github decidim/decidim v0.27.5
on GitHub

latest releases: v0.28.1, v0.27.6, v0.26.10...
4 months ago

Security fixes

This release addresses several security issues:

  • CVE-2023-48220
  • CVE-2023-47634
  • CVE-2023-47635
  • CVE-2023-51447

The details regarding the security vulnerability will be published on February 20th 2024, which is two months after the release date of this version. For more information, please refer to our Security Policy.

Upgrade notes

As usual, we recommend that you have a full backup, of the database, application code and static files.

To update, follow these steps:

  1. Update your Gemfile: 
gem "decidim", "0.27.5"
gem "decidim-dev", "0.27.5"
  1. Run these commands to upgrade and make sure you get all the latest migrations: 
bundle update decidim
bin/rails decidim:upgrade
bin/rails db:migrate

And then follow the steps and commands detailed in these notes.

Deduplicating endorsements

We have identified a case when the same user can endorse the same resource multiple times. This is a bug that we have fixed in this release, but we need to clean up the existing duplicated endorsements. We have added a new task that helps you clean the duplicated endorsements. 

bundle exec rails decidim:upgrade:fix_duplicate_endorsements

You can see more details about this change on PR #11853

Fix component short links

We have identified that some of the short links for components are not working properly. We have added a new task that helps you fix the short links for components. 

bundle exec rails decidim:upgrade:fix_short_urls

You can see more details about this change on PR #12004

Changelog

Added

Nothing.

Changed

Nothing.

