⚠️ Potential Breaking Changes

• @directus/api
  • Dropped support for the SendGrid email transport option (#23392 by @McSundae)

✨ New Features & Improvements

• @directus/types
  • Add Prettify type helper (#23714 by @hanneskuettner)
• @directus/extensions-sdk
  • Added support for disabling terminal screen clearing on rebuild in watch mode (#23556 by @GuyShane)

🐛 Bug Fixes & Optimizations

• @directus/app
  • Fixed empty preview in Markdown interface (#23599 by @joselcvarela)
  • Fixed spacing of expand/collapse button in the data model view (#23581 by @formfcw)
  • Fixed dialog/drawer order when creating a bookmark in the collection view (#23505 by @hanneskuettner)
  • Fixed SVG truncation issue in image interface preview (#23389 by @SP12893678)
  • Fixed an issue that would cause custom role names to not be translated in the role navigation sidebar (#23651 by @SP12893678)
  • Fixed WYSIWYG interface to be updated when interface options are changed via conditions (#23773 by @SP12893678)
  • Improved behavior of the translations interface when setting 'use users language' option (#23597 by @SP12893678)
  • Fixed an issue blocking collection view after switching between Kanban bookmarks (#23774 by @hanneskuettner)
  • Improved calendar layout styling to be more consistent (#23550 by @formfcw)
  • Updated dependencies (#23796 by @renovate)
  • Ensured data in sidebar is re-fetched when switching pages while a sidebar pane is already opened (#23553 by @SP12893678)
  • Ensured errors occured within the cards layout are always shown (#23802 by @SP12893678)
  • Fixed format warnings in api/src/request/is-denied-ip.ts and app/src/interfaces/input-rich-text-html/input-rich-text-html.vue (#23584 by @ComfortablyCoding)
  • Fixed an issue that would cause log streaming to fail on Directus installations that use a subpath in the URL (#23569 by @JoshTheDerf)
  • Fixed an issue that could cause the color picker interface to crash when a invalid color was used and improved the UX of interacting with the text input of the color picker interface. (#23654 by @connorwinston)
  • Ensured users are redirected to the intended page after login via LDAP (#23788 by @mmsardar)
  • Fixed failing validation of $CURRENT_POLICIES and $CURRENT_ROLES in the filter interface (#23730 by @hanneskuettner)
  • Fixed the truncation of long collection names in the permission configuration interface (#23700 by @hanneskuettner)
• @directus/api
  • Updated dependencies (#23796 by @renovate)
  • Fixed format warnings in api/src/request/is-denied-ip.ts and app/src/interfaces/input-rich-text-html/input-rich-text-html.vue (#23584 by @ComfortablyCoding)
  • Fixed unit tests for get-address util (#23583 by @ComfortablyCoding)
  • Fixed injection of the $CURRENT_POLICIES into permissions (#23728 by @hanneskuettner)
  • Added option to sync SSO user information on login for LDAP, OpenID and OAuth2 (#23595 by @br41nslug)
  • Fixed an issue enforcing database specific Primary Key constraints on field updates for all vendors (#23706 by @ComfortablyCoding)
  • Added optional ignoreRules option to Schema Apply CLI (#23465 by @keesvanbemmel)
  • Fixed authentication handling between logs streaming and regular websocket connections (#23691 by @br41nslug)
• create-directus-project
  • Updated dependencies (#23796 by @renovate)
• @directus/components
  • Updated dependencies (#23796 by @renovate)
• @directus/extensions-registry
  • Updated dependencies (#23796 by @renovate)
• @directus/release-notes-generator
  • Updated dependencies (#23796 by @renovate)
• @directus/stores
  • Updated dependencies (#23796 by @renovate)
• @directus/storage-driver-s3
  • Updated dependencies (#23796 by @renovate)
• @directus/themes
  • Updated dependencies (#23796 by @renovate)
• @directus/update-check
  • Updated dependencies (#23796 by @renovate)
• @directus/utils
  • Updated dependencies (#23796 by @renovate)
• @directus/env
  • Added option to sync SSO user information on login for LDAP, OpenID and OAuth2 (#23595 by @br41nslug)
• @directus/sdk
  • Fixed the precedence of withToken if a token is already saved in the SDK instance (#23739 by @hanneskuettner)
  • Made the output types of SDK requests better readable in IDEs (#23494 by @fapspirit)
• @directus/schema
  • Fixed an issue that would cause a server crash on unexpected PostgreSQL database schema contents (#23664 by @rijkvanzanten)
• @directus/extensions-sdk
  • Prevented nesting bundle extensions via the extensions-sdk add command (#23663 by @ComfortablyCoding)
• @directus/extensions
  • Improve defineX typings to properly type the known config options (#23714 by @hanneskuettner)

📝 Documentation

• Fixed a typo in the docs (#23585 by @rijkvanzanten)

📦 Published Versions

• @directus/app@13.2.1
• @directus/api@23.0.0
• @directus/components@1.0.1
• @directus/composables@11.1.1
• create-directus-extension@11.0.3
• create-directus-project@11.0.1
• @directus/env@3.1.1
• @directus/extensions@2.0.2
• @directus/extensions-registry@2.0.2
• @directus/extensions-sdk@12.1.0
• @directus/memory@2.0.2
• @directus/pressure@2.0.1
• @directus/release-notes-generator@1.0.1
• @directus/schema@12.1.1
• @directus/storage-driver-azure@11.0.1
• @directus/storage-driver-cloudinary@11.0.2
• @directus/storage-driver-gcs@11.0.1
• @directus/storage-driver-s3@11.0.1
• @directus/storage-driver-supabase@2.0.1
• @directus/stores@1.0.1
• @directus/themes@1.0.1
• @directus/types@12.1.0
• @directus/update-check@12.0.1
• @directus/utils@12.0.1
• @directus/validation@1.0.1
• @directus/sdk@17.0.2

✨ New Features & Improvements

• @directus/app
  • Added support for creating database indexes on fields (#23149 by @ComfortablyCoding)
  • Ensured the opened detail in the sidebar is persisted across site navigation and reloads (per browser tab) (#23383 by @Dominic-Marcelino)
  • Added a system interface for showing a password field with visibility toggle (#23387 by @AlexGaillard)
  • Added item count to the notification drawer (#23414 by @Dominic-Marcelino)
  • Implemented selection mode for kanban layouts (#23489 by @hanneskuettner)
  • Added default view option to the markdown interface to select which view should be shown by default (#23353 by @hanneskuettner)
• @directus/api
  • Implemented logs websocket (#23016 by @licitdev)
  • Introduced the USER_INVITE_TOKEN_TTL option, allowing to configure the expiration of user invitations (#22986 by @matt-rolley)
  • Fixed OracleDB error when updating nullable option with the same value as before (#23436 by @jaads)
  • Enabled gen_random_uuid() to be used as default value for a field (#23359 by @jaads)
  • Added support for creating database indexes on fields (#23149 by @ComfortablyCoding)
• @directus/env
  • Implemented logs websocket (#23016 by @licitdev)
• @directus/schema
  • Added support for creating database indexes on fields (#23149 by @ComfortablyCoding)

