Grav CMS - Package Updates
-
[1.8.1]
- checklist added to manifest
-
[1.8.2]
- Update grav to 1.7.49
- Full Changelog
- Rerelease to include all updated plugins/theme etc.
-
[1.8.3]
- Update grav to 1.7.49.3
- Full Changelog
- Fixed an error in ZipArchive that was causing issues on some systems
- Fixed namespace change for
Cron\Expression - Removed broken cron install field... use 'instructions' instead
- Fixed duplicate jobs listing in some CLI commands
- Fix translation of key for image adapter #3944
- Rerelease to include all updated plugins/theme etc.
-
[1.8.4]
- Update grav to 1.7.49.4
- Full Changelog
- Fixed cron force running jobs every minute! #3951
-
[1.8.5]
- Update grav to 1.7.49.5
- Full Changelog
- Backup not honoring ignored paths #3952
-
[1.8.6]
- Update grav to 1.7.50
- Full Changelog
- Added new Safe Core Upgrade process with snapshots for backup and restore, better preflight and postflight checks, as well as exception checking post-install for easy rollback.
- Introduced recovery mode with token-gated UI, plugin quarantine, and CLI rollback support.
- Added
bin/gpm preflightcompatibility scanner andbin/gpm rollbackutility. - Added
wordCountTwig filter #3957
-
[1.8.7]
- Update grav to 1.7.50.1
- Full Changelog
- Fix for broken
GRAV_ROOT
-
[1.8.8]
- Update grav to 1.7.50.2
- Full Changelog
- Fix for
SafeUpgradeService::getLastManifest()fatal error on upgrade #3966
-
[1.8.9]
- Update grav to 1.7.50.3
- Full Changelog
- Restored
user/config/system.yamlto 1.7 branch version (testing mode off)
-
[1.8.10]
- Update grav to 1.7.50.4
- Full Changelog
- More fixes and improvements for safe-uprade process
-
[1.8.11]
- Update grav to 1.7.50.7
- Full Changelog
- Exclude dev files from exports
- Remove dev file in clean command
- Ignore .github and .phan folders during self-upgrade
- Fixed path check in self-upgrade
- Fixed an issue where non-upgradable root-level folders were snapshotted
- Added new
bin/gpm preflightcommand - Added
--safeand--legacyoverrides forbin/gpm self-upgradecommand - Improved JS assets pipeline handling to support different loading strategies
- More safe-upgrade fixes around safe guarding
/user/and maintaining permissions better - Fixed a regex issue that corrupted safe-upgrade output
-
[1.8.12]
- Update grav to 1.7.50.8
- Full Changelog
- Removed over zealous safety checks
- Removed .gitattributes which was causing some unintended issues
-
[1.8.13]
- Update grav to 1.7.50.9
- Full Changelog
- Better error warnings regarding upgrading from 1.7 -> 1.7 vs 1.7 -> 1.8
- Fix for update-provided
Install.phpnot used if local version called first - Fix class loading error when trying to use
bin/gpm self-upgrade --safe
-
[1.9.0]
- Update grav to 1.8.0-beta.25
- Full Changelog
- Use
dev-masterbranch of Clockwork to support Monolog2 / Monolog3 AVIFimage support via updates togetgrav/Imagelibrary- Upgraded to Doctrine Collection 2.2
- Fixes for PHP 8.4 - Implicitly nullable parameter declarations deprecated
- Added back Missing
RocketTheme\Toolbox\Event\EventSubscriberInterfacefor Gantry5 - Various fixes to use
$log->debug(),$log->info(),$log->warning()and$log->error()For Monolog2 support - Fixed a PHP compatibility issue with
AbstractLazyCollection - Deferred Extension support in Forked version of Twig 3
- Added separate
strict_mode.twig2_compatandstrict_mode.twig3_compattoggles to manage auto-escape behaviour and automatic Twig 3 compatible template rewrites - Fix for cache blowing up when upgrading from 1.7 to 1.8 via CLI
-
IMPORTANT Packages starting 1.8.6 to 1.9.0 have been revoked.
1.8.6 - 1.8.13 - Upstream has removed all 1.7.50.x packages. See https://discourse.getgrav.org/t/upgrade-to-grav-v1-7-50-9-not-working/29222/4
1.9.0 - had incorrect beta version update
-
P Package Updates locked this topic on
-
[1.9.1]
- Update grav to 1.7.52
- Full Changelog
- GPM client now sends the running PHP version with index requests so the server can substitute PHP-aware compat fallbacks when a plugin's latest release requires a newer PHP than the client can run.
- [security] Extended default
uploads_dangerous_extensionsto includemd,yaml,yml,json,twig,inipage-content extensions that can be weaponised via permissive form-uploadacceptpolicies (GHSA-w4rc-p66m-x6qq, defense-in-depth alongside the Form 9.1.0 plugin fix). - Added foundation for migrating to Grav 2.0: cross-major auto-upgrades are blocked in GPM, and core now surfaces a
next_majorhint so admin can point users at the newmigrate-gravplugin - Added
compatibility:blueprint support so plugins/themes can declare which Grav versions they support - Added self-upgrade preflight that flags incompatible plugins/themes and
psr/log/ Monolog conflicts before proceeding - Added upgrade resilience with automatic maintenance mode and opcache reset during self-upgrade
- Added new
cache-cleanupCLI command to prune obsolete cache entries - Added new
onFlexDirectoryConfigBeforeSaveevent for Flex - More readable time output in
bin/grav logviewer#4009 - Fixed
selectizefield losing values when keyed options were used
-
[1.9.2]
- Update grav to 1.7.53
- Full Changelog
- [security] Direct web access to the
user/accounts,user/config,user/dataanduser/envfolders is now blocked outright in every bundled webserver config, closing a hole where files such as certificates, tokens and databases stored underuser/datawith an unlisted extension could be downloaded directly. - [security] A backup deny-all
.htaccessnow ships insideuser/accounts,user/configanduser/dataso Apache installs stay protected even when the site root.htaccesshas been customised or is out of date. - [security] The upgrade postflight now patches an existing stock root
.htaccessto add the folder block automatically, so installs that updated from an earlier version are protected without editing the file by hand. - [security] URL query image transforms (such as
image.jpg?resize=) are now turned off by default and, when enabled, refuse oversized dimensions above a configurable pixel limit, closing an unauthenticated denial of service where huge resize values could exhaust server memory.
-
[1.10.0]
- Update grav to 2.0.0
- Full Changelog
-
[1.10.1]
- configure reverse proxy and custom base url
-
[1.10.2]
- Update grav to 2.0.1
- Full Changelog
- [security] ZIP archives extracted through the internal ZipArchiver are now rejected when their contents exceed safe limits on total uncompressed size, file count, or folder nesting depth, closing a second extraction path with the same decompression-bomb risk that was fixed for Direct Install (GHSA-928x-9mpw-8h56).
- [security] Editor-authored Twig in page content now has its rendered output re-checked for XSS, closing a bypass where a payload assembled at render time (such as
{{ "on" ~ "error" }}) passed the source validator and then emitted live markup (GHSA-2c4f-86xc-cr74). - A page marked Visible in the admin no longer vanishes from navigation after saving, because a blank visibility setting now falls back to its normal default instead of being read as hidden. Fixes getgrav/grav#4153.
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login