Dotclear

2.33

(större version) (säkerhetsutgåvan)
19 Februari - 28MBSecurity

• Fix potential XSS, thanks Ratnesh Kumar for reporting this issue
  
• Escape HTML content in filters' input fields
  
• Disallow double (or more) extensions on media upload file, fix a potential RCE reported by Ratnesh Kumar.
  

Bug Fixes and Changes

• PHP 8.1+ is required, PHP 8.2, 8.3 and 8.4 compliance
  
• Get title and description from SVG if exist
  
• Add optional release date to modules and display them if present
  
• Status management revamped (entries, comments, users, blogs, ...)
  
• New behavior coreBlogBeforeGetPostsAddingParameters (used for some db requests)
  
• Add left/right arrow key navigation from post to post (or page to page)
  
• Adjust (small) image size in some popup display
  
• Add media title to metadata list
  
• Add direct submit on quick menu selection (search field)
  
• Add a required attribute to password of the chosen action is delete on blogs page management
  
• Add count of available updates for plugins and themes in tab title
  
• Review "Lock theme update" note, thanks Gérard Barré for this suggestion
  
• Adjust size and positions of sub/sup texts
  
• Add media title as ordering criteria
  
• Apply a lexical sort for names and titles of media
  
• During meta (tags) search, add a second loop looking after the beginning (those results will be displayed at the end of the list)
  
• Remove stats (no of entries, usage frequency) on autocomplete list (tags)
  
• Classic editor: Set some CSS attributes to avoid dynamic inline style insertion during copy'n'paste
  
• Switch from : to ▶ character for current/active menu-item indicator (with a fallback to :)
  
• Remove metadata frequency information (not useful in backend)
  
• Cope with large SVG icon in sidebar of entry edition page
  
• Media item page: on display list of entries using the media, display now two lists (inside entry/entry attachments).
  
• Cope with alternate text and description of video and audio media during insertion
  
• Lock/unlock button (on input/textarea) was not accessible
  
• Don't display a warning about missing permission for super-admin newly created users
  
• SQL error on changing existing user id, the prefs were created from the old id, not the new one
  
• On some servers, OPCache API might be restricted. Try to detect this.
  
• Don't display twice the media title in media metadata list
  
• In en empty media folder, uploaded files using the enhanced uploader were not displayed
  
• Ensure there is at least one available language to download before showing the according form
  
• XMP metadata were badly read from image file
  
• Cope with non existing settings in Ductile configuration
  
• Boxes alignment on blog appearance page
  
• Date format label in blog parameters
  
• Sortable blocks system on dashboard
  
• Various bugs, a11y concerns and typos fixed
  
• Some locales and cosmetic adjustments

Läs mer: https://dotclear.org/blog/post/2024/11/27/Dotclear-2.33

2.32.1

29 November 2024 - 28MBBug Fixes and Changes

• A category could not be renamed
  
• The categories page doesn't display any categories if there's only one for the blog
  
• Cast number values to int in blog parameters form as they might be non-existent
  
• Replace return button by a cancel button in intermediary steps during creation of a new SimpleMenu item
  
• legacyEditor with pseudo empty excerpt (thanks Ben Griffith for documenting this issue)

Läs mer: https://dotclear.org/blog/post/2024/11/27/Dotclear-2.32.1

2.32

(större version)
14 November 2024 - 28MBFundamental work continues on the code, but does not call into question the current eco-system — no incompatibilities to be expected, apart from those already known — plugins and themes.

Backend continues to be slightly revised, for greater coherence and unity, in parallel with the reworking of the code.

A few bugs corrected.
Läs mer: https://dotclear.org/blog/post/2024/11/13/Dotclear-2.32

2.31.1

21 Augusti 2024 - 28MBA maintenance release that fixes two bugs (one of which is blocking) in media insertion and page management.
Läs mer: https://dotclear.org/blog/post/2024/08/19/Dotclear-2.31.1

2.31

(större version)
13 Augusti 2024 - 28MBA new version for this quarter and to celebrate Dotclear's 21st birthday!

A major overhaul of the code, which will continue for several more versions, but which will not call into question the current ecosystem — no incompatibilities to be expected, apart from those already known — of plugins and themes.

The backend has been slightly revised to make it more coherent and unified, and this is also in progress at the same time as the code is being reworked.
Läs mer: https://dotclear.org/blog/post/2024/08/13/Dotclear-2.31

2.30.1

(större version) (säkerhetsutgåvan)
17 Maj 2024 - 28MB2.30.1

Bug Fixes

• Fix: Template engine might not found some theme's template in some contexts
  
• Fix: Outgoing documentation links
  

2.30

Security

• Security: Fix Cross Site Scripting vulnerability (https://packetstormsecurity.com/files/177239/Dotclear-2.29-Cross-Site-Scripting.html)
  

Bug Fixes and Changes

• PHP 8.1+ is required, PHP 8.2 and 8.3 compliance
  
• Core: Switch from GNU GPL-2.0-only to AGPL-3.0
  
• Core: Normalize SQLite database path and create the database file if necessary
  
• Core: Add a configuration setting to load or not legacy JS (backend/frontend)
  
• - For frontend a new sysIf attribute is provided: legacy_needed (see _head.html template)
  
• - For backend current release config may be overrule by setting DC_MIGRATE in inc/config.php
  
• Core: Add a setting to change the thumbnail character prefix (default to .)
  
