github craftcms/cms 4.17.0-beta.1
on GitHub

latest release: 5.9.0-beta.1
pre-release10 hours ago

Administration

  • Added the “View user” GraphQL schema option for Craft Solo. (#17863)
  • The clear-cache command now accepts a space-delimited list of cache IDs that should be cleared.
  • Compiled templates are now deleted by the up command rather than from migrate commands.
  • Added the enableTwigSandbox config setting. (#18208, #18216)
  • The disableGraphqlTransformDirective config setting is now deprecated.

Development

  • Added support for referencing environment variables anywhere within settings that support them (e.g. foo/$ENV_NAME/bar or foo-${ENV_NAME}-bar). (#17949)
  • It’s no longer possible to instantiate objects that don’t extend yii\base\BaseObject via the create() Twig function. (GHSA-94rc-cqvm-m4pw)
  • Added the uuid() Twig function.
  • The @parseRefs and @transform GraphQL directives are now optional for each GraphQL schema. (GHSA-7x43-mpfg-r9wj)

Extensibility

  • Added craft\base\ElementInterface::setAttributesFromRequest().
  • Added craft\services\Search::deleteOrphanedIndexJobs().
  • Added craft\web\GqlResponseFormatter.
  • Added craft\web\Response::FORMAT_GQL.
  • Added craft\web\View::renderSandboxedObjectTemplate().
  • Added craft\web\View::renderSandboxedString().
  • Added craft\web\View::renderSandboxedTemplate().
  • Added craft\web\twig\AllowedInSandbox. (#18219)
  • Added craft\web\twig\SecurityPolicy.
  • Added craft\web\twig\nodes\BaseNode.
  • craft\helpers\FileHelper::writeToFile() now throws an exception if the file path isn’t writable, or there isn’t sufficient free space on the disk. (#17762)
  • craft\helpers\UrlHelper now encodes square brackets in generated URLs. (#17840)
  • craft\web\Request::accepts() now accepts wildcard characters (*) in the $contentType argument, to check for a range of MIME types (e.g. application/*+json).
  • craft\web\Request::getAcceptsJson() now returns true for requests with Content-Type headers that match application/*+json, in addition to application/json.
  • The _includes/forms/radio.twig template now escapes the label variable. A raw HTML label can be passed by wrapping the label value in raw() or craft\helpers\Template::raw().
  • Craft.ui.createCheckbox() now escapes the config.label property. A raw HTML label can be passed via the config.labelHtml property.
  • Craft.ui.createSelect() now escapes options’ label properties. Raw HTML labels can be passed via labelHtml properties.

System

  • GraphQL API responses now set their Content-Type header to application/graphql-response+json.
  • GraphQL API responses now set cache headers based on whether a mutation was performed, regardless of the request type.
  • Global set queries no longer register cache tags.
  • A rate limit is now enforced for users/send-password-reset-email requests. (#17337)
  • Updated Yii to 2.0.54.
  • Updated Twig to 3.19. (#17603)
  • Fixed a bug where Table fields with the “Static Rows” setting enabled would lose track of which values belonged to which row headings, if the “Default Values” table was reordered. (#17090)
  • Fixed a bug where deadlocks could occur when updating elements’ search indexes. (#18139)
  • Fixed low-severity XSS vulnerabilities. (GHSA-4mgv-366x-qxvx)
  • Fixed a moderate-severity RCE vulnerability. (GHSA-v47q-jxvr-p68x)
  • Fixed moderate-severity permission escalation vulnerabilities. (GHSA-2xfc-g69j-x2mp, GHSA-jxm3-pmm2-9gf6)
Check out latest releases or
releases around craftcms/cms 4.17.0-beta.1

Don't miss a new cms release

NewReleases is sending notifications on new releases.

Get notifications