Skip to content

v0.26.0.rc1

Pre-release
Pre-release
Compare
Choose a tag to compare
@andreslucena andreslucena released this 07 Feb 14:41
· 2042 commits to develop since this release
v0.26.0.rc1
039b46a

⛔ This version is broken and can't be used because there were some issues when updating to rubygems. If you want to try v0.26.0 then you'll need to use at least the v0.26.0.rc2.

General notes

Register assets paths

To prevent Zeitwerk from trying to autoload classes from the app/packs folder, it's necesary to register these paths for each module and for the application using the method Decidim.register_assets_path on initializers. This is explained in the webpacker migration guides for applications and modules), and was implemented in #8449.

Unconfirmed access disabled by default

As per #8233, by default all participants must confirm their email account to sign in. Implementors can change this setting as a initializer configuration:

Decidim.configure do |config|
  config.unconfirmed_access_for = 2.days
end

User workflows change to prevent user enumeration attacks

Until now it was possible to see if an email account was registered in Decidim, by using features like "Forgot your password", as the response changed if the email existed ("You will receive an email with instructions on how to reset your password in a few minutes") that's different to a non-existing user account ("could not be found. Did you sign up previously?"). This allows User Enumration attacks, where a malicious actor can check if anyone has an acount in the platform. As per #8537, anyone has the same answer always "If your email address exists in our database, you will receive a password recovery link at your email address in a few minutes".

Blocked user in global search

PR #8658 Blocked users are present in global search, to update the search and make them disappear, Run in a rails console or create a migration with:

  Decidim::User.find_each(&:try_update_index_for_search_resource)

Please be aware that it could take a while if your database has a lot of Users.

Fix statistics in Comments

As per #8012, for fixing statistic in comments. There's a rake task that you need to run:

rake decidim_comments:update_participatory_process_in_comments

Base64 images migration

As per #8250, we've replaced the default base64 editor images attachment with the use of ActiveStorage attachments. This PR also adds a task to parse all editor contents and replace existing base64 images with attachments. The task parses all the attributes which can be edited from admin using the WYSIWYG editor. The task requires an argument with the email of an admin used to create EditorImage instances. To run this task execute:

rails decidim:active_storage_migrations:migrate_inline_images_to_active_storage[admin_email]

Added

  • decidim-budgets: Port decidim-budgets improvements from AjuntamentdeBarcelona/decidim #8249
  • decidim-elections: Improve evote admin logs #8263
  • decidim-blogs, decidim-meetings: Add card images to meetings and blog posts #8276
  • decidim-admin: Align UI groups filtering with the rest of decidim #8105
  • decidim-admin, decidim-proposals: Improve error messages in admin panel #8193
  • decidim-elections: Allow to mark trustees as missing #8314
  • decidim-admin: Add sorting to private participants in a participatory space #8242
  • decidim-comments: Improve control of comments in meetings and debates #8027
  • decidim-proposals: Offer a way to see all proposals in withdrawn proposal list #8251
  • decidim-admin, decidim-proposals: Configurable default order for proposals #8295
  • decidim-assemblies: Filter assemblies by assembly type in admin #7153
  • decidim-assemblies: Non participant assembly members avatar #8277
  • decidim-core: Add image file upload in QuillJS editor #8250
  • decidim-meetings: Make meeting report editable by the author in front-end #8209
  • decidim-core: Improve dialog accessibility #8294
  • decidim-meetings: Ability for users to withdraw their meetings #8248
  • decidim-admin: Add colors accessibility warning in admin Appearance #8354
  • decidim-proposals: Import proposal answers #8271
  • decidim-core: Add more actions in QuillJS toolbar #8120
  • decidim-meetings: Add more filter options to directory meetings page #8333
  • decidim-assemblies, decidim-conferences, decidim-participatory processes: Add filters for Participatory process admins section #8106
  • decidim-budgets: Show modal when user is trying to leave with pending vote #8387
  • decidim-meetings: Meetings iframe visibility #8307
  • decidim-budgets: Add search, filters and sorting to admin panel budget projects #8592
  • decidim-core: Describe the notifications' time with words #8564
  • decidim-comments, decidim-core: Add link to comments in Notifications #8607
  • decidim-comments, decidim-core: Add full content of comments in notifications #8581
  • decidim-core: Change colors on mobile navigation bar #8628
  • decidim-core, decidim-proposals: Add author to proposals in notifications #8603
  • decidim-comments, decidim-core, decidim-meetings, decidim-proposals: Allow participants to receive translated content by email #8174
  • decidim-admin: Add search, filters, pagination and sorting to moderated users #8620
  • decidim-surveys: Add "title and description" in surveys #8588

