v0.22.1

What's Changed

• Bump bootsnap from 1.17.0 to 1.17.1 by @dependabot in #1223
• Bump rubocop from 1.59.0 to 1.60.0 by @dependabot in #1224
• Bump rubocop from 1.60.0 to 1.60.1 by @dependabot in #1225
• Bump rubocop from 1.60.1 to 1.60.2 by @dependabot in #1226
• Bump rspec-rails from 6.1.0 to 6.1.1 by @dependabot in #1227
• Bump capybara from 3.39.2 to 3.40.0 by @dependabot in #1228
• Bump bootsnap from 1.17.1 to 1.18.1 by @dependabot in #1229
• Bump bootsnap from 1.18.1 to 1.18.3 by @dependabot in #1230
• Bump brakeman from 6.1.1 to 6.1.2 by @dependabot in #1231
• Bump nokogiri from 1.16.0 to 1.16.2 by @dependabot in #1232
• Bump country_select from 8.0.3 to 9.0.0 by @dependabot in #1234
• Correct font-sizes for mobile views using dl layouts. by @steveyken in #1237
• Fix layout of custom field inputs. Now consistent with other form inputs by @steveyken in #1239
• Removed border around 'remember me' and used primary button colour for Login button by @steveyken in #1238
• Fix arrow rendering by @steveyken in #1236
• Bump pg from 1.5.4 to 1.5.5 by @dependabot in #1233
• Fixed missing select2 box on address country input by @steveyken in #1242
• Handle edge case where application is unable to run tasks/migrations by @steveyken in #1191
• Fix load paths - this works for both Application and Engine mode. by @steveyken in #1240
• Fix case where entity is updated but the view doesn't refresh by @steveyken in #1241
• Fix ActionView::MissingTempateError when requesting entity views by JS by @steveyken in #1243
• Bump thor from 1.3.0 to 1.3.1 by @dependabot in #1244
• Bump rack from 2.2.8 to 2.2.8.1 by @dependabot in #1246
• Bump rubocop from 1.60.2 to 1.61.0 by @dependabot in #1247
• Fix validation issues by @steveyken in #1245
• Bump pg from 1.5.5 to 1.5.6 by @dependabot in #1250
• Fix changes in select2 since v3 -> v4 a while ago by @steveyken in #1251
• Bump premailer from 1.22.0 to 1.23.0 by @dependabot in #1252
• Bump rubocop from 1.61.0 to 1.62.0 by @dependabot in #1253
• Bump rubocop from 1.62.0 to 1.62.1 by @dependabot in #1257
• Bump rails-i18n from 7.0.8 to 7.0.9 by @dependabot in #1258
• Bump nokogiri from 1.16.2 to 1.16.3 by @dependabot in #1259
• Bump rspec-rails from 6.1.1 to 6.1.2 by @dependabot in #1260
• Bump mini_racer from 0.8.0 to 0.9.0 by @dependabot in #1261
• Bump capistrano from 3.18.0 to 3.18.1 by @dependabot in #1256
• Bump rubocop from 1.62.1 to 1.63.0 by @dependabot in #1263
• Bump devise from 4.9.3 to 4.9.4 by @dependabot in #1266
• Bump nokogiri from 1.16.3 to 1.16.4 by @dependabot in #1265
• Bump rubocop from 1.63.0 to 1.63.1 by @dependabot in #1264
• Bump rubocop from 1.63.1 to 1.63.2 by @dependabot in #1267
• Bump rubocop from 1.63.2 to 1.63.3 by @dependabot in #1269
• Bump mini_racer from 0.9.0 to 0.12.0 by @dependabot in #1268
• Bump rubocop from 1.63.3 to 1.63.4 by @dependabot in #1270
