implemented in Winter v1.2.0.
• Fixed depends usage in the Inspector widgets for object and objectlist fields.
• Fixed issue where fields with the slug or camel preset tools enabled wouldn't respect the max length of the field.
• Fixed issue where backend permissions weren't being registered when in any context other than the backend.
• Fixed numerous instances of the App facade being used instead of the local reference to the app instance which should improve support for multiple instances of Winter CMS in the same PHP process.
• Fixed issue where contextual fields (name@context) could not be removed via removeField('name').
• Fixed issue with the embedded JSON attribute parser treating datetime values as floats.
• Fixed incorrect usage of the plugin:install command inside the winter:install command, due to a change in the former command's parameters.
• Removed Winter.Drivers as a recommended plugin to install when running winter:install.
• Fixed incorrect URLs being returned by the System\Models\File::getPublicPath() method if the storage being used was not a local file storage.

Security Improvements

Translation Improvements

• Improved Russian translation.
• Improved Ukrainian translation.
• Improved Latvian translation.
• Improved French translation.
• Improved Italian translation.
• Improved Slovak translation.

Performance Improvements

• Improved the performance of resolving the active theme in cases where there are a lot of themes present or "virtual" themes are being used.

Community Improvements

• Added Emmet support to Winter CMS template files with the official Winter CMS plugin for VS Code.
• Improved examples in documentation for extending forms via the form.extendFieldsBefore and form.extendFields events.
• The \TestCase alias has been set up to point to the correct base test class for unit tests, removing the need for adding a polyfill class in unit tests to support testing in both Winter v1.1 and v1.2. By extending this alias, unit tests should now work in both branches.

Dependencies

• Replaced the dependency on erusev/parsedown and erusev/parsedown-extra with league/commonmark for the Markdown parser which was already included by Laravel and improves compliance with the CommonMark specification.
• Testing suite is now running on PHP 8.0, 8.1, & 8.2 across Ubuntu & Windows.
• Updated wikimedia/composer-merge-plugin to ~2.1.0 to allow for the replace configuration of dependencies to be merged together.

New Contributors

• @teranode made their first contribution in #806
• @wpjscc made their first contribution in #841
• @xitara made their first contribution in #858
• @webbati made their first contribution in #869
• @zaxbux made their first contribution in #890
• @djpa3k made their first contribution in #911

Full Changelog: v1.2.1...v1.2.2

v1.2.1

UX/UI Improvements

• Added support for streaming file uploads directly to S3 storage disks via the stream_uploads option on the disk configuration. Requires the Winter.DriverAWS plugin.
• Added support for the data-request-parent attribute to the AJAX framework, allowing AJAX requests to include the data from the elements that spawned them which allows for highly complex workflows where popups spawn popups and then those popups need to call their own AJAX handlers but the page previously didn't know to initialize them without their parent data being present. This fixes support of the RecordFinder inside of popups like the RelationController's update & pivot forms as well as the FileUpload's description form popup inside of other popups.
• Switched the winter:up / migrate commands to use the new Laravel CLI components for improved output formatting.
• Added support for type: range Form fields.
• Added support for the conditions property on List Columns with a relationship defined via the relation property.
• Added support for changing an image's extension / file type when using the ImageResizer to resize the image.
• Added support for ignoring specific Mix packages to avoid including third-party Mix packages in your application's package.json unnecessarily.
• Clicking the label of a switch field will now toggle the switch.
• Increased the width of the crop dimension inputs when cropping or resizing an image in the Media widget.
• Standard HTML flash messages that are converted to JavaScript flash messages through Snowboard are now removed once converted, to prevent the original message from remaining even after the flash message is dismissed.
• The autogenerated password for the default administrator account is now displayed in the winter:install command output and can be changed through the wizard.
• Documented app.tempPath configuration option.
• Added winter:password as an alias for winter:passwd.
• Minor CSS improvements.

