You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
While we aren't releasing any new large features or extensions this cycle, the team has been busy making improvements and fixes while working toward a revamp of the @apostrophecms-pro/multisite extension dashboard.
Rich text improvements
The rich-text-widget received some UI/UX love this cycle. Now there are two intuitive menus for applying styling and element changes to your text. Without going into the inner workings of Tiptap which powers the widget, the selection of base elements like <h2> will occur through one dropdown menu, while the styling of other elements like <span> will be added to a second dropdown. This new arrangement enhances style tracking without necessitating any changes to your current editor setup.
Password hashing improvements improve performance
Additionally, the Apostrophe core itself has been enhanced with an improved password hashing process following guidance from OWASP. While the originally implemented procedure was completely secure, it could lead to significantly increased CPU load during login. This was replaced with the Node.js scrypt function that significantly improves login speed. The user’s first login following the update will still take time while their password is rehashed, but then shift into high gear with faster logins!
New MongoDB driver emulation extension
Tech moves fast, but sometimes getting to the leading edge takes time and energy. With that in mind, we've released a new MongoDB driver emulation extension. This allows you to continue using code that depends on the 3.x version of the MongoDB Node.js driver while updating to the newer 6.x version. Note that both legacy and new projects will automatically take advantage of this module with their next npm update. We have taken measures to emulate all of the changes that impact Apostrophe sites. If you encounter edge cases, your bug reports and pull requests are welcome. Thanks to Michelin for their support of this work.
Community contributions
Finally, we wrap up this release cycle by acknowledging the contributions from our community. Thanks to Gauav Kumar you can now use a / in the title field of a page. In the past, this would prevent further slug generation. Due to continued collaboration with the developers at Michelin, the login experience when integrating Astro with Apostrophe has become much smoother. Thanks! 🎉
While this note mentioned some great improvements, check out the release notes below for additional fixes and improvements. Remember npm update gets you the latest and greatest right in your project!
Apostrophe 4.2.0
Changes
Rich text styles are now split into Nodes and Marks, with independent toolbar controls for a better user experience when applying text styles. There is no change in how the styles option is configured.
Rich text style labels are fully localized.
i18n module now uses the regular req.redirect instead of a direct res.redirect to ensure redirection, enabling more possibilities for @apostrophecms/redirect module
Refactors AposModal component with composition api to get rid of duplicated code in AposFocusMixin and AposFocus.
APOS_MONGODB_LOG_LEVEL has been removed. According to mongodb documentation "Both the logger and the logLevel options had no effect and have been removed."
Update connect-mongo to 5.x. Add @apostrophecms/emulate-mongo-3-driver dependency to keep supporting [email protected] queries while using [email protected].
Fixes
Updates the docs beforeInsert handler to avoid ending with different modes being set between _id, aposLocale and aposMode.
Adds a migration to fix potential corrupted data having different modes set between _id, aposLocale and aposMode.
Fix a crash in notification when req.body was not present. Thanks to Michelin for contributing this fix.
Addresses a console error observed when opening and closing the @apostrophecms-pro/palette module across various projects.
Fixes the color picker field in @apostrophecms-pro/palette module.
Ensures that the data-apos-test attribute in the admin bar's tray item buttons is set by passing the action prop to AposButton.
Prevents stripping of query parameters from the URL when the page is either switched to edit mode or reloaded while in edit mode.
Add the missing metaType property to newly inserted widgets.
Typing a / in the title field of a page no longer confuses the slug field. Thanks to Gauav Kumar.
Security
New passwords are now hashed with scrypt, the best password hash available in the Node.js core crypto module, following guidance from OWASP. This reduces login time while improving overall security.
Old passwords are automatically re-hashed with scrypt on the next successful login attempt, which adds some delay to that next attempt, but speeds them up forever after compared to the old implementation.
Custom scrypt parameters for password hashing can be passed to the @apostrophecms/user module via the scrypt option. See the Node.js documentation for scrypt. Note that the maxmem parameter is computed automatically based on the other parameters.
Apostrophe 3.64.0
Fixes
Add the missing metaType property to newly inserted widgets.