Changed

  • decidim-elections: Validate census CSV headers #8264
  • decidim-meetings: Improve Attendees count error handling on frontend #8238
  • decidim-core: Disable unconfirmed access by default #8233
  • decidim-meetings: Rename 'upcoming events' content block to 'upcoming meetings' #8412
  • decidim-core: Change user workflows to prevent user enumeration attacks #8537

Fixed

  • decidim-accountability: Fix accountability notifications proposal title #8240
  • decidim-elections: Remove white spaces in Census #8262
  • decidim-debates, decidim-meetings, decidim-proposals: Fix characters not encoded in title #8253
  • decidim-proposals: Fix flaky test on proposals splitting #8302
  • decidim-core: Fix invalid i18n values for diff changeset #8299
  • decidim-meetings: Fix live? missing method delegation in online_meeting cell #8241
  • decidim-comments: Fix statistics in Comments #8012
  • decidim-budgets: Fix some explore budgets specs #8303
  • decidim-core: Fix missing icons after CORS #8290
  • decidim-core: Remove unnecessary spacer from external link indicator #8291
  • decidim-core: [CVE-2021-22942] Possible Open Redirect in Host Authorization Middleware #8265
  • decidim-debates: Fix "last comment by" when commenter is a user group #8279
  • decidim-proposals: Similar proposal functionality breaks when the machine translation is enabled. #8098
  • decidim-core: Fix regex that parses users and groups references inside content. #8297
  • decidim-assemblies: Fix birthday attribute type in Assembly Members #8311
  • decidim-comments: Fix issues with dynamic comments polling #8317
  • decidim-assemblies: Fix "Edit" and "View public page" in Assembly Members #8312
  • decidim-comments: Fix "View all comments" link in single comment page #8308
  • decidim-budgets: Fix dont allow budget exceeding in project view #8261
  • decidim-debates: Fix title meta tag for debates #8323
  • decidim-proposals: Fix UserAnswersSerializer for CSV exports #8329
  • decidim-admin: Do not block registered users with InviteUserAgain #8268
  • decidim-conferences: Fix error when accessing the meetings of a conference with speakers related #8369
  • decidim-conferences: Fix details on conference speakers: affiliation order, personal URL link, seeds and more info link #8378
  • decidim-meetings: Define localized fields in Decidim::Meetings:DiffRenderer #8381
  • decidim-core: Include only public entities in the following page #8361
  • decidim-proposals: Any user can access proposal's pages representing the "create a proposal" steps #8390
  • decidim-core: Fix localized faker with single locale #8394
  • decidim-core: Fix user activity page error message with missing username #8403
  • decidim-core: Fix conversation with deleted account #8409
  • decidim-core: Fix javascript exception when geocoding proposals is disabled #8413
  • decidim-blogs: Add missing translations #8426
  • decidim-comments: Refresh comments component after updating #8362
  • decidim-core: Fix webpacker issue when using zeitwerk #8444
  • decidim-core: Improve Zeitwerk assets paths to ignore #8449
  • decidim-surveys: Fix notification after creating survey #8463
  • decidim-budgets, decidim-comments: Fix comment's get link in project view #8450
  • decidim-elections: Fix report missing trustee admin log entry #8468
  • decidim-system: Add pptx in allowed_file_extensions (of admin) #8502
  • decidim-core: Fix 404 link in 'how to participate' home content block #8513
  • decidim-meetings: Fix meetings with multiple dates #8497
  • decidim-core: Fix pt-BR issue #8523
  • decidim-generators: Freezing webpacker to RC.5 until RC.7 is fixed #8531
  • decidim-conferences: Fix conference speakers when there isn't any avatar #8520
  • decidim-assemblies, decidim-participatory processes: Fix the copy of components weights in participatory processes and assemblies #8498
  • decidim-meetings: Fix meetings input when rich text editor is disabled #8534
  • decidim-meetings: Fix showing created meetings in 'my public profile' #8519
  • decidim-meetings, decidim-proposals: Fix various proposal picker issues when there are thousands of proposals #8558
  • decidim-core: Remove border on all the fieldsets #8561
  • decidim-initiatives: Remove wrong in initiatives header #8563
  • decidim-core: Fix CSS layout wrapper top padding #8562
  • decidim-forms, decidim-surveys: Fix duplicated answers in surveys #8560
  • decidim-meetings: Fix the meeting copy functionality #8430
  • decidim-core: Move social login buttons to the top of the login modal #8574
  • decidim-comments, decidim-meetings: Fix HTML injection in comments and meeting's description #8511
  • decidim-core: Fix avatar thumbnail in participants' profile #8577
  • decidim-core: Rename index to avoid conflicts with decidim_awesome module migrations #8613
  • decidim-core: Fix group mentions in notifications #8598
  • decidim-forms, decidim-surveys: Fix surveys exports with free text in multiple option #8582
  • decidim-core: Fix reply to a conversation with deleted participants #8635
  • decidim-admin, decidim-debates, decidim-proposals: Fix consistency in creation actions phrasing: "Participants can create XXX" #8650
  • decidim-core: Fix wrong display of deleted accounts in conversations #8641
  • decidim-core: Fix cache key on ActivityCell #8654
  • decidim-participatory processes: Fix participatory groups leaks on other organizations/tenants #8651
  • decidim-core: Fix blocked users appear in search #8658
  • decidim-meetings: Don't start poll meetings component when DOM elements are not present #8676
  • decidim-initiatives, decidim-proposals: Fix initiative attachments #7452
  • decidim-assemblies: Fix performance issues on assemblies page when having many private users #8509
  • decidim-proposals: Add location data to proposals export and import #8679
  • decidim-meetings: Fix meetings form embed type visibility #8602
  • decidim-meetings: Do not send upcoming meeting events notification for past events #8665

