Skip to content

Bump craftcms/cms from 5.6.5.1 to 5.6.17 #342

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 1 commit into
base: 5.x
Choose a base branch
from
Open

Bump craftcms/cms from 5.6.5.1 to 5.6.17 #342

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Apr 25, 2025

Bumps craftcms/cms from 5.6.5.1 to 5.6.17.

Release notes

Sourced from craftcms/cms's releases.

5.6.17

  • Fixed an RCE vulnerability.

5.6.16

  • Fixed a bug where craft\services\Assets::EVENT_BEFORE_REPLACE_ASSET and EVENT_BEFORE_REPLACE_ASSET events weren’t getting triggered when replacing an asset file via GraphQL. (#17005)
  • Fixed a bug where replacing a file via GraphQL could result in two assets referring to the same file. (#17031)
  • Fixed a bug where the window wasn’t automatically scrolling when dragging structure elements near its edges. (#17036)
  • Fixed a bug where changes to multi-instance CKEditor fields weren’t persisting, if the first instance in the field layout hadn’t been modified. (craftcms/ckeditor#391)
  • Fixed a bug where email templates weren’t always getting rendered with the correct site’s global variables.
  • Fixed a bug where Markdown field layout UI elements were styled with gray-colored text. (#13513)

5.6.15

  • Fixed an error that could occur when clearing control panel resources, if the resourceBasePath setting was set to a nonexistent folder path. (#17021)
  • Fixed a bug where the includeSubfolders asset GraphQL query argument wasn’t working. (#17023)
  • Fixed a bug where custom tips and warnings set on native fields (like Title) weren’t getting translated. (#17016)
  • Fixed a privilege escalation vulnerability.
  • Fixed an RCE vulnerability.

5.6.14

  • Improved the styling of Markdown UI elements. (#16973)
  • Fixed a bug where relations weren’t always propagating to newly-added sites for sections correctly. (#16924)
  • Fixed a bug where Assets fields set to restrict assets to a single location were relocating assets on element propagation. (#12767, #16936)
  • Fixed a bug where relations weren’t getting saved for new elements, if the element was created with Craft::createObject() with its relation field data included in the passed-in config. (#16942)
  • Fixed a bug where relational fields with a “Related To” rule on their selectable elements condition weren’t making all expected elements selectable. (#16945)
  • Fixed a bug where some subdivisions weren’t available when creating addresses. (#16951)
  • Fixed a bug where some older dates could be formatted incorrectly. (#16953)
  • Fixed a bug where the folderPath asset query param only accepted strings. (#16981)
  • Fixed a bug where craft\elements\Asset::getSrcset() could return malformed results if any sizes didn’t have corresponding image URLs. (#16984)
  • Fixed an error that could occur when uploading images. (#16977)
  • Fixed a bug where the “Save” button on user group edit pages was redirecting to the same page, rather than the User Groups index page. (#16988)
  • Fixed a bug where asset previews had an “Enable focal point” button even if the logged-in user didn’t have permission to save the asset. (#16997)
  • Fixed a bug where provisional drafts created for nested elements weren’t being properly assigned to both the canonical owner element and the owner’s provisional draft, if it had one. (#16933)
  • Fixed a bug where global sidebar tooltips were blank in Safari. (#16959)
  • Fixed a bug where newly-added elements within relational fields were getting shown twice when dragged.
  • Fixed a bug where “Set status” bulk element actions could be activated for elements the logged-in user didn’t have permission to edit. (#16995)
  • Fixed styling issues. (#16964, #16993)

5.6.13

  • Fixed a performance degradation bug that occurred when working with Categories or Entries fields with “Maintain hierarchy” enabled. (#16920)
  • Fixed a bug where Categories and Entries fields with “Maintain hierarchy” enabled were getting all relatable entries/categories selected by default. (#16925)
  • Fixed a bug where Plain Text and Table fields were converting posted shortcode-looking strings to emoji. (#12935, #16917)
  • Fixed a bug where relation fields could show relations from another instance of the same field. (#16912)
  • Fixed a bug where tooltips could show and hide repeatedly. (#16922)

5.6.12

  • Improved table styling. (#16771, #16829)
  • Field layout designers now close the element library HUD automatically after creating a new field. (#16521)
  • Fixed a bug where relational fields with “Maintain hierarchy” enabled weren’t displaying the correct relations after an element was moved within its structure. (#16843)
  • Fixed a bug where letterbox transforms were getting transparent fills if the source image was grayscale. (#16857)
  • Fixed a bug where elements could be missing data for attributes that shared a name with an eager-loadable attribute from another element type. (#16862)

... (truncated)

Changelog

Sourced from craftcms/cms's changelog.

