Due to a detected security flaw in the previously used JSON library it's recommended to upgrade to this version. Besides added security there's quite a few other additions that you'll find described below.
Major changes
Replacement of JSON component
After having been contacted by Alvaro Muñoz (@pwntester) and Alexandr Mirosh from Hewlett-Packard Enterprise Security about a security flaw existing in the third party library previously used for serializing JSON data, that library have been replaced by Json.NET and the code has been secured. This security flaw has only been exposable from within the administration interface, but it was severe enough for us to take action as soon as possible. Big thanks to Alvaro and Alexandr for their work!
Although the new JSON implementation have been thoroughly tested with existing data it's recommended to backup the database before upgrading from a version prior to 1.2.1. There shouldn't be any problem, but just to be on the safe side.
Updated core project to ASP.NET 4.5
Up until now Kaliko CMS has been supporting ASP.NET 4.0 and higher. This version was moved up to ASP.NET 4.5. This change was made in order to better keep in line with updates of third party libraries since some of the have been dropping 4.0 support.
The CMS can still be downloaded from GitHub and manually built for ASP.NET 4.0 if needed, but the official NuGet distribution will require ASP.NET 4.5 from now on.
Enhancements
Default values for properties
Sometimes it can be nice to have default values for properties when creating a new page. This can now be achieved by overriding the SetDefaults method on the page type and using the SetProperty method on the EditablePage passed as a parameter to set the properties:
[PageType(...)]
public class SamplePage : CmsPage {
[Property("Preamble")]
public virtual TextProperty Preamble { get; set; }
// ..
public override void SetDefaults(EditablePage editablePage) {
editablePage.SetProperty("Preamble", new TextProperty("Default text here"));
}
}
IoC support for MVC controllers
It's now possible to use constructor injection (with the container of your choice) in PageController classes.
Specify which fields to search in
Kaliko CMS Search has now been extended with an option to specify which fields to do a particular search in. This can be useful if you want to limit queries to a single field (like a category search for instance) or where you add additional fields when indexing that should be searchable.
When creating the SearchQuery you can now add an optional property called InFields, to limit or expand the fields searched through:
var searchQuery = new SearchQuery(query) {
InFields = new [] {"title", "summary", "content", "category", "tags", "tokenizedCategory"},
// ..
}
The above example lists all standard fields - the ones defined by the system and used as default if no explicit selection has been made by setting InFields.
You'll find more information about Kaliko Search here.
New event for when a page is moved
To get notified when a page is moved in the system, connect an event handler to the PageFactory.PageMoved event. This can be useful for updating custom cache implementations or updating URL lists such as sitemaps.
Bugfixes
- Fixed problem where collection property editor breaks on larger property value #106
- Fixed problem with non-responsive dialog when moving pages #108
- Fixed problem with image editor in collection properties #110
- Fixed problem with using composite properties in collections #112
- Fixed problem with failing page saves on PageLink properties #115
- Fixed problem with property type scripts when using collection properties #116
- Fixed problem with preview when site is set up as a subsite #122
- Fixed problem with short url in editor when site is set up as a subsite #122
- Fixed problem with editor allowing start publish date after stop publish date #120
Update 2017-07-17:
A hot-fix for websites that are using collections of custom property types in the site definition that isn't used in page types has been released as version 1.2.2.
Comments
comments powered by Disqus