• Bump rubocop from 1.63.4 to 1.63.5 by @dependabot in #1271
• Bump nokogiri from 1.16.4 to 1.16.5 by @dependabot in #1272
• Bump rb-inotify from 0.10.1 to 0.11.1 by @dependabot in #1274
• Bump cancancan from 3.5.0 to 3.6.0 by @dependabot in #1276
• Bump cancancan from 3.6.0 to 3.6.1 by @dependabot in #1279
• Bump devise-i18n from 1.12.0 to 1.12.1 by @dependabot in #1278
• Bump simple_form from 5.3.0 to 5.3.1 by @dependabot in #1277
• Bump rubocop from 1.63.5 to 1.64.1 by @dependabot in #1280
• Bump acts_as_list from 1.1.0 to 1.2.0 by @dependabot in #1282
• Bump timecop from 0.9.8 to 0.9.9 by @dependabot in #1281
• Bump rails to 7.0.8.3 by @CloCkWeRX in #1284
• Bump actionpack from 7.0.8.3 to 7.0.8.4 by @dependabot in #1286
• Ruby 3.3 (stacked PR) by @CloCkWeRX in #1221
• Bump acts_as_list from 1.2.0 to 1.2.1 by @dependabot in #1287
• Bump sprockets-rails from 3.4.2 to 3.5.0 by @dependabot in #1288
• Bump will_paginate from 4.0.0 to 4.0.1 by @dependabot in #1290
• Bump mini_magick from 4.12.0 to 4.13.0 by @dependabot in #1292
• Bump nokogiri from 1.16.5 to 1.16.6 by @dependabot in #1291
• Bump sprockets-rails from 3.5.0 to 3.5.1 by @dependabot in #1289
• Bump timecop from 0.9.9 to 0.9.10 by @dependabot in #1293
• Bump mini_magick from 4.13.0 to 4.13.1 by @dependabot in #1294
• Bump rspec-rails from 6.1.2 to 6.1.3 by @dependabot in #1296
• Bump pry-rails from 0.3.9 to 0.3.11 by @dependabot in #1295
• Bump capistrano from 3.18.1 to 3.19.0 by @dependabot in #1297
• Bump capistrano from 3.19.0 to 3.19.1 by @dependabot in #1299
• Bump mini_magick from 4.13.1 to 4.13.2 by @dependabot in #1300
• Bump rubocop from 1.64.1 to 1.65.0 by @dependabot in #1302
• Fix saving search list by @stanleylhs in #1305
• Bump image_processing from 1.12.2 to 1.13.0 by @dependabot in #1307
• Bump acts_as_list from 1.2.1 to 1.2.2 by @dependabot in #1304
• Bump rexml from 3.3.1 to 3.3.2 by @dependabot in #1308
• Bump pg from 1.5.6 to 1.5.7 by @dependabot in #1311
• Bump nokogiri from 1.16.6 to 1.16.7 by @dependabot in #1309
• Bump mini_racer from 0.12.0 to 0.13.0 by @dependabot in #1310
• Bump rubocop from 1.65.0 to 1.65.1 by @dependabot in #1313
• Bump sprockets-rails from 3.5.1 to 3.5.2 by @dependabot in #1312
• Bump bootsnap from 1.18.3 to 1.18.4 by @dependabot in #1314
• Fix formatting base URL by @stanleylhs in #1316
• Bump capistrano-bundler from 2.1.0 to 2.1.1 by @dependabot in #1321
• Bump mini_racer from 0.13.0 to 0.14.0 by @dependabot in #1320
• Fix custom fields text new line not showing by @stanleylhs in #1317
• Bump mini_racer from 0.14.0 to 0.14.1 by @dependabot in #1322
• Bump premailer from 1.23.0 to 1.24.0 by @dependabot in #1323
• Bump rspec-rails from 6.1.3 to 6.1.4 by @dependabot in #1324
• Fix delete confirmation with new Rails syntax by @stanleylhs in #1326
• Fix multiple custom field groups on new entity creation by @stanleylhs in https://github.com/fatfreecrm...