Security
New passwords are now hashed with scrypt, the best password hash available in the Node.js core crypto module, following guidance from OWASP. This reduces login time while improving overall security.
Old passwords are automatically re-hashed with scrypt on the next successful login attempt, which
adds some delay to that next attempt, but speeds them up forever after compared to the old implementation.
Custom scrypt parameters for password hashing can be passed to the @apostrophecms/user module via the scrypt option. See the [Node.js documentation for scrypt]. Note that the maxmem parameter is computed automatically based on the other parameters.
Changes
APOS_MONGODB_LOG_LEVEL has been removed. According to mongodb documentation "Both the logger and the logLevel options had no effect and have been removed."
Update connect-mongo to 5.x. Add @apostrophecms/emulate-mongo-3-driver dependency to keep supporting [email protected] queries while using [email protected].
This module provides an Apostrophe piece type that manages and renders SVG sprites. Sprites can be imported from files in a website codebase or an external source via a URL.
Fixes
Fix vulnerable dependencies axios, xml2js and mocha to pass npm audit.
This bundle allows automatic translation of documents (pages and pieces) when localizing content. It comes with two translation providers: Google Cloud Translation and DeepL, but it is also possible to configure your own providers. Explore our documentation to discover how this extension can enhance your project. Then, effortlessly integrate it through our new Apostrophe Workspaces. For further details or inquiries, feel free to contact us or visit our pricing page.
Fixes
Adds mapping for deepl source and target languages as well as methods to normalize language codes.
An in-context interface for changing CSS. @apostrophecms-pro/palette is a module that provides an in-context interface for changing the values of developer-set CSS properties. The values are stored in an Apostrophe piece singleton (like @apostrophecms/global) and applied to the site whenever the stylesheet link is included in a template. Adjusting values via the palette interface renders changes to the site instantly. Explore our documentation to discover how this extension can enhance your project. Then, effortlessly integrate it through our new Apostrophe Workspaces. For further details or inquiries, feel free to contact us or visit our pricing page.
Adds
It is possible to override the rendering of CSS with your own custom method. See the documentation for more information.
Add a data-attribute to make e2e tests easier.
Stop setting modified: true in the draft and published version of @apostrophecms/global when mirroring the stylesheet to it.
This module lets you have many ApostropheCMS websites running on a single codebase in a single Node.js process. Each has its own database, users, media uploads, etc. Sites can be created and managed via a dashboard site. Explore our documentation to discover how this extension can enhance your project. For further details or inquiries, feel free to contact us or visit our pricing page.
Fixes
The dashboard now delivers its own static assets via the CDN properly when the CDN environment variable is in effect. Previously this worked for both static assets and uploaded media of individual sites and for uploaded media of the dashboard, but not for static assets of the dashboard.
Changes
Refactored uploadfs configuration code for maximum reuse to minimize bugs.
server-destroy should not be a devDependency, it is used in production.
ws should be an official dependency. Previously this worked because of a sub-dependency on it.
emulate-mongo-2-driver aims to be a highly compatible emulation of the 2.x version of the MongoDB Node.js driver, implemented as a wrapper for the 3.x driver.
Changes
Replace mongodb@3 with @apostrophecms/emulate-mongo-3-driver with mongodb@6.
@apostrophecms/emulate-mongo-3-driver aims to be a compatible emulation of the 3.x version of the MongoDB Node.js driver, implemented as a wrapper for the 6.x driver.
Fix
Discard connection options not permitted or required by newer MongoDB drivers. Important for emulate-mongo-2-driver which depends on this module.
This module integrates ApostropheCMS into your Astro application.
Changes
Visiting the /login page when already logged in no longer results in an undesired direct response from Apostrophe. Redirects within api routes like the login issued on the Apostrophe side are now sending a redirect response as per Astro endpoints documentation.
Page refreshes no longer alternate between displaying the admin UI and not displaying it with each refresh in certain configurations.
Thanks to Michelin for collaborating on the solution.
