4.5.14

• Improved the performance of input namespacing.
• The Licensing Issues alert now includes a “Refresh” button. (#14080)
• relatedToAssets, relatedToCategories, relatedToEntries, relatedToTags, and relatedToUsers are now reserved user field handles. (#14075)
• craft\services\Security::$sensitiveKeywords is no longer case-sensitive. (#14064)
• Fixed a bug where the index-assets/cleanup command accepted --cache-remote-images, --create-missing-assets, and --delete-missing-assets options, even though they didn’t do anything.
• Fixed a bug where automatically-created relations could be lost when a new site was added to an entry. (#14065)
• Fixed a bug where craft\web\Request::getIsPreview() was returning true for requests with expired tokens. (#14066)
• Fixed a bug where asset conflict resolution modals were closing prematurely if there were multiple conflicts. (#14045)
• Fixed a bug where meta fields weren’t showing change indicators.
• Fixed a bug where the index-assets/one command was overly-destructive when run with a subpath and the --delete-missing-assets option. (#14087)
• Fixed a privilege escalation vulnerability.

3.9.10

• Fixed a bug where meta fields weren’t immediately showing change indicators when entries were autosaved.
• Fixed a bug where the index-assets/one command was overly-destructive when run with a subpath and the --delete-missing-assets option. (#14087)
• Fixed a privilege escalation vulnerability.

5.0.0-alpha.3

• Added the tempAssetUploadFs config setting. (#13957)
• Removed the “Temp Uploads Location” asset setting. (#13957)
• Matrix and Addresses fields now remember their view settings between page loads.
• JSON field values in Craft 4 will now get decoded when updating to Craft 5, for fields whose dbType() method returns an associative array or yii\db\Schema::TYPE_JSON. (#14017)
• Element search scores set on craft\events\SearchEvent::$scores by craft\services\Search::EVENT_AFTER_SEARCH or EVENT_BEFORE_SCORE_RESULTS now must be indexed by element ID and site ID (e.g. '100-1').
• craft\elements\NestedElementMananger instances used by custom fields must now be configured with a field key set to the field instance, rather than fieldHandle.
• Deprecated craft\events\SearchEvent::$siteId.
• Fixed a bug where multi-site element queries weren’t scoring elements on a per-site basis. (#13801)
• Fixed an error that could occur when updating to Craft 5. (#14067)
• Fixed a bug where various features weren’t working. (#14062)
• Fixed a bug where Matrix and Addresses fields were overriding each others’ view states. (#13976)
• Fixed an error that could occur when updating to Craft 5, if any Matrix fields hadn’t been saved since before Craft 3.2. (#14061)
• Fixed a bug where globalized Matrix sub-fields could have the same handle as existing global fields, when updating to Craft 5. (#14052)

5.0.0-alpha.2

• Added craft\helpers\Cp::moneyFieldHtml().
• Added craft\helpers\Cp::moneyInputHtml().
• Renamed craft\services\Addresses::saveLayout() to saveFieldLayout().
• craft\base\Field::valueSql() now accepts a $key argument. (#14040)
• craft\base\FieldInterface::getValueSql() now accepts a $key argument. (#14040)
• craft\helpers\Html::id() and Craft.formatInputId() now retain colons and periods, and ensure the string begins with a letter.
• craft\web\View::setNamespace() is no longer strict about namespaces matching HTML id attribute rules. (#13943)
• Fixed a bug where custom fields’ element query params weren’t getting applied for more than one global field with the referenced handle. (#13983)
• Fixed a bug where Date fields with “Show Time Zone” enabled weren’t displaying the correct time.
• Fixed an error that occurred when updating to Craft 5 if there were any soft-deleted entry types. (#14039)
• Fixed an error that occurred when updating to Craft 5 if there were any entry types with duplicate handles. (#14043)

4.5.13

• Address fields now have the appropriate autocomplete values when editing an address that belongs to the current user. (#13938)
• The |markdown and |md filters now accept an encode argument, which can be set to true to HTML-encode the content before parsing it as Markdown.
• Added the pre-encoded Markdown flavor, which can be used when the content has already been HTML-encoded.
• Added craft\elements\Address::getBelongsToCurrentUser().
• Fixed a bug where {% namespace %} tags weren’t respecting namespaces set to 0. (#13943)
• Fixed an error that could occur when using a custom asset uploader. (#14029)
• Fixed an error that could occur when saving an asset using SCENARIO_CREATE, if Asset::$tempFilePath wasn’t set. (#14041)
• Fixed a bug where some HTML entities within Tip and Warning field layout elements colud get double-encoded. (#13959)
• Fixed an infinite recursion bug. (#14033)