• Core: Add width and height of an SVG image (media item page) if specified in its source
  
• Core: Add an option (informative_config) to display informative config for module (ie without any form)
  
• Core: Add prefix/suffix capability for Helper/Html/Form/Label (will be inserted before/after the associated field)
  
• Core: Add webmention endpoint URL in <head> for post/page (already present in http headers but may be not sufficient)
  
• UX/UI: Add a menuitem quick access (configurable quick menu key, default to :)
  
• UX/UI: Add quick access to dashboard (quick menu access key+enter without anything else)
  
• UX/UI: Review layout for group of buttons
  
• UX/UI: Use textarea for media description
  
• UX/UI: Switch from PNG to SVG for images used in backend
  
• UX/UI: Review CSS for tables
  
• UX/UI: Review information style (legend, message, …) in dark mode
  
• UX/UI: Review media upload progress bar
  
• UX/UI: Review install icons (messages)
  
• UX/UI: Set a background on legacyEditor toolbar
  
• UX/UI: Review form's buttons layout (specially on small device)
  
• UX/UI: Add supplemental warning about disabling ad-blocker detection
  
• UX/UI: Review legacy editor toolbar layout
  
• UX/UI: Review header layout (alignment, …)
  
• UX/UI: Theme editor: the lists of inherited files are now folded by default
  
• UX/UI: Review today button look
  
• UX/UI: Page header review (standard and upgrade modes)
  
• UX/UI: Review categories CSS
  
• UX/UI: Prelude layout review
  
• UX/UI: Help button layout review
  
• a11y: Review markup for required items in forms
  
• a11y: Enforce contrast of pending and locked status icons in dark mode
  
• a11y: No need to enforce contrast on icon hover (whatever is the mode, dark or light)
  
• a11y: Fix issue with Codemirror (trapped inside editor if using only the keyboard)
  
• Fix: Do not put filename as alternate text for media
  
• Fix: Media item deletion
  
• Fix: Cleaning procedure after update is now more tolerant
  
• Fix: Plural management for some locales (Japanese, …)
  
• Fix: Don't care about antispam filter GUI URL during installation
  
• Fix: Video/audio media insertion with CKEditor, review notice
  
• Fix: Display notice (about audio/video insertion limit) only with standard editor
  
• Fix: Fix exclusion list for media zip process
  
• Fix: Take care of user defined thumb sizes in media zip exclusion pattern
  
• Fix: Background color of search input field
  
• Fix: Go back to update tab (on plugins page) after forced check of plugins' update
  
• Fix: Success upload media message color
  
• Fix: Optimize Berlin SVG images
  
• Fix: SVG preview with magnificPopup jQuery plugin
  
• Fix: Antispam filter name displayed on comments list page
  
• Fix: Use standard tpl:IfCommentPreviewOptional rather than tpl:IfPreviewIsNotMandatory for Ductile
  
• Fix: H2 (navigation) horizontal overflow
  
• Fix: Input for decimal values
  
• Fix: Management of local setting/pref value is the same as the global one (if global exists)
  
• Fix: Antispam IP and IPv6 rules deletion
  
• Fix: Antispam Word filter rule deletion
  
• Fix: Theme config form if not only informative
  
• Fix: Antispam params link (on blog pref)
  
• Fix: Hint typing for post ID (trackback/pingback/webmention)
  
• Fix: Post/Page selector for static home
  
• Lib: Update Codemirror to 5.65.16
  
• i18n: Remove Luxembourgish language (not translated and mostly not used)
  
• Various bugs, a11y concerns and typos fixed
  
• Some locales and cosmetic adjustments

Läs mer: https://dotclear.org/blog/post/2024/05/17/Dotclear-2.30.1

2.29

(större version)
14 Februari 2024 - 25MBNew Features

• Dashboard dedicated to update management.
  
• Switch from JQuery to Vanilla for various javascript functions,
  
• Ability to modify theme .php files,
  
• Addition of behaviors (adminPostAfterButtons, adminPageAfterButtons),
  
• Overhaul of image attributes (accessibility) inserted via editors,
  
• Changes to styles on the admin side (particularly the buttons),
  
• Numerous UI/UX/a11y tweaks (see CHANGELOG)

Läs mer: https://dotclear.org/blog/post/2024/02/13/Dotclear-2.29

2.28.1

20 November 2023 - 25MBBug Fixes

• Fix: Some housecleaning missing in 2.28
  
• Fix: Don't overwrite antispam filter name if already set, seen in list of antispam filters
  
• Fix: Cast constants types as far as possible
  
• Fix: Template code for EntryDate
  
• Fix: Meta edition URL (entry edition page)

Läs mer: https://dotclear.org/blog/post/2023/11/19/Dotclear-2.28.1

2.28

(större version)
16 November 2023 - 25MBWARNING

• This update may break your plugins. If you are using plugins that have no updates available, we advise you to temporarily deactivate them (in rescue mode) and then check their operation one by one (one re-activation at a time) in normal mode.
  
• If you have trouble logging in after the update, delete the associated cookies before refreshing the login page.
  

What's New

• PHP 8.1+ is required, PHP 8.2 compliance
  
• Core: All admin/install/helper/db/public code is now PHP namespaced
  
• Core: Add whitespace control capabilities to template engine, thanks manusauvage for the patch
  
• Core: Move some old deprecated autoload from dcProxyV2 to dcProxyv1 as some plugins may need them before loading of dcProxyV2
  
• Core: Add extra cursor management for FlatImport (useful with 3rd party plugins)
  
• Core: Show exception in debug/dev mode
  
• Core: Complete support of Avif image format
  
• Core: Add Media::setThumbSizes() method and set two behaviors (coreBlogConstruct and coreMediaConstruct) as deprecated
  
• Core: Add dl, dt, dd form element with unit tests
  
• Core: Add enctype form property (Helper/Html/Form/Form)
  
• Core: Add a second removal pass to housecleaning step of upgrade and add a renaming fallback procedure if file or folder cannot be deleted
  
• Core: Allow upgrade on sqlite install (except db schema)
  
• Fix: Take care of unnumbered post URL to compose a new unique one
  
• Fix: Show comment's IP column even if not spam
  
• Fix: Fix SQLite table schema info fields (int for notnull, ?string for dflt_value)
  
• Fix: Use localized rss news if available rather than English one
  
• Fix: Unknown path class on some config file
  
• Fix: Thumbnails creation
  
• Fix: Process XSS
  
• Fix: Allow pings management by blogs' admins too
  
• Fix: Fix empty widgets area management, will use defaults widgets in it only if not set as empty array in settings (ie null)
  
