All notable changes to this project will be documented in this file.
This project adheres to Semantic Versioning where possible.
This file follows the best practices from keepachangelog.com.
- [Critical] Fix OS command injection vulnerability in installations of
Sharetribe Go that do not set explicitly the
sns_notification_tokenconfiguration variable (which is unset by default). Discoverer/Credits: Wang Sheng of State Grid Sichuan Electric Power Research Institute. #5b844f
- New Admin panel additions and fixes, done through many many commits/PRs/branches that have
admin2oradmin v2in their title - Support for French overseas departments/regions IBAN #4369
- Custom Landing Page icon picker #12adad
- Add new body and css fields to the Custom script feature #46a066
- Redirect an already logged in user to the home page when they visit the login page #603eee
- Validation for the Google Analytics tracking ID field #46aff6
- Don't display payment details banner reminder for deleted listings #4371
- Cache fonts partial to avoid scss rendering on every page load #4367 and #f158cb9
- Minimum listing price refactor #08b61a
- Default first and last names values #20b662
- Update Facebook API graph version #0a90bb
- Update font-family to use the same one everywhere #41212e
- Fixed error message in incorrect location in signup form #4360
- Fixed email notifications can be configured to use an unconfirmed address #4362
- Fixed incorrect use of plural in a review date text on Profile pages #4361
- Fixed wrong name in email notifications #d66b90
- Fixed UI overlay issue with profile picture on profile pages #2075e9
- Fixed incorrect commission fee shown on the transaction page for buyers if they are also admins #9e0176
- Fixed Facebook & LinkedIn logos too small on signup and login pages #3fdff2
- Fixed email sending feature producing error with certain sender names #5b4a40
- Fixed Custom Landing Page - BrowserDetectVideoAutoplay is not defined #55352e
- Fixed checkout fails when the total of minimum seller + buyer fees is higher than the listing price #fc077e
- Fixed module is not defined error #64f7d7
- Upgrade Rails to 5.2.4.5 as well as gems #4366
- Dependencies update #4373, #037932, b1c10a, #3e00b7, #cbf815, #7e0eb9, #1b9d66
10.1.0 - 2021-03-17
- New Admin panel, done through many many PRs that have
admin2oradmin v2in their title - Info text to Stripe form #4118
- Stripe support for Cyprus #4122
- Stripe support for Malta #4123
- Stripe support for Bulgaria #4124
- Add "paypal/stripe setup" in users csv export #4003, #4196
- UI for setting custom domain #4227, #4237, #4241, #4296, #4312
- reCAPTCHA support #4299
- Email notification to admins when changing the marketplace ident #4326
- Missing settings for two email notifications #4328
- Stripe support for Hungary #4295
- Increase Facebook and Twitter meta images size #4100
- Add more states to FINISHED_TX_STATES to allow user account deletion correctly #4109
- Update airbrake and newrelic #4111
- Remove default favicon and add type tag to favicon link #4140
- Make active storage service configurable #4143
- Specify the requested fields in Google Maps Places API query #4146
- Review text is required in edits from admins #4153
- Update Proxima font #4177
- Adjust CircleCI configuration for faster test runs #4274
- Make the Custom script plan_feature dependent #4289
- Fix job priorities #4294
- Email layout v2 - Link color consistency with marketplace color #4303
- Optimize polling for pending delayed jobs #4311
- Email layout v2 - Disable markdown formatting in listing description #4305
- Improve efficiency of community membership counting #4319
- Email layout v2 - Add note to email layout #4318
- Email layout v2 - Disable markdown formatting in listing description #4305
- Email layout v2 - Remove ability to change feature flag from Admin panel #4307
- Use the community default locale for CLP #4341
- Change the main font for Go UI to Proxima soft #4353
- Sunset PayPal in India #4338
- Fixed query for booked dates in range #4091
- Fixed error when using daily availability management datepicker #4094
- Fixed confirming payment multiple times with Stripe #4102
- Fixed inconsistent transaction left after transition fails #4092
- Fixed CLP hero section with upload background image #4101
- Fixed search with fuzzy location #4103
- Fixed issue with error translation in some languages #4132
- Fixed user display_name #4130
- Fixed active map view on listing page #4145
- Fixed default setting automatic newsletters #4150