🐛 Bug Fixes & Optimizations

• @directus/app
  • Ensured notifications are reloaded after manually running a Flow to provide users with the latest notifications generated by the Flow (#23381 by @Dominic-Marcelino)
  • Ensured warning about unsaved changes is displayed for Flows with custom confirmation config too (#23408 by @Dominic-Marcelino)
  • Improved selection label of the "New Tab" checkbox in the html rich text editor (#23502 by @simboonlong)
  • Added notice in notifications drawer when no items are found due to applied search/filter (#23428 by @paescuj)
  • Fixed styling issues with the related-values display (#21854 by @formfcw)
  • Added system logs to the app (#23066 by @licitdev)
  • Fixed the "Archive All" notifications functionality (#23411 by @Dominic-Marcelino)
  • Fixed a syntax error that did not correctly apply the border for the v-chip component (#23540 by @formfcw)
  • Prevented a crash in the Data Studio when switching to the "Date" type while configuring Datetime interface (#23384 by @SP12893678)
  • Dropped unused translations (#23503 by @hanneskuettner)
  • Fixed the image tune menu toggle state indication in the block editor interface (#23510 by @HeikoMueller)
  • Ensured the notifications unread count is updated when un-/archiving notifications (#23407 by @paescuj)
  • Improved the grid layout for radio and checkboxes interface (#23358 by @SP12893678)
• @directus/api
  • Fixed an issue that would prevent extensions from loading (#23492 by @rijkvanzanten)
  • Fixed server address undefined for graphql and websocket logs (#23488 by @ComfortablyCoding)
  • Fixed the length of icon fields in system collections, allowing to use icons with longer names (#23391 by @SP12893678)
  • Fixed SQL query generation for MSSQL queries that use field level permissions and sort (#23518 by @hanneskuettner)
  • Fixed the preprocessing of SQL bindings that is necessary to deduplicate identical value bindings for some SQL dialects (#23453 by @joselcvarela)
  • Fixed an issue that could cause the response cache to misbehave (769fa22 by @rijkvanzanten)
  • Fixed an issue that would cause local extensions built via workspaces to not be watched when extensions reload is active (#23100 by @bernatvadell)
  • Fixed the email.send filter to be usable in Flows in conjunction with the "Run Script" operation (#23446 by @joselcvarela)
  • Fixed the generated OpenAPI specs to include POST, PATCH and DELETE paths again (#23460 by @u12206050)
  • Fixed an issue where creating notifications could hang on SQLite (#23405 by @paescuj)
• @directus/memory
  • Fixed an issue that would prevent extensions from loading (#23492 by @rijkvanzanten)
• @directus/env
  • Fixed an issue that would prevent extensions from loading (#23492 by @rijkvanzanten)
  • Fixed server address undefined for graphql and websocket logs (#23488 by @ComfortablyCoding)
  • Expanded 0.0.0.0 matching of loopback ranges (8cbf943 by @br41nslug)
  • Introduced the USER_INVITE_TOKEN_TTL option, allowing to configure the expiration of user invitations (#22986 by @matt-rolley)
• @directus/sdk
  • Fixed an outdated property name in the permissions typing (#23380 by @EdouardDem)
  • Fix DirectusPolicy typescript declaration (#23442 by @Lfillon)
  • Reset attempts after reconnection failure (#23016 by @licitdev)
• @directus/specs
  • Fixed a duplicate operationId (d90d1bd by @rijkvanzanten)
• @directus/storage-driver-cloudinary
  • Fixed an issue that could cause cloudinary to throw an inconsistent chunk size (#23554 by @AndriyStankevych)

📝 Documentation

• Implemented logs websocket (#23016 by @licitdev)
• Fixed an issue that would prevent extensions from loading (#23492 by @rijkvanzanten)
• Added support for creating database indexes on fields (#23149 by @ComfortablyCoding)
• Fixed missing import in auth example (#23490 by @rijkvanzanten)

📦 Published Versions

• @directus/app@13.2.0
• @directus/api@22.2.0
• create-directus-extension@11.0.2
• @directus/env@3.1.0
• @directus/extensions@2.0.1
• @directus/extensions-registry@2.0.1
• @directus/extensions-sdk@12.0.2
• @directus/memory@2.0.1
• @directus/schema@12.1.0
• @directus/specs@11.0.1
• @directus/storage-driver-cloudinary@11.0.1
• @directus/types@12.0.1
• @directus/sdk@17.0.1

🐛 Bug Fixes & Optimizations

• @directus/api
  • Fixed an issue that would prevent extensions from loading (#23328 by @joselcvarela)
  • Fixed an issue that could cause the response cache to misbehave (4aace0b by @rijkvanzanten)
• @directus/memory
  • Fixed an issue that would prevent extensions from loading (#23328 by @joselcvarela)
• @directus/env
  • Fixed an issue that would prevent extensions from loading (#23328 by @joselcvarela)
  • Expanded 0.0.0.0 matching of loopback ranges (c1f3ccc by @rijkvanzanten)

📝 Documentation

• Fixed an issue that would prevent extensions from loading (#23328 by @joselcvarela)

📦 Published Versions

• @directus/app@12.2.3
• @directus/api@21.0.1
• @directus/env@1.3.2
• @directus/memory@1.0.12

✨ New Features & Improvements

• @directus/app
  • Added the option to select a default sort field in the O2M interface (#23019 by @alexvdvalk)
• @directus/composables
  • Enhanced & aligned item counts in collections, providing more detailed information (#22519 by @paescuj)

🐛 Bug Fixes & Optimizations

• @directus/app
  • Fixed bookmark duplication when rapidly switching between bookmarks (#23324 by @SP12893678)
  • Fixed translations interface that attempted to query the language direction field, even if unconfigured and unavailable (#23300 by @hanneskuettner)
  • Fixed readonly mutation to fields in the store via item drawer (#23277 by @azrikahar)
  • Fixed the sorting behavior when adding new items to a O2M relation that uses a string sort field (e.g. through manual (#23348 by @hanneskuettner)
    sorting in the table interface)
  • Enhanced & aligned item counts in collections, providing more detailed information (#22519 by @paescuj)
  • Improved WYSIWYG editor to hide the toolbar if no toolbar items are selected (#23310 by @Dominic-Marcelino)
  • Fixed the WYSIWYG interface to correctly apply the font configured in the interface settings (#23343 by @formfcw)
• @directus/api
  • Persist default value and nullable during field schema update (#23151 by @echocrow)
  • Fixed caching behavior of permissions that contain dynamic variables (#23321 by @hanneskuettner)
  • Fixed the permission application for relational _some and _none filters (#23272 by @hanneskuettner)
  • Fixed an issue where the first column would be missing when importing UTF-8 BOM CSV files (#23332 by @azrikahar)
  • Fixed sort field default for related o2m items in case of missing permissions (#23267 by @hanneskuettner)
  • Fixed typo for invalid aggregate query parameter log (#23334 by @azrikahar)
  • Fixed item permission checking for collections that have permissions with no field access (#23357 by @hanneskuettner)
  • Fixed deep groupBy queries for O2M relations, where results were not correctly grouped under their respective parent (#23279 by @hanneskuettner)
    items
  • Fixed the notification for finished file exports to be sent out to users without requiring any permissions on directus_notifications (#23336 by @azrikahar)
  • Fixed the retrieval of updatable singleton field permissions in the /permissions/me/<collection> endpoint (#23269 by @hanneskuettner)
  • Fixed permissions migration to work with more MySQL flavors (#23327 by @hanneskuettner)
  • Fixed "DB_CLIENT" Environment Variable is missing. appearing during directus init (#23256 by @ComfortablyCoding)
  • Fixed M2A querying when the user does not have access to all related collections (#23340 by @hanneskuettner)
  • Ensured payload validation accounts for preset data (#23346 by @hanneskuettner)

📦 Published Versions

• @directus/app@13.1.0
• @directus/api@22.1.1
• @directus/composables@11.1.0
• create-directus-extension@11.0.1
• @directus/extensions-sdk@12.0.1

There were a handful reports about the migrations from v10-v11 failing, so we pushed a couple patches to make it more reliable 🙂

✨ New Features & Improvements

• @directus/api
  • Added transaction retry mechanism for SQLite if a SQLITE_BUSY errors occurs (#23243 by @joggienl)
  • Added support for listening on unix sockets via a new UNIX_SOCKET_PATH variable (#23150 by @McSundae)
• @directus/env
  • Added support to provide a cast prefix to config variables which are read from a file using the _FILE suffix (#22164 by @joselcvarela)

🐛 Bug Fixes & Optimizations

• @directus/app
  • Removed update delay in the block editor interface (#23115 by @SP12893678)
  • Fixed list structure in draggable lists (#23116 by @SP12893678)
  • Fixed an issue that would cause the translations display not to use the correct language if the user relied on "system (#23240 by @danilobuerger)
    language"
• @directus/api
  • Improved policies migration to handle a missing foreign key on directus_permissions.role more gracefully (#23251 by @hanneskuettner)
  • Ensured the migrations are properly executed when bootstrapping MySQL (#23233 by @paescuj)
  • Fixed drop foreign key if has different constraint name on permissions policies migrations (#23253 by @joselcvarela)
  • Fixed the init CLI command for MySQL to use the new mysql2 package (#23231 by @paescuj)

📝 Documentation

• Added support for listening on unix sockets via a new UNIX_SOCKET_PATH variable (#23150 by @McSundae)
• Added support to provide a cast prefix to config variables which are read from a file using the _FILE suffix (#22164 by @joselcvarela)

📦 Published Versions

• @directus/app@13.0.1
• @directus/api@22.1.0
• @directus/env@3.0.0

Policies

Directus v11 contains a brand new permissions system that's based on policies. We've provided a migration, so the upgrade path is the same as with other releases. This is a big release, which changes the paradigm on how permissions are attached and executed. Please make a database backup before upgrading your version of Directus.