• Fix: Click (open/close) event management on details HTML element
  
• Fix: Custom CSS css management with cloning feature
  
• Fix: Don't forget to get current page number when searching in Static home mode
  
• Fix: Search URL in breadcrumb
  
• Fix: Some favorites (admin) callbacks
  
• Fix: Cope with min/max non integer values and add Html/Form/Decimal
  
• Fix: Thumbnails re-creation
  
• Fix: Typo in makefile
  
• i18n: Various translation have been added or updated (using DeepL engine), they should be reviewed
  
• a11y: Fix link color on small screens
  
• Fixed various bugs, a11y concerns and typos fixed
  
• Some locales and cosmetic adjustments

Läs mer: https://dotclear.org/blog/post/2023/11/15/Dotclear-2.28

2.27.3

1 September 2023 - 25MBThis version corrects a few problems encountered with installation, plugin and theme dependency management, the password recovery procedure, flat export and when certain widget settings were incorrect.
Läs mer: https://dotclear.org/blog/post/2023/08/31/Dotclear-2.27.3

2.27.2

23 Augusti 2023 - 25MBThis version is a maintenance release that includes a few fixes for errors encountered with previous versions 2.27 and 2.27.1.
Läs mer: https://dotclear.org/blog/post/2023/08/22/Dotclear-2.27.2

2.27.1

(större version)
17 Augusti 2023 - 25MBThis version introduces theme previews with the blog's current content, which can be useful for a visual check before activating a theme, and we've added and completed (with the help of translation engines) a few languages; but above all, this version is the last to support PHP 7.4 and PHP 8.0.
Läs mer: https://dotclear.org/blog/post/2023/08/13/Dotclear-2.27

2.26.1

(större version)
5 Juni 2023 - 25MBA new version which update should pass without major problem for most of you.

Nothing extraordinary this time, mostly small improvements here and there, and it is especially on the side of the code that the main thing has been done because for the first time since the first version of Dotclear 2, the Clearbricks library is no longer part of it, or rather has been integrated directly into the code of Dotclear.

It was also the occasion to reinforce the unit tests and the static analysis of the code (with PHPStan, PSalm and Rector) which will continue to be progressively modernized (there is quite a lot left).
Läs mer: https://dotclear.org/blog/post/2023/06/04/Dotclear-2.26.1

2.25.3

28 Februari 2023 - 25MBBug Fixes

• Fixes some bugs encountered with the last 2.25.2.

Läs mer: https://dotclear.org/blog/post/2023/02/25/Dotclear-2.25.3

2.25.2

21 Februari 2023 - 25MB2.25.2

Bug Fixes

• Fixes some bugs encountered with the last 2.25.1.
  

2.25.1

Bug Fixes

• Fixes some bugs encountered with the last 2.25.

Läs mer: https://dotclear.org/blog/post/2023/02/19/Dotclear-2.25.2

2.25

(större version)
15 Februari 2023 - 25MB

• PHP 7.4+ is required, PHP 8.0/8.1 compliance (and as far as we know PHP 8.2)
  
• Core: New plugin/theme code structure (using a brand new autoloader), old plugins/themes remain compatibles
  
• Core: Clearbricks is now included in Dotclear code, not more as a git sub-module
  
• Core: Update last step will not redirect to the safe-mode login page
  
• Core: No more need to add namespace (blog-settings) / workspace (user-preferences) before using them
  
• Core: Add possible using of external db driver (Experimental)
  
• Core: Add support of .mjs ECMAScript module files
  
• Core: Remove unnecessary and weak protection code
  
• Core: Move some legacy and proxy code in dcProxyV2 plugin
  
• a11y: Some aria attributes have been set in backend
  
• Theme: Merge default smilies and blog's smilies (the blog's smilies have a higher priority)
  
• Theme: Merge plugin blowupConfig into theme Blowup
  
• Admin: Some jQuery javascript scripts have been rewritten in pure ECMAScript
  
• Admin: Add Atkinson Hyperlegible font (used by default in admin, may be disabled in user pref)
  
• Admin: Add some shortcuts (CTRL+letter) to dcLegacyEditor toolbar
  
• Admin: Add a specific warning message on update page if necessary (breaking changes)
  
• Admin: Cope with no user TZ defined (use UTC in this case)
  
• Admin: Fix admin permission management for blogroll and pages plugins
  
• Admin: Cope with float/double values in about:config and user:pref
  
• Various bugs, a11y concerns and typos fixed
  
• Some locales and cosmetic adjustments
  
• Warning: Next major release (2.26) may require PHP 8.0 (announced in backend) or PHP 8.1

Läs mer: https://dotclear.org/blog/post/2023/02/13/Dotclear-2.25

2.24.1

19 Januari 2023 - 25MB

• An update that fixes some bugs encountered with the 2.24

Läs mer: https://dotclear.org/blog/post/2023/01/18/Dotclear-2.24.1

2.24

(större version)
3 Januari 2023 - 25MB

• PHP 7.4+ is required, PHP 8.0/8.1 compliance
  
• Remove XML/RPC system (keep only minimum for Pingbacks)
  
• New blog parameter to close comments/trackbacks after a period of inactivity on the blog
  
• Core: Large code review has been done, may break old code (3rd party plugins and themes)
  
• Admin UI: New default icons for media items
  
• Admin UI: Message look reviewed
  
• Admin UX: Preserve current dir and current view of media manager
  
• Admin UX: Password strength use an entropy indicator
  
• Admin UX: Improve navigation in about:config and user:preferences list
  
• Admin UX: Allow activation and de-activation of plugins in safe mode
  
• Admin UX: Allow update of disabled/activated plugins in safe mode/normal mode
  
• Admin UX: Add folding capability to widgets group
  
• Theme: Cope with theme defined widget container format
  
• Theme: Smilies are available for every theme (Blowup theme not more mandatory)
  
