Skip to content

6.5.0

Choose a tag to compare

View all tags
@0x46616c6b 0x46616c6b released this 18 Mar 14:48
· 54 commits to main since this release
6.5.0
fc3417d
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Features and Improvements

  • πŸ—ƒοΈ Wrap registration flow in database transaction (#1201)
  • 🐳 Switch to Alpine + Caddy, separate Node/PHP build stages (#1192)
  • ✨ Scope dashboard statistics for domain admins (#1181)
  • ✨ Link OpenPGP keys dashboard tile and enable domain admin access (#1170)
  • ✨ Restructure admin area for multi-role access with dashboard (#1169)
  • ✨ Add OpenPGP keys settings page (#1167)
  • πŸ”₯ Remove Sonata Admin Bundle and rename settings to admin (#1166)
  • ✨ Add native User Admin under /settings/users/ (#1165)
  • ✨ Allow OpenPgpKey uploads to WKD for aliases (#1117)

Security

  • πŸ”’ Invalidate session on logout (#1200)
  • πŸ”’ Switch CI from pull_request_target to pull_request (#1189)
  • πŸ”’οΈ Add missing password validation constraints to RecoveryResetPassword (#1184)
  • πŸ”’ Extend DomainVoter for aliases and harden AliasController for domain admins (#1179)
  • πŸ”’ Fix serialize-javascript vulnerability (Dependabot #79) (#1177)
  • πŸ”’ Add domain authorization for user creation (#1176)
  • πŸ”’ Prevent domain admin privilege escalation to full admin (#1173)

Technical Changes

  • 🐳 Move Dovecot/Roundcube to mail profile and fix rootless Podman (#1198)
  • πŸ”‡ Suppress Psalm InvalidAttribute false positives (#1196)
  • ♻️ Use Symfony's HTML Sanitizer for safe_html twig filter (#1186)
  • βͺ Revert serialize-javascript vulnerability fix (#1177) (#1182)
  • πŸ§ͺ Add comprehensive domain admin access control Behat tests (#1180)
  • πŸ“ Add hierarchical AGENTS.md knowledge base (#1174)
  • ♻️ Refactor GpgKeyImporter into GpgKeyParser, introduce GpgKeyResult DTO, and remove dead code (#1172)
  • ♻️ Replace standalone delete pages with password-confirmation modal dialogs (#1164)
  • ♻️ Generalize confirm modal and replace inline JS with Stimulus controller (#1163)
  • ♻️ Remove redundant max-width constraints from page templates (#1162)
  • ♻️ Replace window.confirm() with accessible modal dialogs for delete confirmations (#1161)
  • βœ… Add JavaScript testing support to Behat via Symfony Panther (#1160)
  • βœ… Add unit tests for all remaining Stimulus controllers (#1158)
  • πŸ’š Fix SonarCloud PR decoration with pull_request_target (#1157)
  • βœ… Add Vitest unit tests for Stimulus controllers and sanitize utility (#1156)
  • 🎨 Widen page layout to max-w-7xl and remove redundant width wrappers (#1151)
  • ⬆️ Update composer dependencies (#1193, #1153)
  • ⬆️ Update npm dependencies (#1197, #1178, #1175, #1154)
  • ⬆️ Update GitHub Actions dependencies (#1195, #1155)

Bug Fixes

  • πŸ› Catch EntityNotFoundException in Admin\AliasController (#1188)
  • πŸ› Validate csrf token in MaintenanceController::run (#1185)
  • πŸ› Fix SonarCloud reliability issues in JS/TS controllers (#1159)
Assets 10
Loading