⚠️ Potential Breaking Changes

• @directus/app
  • Added a new policy based permissions system (#22773 by @rijkvanzanten)
• @directus/api
  • Replaced the database client library mysql with mysql2, used for MySQL/MariaDB (#22534 by @paescuj)
  • Added a new policy based permissions system (#22773 by @rijkvanzanten)
• @directus/extensions
  • Changed module preRegisterCheck signature to align with the changes made for Policies (#22773 by @rijkvanzanten)
• @directus/system-data
  • Added new collections and fields and updated existing fields and permissions needed for Policies (#22773 by @rijkvanzanten)
• @directus/types
  • Added new types and modified existing types required for Policies (#22773 by @rijkvanzanten)
• @directus/utils
  • Added new dynamic variables to parseFilter and added the processChunk helper (#22773 by @rijkvanzanten)

✨ New Features & Improvements

• @directus/api
  • Updated WebSocket subscriptions to include the new policies collection (#22773 by @rijkvanzanten)
  • Used explicit headings for CSV export (#23140 by @jaads)
  • Implemented new GraphQL queries for policies (#22773 by @rijkvanzanten)
• @directus/constants
  • Added permission actions constant (#22773 by @rijkvanzanten)
• @directus/sdk
  • Implemented new SDK functions for policies (#22773 by @rijkvanzanten)
• @directus/memory
  • Added new clear method to cache implementations (#22773 by @rijkvanzanten)
• @directus/errors
  • Added error extension to the ForbiddenError (#22773 by @rijkvanzanten)

🐛 Bug Fixes & Optimizations

• @directus/app
  • Ensured collections in system permissions interface are scrolled into view when added but out of view (#23036 by @paescuj)
  • Ensured the permissions table under policies is displayed correctly on mobile devices (#22985 by @paescuj)
  • Fixed table layout default query, to not include presetational fields (#22840 by @hanneskuettner)
  • Fixed missing policies in public role policy selection (#23192 by @hanneskuettner)
• @directus/api
  • Fixed groupBy behavior that resulted in an internal server error when used with relational item permissions (#23185 by @hanneskuettner)
  • Fixed an issue that would cause the API to return an error when a root field in a m2a builder was queried (#23181 by @rijkvanzanten)
  • Fixed reduceSchema to strip out collection the user does not have access to (#22916 by @hanneskuettner)
  • Fixed user counting where users were double counted and inactive users with policies were counted as well (#23184 by @rijkvanzanten)
  • Fixed filter creation in fetchPolicies for users without roles (#22936 by @hanneskuettner)
  • Fixed aggregation field existence and permission checks (#23022 by @hanneskuettner)
  • Fixed down migration erroring on post migration permissions (#23097 by @ComfortablyCoding)
  • Fixed permission checking for o2m related fields (#23199 by @hanneskuettner)
  • Ensured that policies attached to a user, role and parent roles are correctly prioritized (#22967 by @paescuj)
  • Ensured the default DB_FILENAME option from the Docker Image is not applied when using MySQL/MariaDB, fixing a corresponding warning (#22970 by @cliqer)
  • Fixed the policies migration for the case where permissions had been configured for the public role (#22811 by @paescuj)
  • Fix query error on some DB vendors when using multi relation sort (#22872 by @hanneskuettner)
  • Migrated NotificationsService to new policies system (#22914 by @hanneskuettner)
  • Fixed broken permissions for sorting of aggregate query when using the aggregate result as sort field (#23193 by @hanneskuettner)
  • Fixed an issue where keys in filter operand objects where incorrectly checked for field permissions (#22915 by @hanneskuettner)

📦 Published Versions

• @directus/app@13.0.0
• @directus/api@22.0.0
• @directus/components@1.0.0
• @directus/composables@11.0.0
• @directus/constants@12.0.0
• create-directus-extension@11.0.0
• create-directus-project@11.0.0
• @directus/env@2.0.0
• @directus/errors@1.0.0
• @directus/extensions@2.0.0
• @directus/extensions-registry@2.0.0
• @directus/extensions-sdk@12.0.0
• @directus/format-title@11.0.0
• @directus/memory@2.0.0
• @directus/pressure@2.0.0
• @directus/random@1.0.0
• @directus/release-notes-generator@1.0.0
• @directus/schema@12.0.0
• @directus/specs@11.0.0
• @directus/storage@11.0.0
• @directus/storage-driver-azure@11.0.0
• @directus/storage-driver-cloudinary@11.0.0
• @directus/storage-driver-gcs@11.0.0
• @directus/storage-driver-local@11.0.0
• @directus/storage-driver-s3@11.0.0
• @directus/storage-driver-supabase@2.0.0
• @directus/stores@1.0.0
• @directus/system-data@2.0.0
• @directus/themes@1.0.0
• @directus/tsconfig@2.0.0
• @directus/types@12.0.0
• @directus/update-check@12.0.0
• @directus/utils@12.0.0
• @directus/validation@1.0.0
• @directus/sdk@17.0.0

⚠️ Potential Breaking Changes

• @directus/api
  • Introduced created_on date field for files and adjusted uploaded_on to be updated with every upload (#23035 by @paescuj)

✨ New Features & Improvements

• @directus/api
  • Enabled caching of field information as part of schema caching (#19480 by @u12206050)
  • Enabled caching of foreign keys as part of schema caching (#19391 by @u12206050)
  • Introduced the email.send filter event, allowing to modify email options via Flows or Custom Extensions (#23024 by @joselcvarela)
• @directus/errors
  • Added InternalServerError (#22379 by @paescuj)

🐛 Bug Fixes & Optimizations

• @directus/app
  • Introduced created_on date field for files and adjusted uploaded_on to be updated with every upload (#23035 by @paescuj)
  • Fixed TUS file upload logic to include the file UUID to enable file info fetching (#23086 by @hanneskuettner)
  • Introduced the email.send filter event, allowing to modify email options via Flows or Custom Extensions (#23024 by @joselcvarela)
  • Ensured that the expand-collapse-buttons of the data model view appear just as important as they are (#22988 by @formfcw)
  • Ensured dropdown interface correctly handles case when no options are provided (#23092 by @SP12893678)
  • Ensured that the metadata of the Marketplace extension page is well aligned with the content column (#22980 by @formfcw)
  • Fixed SVG support on image interface (#23084 by @joselcvarela)
  • Added auto reset of value to dropdown interface after conditional update of options (#23007 by @SP12893678)
  • Fixed an issue that would cause the versioning dropdown to be displayed squashed on long version names (#23162 by @SP12893678)
  • Fixed an issue that would cause detail groups to be collapsed on save and stay (#23099 by @SP12893678)
  • Ensured the "Expand All/None" buttons under Data Model are only shown if there are grouped collections (#22989 by @paescuj)
  • Fixed an issue that could cause the calendar layout to crash on invalid dates (#23106 by @SP12893678)
  • Added first and last page buttons to pagination in relational interfaces (#23063 by @joselcvarela)
• @directus/api
  • Simplified schema caching by removing sharedSchemaCache (#23098 by @licitdev)
  • Redacted access_token in the query string when LOG_STYLE=raw (2e893f9 by @licitdev)
  • Fixed filename_disk extension not getting updated when replacing an image with another file extension (#23127 by @that1matt)
  • Added null filtering to equality operators (#23163 by @licitdev)
  • Ensured the error message of unknown errors is returned correctly for admin users (#22379 by @paescuj)
  • Treat exif metadata as a progressive enhancement by no longer crashing a file upload on metadata load failure (#23075 by @rijkvanzanten)
  • Fixed environment variable parsing to always convert to number of bytes (#22957 by @hanneskuettner)
  • Fixed an issue where the query trace logger could lead to a crash with a failing query on MySQL (#23095 by @paescuj)
  • Fixed TUS file upload logic to include the file UUID to enable file info fetching (#23086 by @hanneskuettner)
  • Ensured ASSETS_TRANSFORM_IMAGE_MAX_DIMENSION is also respected for extraction of metadata during image upload (#23064 by @AndriyAntonenko)
  • Fixed cached schema infinite loop in slow network environments (#23141 by @joselcvarela)
  • Fixed an issue that would cause the logger redactor to fail when an invalid URL was requested (#22960 by @rijkvanzanten)
• @directus/types
  • Added null filtering to equality operators (#23163 by @licitdev)
  • Introduced created_on date field for files and adjusted uploaded_on to be updated with every upload (#23035 by @paescuj)
• @directus/system-data
  • Introduced created_on date field for files and adjusted uploaded_on to be updated with every upload (#23035 by @paescuj)
  • SDK removed dependency on system-data package (#23146 by @br41nslug)
• @directus/specs
  • Introduced created_on date field for files and adjusted uploaded_on to be updated with every upload (#23035 by @paescuj)
• @directus/sdk
  • SDK removed dependency on system-data package (#23146 by @br41nslug)
  • Disabled websocket reconnection after manual disconnection (#23065 by @licitdev)
  • Fixed built-in collection merging for SDK relational fields (#21089 by @br41nslug)
• @directus/schema
  • Fixed remaining performance issues with schema introspection on MS SQL (#23198 by @paescuj)