5.0.0-alpha.1

Content Management

• Redesigned the global breadcrumb bar to include quick links to other areas of the control panel, page context menus, and action menus. (#13902)
• All elements can now have thumbnails, provided by Assets fields. (#12484, #12706)
• Element indexes and relational fields now have the option to use card views. (#6024)
• Element indexes now support inline editing for some custom field values.
• Element chips and cards now include quick action menus. (#13902)
• Entry edit pages now include quick links to other sections’ index sources.
• Asset edit pages now include quick links to other volumes’ index sources.
• Assets’ Alternative Text fields are now translatable. (#11576)
• Entry conditions can now have a “Matrix field” rule. (#13794)
• Selected elements within relational fields now include a context menu with “View in a new tab”, “Edit”, and “Remove” options.
• Selected elements within relational fields now include a dedicated drag handle.
• Selected assets within Assets fields no longer open the file preview modal when their thumbnail is clicked on. The “Preview file” quick action, or the Shift + Spacebar keyboard shortcut, can be used instead.
• Improved the styling of element chips.
• Improved checkbox-style deselection behavior for control panel items, to account for double-clicks.
• Table views are no longer available for element indexes on mobile.
• Address conditions now have “Address Line 1”, “Address Line 2”, “Administrative Area”, “Country”, “Dependent Locality”, “First Name”, “Full Name”, “Last Name”, “Locality”, “Organization Tax ID”, “Organization”, “Postal Code”, and “Sorting Code” rules.

User Management

• Added two-step verification support, with built-in “Authenticator App” (TOTP) and “Recovery Codes” methods. Additional methods can be provided by plugins.
• Added a “Require Two-Step Verification” system setting, which can be set to “All users”, “Admins”, and individual user groups.
• Added passkey support (authentication via fingerprint or facial recognition).
• User account settings are now split into “Profile”, “Addresses”, and “Permissions” pages, plus “Password & Verification” and “Passkeys” pages when editing one’s own account.
• Users’ “Username”, “Full Name”, “Photo”, and “Email” native fields can now be managed via the user field layout, and now show up alongside custom fields within user slideouts.
• Users with more than 50 addresses will now display them as a paginated element index.
• New users are now created in an unpublished draft state, so adding a user photo, addresses, and permissions can each be done before the user is fully saved.
• The login page now includes a “Sign in with a passkey” button.
• The login modal and elevated session modal have been redesigned to be consistent with the login page.
• User sessions are now treated as elevated immediately after login, per the elevatedSessionDuration config setting.

Accessibility

• Improved source item navigation for screen readers. (#12054)
• Content tab menus are now implemented as disclosure menus. (#12963)
• Element selection modals now show checkboxes for selectable elements.
• Elements within relational fields are no longer focusable at the container level.
• Relational fields now use the proper list semantics.
• Improved the accessibility of the login page, login modal, and elevated session modal.

Administration

• Field layouts can now designate an Assets field as the source for elements’ thumbnails. (#12484, #12706)
• Field layouts can now choose to include previewable fields’ content in element cards. (#12484, #6024)
• Field layouts can now override custom fields’ handles.
• Most custom fields can now be included multiple times within the same field layout. (#8497)
• Entry types are now managed independently of sections.
• Entry types are no longer required to have a Title Format, if the Title field isn’t shown.
• Added the “Addresses” field type. (#11438)
• Matrix fields now manage nested entries, rather than Matrix blocks. During the upgrade, existing Matrix block types will be converted to entry types; their nested fields will be made global; and Matrix blocks will be converted to entries.
• Matrix fields now have “Entry URI Format” and “Template” settings for each site.
• Matrix fields now have a “View Mode” setting, giving admins the choice to display nested entries as cards, inline-editable blocks, or an embedded element index.
• The address field layout is now accessed via Settings → Addresses.
• Volumes now have a “Subpath” setting, and can reuse filesystems so long as the subpaths don’t overlap. (#11044)
• Volumes now have an “Alternative Text Translation Method” setting. (#11576)
• Added support for defining custom locale aliases, via a new localeAliases config setting. (#12705)
• Removed the concept of field groups.
• entrify/* commands now ask if an entry type already exists for the section.
• The resave/entries command now accepts a --field option.
• The up, migrate/up, and migrate/all commands no longer overwrite pending project config YAML changes, if new project config changes were made by migrations.
• Removed the resave/matrix-blocks command.

Development

• Entry type names and handles must now be unique globally, rather than just within a single section. Existing entry type names and handles will be renamed automatically where needed, to ensure uniqueness.
• Assets, categories, entries, and tags now support eager-loading paths prefixed with a field layout provider’s handle (e.g. myEntryType:myField).
• Element queries now have an eagerly param, which can be used to lazily eager-load the resulting elements for all peer elements, when all(), collect(), one(), nth(), or count() is called.
• Element queries now have an inBulkOp param, which limits the results to elements which were involved in a bulk operation. (#14032)
• Address queries now have addressLine1, addressLine2, administrativeArea, countryCode, dependentLocality, firstName, fullName, lastName, locality, organizationTaxId, organization, postalCode, and sortingCode params.
• Entry queries now have field, fieldId, primaryOwner, primaryOwnerId, owner, ownerId, allowOwnerDrafts, and allowOwnerRevisions params.
• Entries’ GraphQL type names are now formatted as <entryTypeHandle>_Entry, and are no longer prefixed with their section’s handle. (That goes for Matrix-nested entries as well.)
• Matrix fields’ GraphQL mutation types now expect nested entries to be defined by an entries field rather than blocks.
• Added the |firstWhere and |flatten Twig filters.
• Removed the craft.matrixBlocks() Twig function. craft.entries() should be used instead.
• Controller actions which require a POST request will now respond with a 405 error code if another request method is used. (#13397)

