6.3.5 Maintenance Release

[BUGFIX] Notification email to admin is also sent when adding recipient's address to flex form only
[BUGFIX] v5 backport: Notification mail to admin shows changes

6.3.4 Security Update

!!! Breaking change in fluid template for the invitation controller
!!! Security Update please update as soon as possible

• thx to Max Schäfer & Dennis Schober-Wenger for reporting

Upgrade Instruction:

Invitation Template

If you are using customized templates for the invitation function, please check the Resources/Private/Templates/Invitation/Edit.html

You need to add

<f:form.hidden name="hash" value="{hash}"/>

in order,that the function is working.

5.5.3 Security Update

!!! Breaking change in fluid template for the invitation controller (please read the upgrade instruction)
!!! Security Update please update as soon as possible

thx to Max Schäfer & Dennis Schober-Wenger for reporting

7.1 Feauture and Security Release

• [FEATURE] Add support for PHP 8 and 8.1 - thx to Stefan Busemann, Bastien Lutz, Mathias Bolt Lesniak, Thomas Löffler, Johannes Seipelt
• [BUGFIX] Re-fetch session from database to update 'userSession' property of TSFE. Thx to Thomas Off thomas.off@retiolum.de
• [BUGFIX] Add hash check for inivtation action - thx to Max Schäfer & Dennis Schober-Wenger
• [REFACTOR] Remove deprecated code and introduce rector - thx to Thomas Löffler

Upgrade Instruction:

If you are using customized templates for the invitation function, please check the Resources/Private/Templates/Invitation/Edit.html

You need to add

<f:form.hidden name="hash" value="{hash}"/>
in order,that the function is working.

6.3.3 Security Release

• [BUGFIX] (!!!) Security Fix - Broken Access Control in Usergroup Validation (Andreas Nedbal - in2code) - thx to TYPO3 Security Team
• [BUGFIX] CleanUserGroup DataProcessor - thx to Daniel Hoffmann (in2code)

5.5.2 Security Update

[BUGFIX] (!!!) Security Fix - Broken Access Control in Usergroup Validation (Andreas Nedbal - in2code) - thx to TYPO3 Security Team

7.0.1 Security Release

• [BUGFIX] (!!!) Security Fix - Broken Access Control in Usergroup Validation (Andreas Nedbal - in2code) - thx to TYPO3 Security Team
• [BUGFIX] login after registration (Re-fetch session from database to update 'userSession' property of TSFE) - thx to Thomas Off
• [BUGFIX] CleanUserGroup DataProcessor - thx to Daniel Hoffmann (in2code)

2.7.0 Security Release

You will find here security backports for TYPO3 7.6 LTS. If you use TYPO3 8 or 9 please use version 5.x

Upgrade

Due to changes in some templates, you need to adjust your templates, if you use your own ones.

1. Added element id for new / edit / invitation templates: If you use your own HTML templates of new/edit/invitation-templates you should compare them with the one from EXT:femanager. There is a new additional attribute inside the form viewhelper: data-femanager-plugin, which contains the content element id.
2. If you use a modified version of the Validation.js, there are also changes: plugin and action parameter is send to
   the eID-Script now
3. The edit template has to be adjusted, as there is a new parameter 'token' is introduced. (see example below)

Example

Please update these partials:

:file:/Partials/Misc/DeleteLink.html

The argument token was introduced :html:(token:token)

old template code

	<f:link.action
		action="delete"
		arguments="{user:user}"
		class="btn btn-warning btn-large"
		additionalAttributes="{data-confirm:'{f:translate(key:\'UserDeleteConfirmation\')}'}">
		<i class="icon-trash icon-white"></i>
		<f:translate key="deleteProfile" />
	</f:link.action>

new template code:

	<f:link.action
		action="delete"
		arguments="{user:user, token:token}"
		class="btn btn-warning btn-large"
		additionalAttributes="{data-confirm:'{f:translate(key:\'UserDeleteConfirmation\')}'}">
		<i class="icon-trash icon-white"></i>
		<f:translate key="deleteProfile" />
	</f:link.action>

:file:/Templates/Edit/Edit.html

You need to add: :html:<f:form.hidden name="token" value="{token}" /> between the form tag.

Example:

	<f:form
		name="user"
		object="{user}"
		action="update"
		enctype="multipart/form-data"
		additionalAttributes="{data-femanager-plugin:data.uid}"
		class="form-horizontal {f:if(condition:'{settings.edit.validation._enable.client}',then:'feManagerValidation',else:'')}">
	<fieldset>
		<legend>
			<f:translate key="titleUpdateProfile" />
		</legend>

		<f:form.hidden name="token" value="{token}" />

		more stuff here in the template file…

	</f:form>

6.3.2 Maintenance Release

  * [TASK] Add setter to allow modification of email object inside event listeners - thx to https://github.com/mediaessenz
  * [TASK] Refactor forceValues to FrontendUtility and add a test - thx to https://github.com/ute-arbeit
  * [TASK] Remove TCA configuration showRecordFieldList - thx to https://github.com/Patta
  * [BUGFIX] Make forceValues work for field names with underscores  - thx to https://github.com/ute-arbeit
  * [BUGFIX] Allow frontend user login via EXT:femanager - thx to https://github.com/webian
  * [BUGFIX] repairs confirmation view due to missing state column - thx to in2code / Bastien Lutz
  * [BUGFIX] refusing users from the admin confirmation backend list - Thx to https://github.com/fwg
  * [BUGFIX] correct v10 Extbase persistence config - thx to jonaseberle
  * [BUGFIX] add missing field mapping for custom properties for TYPO3v10+ - thx to jonaseberle
  * [BUGFIX] embedded images in emails - thx to https://github.com/fwg
  * [BUGFIX] Email subject for sendCreateUserConfirmationMail - thx to Pixelant

6.3.1 Security Release

• [BUGFIX] Security: Disallow SVG as Filetype
• [DOCS] added security notes for detail / show view (see: https://docs.typo3.org/p/in2code/femanager/6.3/en-us/Features/ShowListUsers/Index.html)