0.17.0

Welcome to Zotonic 0.17.0, released on 6 June, 2016.

Main changes are:

  • Added #1274: SNI support on Erlang 18.3 and higher.

  • Added #1284: default ACL rules.

  • Added #1240, #1276 and #1283: documentation for ACL user groups, task queue and Google Analytics.

  • Added #1265 and #1268: sanitise SVG uploads and link tags.

  • Fixed #1285: be less verbose when inserting ACL rules.

  • Fixed #1272: Vimeo embeds.

  • Fixed #1271: protected media security.

  • Fixed #1207 by giving m_rsc.uri property precedence over generated URI.

  • Fixed #1132 by setting Content-Security-Policy header.

Commits since 0.16.0

There were 54 commits since release 0.16.0.

Big thanks to all people contributing to Zotonic!

Git shortlog

Arjan Scherpenisse (11):

  • scripts: Fix prepare-release.sh

  • doc: Fix version nr; add missing rst files; update installation requirements

  • doc: Update sidebar, update installation instructions

  • admin: Show collaboration groups in content dropdown on overview

  • mod_admin: Show content groups + page size filters on media overview

  • zotonic_status: Show site name next to URL

  • mod_acl_user_groups: Fix typo in edit check on the collab group itself

  • mod_email_dkim: Add DKIM signing of outgoing emails

  • mod_base: Add ‘without’ filter

  • doc: Add filter_without to filter toc

  • mod_acl_user_groups: Fix permission check for adding members/managers to group

Arthur Clemens (1):

  • core: use short notation to include the header

David de Boer (14):

  • deps: Lock erlang_localtime

  • doc: Fix absolute/relative URL terminology

  • mod_admin_identity: Fix verification e-mail URL

  • doc: Update release branch name

  • Add 0.16.0 release notes

  • Clean up README and fix dead links

  • doc: Document Google Analytics

  • doc: Document media caption

  • base: Fix figcaption tag

  • mod_acl_user_groups: Insert default ACL rules (see #1131)

  • doc: Document the task queue

  • mod_acl_user_groups: Be less verbose when editing and publishing ACL rules

  • doc: Document mod_acl_user_groups

  • doc: Fix typos

Maas-Maarten Zeeman (2):

  • build: Locked new mochiweb in order to support SSL on IE9 and 10 on OTP 18+

  • core: Move ssl listeners to the core and support SNI.

Marc Worrell (26):

  • mod_signup: use foldr for signup_form_fields, let higher prio modules win.

  • deps: switch to original erlang_localtime from dmitryme. Issue #1036

  • mod_acl_user_groups: tune access permissions for collaboration groups. All collab group members can view the collab group. If someone can update/link/delete a collab group, then that user can do the same on the collab group content. Rename the config collab_group_edit to collab_group_update.

  • mod_acl_user_groups: members of a collaboration group can view each other.

  • core: add support for ‘–’ operator, extend support for ‘++’ operator.

  • core: add sanitization on the contents of uploaded SVG files. Issue #1265

  • Lock new dispatch_compiler. Fixes #1261

  • core: in m_rsc, always let the uri property take presendence above the local ‘id’ rule for non-informatonal uri generation. Fixes #1207

  • core: fix a problem where a file could be downloaded iff the file is not stored via a filestore. Fixes #1271

  • mod_video_embed: fix a problem where Vimeo embeds did not show a preview images. Fixes #1272

  • mod_admin: in depiction upload dialog, enable the ‘upload’ tab by default.

  • core: in html sanitize, add ‘noopener noreferrer’ to <a/> tags with a ‘target’ attribute.

  • mod_video_embed: better handling of 404 when fetchin Vimeo thumbnail.

  • core: added extra SVG sanitization.

  • Lock new z_stdlib for SVG sanitization. Issue #1265

  • mod_survey: also mail all uploaded files to the ‘survey_email’ email address.

  • mod_admin: set X-Frame-Options: SAMEORIGIN header for admin pages. Issue #1132

  • mod_admin: fix is_authorized/2 in controller_admin_edit

  • mod_base: set CSP sandbox header if a user uploaded file is served with controller_file. Issue #1132

  • mod_acl_user_group: add option to move resources to collaboration groups the user is not member of.

  • mod_admin: allow to select multiple connection in the connection-find dialog. Use the option ‘autoclose’ to change the text of the close button to ‘cancel’.

  • mod_acl_user_groups: better overview of rules. Use dialog for editing rules.

  • mod_acl_user_groups: in acl rule edit, clear collaboration group search when group is selected.

  • mod_acl_user_groups: fix filtering on content groups when searching. This fixes a problem when a user is allowed to see all or specific collaboration groups via the ACL rules.

  • mod_survey: fix layout of admin options.

  • mod_survey: in the emails, also show any ‘injected’ fields. This allows the template to dynamically inject some answers without corresponding questions.*

Edit on GitHub

0.18.0 Release Notes 0.16.0