5.6.17 - 2025-04-10 [CRITICAL]

  • Fixed an RCE vulnerability.

5.6.16 - 2025-04-08

  • Fixed a bug where craft\services\Assets::EVENT_BEFORE_REPLACE_ASSET and EVENT_BEFORE_REPLACE_ASSET events weren’t getting triggered when replacing an asset file via GraphQL. (#17005)
  • Fixed a bug where replacing a file via GraphQL could result in two assets referring to the same file. (#17031)
  • Fixed a bug where the window wasn’t automatically scrolling when dragging structure elements near its edges. (#17036)
  • Fixed a bug where changes to multi-instance CKEditor fields weren’t persisting, if the first instance in the field layout hadn’t been modified. (craftcms/ckeditor#391)
  • Fixed a bug where email templates weren’t always getting rendered with the correct site’s global variables.
  • Fixed a bug where Markdown field layout UI elements were styled with gray-colored text. (#13513)

5.6.15 - 2025-04-04

  • Fixed an error that could occur when clearing control panel resources, if the resourceBasePath setting was set to a nonexistent folder path. (#17021)
  • Fixed a bug where the includeSubfolders asset GraphQL query argument wasn’t working. (#17023)
  • Fixed a bug where custom tips and warnings set on native fields (like Title) weren’t getting translated. (#17016)
  • Fixed a privilege escalation vulnerability.
  • Fixed an RCE vulnerability.

5.6.14 - 2025-04-01

  • Improved the styling of Markdown UI elements. (#16973)
  • Fixed a bug where relations weren’t always propagating to newly-added sites for sections correctly. (#16924)
  • Fixed a bug where Assets fields set to restrict assets to a single location were relocating assets on element propagation. (#12767, #16936)
  • Fixed a bug where relations weren’t getting saved for new elements, if the element was created with Craft::createObject() with its relation field data included in the passed-in config. (#16942)
  • Fixed a bug where relational fields with a “Related To” rule on their selectable elements condition weren’t making all expected elements selectable. (#16945)
  • Fixed a bug where some subdivisions weren’t available when creating addresses. (#16951)
  • Fixed a bug where some older dates could be formatted incorrectly. (#16953)
  • Fixed a bug where the folderPath asset query param only accepted strings. (#16981)
  • Fixed a bug where craft\elements\Asset::getSrcset() could return malformed results if any sizes didn’t have corresponding image URLs. (#16984)
  • Fixed an error that could occur when uploading images. (#16977)
  • Fixed a bug where the “Save” button on user group edit pages was redirecting to the same page, rather than the User Groups index page. (#16988)
  • Fixed a bug where asset previews had an “Enable focal point” button even if the logged-in user didn’t have permission to save the asset. (#16997)
  • Fixed a bug where provisional drafts created for nested elements weren’t being properly assigned to both the canonical owner element and the owner’s provisional draft, if it had one. (#16933)
  • Fixed a bug where global sidebar tooltips were blank in Safari. (#16959)
  • Fixed a bug where newly-added elements within relational fields were getting shown twice when dragged.
  • Fixed a bug where “Set status” bulk element actions could be activated for elements the logged-in user didn’t have permission to edit. (#16995)
  • Fixed styling issues. (#16964, #16993)

5.6.13 - 2025-03-19

  • Fixed a performance degradation bug that occurred when working with Categories or Entries fields with “Maintain hierarchy” enabled. (#16920)
  • Fixed a bug where Categories and Entries fields with “Maintain hierarchy” enabled were getting all relatable entries/categories selected by default. (#16925)
  • Fixed a bug where Plain Text and Table fields were converting posted shortcode-looking strings to emoji. (#12935, #16917)
  • Fixed a bug where relation fields could show relations from another instance of the same field. (#16912)
  • Fixed a bug where tooltips could show and hide repeatedly. (#16922)

5.6.12 - 2025-03-18

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump craftcms/cms from 5.6.5.1 to 5.6.17
0282345 
Bumps [craftcms/cms](https://github.com/craftcms/cms) from 5.6.5.1 to 5.6.17.
- [Release notes](https://github.com/craftcms/cms/releases)
- [Changelog](https://github.com/craftcms/cms/blob/5.x/CHANGELOG.md)
- [Commits](craftcms/cms@5.6.5.1...5.6.17)

---
updated-dependencies:
- dependency-name: craftcms/cms
  dependency-version: 5.6.17
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file php Pull requests that update php code labels Apr 25, 2025
@dependabot dependabot bot requested a review from a team as a code owner April 25, 2025 15:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file php Pull requests that update php code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants