4.4.7

• Improved the control panel styling when the Debug Toolbar is enabled.
• The image transformer now verifies that transforms don’t exist if the index record is missing, before queuing up the transform generation, for local filesystems. (#13052)
• Added the --propagate-to and --set-enabled-for-site options to the resave/entries command.
• Craft’s bootstrap script now defines a CRAFT_ENVIRONMENT environment variable, as a safety measure for plugins that may be checking for it rather than Craft::$app->env.
• Added craft\helpers\ElementHelper::siteStatusesForElement().
• craft\elements\Asset::EVENT_BEFORE_DEFINE_URL now sends a craft\events\DefineAssetUrlEvent object, rather than craft\events\DefineUrlEvent. (#13018)
• craft\web\View::renderObjectTemplate() now trims the returned template output.
• Fixed a bug where users were “View other users’ drafts” section permissions weren’t being enforced for unpublished drafts.
• Fixed a bug where Matrix fields weren’t counting disabled blocks when enforcing their Min Blocks settings. (#13059)
• Fixed a bug where volume folder modals’ sidebars and content were being cut off. (#13074)
• Fixed a bug where element editors were showing provisional changes, even if the user didn’t have permission to save them.
• Fixed a bug where the control panel could be inaccessible if a mutex lock couldn’t be acquired for the queue. (#13052)
• Fixed a bug where it wasn’t possible to update a Matrix block on a revision without a new block ID being assigned. (#13064)
• Fixed a JavaScript error that could occur on field layout designers, if any tabs didn’t have any elements. (#13062)
• Fixed a bug where selecting an image with a transform within an asset selector modal wasn’t ever resolving.
• Fixed a PHP error that could occur if there was a problem sending a password-reset email. (#13070)
• Fixed a bug where users’ User Groups and Permissions settings were getting cleared in the UI when sending an activation email, if the email failed to send. (#13061)
• Fixed XSS vulnerabilities.
• Updated yii2-debug to 2.1.22. (#13058)

3.8.7

• Improved the control panel styling when the Debug Toolbar is enabled.
• Boolean config settings that are set to the strings 'true', 'false', or 'null' are now converted to true, false, and null. (#13063)
• craft\web\View::renderObjectTemplate() now trims the returned template output.
• Fixed a bug where the Entries index page was listing unpublished drafts created by other users, even if the current user didn’t have permission to edit them.
• Fixed a bug where Matrix fields weren’t counting disabled blocks when enforcing their Min Blocks settings. (#13059)
• Fixed a bug where volume folder modals’ sidebars and content were being cut off. (#13074)

4.4.6

• Content tab menus now reveal when a tab contains validation errors, and invalid tabs’ menu options get the same warning icon treatment as inline tabs do. (#12971)
• Selectize menus now expand upwards when there’s not ample space below them. (#12976)
• Element index bulk action spinners are now centered on the viewport. (#12972)
• All control panel errors are new presented via error notifications rather than browser alerts. (#13024)
• The up command now sets its default --isolated option value to true, and no longer creates a redundant mutex lock.
• Added craft\base\Element::EVENT_BEFORE_DEFINE_URL. (#13018)
• Added craft\utilities\AssetIndexes::volumes().
• craft\controllers\AssetIndexesController::actionStartIndexing() now cross-references the selected volumes with those allowed by craft\utilities\AssetIndexes::EVENT_LIST_VOLUMES event handlers. (#13039, #12819)
• Fixed a bug where Assets fields weren’t respecting their View Mode setting when viewing entry revisions. (#12948)
• Fixed a bug where asset pagination was broken when there was more than 100 subfolders. (#12969)
• Fixed a bug where entry index pages’ “Revision Notes” and “Last Edited By” columns weren’t getting populated for disabled entries. (#12981)
• Fixed a bug where assets were getting relocated to the root volume folder when renamed. (#12995)
• Fixed a bug where it wasn’t possible to preview entries on another domain when the system was offline. (#12979)
• Fixed a bug where users were able to access volumes they didn’t have permission to view via Assets fields. (#13006)
• Fixed a bug where zero-width spaces, invisible plus signs, and byte order marks weren’t getting stripped from sanitized asset filenames. (#13022)
• Fixed a bug where the Plugin Store wasn’t accurately reporting installed plugins’ license statuses. (#12986)
• Fixed a bug where the Plugin Store wasn’t handling 403 API responses for cart operations properly, once a cart had been handed off to Craft Console and assigned to an organization. (#12916)
• Fixed a bug where craft\helpers\FileHelper::absolutePath() wasn’t treating Windows file paths beginning drive letters as absolute. (craftcms/generator#16)
• Fixed a bug where it wasn’t possible to sort Categories fields with “Maintain hierarchy” disabled. (#10560)
• Fixed a bug where selectize inputs didn’t have a minimum width. (#12950)
• Fixed a bug where the wrong tab would appear to be initially selected after an autosave, if the selected tab had changed during the autosave. (#12960)
• Fixed a bug where it wasn’t possible to add a Dropdown field without a blank option to a global set. (#12965)
• Fixed a bug where automatically-added Matrix blocks (per the field’s Min Blocks setting) were getting discarded if no changes were made to them. (#12973)
• Fixed an error that could occur when installing Craft with an existing project config, if any image transforms were defined that didn’t specify the upscale property.
• Fixed a bug where nested folders in asset search results weren’t showing their relative path.
• Fixed a bug where admin tables’ default delete icon title text wasn’t getting translated. (#13030)
• Fixed a bug where it was possible to save a Local filesystem pointed at a system directory (e.g. the templates/ or vendor/ folders), which mitigates a potential RCE vulnerability.
• Fixed XSS vulnerabilities.