v0.22.0

Support for Rails 7 and Ruby 3.2.2

Thanks @romanbsd

What's Changed

• correct travis url, per notice on the travis-ci.org site by @hasandiwan in #1002
• Support for Postgres prepare statement #1122 by @ferrisoxide in #1137
• Bump timecop from 0.9.6 to 0.9.7 by @dependabot in #1151
• Bump nokogiri from 1.15.3 to 1.15.4 by @dependabot in #1149
• Bump selenium-webdriver from 4.9.0 to 4.10.0 by @dependabot in #1148
• Bump mini_racer from 0.6.4 to 0.8.0 by @dependabot in #1147
• Bump timecop from 0.9.7 to 0.9.8 by @dependabot in #1152
• Bump rails-i18n from 7.0.7 to 7.0.8 by @dependabot in #1153
• Bump ffaker from 2.21.0 to 2.22.0 by @dependabot in #1156
• Bump puma from 6.3.0 to 6.3.1 by @dependabot in #1154
• Bump rubocop from 1.56.0 to 1.56.1 by @dependabot in #1155
• Bump pg from 1.5.3 to 1.5.4 by @dependabot in #1158
• Bump actions/checkout from 3 to 4 by @dependabot in #1159
• Bump rubocop from 1.56.1 to 1.56.3 by @dependabot in #1160
• Bump execjs from 2.8.1 to 2.9.0 by @dependabot in #1161
• Bump guard from 2.18.0 to 2.18.1 by @dependabot in #1162
• Bump ffaker from 2.22.0 to 2.23.0 by @dependabot in #1164
• Bump execjs from 2.9.0 to 2.9.1 by @dependabot in #1163
• Bump rubocop from 1.56.3 to 1.56.4 by @dependabot in #1168
• Bump puma from 6.3.1 to 6.4.0 by @dependabot in #1165
• Bump devise-i18n from 1.11.0 to 1.12.0 by @dependabot in #1170
• Bump country_select from 8.0.2 to 8.0.3 by @dependabot in #1171
• Bump devise from 4.9.2 to 4.9.3 by @dependabot in #1177
• Bump responders from 3.1.0 to 3.1.1 by @dependabot in #1174
• Update gemspec to match Gemfile by @steveyken in #1173
• Bump rubocop from 1.56.4 to 1.57.0 by @dependabot in #1176
• Bump simple_form from 5.2.0 to 5.3.0 by @dependabot in #1175
• Bump zeus from 0.15.14 to 0.16.0 by @dependabot in #1172
• Bump rubocop from 1.57.0 to 1.57.1 by @dependabot in #1179
• Bump acts-as-taggable-on from 9.0.1 to 10.0.0 by @dependabot in #1178
• Bump capistrano from 3.17.3 to 3.18.0 by @dependabot in #1180
• Bump thor from 1.2.2 to 1.3.0 by @dependabot in #1182
• Added controller hooks to make it easier to hook plugins into the FFCRM bootup sequence by @steveyken in #1181
• Fix db/demo/field_groups.yml to generate valid entries by @steveyken in #1184
• is_haml? is no longer available. Use ActionView::Base instead by @steveyken in #1185
• Bump haml from 5.2.2 to 6.2.3 by @dependabot in #1186
• Enable FFCRM to export assets when run as an engine by @steveyken in #1193
• Whitelist HashWithIndifferentAccess for field serialization by @steveyken in #1192
• Fix custom field error by @steveyken in #1190
• Schedule emails to deliver asynchronously by @steveyken in #1188
• Replace usage of request.fullpath / request.referrer by @steveyken in #1189
• Bump rubocop from 1.57.1 to 1.57.2 by @dependabot in #1187
• Bump dynamic_form from 1.2.0 to 1.3.0 by @dependabot in #1195
• Bump bootsnap from 1.16.0 to 1.17.0 by @dependabot in #1194
• Bump rubocop from 1.57.2 to 1.58.0 by @dependabot in #1202
• Bump factory_bot_rails from 6.2.0 to 6.4.2 by @dependabot in #1200
• Bump nokogiri from 1.15.4 to 1.15.5 by @dependabot in #1197
• Bump rspec-rails from 6.0.3 to 6.1.0 by @dependabot in #1199
• Adjust rubocop by @CloCkWeRX in #958
• Safer setting check by @ferrisoxide in #1205
• Revert "Replace usage of request.fullpath / request.referrer with object entity approach." by @steveyken in #1203
• Bump rubocop from 1.58.0 to 1.59.0 by @dependabot in #1209
• Bump haml from 6.2.3 to 6.3.0 by @dependabot in #1208
• Bump rspec-activemodel-mocks from 1.1.0 to 1.2.0 by @dependabot in #1207
• Bump github/codeql-action from 2 to 3 by @dependabot in #1210
• Bump brakeman from 6.0.1 to 6.1.1 by @dependabot in #1211
• Bump nokogiri from 1.15.5 to 1.16.0 by @dependabot in #1212
• Bump premailer from 1.21.0 to 1.22.0 by @dependabot in #1213
• Bump factory_bot_rails from 6.4.2 to 6.4.3 by @dependabot in #1215
• Bump dynamic_form from 1.3.0 to 1.3.1 by @dependabot in #1214
• Bump puma from 6.4.0 to 6.4.1 by @dependabot in #1216
• Bump puma from 6.4.1 to 6.4.2 by @dependabot in #1217
• Rails 7 by @romanbsd in #1196
• Bump jquery-ui by @CloCkWeRX in #1219
• Default to Ruby 3.2 by @CloCkWeRX in #1220
• Centralise detection of previous route by @CloCkWeRX in #1222

