v0.15.2

Fixed XSS flaw in tags_helper

Credit Antonin Steinhauser (steinhause) for discovery and responsible disclosure.

v0.14.2

Fixed XSS flaw in tags_helper

Credit Antonin Steinhauser (steinhause) for discovery and responsible disclosure.

v0.18.0

Important changes

Mininium ruby version

#665 Support for Ruby 2.3 has been dropped, with test coverage for 2.4 and 2.5 enabled.

Swap to FactoryBot

If you consume fat free crm as an engine and re-use any factories, you'll need to upgrade to FactoryBot.

Removed methods

Lead.update_with_permissions is removed, use user_ids and group_ids inside attributes instead and call lead.update_with_account_and_lead_counters
FatFreeCRM::Permissions.save_with_permissions is removed, use user_ids and group_ids inside attributes and call save
FatFreeCRM::Permissions.update_with_permissions is removed, use user_ids and group_ids inside attributes and call update_attributes

Other changes

• CVE-2018-8048 (loofah gem)
• CVE-2018-3741 (rails-html-sanitizer gem)
• #768 Fix comment creation on entities
• #762 #764 Fix bug in select menu
• #759 Improve zero revenue display
• #753 Opportunities sort by weighted amount
• #749 Fix unsafe reflection and mass assignment

v0.17.2

CVE-2017-0889
#724 Fixes #589 Autocomplete regression
#723 Fixes #687 Passing string to define a callback is not supported.

v0.16.3

CVE-2017-0889

v0.14.1

Wed Jan 24, 2018 (0.14.1)

• Fix for CVE-2017-0889 (Paperclip)

v0.16.2

Fix #687 Passing string to define a callback is not supported.

v0.17.1

#709 Revert accidental minimum ruby version 2.4 changes (#665)

v0.17.0

Important changes

Select2 for select boxes

This release replaces Chozen with Select2 consistently across the app.
This may break plugins which rely on Chozen. To fix any issues please
migrate to Select2 or add Chozen to your plugins.

Counter caches

To improve performance, a number of counter caches have been added.

Users with large amounts of records may find certain database migrations taking a large amount of time, as each record is cached upfront.

Minimum ruby version is now Ruby 2.3

See #647 #654 Adopt min ruby version of 2.3.0 and apply safe navigiation rubocop rules

Other changes

• #691 Wording
• #688 Preparation for Devise
• #686 Bundle update
• #683 Rubocop: Refactoring
• #680 Alternative build setup
• #682 Rubocop: Hashrockets
• #693 Update Japanese translations
• #697 Minor security improvements
• #703 #696 Replace Chozen with select2
• #678 Find an account by name when name is in params (fixes #397)
• #673 Improve JS escaping
• #671 Devise Readiness (+ thread-safety): Refactor User.my scope
• #670 Fix #563 invalid default custom field minlength
• #668 Rubocop fixes for xls/rss builder classes
• #667 Rubocop: Autocorrect various assignment-if statements, case statements, etc.
• #666 Various rubocop corrected items
• #661 Bundle Update on 2018-01-06
• #655 Upgrade rubocop
• #647 #654 Adopt min ruby version of 2.3.0 and apply safe navigiation rubocop rules
• #658 Upgrade Bootsnap gem, fixing an issue with windows

v0.16.1

• #653 Fix regression with emails