All Versions
Latest Version
Avg Release Cycle
11 days
Latest Release
77 days ago

Changelog History
Page 1

  • v2.113.1

    November 04, 2020
    • โšก๏ธ Updates the logo in the README.
  • v2.113.0

    October 21, 2020
    • โœ‚ Remove published columns in apostrophe-users and apostrophe-groups, the modules where this field does not exist.
    • โž• Add type to forbiddenFields for apostrophe-pieces schemas. Thanks to Jose96GIT for the contribution. If you are using Apostrophe Workflow, you must be on 2.38.2 or later of that module because of this update.
  • v2.112.1

    October 07, 2020
    • ๐Ÿ”ง When configuring columns in the pieces manager, the listProjection option was accidentally altered in a way that would impact other subclasses of pieces. This has been fixed.
  • v2.112.0

    October 02, 2020
    • ๐Ÿ”’ Security: Apostrophe's oembed support has always consulted a list of safe sites, however the fallback support for embedding site previews via Open Graph did not consult such a list. There was no XSS risk, but this could be exploited to scan for open ports behind a firewall, and potentially to obtain title tags and page body text from webpages behind a firewall as well, if they had no login provisions. Note that this risk existed only if the public Apostrophe site was running on a server that could "see" these Intranet sites, which is rare (a public website is usually not hosted on an Intranet, port forwarding would typically be needed to make that possible). However to eliminate the risk our Open Graph fallback support now consults the same list of safe sites used for oembed. This Open Graph embed feature is not actually used by Apostrophe's video widgets, so this change will only impact developers who discovered the feature and chose to use it independently. If you are affected, add additional sites to the safeList option of apostrophe-oembed. For backwards compatibility the whitelist option is also accepted. Thanks to Rudi van Hierden for reporting the issue.

    • โšก๏ธ Security: the uploadfs module has been updated. Since this is a sub-dependency you must npm update your Apostrophe project to get this update, which eliminates npm audit warnings regarding Google Cloud Storage. Note that after this update Google Cloud Storage can no longer be used with Apostrophe if your server is still running Node 8. Other storage backends still work with Node 8 as of this writing.

    • โฌ†๏ธ Node 8 deprecation notice: for the time being, Apostrophe does still run on Node 8. However, since Node 8 has passed its end of life date, this support is unofficial and may be terminated soon. All projects should upgrade to a current Long Term Support version of Node.

    • Clean up calls from the nunjucks loader properly when destroying an apos object, so that the process can close and/or memory be recovered.

  • v2.111.5

    October 07, 2020
    • Clean up calls from the nunjucks loader properly when destroying an apos object, so that the process can close and/or memory be recovered.
  • v2.111.4

    September 23, 2020
    • 0๏ธโƒฃ The View File button now accesses the original version of an image, not a scaled version. This was always the intention, but 2.x defaults to the full size and we initially missed it. Thanks to Quentin Mouraret for this contribution.
    • LESS compilation errors during apostrophe:generation are now reported properly, resulting in a clean process exit. Previously they resulted in a hung process.
  • v2.111.3

    August 26, 2020
    • When Apostrophe is running behind a proxy server like nginx, you can now instruct it to trust the X-Forwarded-* headers by passing the trustProxy: true option to apostrophe-express. If Apostrophe is generating http: URLs when they should be https:, this is most likely what you need.
  • v2.111.2

    September 19, 2020
    • ๐Ÿ›  Fixed a conflict between express.static and apostrophe's automatic removal of trailing slashes from possible page URLs. Apostrophe's intent in using express.static is only to deliver static assets. So we have made that intent clear by disabling the redirect option of express.static, which attempts to add a trailing slash whenever a folder exists on disk by that name, resulting in an infinite redirect loop.
  • v2.111.1

    August 17, 2020
    • ๐Ÿ›  Fixed an incompatibility between apostrophe-workflow and MongoDB 4.4. Prior to version 4.4, MongoDB allowed a projection to contain both a parent property and one of its children, for instance workflowLastCommitted and Beginning with version 4.4 this causes an error, breaking the list view of pieces when workflow is present. For backwards compatibility, version 2.111.1 of Apostrophe now checks all projections coming from Apostrophe's cursors for this issue and removes the projection for the sub-property on the fly. This does not cause any compatibility issues of its own because projecting the parent always gives you the sub-property anyway.
  • v2.111.0

    August 12, 2020
    • ๐Ÿ”ง By popular request, "Add Widget" dropdown menus are better organized now, with support for categories of widgets. You can configure this optional feature like so:
    apos.area(, 'areaNameHere', {
      widgets: { ... you must configure your widgets as usual ... }
      widgetGroups: {
        'Content': [ 'apostrophe-rich-text', 'apostrophe-images' ],
        'Layout': [ 'one-column', 'two-column' ]

    ๐Ÿ”ง Every widget type you specify for widgetGroups must still be configured in widgets.

    If widgetGroups is not present the "add widget" dropdown menu will appear as it always did.

    • โœ‚ Removes the aposBody template macro, which was unused.