New Contributors

• @hasandiwan made their first contribution in #1002
• @romanbsd made their first contribution in #1196

Full Changelog: v0.21.0...v0.22.0

v0.21.0

What's Changed

• Bump nokogiri by @CloCkWeRX in #956
• Bump rails by @CloCkWeRX in #957
• Bump puma by @CloCkWeRX in #959
• Rubocop by @CloCkWeRX in #960
• Rails 6.1 by @CloCkWeRX in #954
• Bump by @CloCkWeRX in #963
• Bump by @CloCkWeRX in #964
• Remove globby by @CloCkWeRX in #965
• Update Dockerfile Ruby Version by @doconnor-clintel in #962
• Bump rb-fsevent from 0.11.0 to 0.11.1 by @dependabot in #976
• Bump font-awesome-rails from 4.7.0.7 to 4.7.0.8 by @dependabot in #974
• Bump webdrivers from 4.6.1 to 4.7.0 by @dependabot in #973
• Bump capistrano from 3.16.0 to 3.17.0 by @dependabot in #969
• Bump devise-i18n from 1.10.0 to 1.10.2 by @dependabot in #968
• Bump actions/checkout from 2 to 3 by @dependabot in #966
• Bump ffaker from 2.19.0 to 2.21.0 by @dependabot in #970
• Bump acts-as-taggable-on from 8.1.0 to 9.0.1 by @dependabot in #972
• Bump rainbow from 3.0.0 to 3.1.1 by @dependabot in #967
• Bump brakeman from 5.1.1 to 5.2.2 by @dependabot in #979
• Bump ransack from 2.4.2 to 2.6.0 by @dependabot in #977
• Bump capybara from 3.35.3 to 3.36.0 by @dependabot in #980
• Bump rails-i18n from 6.0.0 to 7.0.3 by @dependabot in #978
• Bump rspec-rails from 5.0.2 to 5.1.2 by @dependabot in #981
• Bump capistrano-rails from 1.6.1 to 1.6.2 by @dependabot in #983
• Bump github/codeql-action from 1 to 2 by @dependabot in #986
• Bump rubocop from 1.22.1 to 1.28.2 by @dependabot in #989
• Bump timecop from 0.9.4 to 0.9.5 by @dependabot in #984
• Bump bootsnap from 1.9.1 to 1.11.1 by @dependabot in #988
• Bump devise from 4.8.0 to 4.8.1 by @dependabot in #987
• Bump selenium-webdriver from 3.142.7 to 4.1.0 by @dependabot in #982
• Bump rails by @CloCkWeRX in #992
• Bump bootsnap from 1.11.1 to 1.12.0 by @dependabot in #995
• Bump capistrano-bundler from 2.0.1 to 2.1.0 by @dependabot in #994
• Bump rack from 2.2.3 to 2.2.3.1 by @dependabot in #996
• Bump sqlite3 from 1.4.2 to 1.4.4 by @dependabot in #998
• Bump cancancan from 3.3.0 to 3.4.0 by @dependabot in #1000
• Bump rails-html-sanitizer from 1.4.2 to 1.4.3 by @dependabot in #1001
• Bump capistrano from 3.17.0 to 3.17.1 by @dependabot in #1004
• Bump rb-fsevent from 0.11.1 to 0.11.2 by @dependabot in #1006
• Bump puma from 5.6.4 to 5.6.5 by @dependabot in #1005
• Bump mini_racer by @CloCkWeRX in #1014
• Swap to sassc-rails by @CloCkWeRX in #1013
• Bump country_select from 6.0.0 to 7.0.0 by @dependabot in #985
• Improve actions by @CloCkWeRX in #1015
• Fixed issue with ActiveStorage missing storage.yml in production mode. by @steveyken in #1019
• Bump nokogiri from 1.13.8 to 1.13.10 by @dependabot in #1020
• Bump brakeman from 5.2.2 to 5.4.0 by @dependabot in #1022
