cloudscribe v8.4 released

We are pleased to announce the release of cloudscribe v8.4, which includes important security updates, enhanced cookie consent management, improved localization, and numerous bug fixes and UI improvements.

This release focuses on strengthening security, improving the developer experience, and enhancing the overall stability of the platform.

Principal Changes

  • Enhanced Cookie Consent System - Implemented a sophisticated three-state cookie consent system (undecided/accepted/declined) allowing users to dismiss cookie banners without fully accepting cookies
  • CSP-Compliant JavaScript in Developer Tools - Added ability to incorporate JavaScript directly into pages while maintaining Content Security Policy compliance through tag helpers, enabling developers to add custom scripts without violating security policies
  • Comprehensive Localization Improvements - Standardized ResX string references throughout core views using consistent snake_case resource keys
  • Security Updates - Updated critical dependencies including EntityFramework and jQuery.validate to address security vulnerabilities

Release Notes

Breaking Changes

  • #748: Enhanced Cookie Consent System - Breaking change for sites with local view overrides. Two key files were modified in the Bootstrap5 template. See the documentation for migration details.
  • #1182: Localization Improvements - Breaking change for sites implementing two factor authentication. Management screens will require the addition of some new entries into your existing ResX resource files, listed here.

Security Improvements

  • #1054: Updated Microsoft.EntityFrameworkCore dependencies to address security vulnerabilities in transitive dependencies
  • #1113: Updated jQuery.validate library to address security vulnerability discovered during penetration testing
  • #1125: Improved cookie security configuration by addressing SameSite cookie settings for better protection

Bug Fixes

  • #1150: Fixed Summernote editor issue where HTML code entered in raw HTML view was not retained when saving unless user switched back to WYSIWYG mode first
  • #1177: Fixed API authentication bug in EnforceSiteRulesMiddleware that incorrectly started HTTP responses for Terms & Conditions violations on API routes
  • #1169: Re-wrote IP address blocking/permitting logic to ensure "Permitted" rules consistently take precedence over "Blocked" rules when dealing with IP address ranges
  • #500: Fixed scrolling issue in SimpleContent Page Manager where selecting a page would auto-scroll to top with misplaced context menu

UI/UX Improvements

  • #1157: Added CSS override to ensure Summernote editor maintains consistent black-on-white appearance across different themes
  • #639: Moved page metadata below child page menu in SimpleContent for improved layout and user experience
  • #501: Improved unauthorized access handling in SimpleContent with proper redirects to login/access denied pages instead of generic 404 errors
  • #1134: Modified user interface to clarify the purpose of a confusing checkbox on "/siteadmin/registerpageinfo" page

Developer Tools & Features

  • #482: Added mechanism in Developer Tools to allow adding JavaScript directly to pages with Content Security Policy compliance through tag helpers
  • #1194 & #45: Added event handler for post-user deletion to clean up remaining Key-Value Pair (KVP) data from deleted users
  • #55: Added conditional UserExportPartial to KVP views to ensure compatibility with different versions of cloudscribe.Core.CompiledViews.Bootstrap5

Code Cleanup

  • #1138 & #1160: Removed outdated Bootstrap3 and deprecated .pgsql libraries across cloudscribe solutions to improve maintainability
  • #1163: Fixed and reorganized unit test infrastructure with new working tests

Upgrading to v8.4

To upgrade your cloudscribe installation to version 8.4:

  1. Update all cloudscribe package references in your .csproj files to version 8.4.*
  2. If you have local view overrides for the cookie consent system, review the cookie consent documentation for required changes
  3. If your site uses two-factor authentication, add the required ResX entries to your localization files
  4. Review and test IP blocking/permitting rules if you use this feature, as the logic has been updated
  5. Run your application and verify all features are working as expected

Note: As always, we recommend testing the upgrade in a development environment before deploying to production.

Looking Ahead

With the removal of Bootstrap3 views and deprecated PostgreSQL libraries in this release, we continue to modernize the cloudscribe platform. Future releases will focus on further performance improvements, enhanced security features, and improved developer experience.

Community and Support

We appreciate the continued support and feedback from the cloudscribe community. For questions or issues related to this release, please visit our GitHub repository or join the discussion in our community forums.

Thank you for using cloudscribe!

Comments