• Lib: Update CKEditor to 4.20.1
  
• Lib: Update Codemirror to 5.65.10
  
• Various bugs, a11y concerns and typos fixed
  
• Some locales and cosmetic adjustments

Läs mer: https://dotclear.org/blog/post/2022/12/24/Dotclear-2.24

2.23.1

(större version)
15 Augusti 2022 - 25MB

• PHP 7.4+ is required, PHP 8.0/8.1 compliance
  
• Remove Iconset management
  
• Admin UI: Harmonize font size on different support (laptop, tablet, mobile)
  
• Admin UX: Group more logically buttons on CKEditor toolbar
  
• Core: New constant DC_DEFAULT_THEME, set to 'berlin'
  
• Core: Use predefined constants for post statuses (dcBlog::POST_*)
  
• Core: Use predefined constants for comment statuses (dcBlog::COMMENT_*)
  
• Core: Deprecated global $core (or $GLOBALS'core'), use dcCore::app() instead
  
• Core: Deprecated global $_ctx, use dcCore::app()->ctx instead
  
• Core: Deprecated global $_lang, use dcCore::app()->lang instead
  
• Core: Deprecated global $mod_files, use dcCore::app()->cache'mod_files' instead
  
• Core: Deprecated global $mod_ts, use dcCore::app()->cache'mod_ts' instead
  
• Core: Deprecated global $_menu, use dcCore::app()->menu instead
  
• Core: Deprecated global $__resources, use dcCore::app()->resources instead
  
• Core: REST server now accepts JSON format (experimental)
  
• Fix: Use relative URL for attachments as far as possible
  
• Fix: Remove select hiding mechanism when help is displayed
  
• Fix: Loading of modules (plugins/themes) in safe mode
  
• Fix: Message position on Quick entry submit (dashboard)
  
• Fix: Select appearance on Safari (webkit engine)
  
• Lib: Update CKEditor to 4.19.1
  
• Lib: Update Codemirror to 5.65.7
  
• Various bugs, a11y concerns and typos fixed
  
• Some locales and cosmetic adjustments
  
• Warning: Internet Explorer is not more officially supported (may still work weirdly)
  
• 2.23.1: And in the meantime, a maintenance version to correct a bug with the addition of comments.

Läs mer: https://dotclear.org/blog/post/2022/08/13/Dotclear-2.23

2.22

(större version)
16 Maj 2022 - 25MB

• PHP 7.4+ is required, PHP 8.0/8.1 compliance
  
• Remove anti-FLoC system
  
• Add a live preview button to standard Dotclear editor (wiki syntax)
  
• Use native Javascript in scripts shiped with Berlin and Ductile theme (no more need jQuery)
  
• Improve retrieval of origin metadata on Webmention or Pingback
  
• Add a "Reset to now" button near the publish datetime input field (post/page)
  
• Reduce number of CSS mediaqueries' breakpoints to 3 (mobile, tablet, laptop) for backend
  
• Add a sticky position to "quick access to section" menu for about:Config and user:Prefs
  
• Toolbar icons reviewed for standard Dotclear editor

Läs mer: https://dotclear.org/blog/post/2022/05/13/Dotclear-2.22

2.21.2

(större version)
28 Februari 2022 - 25MBImprovements and Bug Fixes

• PHP 7.4+ is required, PHP 8.0 compliance (should work with PHP 8.1 too but not guaranteed)
  
• Add an user option to preview edited entry in another tab (or window) rather than in a popup
  
• The detection of ad-blockers which may perturb backend has been improved
  
• The old JS/CSS datepicker has been removed
  
• A lot of old PNG icons have been replaced by SVG ones (dashboard, standard editor, …)
  
• The contrast of the light mode in backend has been enforced
  
• Lib: Update CKEditor from 4.16.2 to 4.17.1
  
• Lib: Update Codemirror 5.63.3 from to 5.65.0
  
• Security: Avoid time measuring attack on login
  
• Various bugs, a11y concerns and typos fixed
  
• Some locales and cosmetic adjustments

Läs mer: https://dotclear.org/blog/post/2022/02/13/Dotclear-2.21

2.20.1

(större version)
19 November 2021 - 25MB2.20.1

Bug Fixes

• A small update that fixes three not very serious but potentially annoying bugs in the use of Dotclear.
  

2.20.0

Improvements and Bug Fixes

• A new alternative repository system has been set up for third-party plugins and themes, which can be useful if the DotAddict server is running out of steam, as it did recently (thanks to Noé for getting it up and running again), or if the author does not wish to deposit his work elsewhere than on his own public repository. We detail the procedure to follow below.
  
• A new IPv6-specific spam filter (which is starting to be deployed quite a bit) is included in parallel with the IPv4-specific filter.
  
• Users can now enter several additional email addresses and websites in their profile. Indeed, some themes allow the author of a post to be differentiated from other commenters on the basis of those email and web site addresses, which may change over time. This system therefore makes it possible to indicate new addresses without having to modify the metadata of old comments.
  
• Dotclear's wiki syntax has been extended to allow the easy insertion of HTML block details. A vertical bar at the beginning of the line, followed by the text of the summary is necessary to start this block, followed by the free content of the block, followed by a line with a vertical bar as the first character only ending the whole.

Läs mer: https://dotclear.org/blog/post/2021/11/13/Dotclear-2.20

2.18.1

19 Februari 2021 - 25MB

• A maintenance version that corrects a few bugs, especially when putting programmed entries online.

Läs mer: https://dotclear.org/blog/post/2021/02/13/Dotclear-2.18.1

2.18

(större version)
24 November 2020 - 25MB

• The IP addresses - especially from comments - are now displayed in the administration only if you are administrator or super-administrator.
  
• The HTML syntax and the CKEditor editor are now proposed by default for new users and new blogs.
  
• The CKEditor editor now integrates footnotes management.