API Changes

• Removed the default maxlength of 255 from type: text Form fields.
• The twig.environment.cms Twig environment is no longer provided as a singleton, instead being generated on each request to App::make(). This helps to avoid conflicts when calling the CMS controller multiple times in the same request.
• Deprecated the Winter\Storm\Database\Behaviors\Purgeable behavior as the Purgeable trait is now included by default on all Winter models.
• Added the backend.formwidgets.fileupload.onUpload event to allow for custom handling of file uploads in the FileUpload FormWidget.
• Added the backend.widgets.uploadable.onUpload event to allow for custom handling of file uploads in the widgets that implement the Backend\Traits\UploadableWidget trait.
• Added the formwidgets.fileupload.initUploader Snowboard global JS event to allow for interacting with the FileUpload's JS uploader instance.
• Added the formwidgets.richeditor.init Snowboard global JS event to allow for interacting with the RichEditor's JS editor instance.
• Added the widgets.mediamanager.initUploader Snowboard global JS event to allow for interacting with the MediaManager's JS uploader instance.
• Switched visibility of getRelationModel() from protected to public on the Backend\Traits\FormModelWidget trait.
• Switched visibility of getOptionsFromModel() from protected to public on the Backend\Widgets\Form widget.
• Added the following methods to the Backend\Traits\UploadableWidget trait to make it easier to customize upload behaviour:
  • uploadableGetDisk()
  • uploadableGetUploadPath()
  • uploadableGetUploadUrl()
• Added the following model relation events:
  • model.relation.beforeAdd($relationName, $relatedModel)
  • model.relation.afterAdd($relationName, $relatedModel)
  • model.relation.beforeRemove($relationName, $relatedModel)
  • model.relation.afterRemove($relationName, $relatedModel)
  • model.relation.beforeAssociate($relationName, $relatedModel)
  • model.relation.afterAssociate($relationName, $relatedModel)
  • model.relation.beforeDisassociate($relationName)
  • model.relation.afterDisassociate($relationName)
• A new mix:run Artisan command has been added to allow scripts defined in the package.json file of a Mix package to be run easily through the CLI. You can find the documentation here.
• The AJAX framework and Snowboard framework now both enforce either a class name dot (.) or an ID hash (#) to be prefixed to any partials that are to be updated in an AJAX response. This includes any mapped selectors.
• Snowboard JavaScript AJAX requests now accept two or three parameters, similar to the old framework. When using two parameters, the user only needs to specify the handler and options - it is assumed in this case that the AJAX requests is detached and not tied to an element.
• Added Winter\Storm\Database\Traits\HasSortableRelations trait to make it easier to sort related records on a model.
• Added support for ** as a wildcard when setting the application's trusted proxies. This was originally supported in fideloper/trustedProxy but was removed without explanation in Laravel 5.6. * will trust the currently requesting IP address, ** will trust all proxies in a chain of proxies (often required if you are behind something like CloudFront and another proxy). This was required for retrieving the correct Client IP address when using Laravel Vapor.
• Properties added to Model instances via addDynamicProperty() are now automatically added as purgeable attributes to prevent them from being saved to the database.
• Added the Arr::moveKeyToIndex($array, $targetKey, $index) helper method to make it easier to move a specific array element to the specified index.
• Added the Str::unique($str, $items, $separator, $step) helper method that ensures the provided string will be unique when compared to the provided array by adjusting the string with the separator & step as necessary. Useful for filename deplication or other deduplication of unique references.
• Added the Str::join($items, $glue, $lastGlue, $dyadicGlue) helper method to join an array of items with a glue string, optionally using a different glue string for the last item and for the dyadic item case (only two items). By default this applies the "Oxford / Serial Comma" gramatical construct when listing items.
• Added the fromStorage() helper method to the Winter\Storm\Database\Attach\File model class in order to create a new file record from a file path that already exists on the file model's storage disk.
• Added new Winter\Storm\Console\Traits\HandlesCleanup trait to the base Winter Command class that makes it easier to implement cross-platform cleanup logic on your CLI commands when process termination signals are received.
• Added support for root level paths in the Halcyon DbDatasource, required for Child Theme support.
• Added support for exit codes in mix:compile. Also added support for the --silent, --stop-on-error, and --manifest flags.

Bug Fixes

• The winter:test command now automatically uses the correct bootstrap file for unit testing, irrespective of the bootstrap configuration in any plugin or module's phpunit.xml file, to assist users migrating their unit tests to Winter 1.2.
• Fixed issue where plugins weren't being correctly sorted by their dependencies when depending on a plugin that registers itself as a replacement which could cause migrations to run in the incorrect order.
• Fixed typo in the MediaManager widget that was preventing SVGs from displaying their previews in the sidebar.
• Fixed issue when attempting to generate a TailwindCSS theme scaffold on a case sensitive file system.
• Fixed mismatching method signature on AutoDatasource->lastModified() that could cause issues when using DatabaseTemplates in v1.2.
• Fixed issue where MorphedByMany relationships would use the wrong class name when building queries.
• Removed an override to the Input::all() facade method, which prevented files from being included in the result, breaking previous behaviour.
• Removed an extra 0 that was left over in numberrange filter partials.
• Fixed an issue where only the last component would be saved in a CMS template due to the framework not correctly processing arrayed POST data.
• Fixed an issue with the winter:fresh command where the demo plugin was not removed and an error message was shown.
• The Array Source trait will no longer attempt to save a temporary SQLite DB if storage is disabled via setting $cacheArray to false.
• Fixed an issue where custom AJAX error responses were being mangled by the Snowboard Request class, before sending off to the error handlers. If an error does not appear to be a PHP exception with an exception class and message, it will now pass through the response untouched (but still be considered an error response).
• Fixed an issue where the File model's fromUrl() method would not correctly determine the file's mimeType if the file was delivered with a Content-Type header that was incorrectly capitalized.
• Fixed an issue where migrations using anonymous classes could not be run more than once in a single process.
• Fixed support for the Laravel ClassName@method syntax for event listeners.
• Fixed issue where custom pivot models were not being used when using the attach method on a BelongsToMany relationship.
• Fixed support for queueing emails (was broken by a change in Laravel 7 that was missed in the Winter v1.2 upgrade).
• Fixed support for hidden files in Zip folders on systems without support for GLOB_BRACE (Solaris, Alpine Linux, etc).
• Fixed issue that occurred when attempting to dynamically add HasOneThrough|HasManyThrough relations to models.
  ...

v1.1.10

Security Improvements

• Prototype hardening has been implemented on the Snowboard framework to prevent prototype pollution. You may read the security advisory for more information.

Community Improvements

• The image resizer tests have been re-done in order to more accurately test image resizing in Winter. The tests themselves will generate artifacts that can be reviewed as a ZIP file if the tests fail.