📝 Documentation

• Updated regions on Cloud list (#23074 by @joselcvarela)

📦 Published Versions

• @directus/app@12.2.2
• @directus/api@21.0.0
• @directus/composables@10.1.16
• create-directus-extension@10.1.15
• @directus/env@1.3.1
• @directus/errors@0.4.0
• @directus/extensions@1.0.10
• @directus/extensions-registry@1.0.10
• @directus/extensions-sdk@11.0.10
• @directus/memory@1.0.11
• @directus/pressure@1.0.22
• @directus/schema@11.0.4
• @directus/specs@10.2.11
• @directus/storage-driver-azure@10.0.24
• @directus/storage-driver-cloudinary@10.0.24
• @directus/storage-driver-gcs@10.0.25
• @directus/storage-driver-s3@10.1.1
• @directus/storage-driver-supabase@1.0.16
• @directus/system-data@1.1.1
• @directus/themes@0.3.11
• @directus/types@11.2.1
• @directus/utils@11.0.11
• @directus/validation@0.0.19
• @directus/sdk@16.1.2

⚠️ Potential Breaking Changes

• @directus/app
  • Added a new policy based permissions system (#22773 by @rijkvanzanten)
• @directus/api
  • Replaced the database client library mysql with mysql2, used for MySQL/MariaDB (#22534 by @paescuj)
  • Added a new policy based permissions system (#22773 by @rijkvanzanten)
• @directus/utils
  • Added new dynamic variables to parseFilter and added the processChunk helper (#22773 by @rijkvanzanten)
• @directus/types
  • Added new types and modified existing types required for Policies (#22773 by @rijkvanzanten)
• @directus/extensions
  • Changed module preRegisterCheck signature to align with the changes made for Policies (#22773 by @rijkvanzanten)
• @directus/system-data
  • Added new collections and fields and updated existing fields and permissions needed for Policies (#22773 by @rijkvanzanten)

✨ New Features & Improvements

• @directus/api
  • Updated WebSocket subscriptions to include the new policies collection (#22773 by @rijkvanzanten)
  • Implemented new GraphQL queries for policies (#22773 by @rijkvanzanten)
• @directus/constants
  • Added permission actions constant (#22773 by @rijkvanzanten)
• @directus/sdk
  • Implemented new SDK functions for policies (#22773 by @rijkvanzanten)
• @directus/memory
  • Added new clear method to cache implementations (#22773 by @rijkvanzanten)
• @directus/errors
  • Added error extension to the ForbiddenError (#22773 by @rijkvanzanten)

🐛 Bug Fixes & Optimizations

• @directus/app
  • Fixed table layout default query, to not include presetational fields (#22840 by @hanneskuettner)
• @directus/api
  • Fixed reduceSchema to strip out collection the user does not have access to (#22916 by @hanneskuettner)
  • Fixed environment variable parsing to always convert to number of bytes (#22957 by @hanneskuettner)
  • Fixed filter creation in fetchPolicies for users without roles (#22936 by @hanneskuettner)
  • Fixed the policies migration for the case where permissions had been configured for the public role (#22811 by @paescuj)
  • Fix query error on some DB vendors when using multi relation sort (#22872 by @hanneskuettner)
  • Migrated NotificationsService to new policies system (#22914 by @hanneskuettner)
  • Fixed an issue where keys in filter operand objects where incorrectly checked for field permissions (#22915 by @hanneskuettner)
  • Fixed an issue that would cause the logger redactor to fail when an invalid URL was requested (#22960 by @rijkvanzanten)

📦 Published Versions

• @directus/app@13.0.0-rc.2
• @directus/api@21.0.0-rc.0
• @directus/composables@10.1.16-rc.0
• @directus/constants@11.1.0-rc.1
• create-directus-extension@10.1.15-rc.0
• @directus/env@1.3.1-rc.0
• @directus/errors@0.4.0-rc.1
• @directus/extensions@2.0.0-rc.1
• @directus/extensions-registry@1.0.10-rc.0
• @directus/extensions-sdk@11.0.10-rc.0
• @directus/memory@1.1.0-rc.1
• @directus/pressure@1.0.22-rc.0
• @directus/storage-driver-azure@10.0.24-rc.0
• @directus/storage-driver-cloudinary@10.0.24-rc.0
• @directus/storage-driver-gcs@10.0.25-rc.0
• @directus/storage-driver-s3@10.1.1-rc.0
• @directus/storage-driver-supabase@1.0.16-rc.0
• @directus/system-data@2.0.0-rc.1
• @directus/themes@0.3.11-rc.0
• @directus/types@12.0.0-rc.1
• @directus/utils@12.0.0-rc.1
• @directus/validation@0.0.19-rc.0
• @directus/sdk@16.2.0-rc.1

✨ New Features & Improvements

• @directus/api
  • Added support for the ADMIN_TOKEN environment variable (#22724 by @burka)
• @directus/env
  • Added support for the ADMIN_TOKEN environment variable (#22724 by @burka)

🐛 Bug Fixes & Optimizations

• @directus/app
  • Fixed an issue causing the tus uplaods not to respect the relative path of the app (#22918 by @JoshTheDerf)
• @directus/api
  • Fixed truncating of results when sorted by relational field (#22787 by @VincentKempers)
  • Fixed reliance on tus_id field when reading files, even if TUS is not enabled (#22929 by @hanneskuettner)
  • Prioritized access_token in query over cookies for websocket authentication (#22888 by @useEffects)
  • Added error logging for TUS write errors (#22954 by @hanneskuettner)
  • Fixed cookie authentication in websocket strict mode (#22912 by @br41nslug)
  • Optimized the type signature of the items service collection parameter (#22896 by @Dominic-Preap)

📝 Documentation

• Added support for the ADMIN_TOKEN environment variable (#22724 by @burka)

📦 Published Versions

• @directus/app@12.2.1
• @directus/api@20.1.0
• @directus/env@1.3.0

⚠️ Potential Breaking Changes

• @directus/api
  • Ensured service integrity, by calling corresponding specified services out of other services (#22738 by @paescuj)
  • Included admin users under the app access limit (#22760 by @licitdev)

✨ New Features & Improvements

• @directus/app
  • Added toggles to quickly expand or collapse all rows on the data model view (#22780 by @drennvinn)
  • Added a default preset for bookmarks to display the relevant fields by default (#22699 by @paescuj)
  • Implemented support for chunked uploads using the TUS protocol (#22901 by @br41nslug)
• @directus/api
  • Implemented support for chunked uploads using the TUS protocol (#22901 by @br41nslug)
• @directus/env
  • Implemented support for chunked uploads using the TUS protocol (#22901 by @br41nslug)
• @directus/storage
  • Implemented support for chunked uploads using the TUS protocol (#22901 by @br41nslug)
• @directus/storage-driver-local
  • Implemented support for chunked uploads using the TUS protocol (#22901 by @br41nslug)
• @directus/storage-driver-s3
  • Implemented support for chunked uploads using the TUS protocol (#22901 by @br41nslug)
• @directus/system-data
  • Implemented support for chunked uploads using the TUS protocol (#22901 by @br41nslug)
• @directus/types
  • Implemented support for chunked uploads using the TUS protocol (#22901 by @br41nslug)