- Fixed bug with "Display name" not being used in transaction steps texts #4155
- Fixed no listing location makes clicks on "Show in the next newsletter" impossible #4181
- Fixed infinite scroll on homepage not working w/ Chromium 87 #4273
- Fixed test email not sent to admin if they have unsubscribed #4327
- Fixed inconsistency between the Unsubscribe link in the Receipt of payment email and the notification setting #4329
- Fixed rels deleted users #4340
- Fixed Facebook buttons cut off and misaligned #4348
- Updated fileupload plugin #4136
- Update rails to 5.2.4.3 #4141
- Update rails to 5.2.4.4 #4231
- Upgrades node-sass and json #4233
- Add tests ensuring csrf protection for omniauth auth paths #4266
- Vulnerable dependencies updates - Axios, Nokogiri, Redcarpet #4325
10.0.0 - 2020-05-10
- Fuzzy location #4035
- Stripe support for Czech Republic #4049, #4069
- Allow admin to edit the button in Hero section #4051
- Stripe support for Romania #4066
- Go no longer uses Harmony for availability management. Functionality is now implemented fully in Go. See the upgrade instructions. #4020, #4037, #4043, #4048, #4071
- Copy texts for admin email notification of new entry in Contact form #4077
- Fixed inbox doesn't consider commission status #4044
- Fixed encoding issue with PayPal #4045
- Fixed missing listing image in community updates email #4046
- Fixed scope of transations for testimonials to support Disputed #4063
9.1.0 - 2020-03-06
- Custom Landing Page Editor
- New emails layout
- Support for Stripe capabilities
- Allow admin to mark completed cancel transactions #3889
- Added listing price and unit to csv export #3891
- Add listing price to RSS/Atom feed #3892
- Add link to delete closed listing #3893
- Add shipping address to Transaction view #3910
- Add a transaction state after canceled and improve the flow #3926
- Add support for Mexico accounts #3937
- Allow users to edit their username #3941
- Add "My transactions" view in user settings #3943
- Add GHS currency #3944
- Add support for HEIC images #3966
- Allow admin to update the marketplace ident #3972
- Allow admins to delete a user account #3975
- Retry paypal errored commission #3977
- New texts for Google Search Console #3979
- New Add text about GTM #3997
- Add "paypal/stripe setup" in users csv export #4003
- Admin can remove logo, square logo, cover photo, small cover photo, favicon, social media image #4012
- Send additional verification document if required #3897
- Change to dropdown for state values for Canada and Australia #3905
- Title in admin transaction view #3911
- No default option selected if pickup and shipping are offered #3938
- Stripe API version changed to 2019-12-03 #3948
- Hide "Newsletter" settings if newsletter has been disabled by admins #3959
- Change meta tag xx:image to use profile picture for user profiles#3960
- Update to Ruby 2.6.5 and a Debian Buster base Docker image #3967
- Delete invitations sent by a user who gets deleted forever #3973
- Show account restricted or pending in the smart way #3990
- Send MCC/Email/URL when updating a Connect account #3993
- Link to transaction should redirect to admin view #3998
- Update the forms to have phone placeholder and JPG information #4004
- Remove Google+ from CLP and Footer #4005
- Longer number of characters for Display name #4007
- Add the listing ID to PayPal's metadata #4013
- Validation if SEO variables are not correct #4014
- Fixed users CSV export date field not required #3886
- Fixed notification for each new transaction #3887
- Fix meta title/description bug for social #3894
- Fixed payment JS in older browser #3920
- Fixed listing image width setup #3921
- Fixed day/night availability after payment intent failed or expired #3922
- Fixed check payment method presence when initiating payment #3935
- Fixed Stripe payment card declined without SCA #3952
- Fixed localization of PayPal payment description when charging the admin commission #3961
- Fixed incorrect count of listings when editing an Order type isn't correct #3964
- Fixed incorrect language in placeholder for social media tags #3995
- Fixed wrong receipt for the seller when there is Shipping involved #4009
- Fixed followers get notifications of rejected listings #4011
- Updated gems: rubyzip 1.3.0, devise 4.7.1 #3899
- Bump loofah from 2.3.0 to 2.3.1 #3918
- Bump puma from 3.12.1 to 3.12.2 #3936
- Bump rack from 2.0.7 to 2.0.8 #3951
- Bump nokogiri from 1.10.5 to 1.10.8 #4010
- Bump puma from 3.12.2 to 3.12.4 #4021
9.0.0 - 2019-10-02