Läs mer: https://dotclear.org/blog/post/2020/11/13/Dotclear-2.18

2.17.2

17 Augusti 2020 - 25MB2.17.2

• A maintenance version that fixes two minor problems with Safari.
  

2.17.1

• A maintenance version to fix a problem caused by Chrome with the optional password fields of posts and pages.

Läs mer: https://dotclear.org/blog/post/2020/08/17/Dotclear-2.17.2

2.17

(större version) (säkerhetsutgåvan)
14 Augusti 2020 - 25MBFeatures

• PHP 5.6+ is required, PHP 7.4 compliance
  
• Security: Password is now needed to export blog settings and contents (full/simple)
  
• Themes can now be cloned
  
• New helper button (show/hide) for password fields
  
• Enhancement of filter/sort usage for lists (posts, comments, …)
  
• 3rd automatic theme for backend theme (which follow OS setting)
  
• Authentication (backend) and password form (public for password protected entry) have been redesigned
  
• Add a Cancel button wherever relevant in backend
  
• PHP files can now be edited in Theme editor
  
• Plugins may now use SVG icon rather than JPG/PNG
  
• Black/White list names become Block/Allow list (antispam)
  

Changes

• Wiki: subscript syntax changed from _subscript_ to ,,subscript,,
  
• Wiki: add ;;span-content;; syntax
  
• Wiki: add §§attributes[|list attributes]§§ for blocks (at end of the 1st line of block)
  
• Wiki: add §attributes§ for inline elements (just before closing marker, warning: cannot be nested)
  
• Tpl: Add {{tpl:BlogNbEntriesFirstPage}} and {{tpl:BlogNbEntriesPerPage}}
  
• Tpl: Add optional even attribute to <tpl:EntryIfOdd>, <tpl:CommentIfOdd> and <tpl:PingIfOdd>
  
• Tpl: Add author="…" as attribute of <tpl:EntryIf>
  
• Sys: Add several behaviors, coreBeforeImageMetaCreate, themeBeforeClone and themeAfterClone
  
• a11y: Reduce motion if required in provided themes and backend
  
• Lib: Update jQuery to 3.5.1 (backend and public)
  
• Lib: Update Codemirror to 5.55.0
  
• Lib: CKEditor new color palette (configurable)
  
• Fix: Notification system refactored (now based on db rather than PHP Session)
  
• Fix: Missing confirmation before closing modified forms / unecessary confirmation asked before closing not modified forms
  
• i18n: Switch from Transifex to Crowdin for localisation purpose (https://dotclear.crowdin.com/)
  
• Various bugs, a11y concerns and typos fixed
  
• Some locales and cosmetic adjustments

Läs mer: https://dotclear.org/blog/post/2020/08/13/Dotclear-2.17

2.16.9

12 Juni 2020 - 25MBChanges

• Fix: Check password for export only if necessary
  
• Fix: Cope with mod_access_compat plugin inactive with Apache 2.4+
  
• Fix: Fix very large font size value (user prefs) with CKEditor

Läs mer: https://dotclear.org/blog/

2.16.8

(säkerhetsutgåvan)
27 Maj 2020 - 25MB2.16.8

Changes

• Fix: Clearbricks was not up to date in last release
  

2.16.7

Security

• Security: Password is now needed to export blog settings and contents (full/simple)
  

Changes

• Fix: Remove absolute positionning of datepicker icon (media manager)
  
• Fix: Cope with SURBL DNS query blocked access (if too much requests from same source) - Antispam LinksLookup filter
  
• Fix: Remove wrapping p around figures (wiki)
  
• Fix: CKEditor use now same font-size as other UI standard elements

Läs mer: https://dotclear.org/blog/

2.16.6

26 Maj 2020 - 25MB2.16.6

Changes

• Fix: Remove executable bit on non-executable files
  
• Do not trim inside the content, only at the beginning and the end (dcLegacyEditor, XHTML mode only)
  
• Fix media description management in media-manager (main/popup)
  
• Fix insertion of figure (wiki / wysiwyg)
  
• Fix caret position after inserting image in dcLegacyEditor (wiki)
  

2.16.5

Changes

• Fix: tpl:EntryContent and tpl:EntryIfContentCut when using full="1" attribute
  
• Fix: Take care of iframe content (used by wysiwyg/source dcLegacyEditor) for confirmation before closing modified forms
  
• Remove all automatic translations in simpleMenu plugin, feature which caused unanticipated behaviours
  

2.16.4

Changes

• Fix: Remove _content (_<content>_) from authorized element in wiki links. - missing from 2.16.3
  

2.16.3

Changes

• Fix: Remove _content (_<content>_) from authorized element in wiki links.
  
• Fix: Cope with default XHTML editor set to dcLegacyEditor and no format selected by default for new entries.

Läs mer: https://dotclear.org/blog/

2.16.2

18 April 2020 - 25MB2.16.2

• Fix: Alert missing about existing modification in administration (post edition, …) with CKEditor
  
• Merge old and new color palette for CKEditor text/background buttons
  

2.16.1

• Fix: False alert about non existing modification in administration (post edition, …)
  
• Fix: Test the existence of directory backup before update
  
• Fix: Do not load "remember me" javascript script when comment are closed
  
• Fix: Show admin session expired message if necessary rather than wrong user/pwd
  
• Fix: wiki2xhtml, i, code, del, ins, mark, sup and sub elements are now allowed inside an a (link) element
  
• Fix: util.js utilities function script is now load on every page (will be improved in further release)
  
• Fix: In Ductile theme, load jQuery only if required
  
• Fix: Detection of mandatory input field content to enable submit button
  
• Add a behavior to setup htmlFilter options (keep aria, keep data, keep js)
  
