Release 0.17.0

Welcome to Zotonic 0.17.0, released on 6 June, 2016.

Main changes are:

  • Added #1274: SNI support on Erlang 18.3 and higher.
  • Added #1284: default ACL rules.
  • Added #1240, #1276 and #1283: documentation for ACL user groups, task queue and Google Analytics.
  • Added #1265 and #1268: sanitise SVG uploads and link tags.
  • Fixed #1285: be less verbose when inserting ACL rules.
  • Fixed #1272: Vimeo embeds.
  • Fixed #1271: protected media security.
  • Fixed #1207 by giving m_rsc.uri property precedence over generated URI.
  • Fixed #1132 by setting Content-Security-Policy header.

Commits since 0.16.0

There were 54 commits since release 0.16.0.

Big thanks to all people contributing to Zotonic!

Git shortlog

Arjan Scherpenisse (11):
  • scripts: Fix
  • doc: Fix version nr; add missing rst files; update installation requirements
  • doc: Update sidebar, update installation instructions
  • admin: Show collaboration groups in content dropdown on overview
  • mod_admin: Show content groups + page size filters on media overview
  • zotonic_status: Show site name next to URL
  • mod_acl_user_groups: Fix typo in edit check on the collab group itself
  • mod_email_dkim: Add DKIM signing of outgoing emails
  • mod_base: Add ‘without’ filter
  • doc: Add filter_without to filter toc
  • mod_acl_user_groups: Fix permission check for adding members/managers to group
Arthur Clemens (1):
  • core: use short notation to include the header
David de Boer (14):
  • deps: Lock erlang_localtime
  • doc: Fix absolute/relative URL terminology
  • mod_admin_identity: Fix verification e-mail URL
  • doc: Update release branch name
  • Add 0.16.0 release notes
  • Clean up README and fix dead links
  • doc: Document Google Analytics
  • doc: Document media caption
  • base: Fix figcaption tag
  • mod_acl_user_groups: Insert default ACL rules (see #1131)
  • doc: Document the task queue
  • mod_acl_user_groups: Be less verbose when editing and publishing ACL rules
  • doc: Document mod_acl_user_groups
  • doc: Fix typos
Maas-Maarten Zeeman (2):
  • build: Locked new mochiweb in order to support SSL on IE9 and 10 on OTP 18+
  • core: Move ssl listeners to the core and support SNI.
Marc Worrell (26):
  • mod_signup: use foldr for signup_form_fields, let higher prio modules win.
  • deps: switch to original erlang_localtime from dmitryme. Issue #1036
  • mod_acl_user_groups: tune access permissions for collaboration groups. All collab group members can view the collab group. If someone can update/link/delete a collab group, then that user can do the same on the collab group content. Rename the config collab_group_edit to collab_group_update.
  • mod_acl_user_groups: members of a collaboration group can view each other.
  • core: add support for ‘–’ operator, extend support for ‘++’ operator.
  • core: add sanitization on the contents of uploaded SVG files. Issue #1265
  • Lock new dispatch_compiler. Fixes #1261
  • core: in m_rsc, always let the uri property take presendence above the local ‘id’ rule for non-informatonal uri generation. Fixes #1207
  • core: fix a problem where a file could be downloaded iff the file is not stored via a filestore. Fixes #1271
  • mod_video_embed: fix a problem where Vimeo embeds did not show a preview images. Fixes #1272
  • mod_admin: in depiction upload dialog, enable the ‘upload’ tab by default.
  • core: in html sanitize, add ‘noopener noreferrer’ to <a/> tags with a ‘target’ attribute.
  • mod_video_embed: better handling of 404 when fetchin Vimeo thumbnail.
  • core: added extra SVG sanitization.
  • Lock new z_stdlib for SVG sanitization. Issue #1265
  • mod_survey: also mail all uploaded files to the ‘survey_email’ email address.
  • mod_admin: set X-Frame-Options: SAMEORIGIN header for admin pages. Issue #1132
  • mod_admin: fix is_authorized/2 in controller_admin_edit
  • mod_base: set CSP sandbox header if a user uploaded file is served with controller_file. Issue #1132
  • mod_acl_user_group: add option to move resources to collaboration groups the user is not member of.
  • mod_admin: allow to select multiple connection in the connection-find dialog. Use the option ‘autoclose’ to change the text of the close button to ‘cancel’.
  • mod_acl_user_groups: better overview of rules. Use dialog for editing rules.
  • mod_acl_user_groups: in acl rule edit, clear collaboration group search when group is selected.
  • mod_acl_user_groups: fix filtering on content groups when searching. This fixes a problem when a user is allowed to see all or specific collaboration groups via the ACL rules.
  • mod_survey: fix layout of admin options.
  • mod_survey: in the emails, also show any ‘injected’ fields. This allows the template to dynamically inject some answers without corresponding questions.*

Edit on GitHub