Fixed

  • decidim-accountability, decidim-blogs, decidim-budgets, decidim-debates, decidim-meetings, decidim-sortitions: Backport 'Nullable component setting generates error :comments_max_length' to v0.27 #11239
  • decidim-core: Raise exception in UserTimelineController if no user with the nickname provided #11465
  • decidim-budgets: Backport 'Fix ambiguous id column on projects query' to v0.27 #11482
  • decidim-core: Backport 'Encode non-ASCII characters on external links' to v0.27 #11499
  • Backport 'Revert "Lock ChromeDriver to the latest working version"' to 0.27 #11619
  • decidim-core: Backport 'Use left outer join instead of include in with_any_category scope' to v0.27 #11614
  • decidim-admin, decidim-assemblies, decidim-conferences, decidim-core, decidim-generators, decidim-participatory processes: Backport 'Update the Twitter icons and brand name to X' to v0.27 #11616
  • decidim-assemblies, decidim-participatory processes: Use with_any_scope instead of with_scope for assemblies and processes #11438
  • decidim-core: Fix password confirm validation error message #11625
  • decidim-core: Backport 'Fix PWA availability for organizations with forced sign in' to v0.27 #11805
  • decidim-surveys: Backport 'Add alert when publish a survey with answers' to v0.27 #11895
  • Backport 'Add "Tile usage" notice at the top of doc page for OSM maps and geocoding' to v0.27 #11890
  • decidim-core: Backport 'Update HERE API autocomplete' to v0.27 #11908
  • decidim-generators: Backport 'Fix Bootsnap configuration' to v0.27 #11896
  • decidim-conferences, decidim-meetings: Backport 'Fix conference venues meetings visibility' to v0.27 #11914
  • Backport 'Add 127.0.0.1 and 0.0.0.0 as secondary hosts in the Organization's seeds' to v0.27 #11911
  • decidim-budgets, decidim-comments: Backport 'Fix 'download your data' when there are comments on budgets' to v0.27 #11903
  • decidim-core: Backport 'Deletion of leftovers ZIP files in tmp directory' to v0.27 #11899
  • decidim-admin: Backport 'Sort components in "Add component" alphabetically' to v0.27 #11923
  • decidim-core: Backport 'Fix autocomplete result list duplicates' to v0.27 #11892
  • decidim-system: Backport 'Add admin's password confirmation validation in system' to v0.27 #11929
  • decidim-core: Backport 'Deletion of ZIP file in tmp folder OpenData export job' to v0.27 #11900
  • decidim-core: Backport 'Return the coordinates from Photon geocoding in correct order' to v0.27 #11915
  • decidim-core: Backport 'Raise an error if the export format is unknown' to v0.27 #11920
  • decidim-elections, decidim-forms, decidim-meetings: Backport 'Use UTC in the serializers for the date fields' to v0.27 #11925
  • decidim-templates: Backport 'Simplify the code related to questionnaire templates previews' to v0.27 #11930
  • Backport 'Add missing activerecord budget locales for search' to v0.27 #11941
  • decidim-meetings: Backport 'Display meeting button for unauthenticated users' to v0.27 #11945
  • decidim-core: Backport 'Fix possible JavaScript console error with geocoding inputs' to v0.27 #11942
  • decidim-system: Backport 'Extraction of i18n strings in system panel' to v0.27 #11951
  • decidim-core: Backport 'Fix missing results on Geocoded when search without diacritics' to v0.27 #11949
  • Backport 'Bump devise_invitable from v2.0.8 to v2.0.9' to v0.27 #11937
  • decidim-budgets: Backport 'Fix Permissions screen on budgets throw errors' to v0.27 #11904
  • decidim-initiatives: Backport 'Hide omnipresent in media print of initiatives' to v0.27 #11948
  • decidim-core: Backport 'Fix search when moderations are hidden' to v0.27 #11919
  • decidim-conferences, decidim-meetings: Backport 'Fix empty address in conference's venues ' to v0.27 #11910
  • decidim-system: Backport 'Add titles in system pages' to v0.27 #11953
  • decidim-meetings: Backport 'Don't show map with only online meetings in Content Block' to v0.27 #11961
  • Backport 'Support deploy to a subdirectory - direct_uploads' to v0.27 #11931
  • decidim-admin: Backport 'Redirect non-admin users to core's root_path' to v0.27 #11935
  • Backport 'Fix duplicated endorsements' to v0.27 #11974
  • decidim-initiatives: Backport 'Fix order initiatives by comments using the column instead of a subquery' to v0.27 #11983
  • decidim-proposals: Backport 'Fix order proposals by comments and follows using the column instead of a query' to v0.27 #11993
  • decidim-core: Backport 'Fix issues with the file uploader input display' to v0.27 #11731
  • decidim-core: Backport 'Fix shortlink references' to v0.27 #12007
  • decidim-assemblies: Backport 'Fix n+1 query on assemblies permissions' to v0.27 #12042
  • decidim-meetings: Backport 'Add link explicitly in the meetings' icalendar event' to v0.27 #12047
  • decidim-core: Fix filter by scope on search page #12036
  • Backport 'Add prerequirements to the manual installation tutorial' to v0.27 #12070
  • decidim-proposals: Backport 'Do not show the titles in the admin proposals page if there isn't any' to v0.27 #12046
  • decidim-debates: Backport 'Show message when there are no debates' to v0.27 #12071
  • decidim-blogs: Backport 'Show error message when there are no posts in blogs' to v0.27 #12054
  • Backport 'Lock ChromeDriver to 119.0.6045.105' to v0.27 #12162
  • decidim-meetings: Backport 'Don't use a CTA for canceling a registration in a meeting' to v0.27 #12050
  • Remove duplicated chromedriver setting in v0.27 #12182

Removed

Nothing.

Developer improvements

  • Backport 'Revert "Lock ChromeDriver to the latest working version"' to 0.27 #11619
  • Backport 'Add 127.0.0.1 and 0.0.0.0 as secondary hosts in the Organization's seeds' to v0.27 #11911

Internal

  • Backport "Lock ChromeDriver to the latest working version" to v0.27 #11392
  • Backport 'Revert "Lock ChromeDriver to the latest working version"' to 0.27 #11619

Previous versions

Please check release/0.27-stable for previous changes.

Check out latest releases or
releases around decidim/decidim v0.27.5

Don't miss a new decidim release

NewReleases is sending notifications on new releases.

Get notifications