v4.6.6

Security release : 12 CVE were mitigated, upgrade ASAP!

Full Changelog: v4.6.5...v4.6.6

v4.6.5

Full Changelog: v4.6.4...v4.6.5

v4.6.4

What's Changed

• security fix for CVE-2026-46670 (critical sql injection)
• no more # at the end of urls in dynamic bazar
• experimental admincontent action that uses htmx
• fix api bugs limiting to 20 results
• fix rss and csv url exports
• fix send page as mail problem
• fix(aceditor): make leaflet send HTTP Referer header that is required by OSM tile usage policy by @lilasra in #1334
• Text and textarea input placeholder by @acheype in #1337
• build(deps): bump twig/twig from 3.24.0 to 3.26.0 by @dependabot[bot] in #1338
• build(deps): bump mermaid from 11.14.0 to 11.15.0 by @dependabot[bot] in #1336

New Contributors

• @lilasra made their first contribution in #1334

Full Changelog: v4.6.3...v4.6.4

v4.6.3

What's Changed

• fix regression with introduced activityPub format, that where generating errors for creating and updating Bazar form
• use node version 22 on docker

Full Changelog: v4.6.2...v4.6.3

v4.6.2

What's Changed

bugfix release

• Documentation linting + Docsify v5 rc4 upgrade (for security in deps)
• fix regressions with revisions
• fix regressions with backup before upgrade
• fix regressions with bazar dynamic search
• early alpha ActivityPub compatibility by @srosset81 in #1323

Si vous êtes bloquées sur le version 4.6.1 à cause des sauvegardes avant maj

• faites une sauvegarde manuelle ((s)ftp + dump bdd)
• aller dans roue crantée > Gestion du site
• aller dans l’onglet « Fichier de conf » > accordéon Sécurité
• mettre Faire une sauvegarde avant chaque mise à jour à false
• sauver en bas de page
• faire la maj sans le backup automatique
• une fois que la mise à jour s’est bien passée, retourner dans la Gestion du Site, onglet « Fichier de conf » → accordéon Sécurité pour remettre Faire une sauvegarde avant chaque mise à jour à true

Full Changelog: v4.6.1...v4.6.2

v4.6.1

What's Changed

• chore(deps): bump flatted from 3.3.3 to 3.4.2 by @dependabot[bot] in #1326
• pas de modal sur les tableaux by @nathanaelmartel in #1325
• Potential fix for code scanning alert no. 102: DOM text reinterpreted as HTML by @mrflos in #1328
• Vuejs3 migration by @mrflos in #1327

New Contributors

• @nathanaelmartel made their first contribution in #1325

Full Changelog: v4.6.0...v4.6.1

v4.6.0

see https://yeswiki.net/?ChangeLog

What's Changed

• fix(MetarobotsAction): use meta robots noindex if no page by @J9rem in #1266
• fix(ApiController): remove specific weird code for subtitle properties by @acheype in #1267
• Make filters sorting insensitive to case and accent by @VeveQNV in #1272
• Correct bug not displaying filters for values with special chars like… by @VeveQNV in #1274
• Correct wrong searchfields handling by @VeveQNV in #1278
• add all groups in select list for acl page by @oiseauroch in #1279
• Allows route like /api/forms/1, 2/entries/... by @VeveQNV in #1275
• Affichage conditionnel : Add text and textarea handling + add match r… by @VeveQNV in #1246
• Add multiple form ids support to the rss handler by @VeveQNV in #1276
• Handle relative url while replacing links with iframe by @VeveQNV in #1277
• remove flooding warning in apache log by @VeveQNV in #1284
• Exports buttons integration by @VeveQNV in #1286
• Convert relative URLs contained in entries provided by rss handler to absolute URLs by @VeveQNV in #1287
• chore(deps): bump enshrined/svg-sanitize from 0.16.0 to 0.22.0 by @dependabot[bot] in #1289
• Add custom/tools support by @VeveQNV in #1285
• Use twig version of user-signup-form.tpl.html by @VeveQNV in #1291
• Correct missing type field in ressources by @VeveQNV in #1290
• add Opening hours field by @oiseauroch in #1270
• Refactor search engine final by @VeveQNV in #1293
• Refactor fields format values before save by @VeveQNV in #1295
• corrects table and map-and-table twigs + remove duplicate in index-dy… by @VeveQNV in #1299
• Correct bug wrong variable name vDescriptorCondition by @VeveQNV in #1303
• Add geolocation ACLs by @VeveQNV in #1300
• Correct bugs in canRead and canEdit by @VeveQNV in #1304
• chore(deps): bump js-yaml from 4.1.0 to 4.1.1 by @dependabot[bot] in #1310
• Refactor external bazar list by @VeveQNV in #1311
• chore(deps): bump diff from 4.0.2 to 4.0.4 by @dependabot[bot] in #1314
• chore(deps-dev): bump phpunit/phpunit from 9.6.31 to 9.6.33 by @dependabot[bot] in #1315
• chore(deps): bump symfony/process from 5.4.47 to 5.4.51 by @dependabot[bot] in #1316
• Refactor gelocation model by @VeveQNV in #1317
• chore(deps): bump minimatch from 3.1.2 to 3.1.5 by @dependabot[bot] in #1318
• chore(deps): bump dompurify from 3.3.1 to 3.3.2 by @dependabot[bot] in #1319

Full Changelog: v4.5.5...v4.6.0

v4.5.5

Full Changelog: v4.5.4...v4.5.5

Mise a jour de sécurité, mettez vos YesWikis a jour!
Elle s'assure que les pages essentielles (menu, header, footer) au fonctionnement de YesWiki ne sont éditables que par le groupe des admins.

• migration pour s'assurer que les pages spéciales sont protégées en écriture des bots
• correction d'une erreur de conversion d'entier

v4.5.4

What's Changed

• Fix/security by @mrflos in #1264

Full Changelog: v4.5.3...v4.5.4

v4.5.3

What's Changed

• fix(api): fix api path matching by @sylvainlehmann in #1261
• fix(editgroups): trim post entries + better messages by @mrflos in #1262

Full Changelog: v4.5.2...v4.5.3