CraftCMS v3.1.7 Release Notes
Release Date: 2019-01-31 // over 5 years ago-
➕ Added
- ➕ Added all the things that came in Craft 3.0.40.
- ➕ Added
craft\helpers\FileHelper::canTrustMimeType()
. - ➕ Added
craft\web\UploadedFile::getMimeType()
.
🔄 Changed
- The “Port” SMTP mail transport setting can now be set to an environment variable. (#3740)
- 0️⃣
craft\web\Controller::requireAdmin()
now has a$requireAdminChanges
argument, which dictates whether theallowAdminChanges
config setting must also be enabled (true
by default). - 🔀 The
project-config/sync
console command now creates aproject.yaml
file, if it’s missing. (#3736) - Querying for active users no longer excludes locked users.
craft\helpers\FileHelper::getMimeType()
now returnsapplication/x-yaml
for.yaml
and.yml
files.- ⚡️ Updated Craft UI to 0.2.0.
🛠 Fixed
- 🛠 Fixed an error that occurred when updating to Craft 3.1 if a plugin or module was calling
craft\records\User::find()
. - 🛠 Fixed a bug where cross-domain Live Preview requests could fail due to CORS restrictions.
- 🛠 Fixed a 403 error that would occur when an admin attempted to log in as another user on an environment where the
allowAdminChanges
config setting was disabled. (#3749) - 🛠 Fixed a bug where asset index toolbar items would be misaligned when searching in a volume or folder with subfolders.
- 🛠 Fixed a bug where asset indexes could show multiple view mode toggles if a different volume or subfolder was selected while at least one asset was checked. (#3702)
- 🛠 Fixed a bug where Plugin Store screenshots were not showing properly. (#3709)
- 🛠 Fixed a bug where zoomed Plugin Store screenshots would not close when hitting the browser’s Back button. (#3754)
- 🛠 Fixed a bug where the Plugin Store was not working properly when Dev Mode was enabled.
🔒 Security
- 👉 User accounts are now locked after multiple failed password attempts in current-password modals, per the
maxInvalidLogins
config setting. - 👉 Users are no longer signed out of active sessions when their account becomes locked.
- ⏪ Database backup/restore exception messages now redact the database password when using PostgreSQL.