4 Mar 2016

Back to listing

The 10.5.0 release is finally here! 10.5.0 brings Form builder, batch editing and much more. Thanks as always to all our contributors, issue raisers and testers. 

Highlights

Form builder v1

PresideCMS v10.5.0 now has a form builder! This first iteration allows editors to create forms in the admininistrator and embed them anywhere they like in their content. Submissions can be viewed in the administrator, downloaded as a spreadsheet and received in emails. Developers can deeply extend the form builder to add new item types, layouts and submission actions.

For this first release of the form builder, we're disabling it as a feature by default. Full documentation can be found here with instructions of enabling and extending it.

SQL Server and PostgreSQL Adapters

PresideCMS v10.5.0 now supports SQL Server and PostreSQL! Using these is just a case of setting up your Lucee datasources to use your server of choice. All feedback is gratefully received.

Security

We have made a number of security enhancements to Preside in this release. Namely:

  • Forcing all server side cookies to be httpOnly
  • Forcing all server side cookies to be secure when the site is configured for https
  • Setting X-Frame-Options header by default - disabling use of pages in frames unless explicitly enabled
  • Patched some XSS vulnerabilities
  • Setting http headers to stop caching on html pages whenever a user is logged in
  • Avoiding session fixation attacks by rotating sessions as soon as they are started, and again when logging in and out

Batch data edits in Data manager

We now support batch editing in the Data Manager. This is a V1 cut sponsored by EPG Health Media. Non unique fields that are not core object fields will be batch editable by default. It looks something like this:

Full list of tickets

Bug fixes

[PRESIDECMS-183] - Creating a URL rewrite rule with a source URL that already exists throws 500 error
[PRESIDECMS-206] - Timestamp dbtype in preside objects causes validation engine to 500 error
[PRESIDECMS-229] - Date display format in the Asset Manager
[PRESIDECMS-267] - extension without manifest.json breaks extension list command
[PRESIDECMS-271] - Collapsed sidebar menu in admin has z-index problem
[PRESIDECMS-272] - Saving a page with a missing mandatory field doesn't clearly shows a problem
[PRESIDECMS-273] - Default max value on spinner control is 999 - not a sensible default
[PRESIDECMS-286] - Unrecognized Lengh function in MsSQL
[PRESIDECMS-287] - Unrecognized Concat function in MsSQL
[PRESIDECMS-288] - Can not update preside object if the ID is auto
[PRESIDECMS-290] - email_anti_spam cant cast empty string to boolean
[PRESIDECMS-292] - OpenGraph meta image link is broken
[PRESIDECMS-293] - Get Error when change preside objects
[PRESIDECMS-296] - Version author not displayed correctly in version tables
[PRESIDECMS-297] - Grid field option for Site tree page
[PRESIDECMS-307] - Shrink to fit asset transformation not producing correct dimensions
[PRESIDECMS-308] - Identify and fix places where user input is not properly escaped (ie to prevent XSS)
[PRESIDECMS-315] - translations on many-to-many object relationships returns no rows
[PRESIDECMS-319] - Uber select: items sometimes appear multiple times
[PRESIDECMS-320] - Welcome email set password timeout too short
[PRESIDECMS-321] - Preside email template: logo URL is relative so does not work in email
[PRESIDECMS-327] - Default renderer for admin user ID throws error

New Feature & Improvements

[PRESIDECMS-83] - Need to implement interceptors for system configured form data
[PRESIDECMS-242] - Show mainimage on hover in sitetree
[PRESIDECMS-248] - Active/Inactive/Date controlle state in sitetree
[PRESIDECMS-249] - Forward to Sitetree after saving a page
[PRESIDECMS-257] - To be able to specify widgets are related to a feature and to be able to disable widgets by feature flags
[PRESIDECMS-258] - Batch Update of preside objects
[PRESIDECMS-264] - Validation in REST framework
[PRESIDECMS-265] - Form Builder 1.0.0
[PRESIDECMS-275] - Create MSSQL Server adapter
[PRESIDECMS-283] - Add French translations for disabling Anti Spam (Developer Meeting Example)
[PRESIDECMS-289] - Create PostgreSQL Adapter
[PRESIDECMS-294] - Asset manager download restrictions: add "any logged in user"
[PRESIDECMS-301] - Allow configuration of "stateless" URIs, e.g. for rest
[PRESIDECMS-303] - Do something smart with setting X-Frame-Options header
[PRESIDECMS-304] - Put request URL through AntiSamy
[PRESIDECMS-305] - Ensure cookies are HTTPOnly
[PRESIDECMS-306] - Ensure cookies are marked secure only when applicable
[PRESIDECMS-311] - Have a built in spreadsheet library for producing spreadsheets
[PRESIDECMS-314] - "Session fixation" in security scans, can we do anything about that...
[PRESIDECMS-316] - Ensure 'last active' updates only happen on page requests
[PRESIDECMS-318] - URL Rewrites: implement as route handler so can be ordered behind other key URL patterns for checking
[PRESIDECMS-325] - Read XMP data from images
[PRESIDECMS-326] - Do not allow any HTML requests to be cached when the user is logged in

Documentation

[PRESIDECMS-193] - Create documentation for setting up a server w/o CommandBox
[PRESIDECMS-285] - Add URL for adding remote upstream