🐛 Bug Fixes & Optimizations

• @directus/app
  • Improved bookmark edit view, arranging fields by purpose and giving more space to the filter (#22701 by @paescuj)
  • Include image file extensions inside WYSIWYG (#22789 by @that1matt)
  • Fixed the input pattern check in the filter component (#22697 by @paescuj)
  • Improved tooltip arrow rendering for high resultion displays (#22858 by @hanneskuettner)
• @directus/api
  • Fixed session verification for shares (#22865 by @ikovac)
  • Fixed an issue where copying-to-clipboard displayed a success notification even though it failed (#22797 by @DanielBiegler)
  • Added missing share ID when refreshing/updating share sessions (#22867 by @paescuj)
  • Added total file size to the telemetry report (#22736 by @licitdev)
  • Fixed error extraction for MySQL unique primary key constraints (#22434 by @hanneskuettner)
  • Fixed an issue that would ignore the filename_disk value if it was provided during file uploads (#22848 by @rijkvanzanten)
  • Fixed an issue that could cause time type fields to be treated as a string in GraphQL (#22726 by @joselcvarela)
  • Fixed the interpretation of CORS config options, allowing to use "falsy" values like CORS_ORIGIN: false and CORS_MAX_AGE: 0 (#22721 by @joselcvarela)
• @directus/system-data
  • Fixed an issue that caused the uploaded_on time to be set in a different format than modified_on in SQLite (#22885 by @rijkvanzanten)
  • Added missing system relations to prevent them showing up in a schema snapshot (#22844 by @hanneskuettner)
• @directus/storage-driver-cloudinary
  • Fixed upload resource type guessing to consider the file extension in a case insensitive manner (#22744 by @hanneskuettner)
• @directus/sdk
  • Fixed an issue where request could sometimes fail when using a custom storage implementation with async setter (#22672 by @br41nslug)
• @directus/errors
  • Added primaryKey flag in RecordNotUniqueError extensions (#22434 by @hanneskuettner)

📦 Published Versions

• @directus/app@12.2.0
• @directus/api@20.0.0
• @directus/composables@10.1.15
• create-directus-extension@10.1.14
• @directus/env@1.2.0
• @directus/errors@0.3.3
• @directus/extensions@1.0.9
• @directus/extensions-registry@1.0.9
• @directus/extensions-sdk@11.0.9
• @directus/memory@1.0.10
• @directus/pressure@1.0.21
• @directus/storage@10.1.0
• @directus/storage-driver-azure@10.0.23
• @directus/storage-driver-cloudinary@10.0.23
• @directus/storage-driver-gcs@10.0.24
• @directus/storage-driver-local@10.1.0
• @directus/storage-driver-s3@10.1.0
• @directus/storage-driver-supabase@1.0.15
• @directus/system-data@1.1.0
• @directus/themes@0.3.10
• @directus/types@11.2.0
• @directus/utils@11.0.10
• @directus/validation@0.0.18
• @directus/sdk@16.1.1

Links

• Release video overview
• Update instructions
• Update details on blog

Full List of Changes

• Added ability to configure the PDF export command timeout. (#5119)
• Added new Lexical based editor. (#5058)
• Added not operator to search. (#4536)
• Added OpenSearch support. Thanks to @maximilian-walter. (#5198)
• Added SAS and R code language support. (#5206)
• Added search term negation support. (#5239)
• Added Welsh language to language list. (#5240)
• Updated dompdf and bacon-qr-code libraries to new major versions. (#5222)
• Updated page editor type to always exist in API and database. (#5117)
• Updated translations with latest Crowdin changes. (#5188)
• Updated user account creation to provide better email failure feedback. (#5195)
• Fixed drifting search icon on smaller screen sizes. (#5204)

• Milestone

This is a quality-focussed release for the 1.24.x series meant to provide a good product to people blocked on PHP 7.4, while we will increase the requirements to PHP 8.1+ from the next release.

A few highlights ✨:

• Last version supporting PHP 7.4 before requiring PHP 8.1+
• Last version supporting PostgreSQL 9.5 before requiring PostgreSQL 10+
• Last version supporting MariaDB 5.5 before requiring MariaDB 10.0.5+
• Last version supporting MySQL 5.5.3 before requiring MySQL 8+
• Many bug and regression fixes

This release has been made by @Alkarex, @math-GH and newcomer @pando85

Full changelog:

• Bug fixing
  • Fix mark-as-read from user query #6738
  • Fix regression for shortcut to move between categories #6741
  • Fix feed title option #6771
  • Fix XPath for HTML documents with broken root (used by CSS selectors to fetch full content) #6774
  • Fix UI regression in Mapco/Ansum themes #6740
  • Fix minor style bug with some themes #6746
  • Fix export of OPML information for date format of JSON and HTML+XPath feeds #6779
• Security
  • OpenID Connect better definition of session parameters #6730
• Compatibility
  • Last version supporting PHP 7.4
• Misc.
  • Use charset for JSON requests from the UI #6710
  • Use .html extension for the local cache of full content pages instead of .spc #6724
  • Update dev dependencies #6739, #6758,
    #6759, #6760

Security Release

• Update Instructions
• Update details on blog

BookStack v24.05.4 has been released.

This is a security release to address issues found in LDAP group syncing, where in certain scenarios a user could be matched to extra roles incorrectly, and an issue with content visibility in "book-show" API responses which would not have permissions applied properly.

Upgrade is strongly advised for instances where LDAP authentication is used with group syncing, or where the REST API is used to fetch contents of books ("books-read" endpoint).

Thanks to Linus Nagel and their team at WorkSimple GmbH for reporting this API vulnerability.

Full List of Changes

• Updated API docs with consistent parameter types. (#5183)
• Updated default content iframe embed max-width to align with other content types. (#5130)
• Updated LDAP group sync to query via full DN.
• Updated translations with latest Crowdin changes. (#5118)
• Fixed books read API response not applying visibility control to chapter contents.
• Fixed API docs users response showing extra property. (#5178)
• Fixed database error thrown when using out dev docker setup. (#5124)
• Fixed RTL display issues with tasklist checkboxes. (#5134)

• Milestone

This is a quality-focussed release for the 1.24.x series meant to provide a good product to people blocked on PHP 7.4, while we will increase the requirements to PHP 8.1+ from the next 1.25.x series.

A few highlights ✨:

• New global option to automatically add articles to favourites
• New option to share articles from the article title line
• Add core extensions, shipped by default: UserCSS and UserJS
• Security: Force log out of users when they are disabled
• Many bug and regression fixes

This release has been made by @Alkarex, @ColonelMoutarde, @den13501, @hkcomori, @math-GH
and newcomers @dservian, @crisukbot, @TomW1605

Full changelog:

