Winter v1.0.470

Released on November 22, 2020
Review another release

v1.2 (Laravel 9)
v1.2.9
v1.2.8
v1.2.7
v1.2.6
v1.2.5
v1.2.4
v1.2.3
v1.2.2
v1.2.1
v1.2.0

v1.1 (Laravel 6)
v1.1.11
v1.1.10
v1.1.9
v1.1.8
v1.1.7
v1.1.6
v1.1.5
v1.1.4
v1.1.3
v1.1.2
v1.1.1
v1.1.0

v1.0 (Laravel 5.5)
v1.0.476
v1.0.475
v1.0.474
v1.0.473
v1.0.472
v1.0.471
v1.0.470
v1.0.469
v1.0.468
v1.0.467
v1.0.466
v1.0.465
v1.0.464
v1.0.463
v1.0.462
v1.0.461
v1.0.460
v1.0.459
v1.0.458
v1.0.457
v1.0.456
v1.0.455
v1.0.454
v1.0.453
v1.0.452
v1.0.451
v1.0.450
v1.0.449
v1.0.448
v1.0.447
v1.0.446
v1.0.445
v1.0.444
v1.0.443
v1.0.442
v1.0.441
v1.0.440
v1.0.439
v1.0.438
v1.0.437
View on GitHub CMS Changes Framework Changes

API Changes

  • The Winter\Storm\Database\Attach\File model now uses "fillable" attributes as opposed to "guarded" attributes to control mass assignment. If you extend the File (or the main System\Models\File) model to provide additional fields, you must now copy the "fillable" attributes to your extension and add any additional fields to this definition (backported from 1.1.0)

Bug Fixes

  • Temporarily fixed an issue with existing code-bases that abuse the Twig engine by loading template files in unsupported ways (.js / .svg files rendered as partials through {% partial %}, {% include %}, or $this->renderPartial()). NOTE: This hotfix will not be available in Build 1.1.x so existing code still needs to be fixed to not use those unsupported file types.
  • Fixed an issue introduced in Build 1.0.469 where plain Twig templates couldn't be loaded through the {% include 'path' %} or {{ source(path) }} Twig functions
  • Fixed issue introduced in a security update to Laravel 5.5 where models with guarded properties were failing to allow attributes that don't have a corresponding column to be processed in events (for example, the "data" attribute in the File model). (backported from 1.1.1)

Security Improvements

  • Tightened up the default permissions granted to the "Publisher" system role out of the box (backported from 1.1.1).
  • Locked down the Twig sandbox even more to prevent allowing users with access to Twig templates from defining and running PHP code (backported from 1.1.1).

Keep informed

Sign up to our newsletter and receive updates on Winter releases, new features in the works, plugin and theme promotions and much more!