• Various bugs, a11y concerns and typos fixed
  
• Some locales and cosmetic adjustments

Läs mer: https://dotclear.org/blog/

2.16

(större version)
13 Mars 2020 - 25MBHighlights

• PHP 5.6+ is required, PHP 7.4 compliance
  
• Security: all requests from/to Dotclear and DotAddict servers use now HTTPS
  
• jQuery upgraded to 3.4.1, older version will be removed, jQuery not anymore requested for "Remember me" feature
  
• New "static" mode for home page
  
• Media description may now be updated
  
• Add <i [lang="…"]>…</i> support to Dotclear wiki, syntax: ££text[|lang]££ (ex: ££français|fr££)
  
• And also some visual or not visual bugs have been fixed, the support of MySQL 8+…

Läs mer: https://dotclear.org/blog/

2.15.3

28 November 2019 - 25MBBug Fixes

• Avoid weird side-effect of JS minifier
  
• Insertion of default type media (non image/audio/video) in XHTML entries
  
• Cope with old themes for 'remember me' string defined in JS

Läs mer: https://dotclear.org/blog/

2.15.2

2 Oktober 2019 - 25MBBug Fixes

• saving of files in theme editor when using syntaxic coloration;
  
• video insertion with the two editors
  
• badge position for dashboard modules counters

Läs mer: https://dotclear.org/blog/

2.15.1

4 September 2019 - 25MBHighlights

• Fix: SQL request for CSP unsafe-inline setting
  
• Fix: CKEditor configuration for foreign language (unabled to save post modifications)

Läs mer: https://dotclear.org/blog/

2.15

(större version)
14 Augusti 2019 - 20MBHighlights

• PHP 5.6+ is required, PHP 7.3 compliance
  
• Add drag'n'drop sorting system for dashboard blocks
  
• Backend context is preserved on switching blog (as far as possible, depending on user's grants)
  
• No more inline javascript, default/install CSP directive modified accordingly
  
• Add settings (in maintenance plugin) for CSP system
  
• Set correct lang attribute (useful for browser/editor spelling) for content (post/page) depending on entry setting, and CK editor UI in user language
  
• Add spellcheck="true" attribute on input/textarea
  
• Refactoring of notices/messages system on backend
  
• Add undo/redo buttons to CKEditor toolbar
  
• Add title/legend reminder on media popup insertion (1st tab)
  
• Add font loading capabilities for ?pf= system - plugin are now able to load css fonts
  
• Add WebP image format support to Dotclear (may depends on your server PHP capabilities)
  
• Add _… support in Dotclear wiki, syntax : _indice_
  
• Template system: Allow ?sub for category/categories attributes of tpl:EntryIf, and for url/urls attributes of tpl:CategoryIf
  
• Responsive tables/lists (posts, pages, users, …)
  
• Fix: port used behind reverse proxy (Clearbricks)
  
• Lib: Update Codemirror to 5.48.0
  
• Lib: Update CKEditor to 4.12.0
  
• No more flash players (flv,mp3)
  
• Various bugs, a11y concerns and typos fixed
  
• Some locales and cosmetic adjustments

Läs mer: https://dotclear.org/blog/

2.14.3

(säkerhetsutgåvan)
22 Oktober 2018 - 20MBA little update which fixes a configuration problem experienced at least on some 1&1 servers.

Security

• Avoid XML upload in media manager
  

Bug Fixes

• upgrade modification for media_exclusion default setting
  
• cope with PHP.ini setting memory_limit set to -1 (unlimited)

Läs mer: https://dotclear.org/blog/

2.14.2

(större version) (säkerhetsutgåvan)
10 September 2018 - 20MB2.14.2

• Security: Authenticated cross-site scripting (XSS) was possible due to the .ahtml (or .bhtml, .chtml, …) file extension being allowed in the media manager. Thank's Josiah Pierce for report (CVE-2018-16358)
  
• Security: Unregister phar wrapper in order to avoid PHP Phar extension vulnerability
  
• Enter key in some input fields were not redirect to the parent form
  
• Unable to save modified theme's files in theme editor, when Codemirror is used
  
• Back to the original global_filters() template function (will be rewritten in the next 2.15)
  

2.14.1

• Install wizzard was broken
  
• Smallest admin font size was set when saving user prefs
  
• Minifying JS scripts may cause problems with regular expressions
  
• Empty JS var was set for syntax coloration if disabled
  

2.14

• PHP 7.2 compliance, with minimum PHP 5.6
  
• Use specialized fields whenever it's possible (email, ...)
  
• Add definition list capabilities (dl, dt, dd) to wiki (= <term>, : <definition>)
  
• Add ^... support in wiki, syntax : ^exponant^
  
• Add syntax property/method to dblayer driver
  
• Replace some js oriented background fading by CSS3 animation
  
• Enhance some visual focus indicators
  
• Enhance key event management in popup (Esc, Enter, ...)
  
• Template filters may now be extended (or modified) by 3rd party plugins (via behaviors)
  
• PSR-2 code formatting as far as possible (work in progress)
  
• Add two new ways to order tags (by oldest or newest associated post publication date)
  
• Update Codemirror to 5.38.0
  
• Update CKEditor to 4.9.2
  
• Update jQuery migrate plugin to 1.4.1
  
• Update jQuery UI (custom) 1.12.1
  
• Add a dark mode (via user preferences) for administration, CSS refactoring
  
• Animate some counters on dashboard icons (nb of comments, spam comments and posts)
  
• Various bugs and typos fixed
  
• Some locales and cosmetic adjustments

Läs mer: https://dotclear.org/blog/

2.13.1

(större version) (säkerhetsutgåvan)
11 Juni 2018 - 20MB2.13.1

Bug Fixes

• Weird behaviour of theme editor when typing any of "t", "r", "u" and "e" characters
  
• Unable to save an entry with dcLegacyEditor in XHTML mode, visual pane
  

2.13

Security

• New password management system (including silent migration)
  
• Add Referrer-Policy header in admin pages
  
• Fix potential XSS - thank's Trí Chim Trích for report
  

Highlights

• PHP 5.5+ is required
  
• Dotclear news are now displayed in async way by js
  
• Dotclear core update check is now done by async js - a forced check may still be done on <admin>/update.php page
  