• Features
  • New global option to automatically add articles to favourites #6648
  • New possibility to share a user query in JSON GReader format #6655
  • New fields image and description for user query share #6541
  • Show article first words when an article title is empty #6240
  • New option to share articles from the article title line #6395
  • Improve JSON Dot Notation module to access more string-friendly types #6631
  • Improve detection of image types for enclosures not providing a type #6653
  • Add sharing to archive.is #6650
• Security
  • Force log out of users when they are disabled #6612
  • Increase default values for OpenID Connect OIDCSessionMaxDuration and OIDCSessionInactivityTimeout #6642
  • Add default API CORS HTTP headers to shareable user queries #6659
• Bug fixing
  • Fix parentheses for complex OR Boolean search expressions #6672
  • Fix keep max unread #6632
  • Fix regression in mark as read upon gone #6663
  • Fix regression on mark duplicate titles as read for modified articles #6664
  • Fix regression for Fever API, remove dependency to Exif extension #6624
  • Fix muted feeds for WebSub #6671
  • Fix performance / deadlock of PostgreSQL and MySQL / MariaDB during schema updates #6692
  • Fix HTTP cache of main page (regression since 1.18.0) #6719
  • Fix HTTP cache of shareable user queries #6718
  • Fix HTTP cache for feeds with modified Last-Modified when content is not modified #6723
• Extensions
  • Add core extensions, shipped by default: UserCSS and UserJS #6267
    • Replaces CustomCSS and CustomCS extensions
  • Strong type array parameter helper #6661
• CLI
  • Add quiet option to cli/db-backup.php #6593
• Compatibility
  • Initial support for PHP 8.4+ #6615
    • With upstream contributions php/php-src#14873, PhpGt/CssXPath#227
  • Fix SQLite on FreeBSD due to DQS #6701, #6702
• Deployment
  • Docker default image (Debian 12 Bookworm) updated to PHP 8.2.20 and Apache 2.4.61
  • Docker alternative image updated to Alpine 3.20 with PHP 8.3.10 and Apache 2.4.62 #5383
  • Docker: Alpine dev image freshrss/freshrss:newest updated to PHP 8.4.0beta3 and Apache 2.4.62 #5764
• UI
  • Default dark mode to auto #5582
  • New option to control action icons position in reading view #6297
  • Sticky buttons at the bottom of settings #6304
  • Various UI and style improvements #6446, #6485,
    #6651
• I18n
  • Czech: use correct ISO 639-1 code cs (and not cz, which is the country) #6514
  • Improve Japanese #6564
  • Improve Spanish #6634
  • Improve Traditional Chinese #6691
• Misc.
  • Pass PHPStan Level 9 #6544
  • Migrate to ESLint 9 #6685
  • Minor update of PHPCS whitespace / formatting rules #6666
  • Markdownlint no-trailing-spaces #6668
  • Removed sharing with Blogotext #6225
  • Code improvements #6043
  • Update dev dependencies #6606, #6614,
    #6679, #6681, #6682,
    #6683, #6684

Links

• Update instructions

Full List of Changes

This release contains the following fixes and changes:

• Updated translations with latest Crowdin changes. (#5065)
• Updated callouts with LTR text handling where supported. (#5104)
• Updated project PHP and JavaScript dependencies.
• Fixed blocked diagrams.net loading when using a custom URL that includes a port. (#5107)
• Fixed OIDC incorrectly calling userinfo endpoint when valid empty groups provided. (#5101)
• Fixed image replacement being case-sensitive when it should not be. Thanks to @DanielGordonIT. (#5096) (#5095)
• Fixed HTML code block highlighting when custom self-closing tags are used. (#5078)
• Fixed testing when custom ALLOWED_IFRAME_SOURCES is set. Thanks to @mueller-contria. (#5069) (#5068)

Links

• Update instructions

Full List of Changes

This release contains the following fixes and changes:

• Fixed initial page publish changelog message not being saved if set. (#5056)
• Fixed incorrect WYSIWYG code shortcut reference. Thanks to @bradenterpstra01. (#5036)
• Added role create/update validation to warn about too-long external auth ID values. (#5037)
• Updated GIF thumbnail generation to no support animation, to avoid issues with large-frame-count GIFs. (#5029)
• Updated translations with latest Crowdin changes. (#5022)
• Updated backup code description text to clarify their use. (#5017)
• Updated docker-compose.yml to remove deprecated version. Thanks to @michaelortnerit. (#5052)

Security Release

• Update Instructions
• Update details on blog

BookStack v24.05.1 has been released.
This is a security release that adds extra rate-limiting to some forms that are accessible without authentication, while also implementing changes to prevent methods that could be used to indicate if specific user emails exist in the system.

Upgrade is advised for instances accessible on the public web.

Full List of Changes

• Updated PHP dependencies.
• Updated routes with IP-based rate limiting. (#4993)
• Updated email confirmation flow to not require email submission form.
• Updated translations with latest Crowdin changes. (#4994)
• Updated WYSIWYG alignment handling to also consider table align attributes. (#5011)
• Fixed attachment upload validation errors appearing as JSON. (#4996)
• Fixed incorrect notification preferences URL in email. Thanks to @KiDxS. (#5008, #5005)
• Fixed non-visible MFA setup titles in dark mode. (#5018)
• Fixed outdated path in visual theme system guidance. (#4998)
• Fixed potential cache permission issues by reverting cache location. (#4999)

Links

• Release video overview
• Update instructions
• Update details on blog

Upgrade Notices

• PHP Version Requirement Change - The minimum supported PHP version has changed from PHP 8.0.2 to PHP 8.1 in this release. Please see our "Updating PHP & Composer" documentation page for guidance on updating PHP.
• Composer Version Requirement Change - The minimum supported composer version has changed from v2.0 to v2.2 in this release. Please see our "Updating PHP & Composer" documentation page for guidance on updating Composer.
• Page Content - Text links in page content will now be underlined by default for accessibility. Refer to the release blogpost for an simple customization to override & revert this if desired.
• PDF Exports - The WKHTMLTOPDF option is now considered deprecated, with the alternative being the newly added EXPORT_PDF_COMMAND which is detailed in our documentation here. The WKHTMLTOPDF option will though remain supported for a number of feature releases though to avoid unexpected breaking changes.
• OIDC Authentication - The OIDC "userinfo" endpoint may now be called in very rare scenarios where not all expected claims were being properly provided in the user ID Token, which could alter the details used for new users on access, and the groups obtained for user group/role sync, but only in edge case scenarios where functionality was not matching configuration before the update.
• LDAP Authentication - The LDAP_USER_FILTER BookStack option now uses {user} as a placeholder instead of ${user} by default. The older ${user} placeholder format is still supported but you may want to use the new format instead. This should not cause any issues on existing instances, unless {user} was used as a literal part of your user filter which would be very unlikely.

Full List of Changes

• Added new command-based PDF export option. (#4969, #4732)
• Added Audit Log API list endpoint. (#4987, #4316)
• Added LDAP option to provide a custom CA cert. Thanks to @mmoore2012. (#4985, #4913)
• Added OIDC userinfo endpoint support. Thanks to @LukeShu. (#4955, #4726, #3873)
• Added simple registration form honeypot. Thanks to @nesges. (#4970)
• Added Scala to list of supported languages in code blocks. (#4953)
• Added licenses page supported by licenses list building process. (#4907)
• Updated app framework from Laravel 9 to 10. (#4903)
• Updated content links to be underlined by default for accessibility. (#4939)
• Updated dev Dockerfile with improvements. Thanks to @C0rn3j. (#4895)
• Updated included images with extra compression to save data. Thanks to @C0rn3j. (#4904)
• Updated JS build system to split markdown-focused packages to own file. (#4930, #4858)
• Updated LDAP user filter option to support new placeholder format. (#4967)
• Updated minimum required PHP version from 8.0 to 8.1. (#4894, #4893)
• Updated translations with latest Crowdin changes. (#4890)
• Fixed code direction in WYSWIYG editor lacking direction support in code editor. (#4943)
• Fixed difference of line-heights for paragraphs in tables between editor and page view. (#4960)
• Fixed extra space at the beginning of a translation. Thanks to @johnroyer. (#4972)
• Fixed failing drag and drop of attachments into editor on Chrome. (#4975)
• Fixed incorrect tag counts when tagged items are in the recycle bin. (#4892)
• Fixed WYSIWYG object embeds in the editor showing image toolbar button. (#4974)
• Fixed WYSIWYG table cell format handling which could clear styles unexpectedly. (#4964)

Links

• Update instructions

Full List of Changes

This release contains the following fixes and changes:

• Fixed non-working "Open Link In..." option for description editors. (#4925)
• Fixed failed reference loading when references are from recycle bin items. (#4918)
• Fixed failed code block rendering when a code language was not set. (#4917)
• Updated page editor max content widths to align with page display. (#4916)

Links

• Update instructions

Full List of Changes

This release contains the following fixes and changes:

• New version to address missed version and asset changes in v24.02.1. (#4889)

Links

• Update instructions

Full List of Changes

This release contains the following fixes and changes:

• Updated translations with latest Crowdin changes. (#4877)
• Updated breadcrumb book & shelf lists to be name-ordered. (#4876)
• Updated MFA inputs to avoid auto-complete. Thanks to @ImMattic. (#4849)
• Fixed non-breaking spaces causing combined words in page navigation. (#4836)
• Fixed page navigation click not jumping to headers in nested collapsible blocks. (#4878)

Links

• Release video overview
• Update instructions
• Update details on blog

Upgrade Notices

• Security - The v23.12 branch of BookStack recently had a security release, which you can find details of in our v23.12.3 blogpost.
• Comments - The ability to use markdown content in comments has been removed in this release, replaced by a WYSIWYG editor. Markdown in comments was a fairly hidden feature though so was not commonly utilised. Existing markdown comments will remain although formatting may be lost if old markdown comments are edited.
• Commands - The "Regenerate Comment Content" command has been removed in this release since this action is now redundant.
• OIDC Authentication - Proof Key for Code Exchange (PKCE) support has been added to BookStack OIDC authentication. This should not affect existing OIDC use but you may want to enforce PKCE to be required for BookStack on your authentication system, if supported, for extra security.