Extensibility

• Elements now store their content in an elements_sites.content column as JSON, rather than across multiple columns in a content table. (#2009, #4308, #7221, #7750, #12954)
• Slugs are no longer required on elements that don’t have a URI format.
• Element types’ fieldLayouts() and defineFieldLayouts() methods’ $source arguments must now accept null values.
• All element types can now support eager-loading paths prefixed with a field layout provider’s handle (e.g. myEntryType:myField), by implementing craft\base\FieldLayoutProviderInterface on the field layout provider class, and ensuring that defineFieldLayouts() is returning field layouts via their providers.
• All core element query param methods now return static instead of self. (#11868)
• Migrations that modify the project config no longer need to worry about whether the same changes were already applied to the incoming project config YAML files.
• Selectize menus no longer apply special styling to options with the value new. The _includes/forms/selectize.twig control panel template should be used instead (or craft\helpers\Cp::selectizeHtml()/selectizeFieldHtml()), which will append an styled “Add” option when addOptionFn and addOptionLabel settings are passed. (#11946)
• Added the disclosureMenu(), elementCard(), elementChip(), elementIndex(), and siteMenuItems() global functions for control panel templates.
• The assets/move-asset and assets/move-folder actions no longer include success keys in responses. (#12159)
• The assets/upload controller action now includes errors object in failure responses. ([#12159](#12159...

4.5.12

• It’s no longer possible to dismiss asset conflict resolution modals by pressing Esc or clicking outside of the modal. (#14002)
• Improved performance for sites with lots of custom fields in non-global contexts. (#13992)
• Username, Full Name, and Email fields now have the appropriate autocomplete values when editing the current user. (#13941)
• Queue job info is now broadcasted to other browser tabs opened to the same control panel. (#13990)
• Volumes’ Asset Filesystem settings now list filesystems that are already selected by another volume, as disabled options. (#14004)
• Added craft\db\Connection::onAfterTransaction().
• Added craft\errors\MutexException. (#13985)
• Added craft\fieldlayoutelements\TextField::$inputType. (#13988)
• Deprecated craft\fieldlayoutelements\TextField::$type. $inputType should be used instead. (#13988)
• Fixed a bug where WebP image transforms weren’t respecting transform quality settings. (#13998)
• Fixed a bug where craft\base\ApplicationTrait::onAfterRequest() callbacks weren’t necessarily triggered if an EVENT_AFTER_REQUEST handler got in the way.
• Fixed a bug where keyboard shortcuts could stop working. (#14011)
• Fixed a bug where the craft\services\Elements::EVENT_AUTHORIZE_VIEW event wasn’t always triggered when editing elements. (#13981))
• Fixed a bug that prevented Live Preview from opening for edited entries, when the autosaveDrafts config setting was disabled. (#13921)
• Fixed a bug where JavaScript-based slug generation wasn’t working consistently with PHP. (#13971)
• Fixed a bug where asset upload failure notifications could be ambiguous if a server connection issue occurred. (#14003)
• Fixed a “Changes to the project config are not possible while in read-only mode.” error that could occur when adimn changes were disallowed. (#14018)
• Fixed a bug where it was possible to create a volume without a filesystem selected. (#14004)
• Fixed a privilege escalation vulnerability.

4.5.11.1

• Fixed a PHP error that occurred due to a conflict with psr/log v3. (#13963)

4.5.11

• Date fields with “Show Time Zone” enabled will now remember IANA-formatted time zones set via GraphQL. (#13893)
• Added craft\gql\types\DateTime::$setToSystemTimeZone.
• craft\gql\types\DateTime now supports JSON-encoded objects with date, time, and timezone keys.
• craft\web\Response::setCacheHeaders() now includes the public directive in the Cache-Control header. (#13922)
• Fixed a bug where ↑ and ↓ key presses would set focus to disabled menu options. (#13911)
• Fixed a bug where elements’ localized GraphQL field wasn’t returning any results for drafts or revisions. (#13924)
• Fixed a bug where dropdown option labels within Table fields weren’t getting translated. (#13914)
• Fixed a bug where “Updating search indexes” jobs were getting queued for Matrix block revisions. (#13917)
• Fixed a bug where control panel resources weren’t getting published on demand. (#13935)
• Fixed privilege escalation vulnerabilities.

3.9.6

• Fixed a privilege escalation vulnerability.