• Add utf8mb4 driver (MySQL server 5.7.7+)
  
• Add target="blank" option in simpleMenu
  
• Update CKEditor from 4.6.2 to 4.7.3
  
• Update CodeMirror from 5.25.1 to 5.32.1
  
• Add required attribute for mandatory fields
  

Bug Fixes

• Avoid horizontal scrolling table when longest comment's usernames in list of comments
  
• Cope with MySQLi connection via socket
  
• Error messages markup and styling
  
• Set caret at the end of the inserted thing (img, url, blockquote, …) in Legacy editor if current selection is empty
  
• Cope with query part only in SimpleMenu URLs
  
• Various bugs and typos fixed
  
• Some locales and cosmetic adjustments
  

2.12.2

Bug Fixes

• lang attribute was missing on entry alone contexts for currywurst and dotty templatesets
  
• Add http:// protocol before media.dotaddict.org for csp_admin_img
  
• tpl:sysIf blog_lang generated code
  
• Duplicate auto-generated URI (entries)
  
• Do not use border and background on select to use the system aspect of them in Firefox.
  
• For select element, target Safari to cope with font-size select/option problem.
  
• Error messages styling

Läs mer: https://dotclear.org/blog/

2.12.1

(större version) (säkerhetsutgåvan)
23 Oktober 2017 - 10MBThere is no new functionality, only improvements and bug fixes.

What's New

• Security: Fix potential XSS
  
• Security: Enforce uniqness of the recovery key
  
• Security: Switch hash method from sha1 to sha512 (new installation only)
  
• Two new values for base font size (37.5% and 87.5%)
  
• Adaptive admin font size is now optional
  
• Reduce base font size on very small devices
  
• Refactor some functions to closures
  
• No CSP directives in safe mode
  
• Add current blog domain for script and style CSP directives
  
• Backlinks:
  
• Retrieving ping URLs, let trackback first, then pingback, then finally webmention
  
• Get source post content to compose webmention excerpt and retrieve title
  
• Use source post title as blog name if this one is unknown (Anonymous blog is used if neither title nor blog name are known)
  
• Datepicker's look refreshed
  
• Allow 3rd party additional headers (URL handler)
  
• Dublin core metadata removed
  
• Using theme\<theme_name> namespace for _public.php and _prepend.php, in order to simplify theme copy and hack
  
• Temporary password will have to be changed at first login (after resetting password)
  
• Add ukrainian language
  
• French help updated for theme editor
  
• Fix: Blogs’ admin (ie not super-admin) got back their blogs’ list but only super-admin may do actions
  
• Fix: Post/page edition layout on different screen sizes
  
• Fix: x-frame-options URL in admin
  
• Fix: Cope with several copies of a same smiley in content
  
• Fix: Allow 3rd party filters for template tags
  
• Fix: Use getURLFor instead of old getBase function for breadcrumb
  
• Fix: Give mysql/mysqli driver choice for DC 1.2 import
  
• Clearbricks lib update from 0.9 to 1.0
  
• jQuery lib update from 2.2.0 to 2.2.4 (last release of jQuery 2.n branch)
  
• CKEditor lib update from 4.6.1 to 4.6.2
  
• CodeMirror lib update from 5.15.3 to 5.25.1
  
• Various bugs and typos fixed
  
• Some locales and cosmetic adjustments

Läs mer: https://dotclear.org/blog/

2.11.2

(större version)
23 Januari 2017 - 10MBThis version does not bring anything extraordinary except that it facilitates the use of Dotclear, and it corrects some bugs sometimes annoying on a daily basis.

What's New

• Easier access to plugin settings.
• A more advanced customization (text size, display or not of additional information, ...).
• Some additional attributes for theme developers / hackers.
• The webmentions which are added to the existing trackbacks and pingbacks.
• The Berlin theme is now based on the template set dotty, which exploits at best HTML5.

Läs mer: http://dotclear.org/blog/post/2016/12/28/Dotclear-2.11

2.10.4

(säkerhetsutgåvan)
2 November 2016 - 10MBA tiny update to fix two minor security vulnerabilities and to allow some specific proxy/ssl server configuration.

What's New

• Security: Fix CVE-2016-7903: Password Reset Address Spoof - Thank's Hongkun Zeng for report
• Security: Fix CVE-2016-7902: Media Manager, unrestricted File Upload — Thank's Hongkun Zeng for report
• CSP: Cope with external sources used in editor's iframe to preview public external content
• Fix: Cope with post.post_position field during flat import
• Fix: Prevents precondition failed during currently activated theme update
• Fix: Remove unecessary header (cope by dotclear) in page plugin
• Fix: Let some proxies playing with standard http and https ports
• Fix: Let SSL runs through a proxy, it may be ok, sometimes
• Various bugs and typos fixed

Läs mer: http://dotclear.org/blog/post/2016/11/02/Dotclear-2.10.4

2.10.2

(större version)
22 Augusti 2016 - 10MBWe should celebrate the 13th anniversary of Dotclear today!

Highlights

• PHP 7 support
• Some vulnerabilities have been fixed
• Lot of bugs killed (some may still remain)
• A new template-set, named dotty, using as far as possible the new HTML5 semantic tags
• New options to customize and use more easily your Dotclear backend (favorites folders in media manager, optional columns for posts and pages lists, ...)
• Implementation of the Content-Security-Policies for the backend, prelude to an implementation in public side (blogs) for the future 2.11 release[2]
• New facilities and opportunities for plugins developers (they are detailed below)
• Some javascript libraries have been updated (CKEditor, Codemirror, ...)
• Patch 2.10.1: A new maintenance release which fixes several bugs of the previous 2.9.
• Patch 2.10.2: A tiny update to fix a problem which prevents correct update on installation using PostgreSQL database system.