Full List of Changes

• Added simple WYSIWYG comment editor inputs. (#4815, #3018)
• Added default page templates for chapters. Thanks to @Man-in-Black. (#4750, #4764)
• Added PKCE support for OIDC. (#4804, #4734)
• Added "Clear table formatting" & "Resize to contents" WYSIWYG table options. (#4845)
• Added "Toggle header row" button to table toolbar in WYSWIYG editor. (#985)
• Added attachment serving range request support. (#4758, #3274)
• Added new AUTH_PRE_REGISTER logical theme event. (#4833)
• Updated app entity loading to be more efficient and avoid global addSelects. (#4827, #4823)
• Updated book/shelf cover image wording to make sizing in usage clearer. (#4748)
• Updated PWA manifest to allow landscape use. Thanks to @shashinma. (#4828)
• Updated redirect handling to reduce chance of redirecting to images. (#4863)
• Updated some EN text for consistency/readability. (#4794)
• Updated WYSIWYG editor with improved cell selection formatting clearing. (#4850)
• Updated WYSIWYG text direction & alignment controls to work more reliably on complex structures. (#4843)
• Fixed breadcrumb dropdowns being partially out of view on mobile screen sizes. (#4824)
• Fixed description WYSIWYG not respecting RTL text. (#4810)
• Fixed header bar collapse on smaller screen sizes when no name or logo is used. (#4841)
• Fixed incorrect pagination display in RTL layout. (#4808)
• Fixed JavaScript error logged on WYSIWYG editor load due to how custom styles were imported. (#4814)
• Fixed scrollbars showing on WYSIWYG table cell range selection in some browsers. (#4844)
• Fixed WYSIWYG code block text direction controls not being respected. (#4809)

Security Release

• Update Instructions
• Update details on blog

BookStack v23.12.3 has been released.
This is a security release that addresses a vulnerability in PDF generation that could be exploited to perform blind server-side-request forgery.

Upgrade is advised where untrusted users have permission to create/edit/update page content in your instance.

Full List of Changes

• Updated PHP dependencies, primarily to update php-svg-lib package.

Links

• Update instructions

Full List of Changes

This release contains the following fixes and changes:

• Fixed attachment list ctrl-click not opening attachments inline. (#4782)
• Updated translations with latest Crowdin changes. (#4779)
• Fixed entity selector popup pre-fill not searching term as expected. (#4778)

Links

• Update instructions

Full List of Changes

This release contains the following fixes and changes:

• Fixed chapter API missing expected "book_slug" field. (#4765)
• Updated translations with latest Crowdin changes. (#4747)

• Milestone

This is a bug-fix release for the 1.24.0 release, addressing several regressions.

A few highlights ✨:

• New button to export OMPL of a category
• Many bug fixes

This release has been made by @Alkarex, @math-GH, and newcomers @ramazansancar, @robinmetral

Full changelog:

• Features
  • New button to export OMPL of a category #6519
  • Better git error messages in built-in Web update #6496
• Bug fixing
  • Fix regression HTTP GET curl options #6492
  • Fix regression of mark as read if an identical title already exists #6536, #6543
  • Fix connection to PostgreSQL databases with uppercase letters #6482
  • Fix UI regression hover over title while having the navigation buttons in mobile view #6486
  • Fix UI for some drag & drops #6505, #6508
• i18n
  • Improve Czech #6504
  • Improve Turkish #6506
• Misc.
  • Update dev dependencies #6525, #6526, #6528,
    #6529, #6530

• Milestone
• Discussion

A few highlights ✨:

• New shareable user query mechanism to share lists of articles by HTML, RSS, OPML
  • Deprecates RSS sharing with master token
• New CLI for database backup & restore
  • Can also be used to migrate from one database to another, or to upgrade SQLite schema
• New JSON scraping mode to consume JSON data and JSON Feeds
• New support for HTTP POST
• New option to automatically add labels to incoming articles
• New button to download a feed configuration as OPML
• Many bug fixes

This release has been made by several contributors: @aledeg, @Alkarex, @andris155, @CilgaIscan, @cn-tools, @den13501, @eta-orionis, @Frenzie, @FromTheMoon85, @gmgall, @hkcomori, @jakopo87, @laxmanpradhan, @loviuz, @math-GH, @MayMeow, @OctopusET, @PedroPMS, @roughnecks, @soniyaprasad77, @th0mcat, @thomasrenes, @tiborepcek, @wolfpld, @yzqzss, @zukizukizuki
and several newcomers @eta-orionis, @gmgall, @hkcomori, @jakopo87, @jgtorcal, @krm-shrftdnv, @laxmanpradhan, @loviuz, @PedroPMS, @roughnecks, @soniyaprasad77, @th0mcat, @zukizukizuki

Full changelog:

• Features
  • New shareable user query mechanism to share list of articles by HTML, RSS, OPML #6052
    • Deprecates RSS sharing with master token
  • New JSON scraping mode to consume JSON data #5662, #6317,
    #6369, #6476
  • New support for JSON Feeds #5662
  • New support for HTTP POST #5662
  • New options to automatically add labels to incoming articles #5954
  • New button to download a feed configuration as OPML #6312
  • Web scraping support more encodings such as EUC-JP #6112
  • Web scraping support password-protected queries (refactor some cURL options and use CURLOPT_USERPWD) #6177
  • Web scraping HTTP GET allow UTF-8 even when charset is far from top #6271
  • Allow manual refresh of disabled feeds #6408
  • Allow multiple authors on enclosures #6272
  • New system option in data/config.php for number of feeds to refresh in parallel from UI #6124
• CLI
  • New CLI for database backup & restore #6387
    • Can also be used to migrate from one database to another, or to upgrade SQLite schema
    • ./cli/db-backup.php ; ./cli/db-restore.php
  • Improve CLI parameters #6028, #6036,
    #6099, #6214
  • Fix i18n cli/manipulate.translation.php ignore behaviour #6041
• API
  • New compatible app Read You #4633, #6050
  • Reduce API memory consumption #6137
  • Allow negative feed IDs for future special cases #6010
  • Only return OK for requests without query parameters #6238
• Bug fixing
  • Better account for some edge cases for cron and automatic labels during feed refresh #6117
  • Better support for thumbnails in RSS feeds #5972
  • Auto-update PostgreSQL or MariaDB / MySQL databases for column details changes since FreshRSS 1.21.0 #6279
    • For SQLite, DB update require running ./cli/db-backup.php ; ./cli/db-restore.php --force-overwrite
  • Fix SQLite import of exports produced before FreshRSS 1.20.0 #6450
  • Fix SQLite release handle to fix deleting users on Microsoft Windows #6285
  • Fix to allow admins to create user even when there are Terms Of Service #6269
  • Fix updating the uncategorized category deletes the title #6073
  • Fix disable master authentication token #6185
  • Fix CSS selector preview #6423
  • Fix CSS selector encoding #6426
  • Fix export of CSS selector in OPML of individual feeds #6435
  • Fix OPML import of CURLOPT_PROXYTYPE #6439
  • Fix favicon with protocol-relative URLs have duplicate slashes #6068
  • Fix feed TTL+muted logic #6115
  • Fix apply mark as read to updated articles too #6334
  • Fix ZIP export on systems with custom temp folder #6392
  • Fix number of posts per page during paging #6268
  • Fix clipboard sharing UI #6301
  • Fix shortcut for clipboard sharing #6277
  • Fix user-query filter display #6421
• SimplePie
  • Fix absolutize URL for several cases #6270, simplepie/#861
• Security
  • Replace iframe allow attribute #6274
• Deployment
  • Disable unused PHP modules in our Debian-based Docker image #5994
• UI
  • No warning for muted feeds #6114
  • Various UI and style improvements #6055, #6074,
    #6241, #6242, #6289,
    #6299, #6314, #6357,
    #6373, #6376, #6385,
    #6390, #6444, #6445
  • Improve theme Origine compact #6197
• i18n
  • Improve Brazilian Portuguese #6067
  • Improve Czech #6344
  • Improve Dutch #6343
  • Improve German #6313
  • Improve Hungarian #6005, #6377, #6464
  • Improve Indonesian #6473
  • Improve Italian #6018, #6060, #6329
  • Improve Japanese #6108, #6294
  • Improve Korean #6342
  • Improve Polish #6358
  • Improve Portuguese #6345
  • Improve Russian #6467
  • Improve Simplified Chinese #6336
  • Improve Slovakian #6356
  • Improve Spanish #6471
  • Improve Traditional Chinese #6350
  • Improve Turkish #6328
  • Misc. #6460
• Extensions
  • Sanitize parsing list of extensions names and version number #6016,
    #6155, Extensions#214, #6186
  • Apply filter actions such as mark as read after the entry_before_insert hook for extensions #6091
  • New developer command to test all third-party extensions Extensions#228, #6273
    • composer run-script phpstan-third-party
  • New function Minz_Extension::amendCsp() for extensions to modify HTTP headers for Content Security Policy #6246
  • New property FreshRSS_Entry::isUpdated() for extensions to know whether an entry is new or updated #6334
• Compatibility
  • Fix PHP 7.4 compatibility for automated tests #6038, #6039
  • Fix PHP 8.2+ compatibility for e-mails #6130
  • Use PHP 8.3+ #[\Override] #6273
• Misc.
  • Improve PHPStan #6037, #6459
  • Update PHPMailer #6022
  • Remove noisy name parameters in user-query URL #6371
  • Code improvements #6046, #6075,
    #6132
  • Add Dependabot for GitHub Actions #6164
  • Allow Ctrl+C for make start #6239
  • Update dev dependencies #6023, #6265