Removed

  • decidim-proposals: Remove "Allow card image" setting from Proposals #8281
  • decidim-assemblies: Remove designation_mode field from Assembly Members #8310
  • decidim-participatory processes: Remove admin show page in Participatory Process Groups #8313

Developer improvements

  • Fix Luxembourgish locale #8270
  • Fix ARIA roles for dialogs and tooltips #8293
  • Add selectors on _edit_form_fields #8353
  • Fix HTTPOnly and secure flag on the cookie acceptance cookie #8358
  • Add Brakeman to GitHub Actions for improving security #6832
  • Disallow redirection to the host when performing redirect_back #8296
  • Improve performance on the serializers by using includes, query counter #8278
  • Enforce redirects to include the organization host #8385
  • Fix issues with the session/environment security configs #8360
  • Improve extendability on some controllers #8398
  • Add avatar eager logging to UserEntityFinder #8416 #8417
  • Increase text contrast in current phase of a participatory process #8422
  • Fix CVE-2021-41136 (HTTP Request Smuggling in puma) #8431
  • Remove anchored dependency #8453
  • Fix pt-BR issue #8523
  • Add rendered view instrumentation information #8530
  • Optimize open data exporter for large amount of data #8503
  • Add cache key separator to cache_hash #8559
  • Improve generation of the opendata export #8593
  • Add several cache keys to cells #8566
  • Update password strength check #8455
  • Remove etherpad-lite dependency #8541
  • Fix Rack::Attack initializer custom parameter configuration #8643

Internal

  • Fix dependencies locks after 0.26.0.dev bump #8247
  • Add modules recommendations in documentation #8218
  • Fix webpacker dependency lock #8272
  • Improve README with examples #8244
  • Update foundation-sites to 6.7.0 for better Dart Sass compatibility #8273
  • Fix NPM packages versioning during release process #8280
  • Add 'Lint PR title' workflow to CI #8285
  • Don't trigger PR linting on pushes, only on PRs #8304
  • Prevent root package.json to be treated as a package #8315
  • Fix CSS validation tests caused by a bug on the validation service #8322
  • decidim-core: Remove npm decidim packages with dependencies from other decidim packages #8330
  • decidim-core: Fix problems introduced by #8330 #8341
  • Update Node and NPM version #8343
  • Remove hack for CSS validation #8326
  • Update docs in migrating to webpacker #8349
  • decidim-comments: Ignore errors during comments migration task #8351
  • decidim-meetings: Fix published and title in seeded meetings #8359
  • decidim-core: Fix SQL to make version display faster #8393
  • Remove GraphQL deprecated API call #8432
  • decidim-generators: Fixing generator webpacker issues #8427
  • decidim-generators: Fix railties requirements on created applications #8415
  • decidim-core: Update omniauth gem and dependencies #8388
  • Document how to enable machine translations on organization #8458
  • decidim-dev: Improves manual installation documentation #8508
  • Update the i18n-tasks initialization syntax #8544
  • Documentation: improve develop section #8553
  • Change default window size in Capybara configuration #8576
  • Fix security instructions #8587
  • Temporarily ignore CSS validation issue in CI #8597
  • Update nokogiri to 1.12.5 #8609
  • Update paper_trail to 12.1 #8608
  • Update ruby to 2.7.5 #8629
  • Remove truncato dependency #8507
  • Change figaro to rbenv-vars in "manual installation" documentation #8575
  • Add instructions PostgreSQL configuration in development app #8618
  • Fix etherpad doc reference in initializer #8632
  • Clarifies git branches conventions in doc #8644
  • Fix changelog link #8671
  • Enable simplecov only for rspec step #8674
  • decidim-dev: Improve machine translation documentation and comments #8668
  • Split the workflows files for CI #8675
  • DRY GitHub workflows with composite actions #8677
  • Change Gitter to Matrix.org in documentation #8466

Full Changelog: v0.25.2...v0.26.0.rc1

Assets 2
Loading