• Bump bootsnap from 1.12.0 to 1.15.0 by @dependabot in #1029
• Bump webdrivers from 4.7.0 to 5.2.0 by @dependabot in #1021
• Bump rails-i18n from 7.0.3 to 7.0.6 by @dependabot in #1028
• Bump rubocop from 1.28.2 to 1.40.0 by @dependabot in #1025
• Bump timecop from 0.9.5 to 0.9.6 by @dependabot in #1034
• Bump capybara from 3.36.0 to 3.38.0 by @dependabot in #1033
• Bump premailer from 1.15.0 to 1.18.0 by @dependabot in #1023
• Bump rspec-rails from 5.1.2 to 6.0.1 by @dependabot in #1026
• Bump selenium-webdriver from 4.1.0 to 4.7.1 by @dependabot in #1032
• Bump pg from 1.2.3 to 1.4.5 by @dependabot in #1031
• Bump rails-html-sanitizer from 1.4.3 to 1.4.4 by @dependabot in #1036
• Bump loofah from 2.19.0 to 2.19.1 by @dependabot in #1035
• Bump rubocop from 1.40.0 to 1.41.0 by @dependabot in #1038
• Bump puma from 5.6.5 to 6.0.1 by @dependabot in #1037
• Bump rubocop from 1.41.0 to 1.42.0 by @dependabot in #1042
• Bump puma from 6.0.1 to 6.0.2 by @dependabot in #1041
• Bump country_select from 8.0.0 to 8.0.1 by @dependabot in #1043
• Bump rack from 2.2.4 to 2.2.6.2 by @dependabot in #1046
• Bump rubocop from 1.42.0 to 1.43.0 by @dependabot in #1044
• Bump globalid from 1.0.0 to 1.0.1 by @dependabot in #1047
• Bump nokogiri from 1.13.10 to 1.14.0 by @dependabot in #1045
• Bump selenium-webdriver from 4.7.1 to 4.8.0 by @dependabot in #1049
• Bump rubocop from 1.43.0 to 1.44.0 by @dependabot in #1050
• Bump premailer from 1.18.0 to 1.19.0 by @dependabot in #1051
• Bump rubocop from 1.44.0 to 1.44.1 by @dependabot in #1053
• Bump bootsnap from 1.15.0 to 1.16.0 by @dependabot in #1052
• Bump simple_form from 5.1.0 to 5.2.0 by @dependabot in #1055
• Bump nokogiri from 1.14.0 to 1.14.1 by @dependabot in #1056
• Bump acts_as_list from 1.0.4 to 1.1.0 by @dependabot in #1057
• Bump responders from 3.0.1 to 3.1.0 by @dependabot in #1058
• Bump rubocop from 1.44.1 to 1.45.1 by @dependabot in #1060
• Bump puma from 6.0.2 to 6.1.0 by @dependabot in #1061
• Bump nokogiri from 1.14.1 to 1.14.2 by @dependabot in #1062
• Bump devise-i18n from 1.10.2 to 1.10.3 by @dependabot in #1063
• Bump devise from 4.8.1 to 4.9.0 by @dependabot in #1066
• Bump brakeman from 5.4.0 to 5.4.1 by @dependabot in #1069
• Bump capistrano from 3.17.1 to 3.17.2 by @dependabot in #1068
• Bump devise-i18n from 1.10.3 to 1.11.0 by @dependabot in #1067
• Bump pg from 1.4.5 to 1.4.6 by @dependabot in #1071
• Bump rubocop from 1.45.1 to 1.47.0 by @dependabot in #1073
• Bump puma from 6.1.0 to 6.1.1 by @dependabot in #1072
• Bump rack from 2.2.6.2 to 2.2.6.3 by @dependabot in #1076
• Bump cancancan from 3.4.0 to 3.5.0 by @dependabot in #1074
• Bump rubocop from 1.47.0 to 1.48.0 by @dependabot in #1075
• Bump premailer from 1.19.0 to 1.20.0 by @dependabot in #1077
• Bump selenium-webdriver from 4.8.0 to 4.8.1 by @dependabot in #1065
• Bump database_cleaner from 2....