• Milestone

This is a bug-fix release for the 1.23.0 release, addressing several regressions.

This release has been made by @Alkarex, @andris155, @math-GH, @yzqzss, @zhzy0077

Full changelog:

• Bug fixing
  • Fix crash regression with the option Max number of tags shown #5978
  • Fix crash regression when enabling extensions defined by old FreshRSS installations #5979
  • Fix crash regression during export when using MySQL #5988
  • More robust assignment of categories to feeds #5986
  • Fix base_url being cleared when saving settings #5992
  • Fix unwanted button in UI of update page #5999
• Deployment
  • Exclude more folders with .dockerignore #5996
• i18n
  • Improve simplified Chinese #5977
  • Improve Hungarian #6000

• Milestone
• Discussion 🎄

A few highlights ✨:

• New Important feeds group in the main view, with corresponding new priority level for feeds #5782
  • Entries from important feeds are not marked as read during scroll, during focus, nor during Mark all as read
• Add filter actions (auto mark as read) at category level and at global levels #5942
• Increase SQL fields length to maximum possible #5788, #5570
• Many bug fixes

Breaking changes 💥:

• Require PHP 7.4+
• Soft require Apache 2.4+ (but repair minimal compatibility with Apache 2.2)
• Use GitHub Actions to build Docker images, offering architectures amd64, arm32v7, arm64v8 with automatic detection #5808
  • So no -arm suffix anymore
• Upgraded extensions require FreshRSS 1.23.0+ Extensions#181

This release has been made by several contributors: @Alkarex, @ColonelMoutarde, @FireFingers21, @Frenzie, @kasimircash, @andris155, @b-reich, @foux, @jaden, @jan-vandenberg, @joestump, @jtracey, @mark-monteiro, @martinrotter, @math-GH, @passbe

Full changelog:

• Features
  • New Important feeds group in the main view, with corresponding new priority level for feeds #5782
    • Entries from important feeds are not marked as read during scroll, during focus, nor during Mark all as read
  • Add filter actions (auto mark as read) at category level and at global levels #5942
  • Improve reliability of Max number of articles to keep unread #5905
  • New option to mark entries as read when focused from keyboard shortcut 5812
  • New display option to hide My labels in article footers #5884
  • Add support for more thumbnail types in feeds enclosures #5806
  • Support for favicons with non-absolute paths #5839
  • Increase SQL (VARCHAR) text fields length to maximum possible #5788
  • Increase SQL date fields to 64-bit to be ready for year 2038+ #5570
• Compatibility
  • Require PHP 7.4+, and implement typed properties #5720
  • Require Apache 2.4+ (but repair minimal compatibility with Apache 2.2) #5791, #5804
• Bug fixing
  • Fix regression in Docker CRON_MIN if any environment variable contains a single quote #5795
  • Improve filtering of cron environment variables #5898
  • Fix the TRUSTED_PROXY environment variable used in combination with trusted sources #5853
  • Fix regression in marking as read if an identical title already exists #5937
  • Fix JavaScript regression in label dropdown #5785
  • Fix regression when renaming a label #5842
  • Fix API for adding feed with a title #5868
  • Fix regression in UI of update page #5802
  • Fix XPath encoding #5912
  • Fix notifications, in particular during login #5959
• Deployment
  • Use GitHub Actions to build Docker images, offering architectures amd64, arm32v7, arm64v8 with automatic detection #5808
  • Docker alternative image updated to Alpine 3.19 with PHP 8.2.13 and Apache 2.4.58 #5383
• Extensions
  • Upgrade extensions code to PHP 7.4+ #5901, #5957
  • Breaking change: upgraded extensions require FreshRSS 1.23.0+ Extensions#181
  • Pass FreshRSS version to JavaScript client side for extensions #5902
  • Add GitHub Actions and PHPStan for automatic testing of the Extensions repository Extensions#185
• API
  • Improve handling of new lines in enclosure descriptions (e.g., YouTube video descriptions) #5859
• Security
  • Avoid printing exceptions in favicons #5867
  • Remove unneeded execution permissions on some files #5831
• UI
  • Ensure that enough articles are loaded on window resize #5815
  • Improve Nord theme #5885
  • Do not show message Add some feeds #5827
  • Various UI and style improvements #5886
• i18n
  • Fix font priority for languages using Han characters #5930
  • Improve Dutch #5796
  • Improve Hungarian #5918
• Misc.
  • Increase PHPStan from Level 7 to Level 8 #5946
  • Compatibility PHP 8.2+ for running automated tests #5826
  • Use PHP declare(strict_types=1); #5830
  • Better stack trace for SQL errors #5916
  • Code improvements #5511, #5945
  • Update dev dependencies #5787

• Milestone

This release contains mostly some bug fixes for the recent 1.22.0.
This version 1.22.x is also the last to support PHP 7.2 before requiring PHP 7.4+.

A few highlights ✨:

• Fix regression in extensions translations (i18n)
• Better identification of proxied client IP
• Better support of environment variables in K8s setups
• And more!

This release has been made by several contributors: @Alkarex, @Frenzie, @MHketbi, @XtremeOwnageDotCom, @math-GH, @mossroy

Full changelog:

• Bug fixing
  • Fix regression in i18n English fallback for extensions #5752
  • Fix identification of thumbnails #5750
  • OpenID Connect compatibility with colon : in OIDC_SCOPES #5753, #5764
  • Avoid a warning on non-numeric TRUSTED_PROXY environment variable #5733
  • Better identification of proxied client IP with RemoteIPInternalProxy in Apache #5740
• Deployment
  • Export all environment variables to cron (to allow custom environment variables such as for Kubernetes) #5772
  • Docker: Upgraded Alpine dev image freshrss/freshrss:newest to PHP 8.3 #5764
• Compatibility
  • Test compatibility with PHP 8.3 #5764
• UI
  • Improve Origine theme (dark mode) #5745
  • Improve Nord theme #5754
  • Various UI and style improvements #5737, #5765,
    #5773, #5774
• i18n
  • Better i18n string for feed submenu for mark as read #5762
  • Improve Dutch #5759
• Misc.
  • Move to GitHub Actions for our GitHub Pages #5681
  • Update dev dependencies and use stylelint-stylistic #5766