1.0.6 (2024-03-26)
Changes
Change the way we fetch from Apostrophe by using undicirequest method, so as all headers are correctly forwarded. As on latest Node.js versions, headers like Host are no more forwarded by the regular fetch global method.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Hola Apostrophe Universe!
While we aren't releasing any new large features or extensions this cycle, the team has been busy making improvements and fixes while working toward a revamp of the
@apostrophecms-pro/multisite
extension dashboard.Rich text improvements
The rich-text-widget received some UI/UX love this cycle. Now there are two intuitive menus for applying styling and element changes to your text. Without going into the inner workings of Tiptap which powers the widget, the selection of base elements like
<h2>
will occur through one dropdown menu, while the styling of other elements like<span>
will be added to a second dropdown. This new arrangement enhances style tracking without necessitating any changes to your current editor setup.Password hashing improvements improve performance
Additionally, the Apostrophe core itself has been enhanced with an improved password hashing process following guidance from OWASP. While the originally implemented procedure was completely secure, it could lead to significantly increased CPU load during login. This was replaced with the Node.js
scrypt
function that significantly improves login speed. The user’s first login following the update will still take time while their password is rehashed, but then shift into high gear with faster logins!New MongoDB driver emulation extension
Tech moves fast, but sometimes getting to the leading edge takes time and energy. With that in mind, we've released a new MongoDB driver emulation extension. This allows you to continue using code that depends on the 3.x version of the MongoDB Node.js driver while updating to the newer 6.x version. Note that both legacy and new projects will automatically take advantage of this module with their next npm update. We have taken measures to emulate all of the changes that impact Apostrophe sites. If you encounter edge cases, your bug reports and pull requests are welcome. Thanks to Michelin for their support of this work.
Community contributions
Finally, we wrap up this release cycle by acknowledging the contributions from our community. Thanks to Gauav Kumar you can now use a
/
in the title field of a page. In the past, this would prevent further slug generation. Due to continued collaboration with the developers at Michelin, the login experience when integrating Astro with Apostrophe has become much smoother. Thanks! 🎉While this note mentioned some great improvements, check out the release notes below for additional fixes and improvements. Remember
npm update
gets you the latest and greatest right in your project!Apostrophe 4.2.0
Changes
styles
option is configured.i18n
module now uses the regularreq.redirect
instead of a directres.redirect
to ensure redirection, enabling more possibilities for@apostrophecms/redirect
moduleAposModal
component with composition api to get rid of duplicated code inAposFocusMixin
andAposFocus
.APOS_MONGODB_LOG_LEVEL
has been removed. According to mongodb documentation "Both the logger and the logLevel options had no effect and have been removed."connect-mongo
to5.x
. Add@apostrophecms/emulate-mongo-3-driver
dependency to keep supporting[email protected]
queries while using[email protected]
.Fixes
beforeInsert
handler to avoid ending with different modes being set between_id
,aposLocale
andaposMode
._id
,aposLocale
andaposMode
.notification
whenreq.body
was not present. Thanks to Michelin for contributing this fix.@apostrophecms-pro/palette
module across various projects.@apostrophecms-pro/palette
module.data-apos-test
attribute in the admin bar's tray item buttons is set by passing theaction
prop toAposButton
.metaType
property to newly inserted widgets./
in the title field of a page no longer confuses the slug field. Thanks to Gauav Kumar.Security
scrypt
, the best password hash available in the Node.js corecrypto
module, following guidance from OWASP. This reduces login time while improving overall security.scrypt
on the next successful login attempt, which adds some delay to that next attempt, but speeds them up forever after compared to the old implementation.scrypt
parameters for password hashing can be passed to the@apostrophecms/user
module via thescrypt
option. See the Node.js documentation forscrypt
. Note that themaxmem
parameter is computed automatically based on the other parameters.Apostrophe 3.64.0
Fixes
metaType
property to newly inserted widgets.Security
scrypt
, the best password hash available in the Node.js corecrypto
module, following guidance from OWASP. This reduces login time while improving overall security.scrypt
on the next successful login attempt, whichadds some delay to that next attempt, but speeds them up forever after compared to the old implementation.
scrypt
parameters for password hashing can be passed to the@apostrophecms/user
module via thescrypt
option. See the [Node.js documentation forscrypt
]. Note that themaxmem
parameter is computed automatically based on the other parameters.Changes
APOS_MONGODB_LOG_LEVEL
has been removed. According to mongodb documentation "Both the logger and the logLevel options had no effect and have been removed."connect-mongo
to5.x
. Add@apostrophecms/emulate-mongo-3-driver
dependency to keep supporting[email protected]
queries while using[email protected]
.Apostrophe modules
@apostrophecms/form
1.3.1Allow ApostropheCMS editors to build their own forms. They can then place any form in one or more content areas across the website.
