This release contains a breaking change. Due to security reasons content policy headers where added to prevent script execution for assets. If you have uploaded html files with scripts as assets, this will not work anymore. There is no fallback, you haveto upload your files to another location like a github repository. We might remove the header if we have a better solution for that.
Fixed
- Events: Fixes the query to use the correct index.
- Rules: Fix the UI for content trigger to always show the schem names.
Changed
- UI: New content editor for markdown fields. The old editor is available under: https://squidex.github.io/squidex-samples/editors/markdown/index.html
- UI: New content editor for rich text fields. The old editor is available under: https://squidex.github.io/squidex-samples/editors/richtext/index.html
- UI: New collaboration feature based on yjs. This removes all existing comments and notifications.
- UI: Improved AI chat dialog.
- UI: Only show the AI button when a chat bot is enabled in the settings.
Added
- GraphQL: Add the schema name to component types.
Security
- CVE-2023-46253 / Assets: Fix a bug where an asset could be written outside the app folder: GHSA-phqq-8g7v-3pg5
- CVE-2023-46252 / Editor: Remove the editor js sample from the file system, because it allows to execute arbitrary JavaScript code in the context of a user authenticated to Squidex: GHSA-7q4f-fprr-5jw8
- CVE-2023-46857 / Assets: Incorrect SVG filtering. Implemented a more restrict filter: GHSA-xfr4-qg2v-7v5m