v0.20.1

Addresses CVE-2022-39281 - Remote Denial of Service via Tasks endpoint

See GHSA-p75c-5x3h-cxcg for more details

v0.20.0

• Rails 6.0 support
• A minimalistic but functional responsive layout, for use on mobile
• Bootstrap 5.0.0
• Visual improvements to UI
• Changes to color customisation - this is no longer done via configuration (settings.yml), but by CSS.
• #905 Swap from Marshal.load. Be sure to run bundle exec rake ffcrm:preference_update to migrate your users from old to new format

v0.19.2

CVE-2021-22885

v0.19.1

Minor gem updates

Wed Apr 04, 2021 (0.19.1)

Minor gem updates

Wed Apr 04, 2021 (0.19.0)

Important changes

Fixed XSS flaw in tags_helper

Credit Antonin Steinhauser (asteinhauser) for discovery and responsible disclosure.

Devise replaces Authlogic for user authentication

Ticket #742 replaces Authlogic with the latest Devise (4.3.0) which has wider adoption.
This change requires a database migration on the User model. Please note:

• Most User fields are renamed and can hence be rolled back. Existing Authlogic passwords will continue to work.
• Users will be forced logged out. Existing user sessions will not be kept and the fields persistence_token, single_access_token, perishable_token will be dropped from the database.
• Though the migration is generally safe we recommend to make a backup of your database before migrating.

Existing OAuth broken

The Devise change will break any OAuth login plugins which depend on Authlogic.
You can configure OAuth for Devise using the guides here.

Login and user-related routes changed

The login URL routes have been changed to use the defaults of Devise.

User mailers changed

Mailers related to user password reset, etc. are changed to use the defaults of Devise.

PaperClip version updated from 5.2.1 to 6.0.0

PaperClip now only depends on aws-sdk-s3 instead of aws-sdk. For more info see thoughtbot/paperclip#2481.
Replace the Cocaine gem with Terrapin. https://github.com/thoughtbot/terrapin/ Apart from the namespace change, this is a drop in replacement.

Rails 5.2

The underlying framework is now rails 5.2.*

Ruby 2.4 deprecated

Ruby 2.4 has reached end of life and is no longer activity tested against.

Other changes

• #794 Fix defect with unpermitted params in advanced search
• 2bc6184 Remove broken support for delete links on arrays.
• #851 upgrade paper_trail
• Security fixes CVE-2019-16109, CVE-2019-16676, CVE-2019-5477, CVE-2019-16892
• Dependency updates
• Simple Form upgrades to use HTML5 and browser validations by default

v0.18.1

Fixed XSS flaw in tags_helper

Credit Antonin Steinhauser (steinhause) for discovery and responsible disclosure.

v0.17.3

Fixed XSS flaw in tags_helper

Credit Antonin Steinhauser (steinhause) for discovery and responsible disclosure.

v0.16.4

Fixed XSS flaw in tags_helper

Credit Antonin Steinhauser (steinhause) for discovery and responsible disclosure.