Changes
Fixes
form-boolean-field-widget
to thechecked
status instead of thevalue
directly.@apostrophecms/svg-sprite
1.0.1This module provides an Apostrophe piece type that manages and renders SVG sprites. Sprites can be imported from files in a website codebase or an external source via a URL.
Fixes
Pro modules
@apostrophecms-pro/automatic-translation
1.0.1This bundle allows automatic translation of documents (pages and pieces) when localizing content. It comes with two translation providers: Google Cloud Translation and DeepL, but it is also possible to configure your own providers. Explore our documentation to discover how this extension can enhance your project. Then, effortlessly integrate it through our new Apostrophe Workspaces. For further details or inquiries, feel free to contact us or visit our pricing page.
Fixes
@apostrophecms-pro/palette
4.1.0An in-context interface for changing CSS.
@apostrophecms-pro/palette
is a module that provides an in-context interface for changing the values of developer-set CSS properties. The values are stored in an Apostrophe piece singleton (like @apostrophecms/global) and applied to the site whenever the stylesheet link is included in a template. Adjusting values via the palette interface renders changes to the site instantly. Explore our documentation to discover how this extension can enhance your project. Then, effortlessly integrate it through our new Apostrophe Workspaces. For further details or inquiries, feel free to contact us or visit our pricing page.Adds
@apostrophecms-pro/multisite
3.16.0This module lets you have many ApostropheCMS websites running on a single codebase in a single Node.js process. Each has its own database, users, media uploads, etc. Sites can be created and managed via a dashboard site. Explore our documentation to discover how this extension can enhance your project. For further details or inquiries, feel free to contact us or visit our pricing page.
Fixes
CDN
environment variable is in effect. Previously this worked for both static assets and uploaded media of individual sites and for uploaded media of the dashboard, but not for static assets of the dashboard.Changes
server-destroy
should not be adevDependency
, it is used in production.ws
should be an official dependency. Previously this worked because of a sub-dependency on it.@apostrophecms/emulate-mongo-3-driver
dependency to keep supporting[email protected]
queries while using[email protected]
.Legacy modules
emulate-mongo-2-driver
1.3.3emulate-mongo-2-driver
aims to be a highly compatible emulation of the 2.x version of the MongoDB Node.js driver, implemented as a wrapper for the 3.x driver.Changes
mongodb@3
with@apostrophecms/emulate-mongo-3-driver
withmongodb@6
.emulate-mongo-3-driver
1.0.2@apostrophecms/emulate-mongo-3-driver
aims to be a compatible emulation of the 3.x version of the MongoDB Node.js driver, implemented as a wrapper for the 6.x driver.Fix
emulate-mongo-2-driver
which depends on this module.FindCursor.sort
withfalse
as sort key.Adds
Utilities
@apostrophecms/apostrophe-astro
1.0.7 (2024-03-28)This module integrates ApostropheCMS into your Astro application.
Changes
/login
page when already logged in no longer results in an undesired direct response from Apostrophe. Redirects within api routes like the login issued on the Apostrophe side are now sending a redirect response as per Astro endpoints documentation.1.0.6 (2024-03-26)
Changes
undici
request
method, so as all headers are correctly forwarded. As on latest Node.js versions, headers likeHost
are no more forwarded by the regularfetch
global method.@apostrophecms/rename-mongodb-database
1.0.1 (2024-04-04)A handy little utility from apostrophecms to rename a mongodb database with one command.
Fixes
Adds
Beta Was this translation helpful? Give feedback.
All reactions