Läs mer: http://dotclear.org/blog/post/2016/08/13/Dotclear-2.10

2.9.1

30 Mars 2016 - 10MBA new maintenance release which fixes several bugs of the previous 2.9. I remind you that Dotclear is fully compatible with the new PHP 7 (it's performances are highly improved comparing with PHP 5.n)[1].
Läs mer: http://dotclear.org/blog/post/2016/03/27/Dotclear-2.9.1

2.9

(större version)
29 Februari 2016 - 10MBOn the menu of this version essentially what make life a little easier for those who spend time on the side of the administration of their(s) blog(s). A search and last visited folders available in the media manager, better sorted menus and lists some more filterable, some welcome updates for the javascript libraries used.

And then we also need to make Dotclear run properly with the new version 7 of PHP, quite impressive release in terms of speed gain, and you will note in passing that the minimum required version of PHP 5.3, as it is had announced at the time of the release of the release of the version 2.8.

A lot of bugs were eradicated, a few new opportunities have been implemented for developers of plugins and theme designers, and finally a more robust application for everyone.
Läs mer: http://dotclear.org/blog/post/2016/02/29/Dotclear-2.9

2.8.2

(säkerhetsutgåvan)
26 Oktober 2015 - 10MBThis release is a maintenance release which fixes one potential XSS vulnerability in comments's list and enforce media extension before upload[1] (thanks to Tim Coen, Curesec Gmbh, for reporting them) and two other bugfixes.
Läs mer: http://dotclear.org/blog/post/2015/10/25/Dotclear-2.8.2

2.8.1

(säkerhetsutgåvan)
24 September 2015 - 10MBThis new version is a maintenance release which fixes one potential XSS vulnerabilities (thanks to Keiko Yashiki from JPCERT/CC) and two other bugfixes.
Läs mer: http://dotclear.org/blog/post/2015/09/23/Dotclear-2.8.1

2.8

(större version)
17 Augusti 2015 - 10MBThis new version introduces a new mechanism to cope with module dependencies (plugins for this release and will be declined for themes soon), also includes the Breadcrumb plugin that some of you already use, updates the CKEditor editor and the jQuery library, and fixes lots of bugs et somes minor cosmetic issues.

The heritage/extension templating system has been applied to the legacy mustek templateset, in order to simplify the developpement of themes using it; some new criteria and filters have been added for posts and comments (and spams) lists; the tags and widgets are now lexically sorted for latin languages, and so on.

Important: If you have already installed the breadcrumb plugin, please uninstall it before doing this update.
Läs mer: http://dotclear.org/blog/post/2015/08/13/Dotclear-2.8

2.7.5

(säkerhetsutgåvan)
25 Mars 2015 - 10MBThis maintenance release fixes two potential XSS vulnerabilities (thanks to the SecPod Research Team Member Shakeel) and three other bugfixes.

Changelog

• Security : Fixed SecPod 1055, Multiple Stored Cross-site Scripting Vulnerabilities
• Admins (not super admins) cannot change blog parameters : fixed
• Allow radio button in widget settings
• Typo in mustek page template

Läs mer: http://dotclear.org/blog/post/2015/03/25/Dotclear-2.7.5

2.7.4

14 Februari 2015 - 10MBThis maintenance release provides some bugfixes and improvements.

Changelog

• Berlin theme: resources usage has been optimized
• currywurst templateset: head-linkrel block name fixed
• Current editor syntax: now displayed near edited field (post/page/quick entry)
• Some admin URLs were malformed: fixed
• Post/page preview: anti-clickjacking system fixed
• The cat is valid now

Läs mer: http://dotclear.org/blog/post/2015/02/13/Dotclear-2.7.4

2.7.3

13 Januari 2015 - 10MBThis bugfix release restores advanced editing of category descriptions, fixes some non-required warning messages, and fixes pagination in some specific contexts.

Changelog

• Restore advanced edition of category description (as in 2.6)
• Various bug fixes
• Some cosmetic adjustments

Läs mer: http://dotclear.org/blog/post/2015/01/13/Dotclear-2.7.3

2.7.2

26 December 2014 - 10MBThis is a bugfix release in order to allow again normal user (not admin) to use the Dotclear Wiki editor.

Changelog

• Dotclear wiki could not be used by standard user: fixed

Läs mer: http://dotclear.org/blog/post/2014/12/25/Dotclear-2.7.2

2.7

(större version)
15 December 2014 - 10MBIt's now been thirteen months since 2.6 came out. It's now about time (at last!) to move on. Dotclear 2.7, being released today, is less spectacular than the previous version, with its updated administration graphics chart, but it brings forth significative changes for users (on the admin side) and its rendering (on the public side).

Changelog

• Security : protection against clickjacking may be activated (see blog parameters)
• Switch to HTML5 : backend, templatesets and themes
• ARIA roles in da place (a11y)
• Multiple templatesets : mustek (legacy) and currywurst
• Themes may use extension/heritage template mechanisms
• New theme (Berlin) based on currywurst templateset
• New WYSIWYG editor (CKEditor)
• Dotclear Wiki now produces HTML5 compatible markup
• Video and audio HTML5 tags are now used (with fallback to flash if possible)
• Copying default theme to user-defined theme folder is not more necessary
• Preview of comment may be optional (see blog parameters)
• Widgets may be put offline without deleting them
• jQuery version may be choosen between 1.4.2 (default) and 1.11.1 (see blog parameters)
• Number of posts listed on home page may be different than other pages (see blog parameters)
• Hidden folders are now hidden in media manager (set DC_SHOW_HIDDEN_DIRS to true in config.php to display them)
• User-defined template files may be reset (deleted) in theme editor
• Drag'n'drop now enabled on touch screens
• Alternative syntax may be set for comments by third-party plugins
• A lot of bug fixes
• Much more cosmetic adjustements and enhancements

Läs mer: http://dotclear.org/blog/post/2014/12/13/Dotclear-2.7

2.6.4

26 November 2014 - 10MB