- Update Sharetribe Go Licence #3883
8.1.0 - 2019-10-02
- Stripe SCA paymentintent based preauth process #3791
- Stripe SCA finalize ui and management #3805
- Support for markdown in listing descriptions #3795, #3810, #3874
- Add "Whats new?" link in the sidebar #3822
- Add ready made cover pics link next to the cover pick chooser #3823
- Add "Terms, Privacy Policy and static content" table and links in "Basic details" tab #3827
- Add four new fields to the transactions CSV export #3845
- Allow admins to unskip reviews #3857
- Admin option to send a notification for each new transaction #3859
- Add new countries support: Estonia, Greece, Latvia, Lithuania, Poland, Slovakia, Slovenia #3872
- In shipping address replace country dropdown with text field #3815
- Use community currency for free transactions avoiding nil.to_money == 0 EUR #3816
- Edit some CSV exports #3828
- Change datetime format in all CSV exports #3844
- Remove username from signup #3853
- Order Type name for free listings was not updating cached fragment #3836
- Disabling top bar default links (about, contact) is not possible #3840
8.0.0 - 2019-07-31
- Use index hint for homepage query #3714
- Add Albanian to the list of unsupported languages #3718
- Add Macedonian to the list of unsupported languages #3725
- Add .html_safe to content for title #3744
- Ability for providers to delete listings #3756
- Stripe support for Singapore #3762
- Cache community count #3766
- Ability to export listings to a CSV file #3790
- Allow admins to disable direct messaging between users #3793
- Update to ruby 2.6.2 #3701
- Add more bot rules, disallow login paths #3715
- Update to Rails 5.2.3 #3722
- Prevent lowering minimum transaction size to less than minimum transaction fee with Stripe #3723
- Update to Node.js 10.15 #3735
- Updates to payment preference settings #3748
- Updated copy text from Ban to Disable #3755
- Category translation caching improvements #3761
- Stripe remove the MCC field and hardcode it #3771
- Move "Phone number" field down in US Stripe form #3775
- Fix to the SEO tags without price translation string #3727
- Fix to payment settings causing internal error when PayPal has never been enabled #3732
- Fix to password reset #3763
- Fix to Stripe US account update #3765
- Fix to adding links to footer #3769
- Fix to validation for custom date fields #3772
- Fix to exclude expired listings when filtering for open #3773
- Fix to signup page description tag #3794
7.6.0 - 2019-04-12
- Reviews filters in admin panel #3589
- Marketplace logo in all marketplace emails #3581
- New element in the user dropdown menu in the topbar: My listings #3608
- Domain tab in the admin panel #3614
- Social media logins: Google and LinkedIn #3583
- SEO tab in the admin panel and the possibility to customize the metatags for your marketplace main page #3612
- Lithuanian as an unsupported language #3624
- SEO tags working on landing pages as well #3622
- Added the possibility to charge a commission from the buyer #3490
- New templates for the landing page footer #3645
- More SEO options to add custom tags to different marketplace pages #3647
- Ability to have pre-approved listings #3620
- Notifications about listings to approve #3646
- Better logging and error reporting with Stripe #3676
- Listen to account status and missing info from Stripe #3672
- Sending different notifications when a listing is new or edited #3692
- Link to closed listings redirects to listings table in profile settings #3607
- The way parameters are sent related to creating an connected account with Stripe #3637
- Updated Stripe API keys pattern regex #3660
- Updated Facebook login button in accordance to their branding demands #3696
- Updated Facebook API to version 3.2 #3679
- Fix inefficient queries when admin tries to send emails to all members #3532
- Fixed failed list of listings #3604
- Being able to edit the Stripe connected account name and lastname through the UI #3653
- Handle Stripe API keys various lenghts #3667
- Issues with Stripe Payouts #3668
- Update CI to use Ubuntu-based image #3671
7.5.0 - 2019-01-30
- Social media sharing specific image #3455
- Edit reviews feature #3422
- New user segment for sending e-mails to users: "User who are allowed to post listings" #3461
- "Per unit" default pricing unit #3462
- Japan as supported country for Stripe #3472
- Puerto Rico as supported country for Stripe #3474
- Possibility to hide slogan and description from the cover photo #3477
- Transaction search and filter #3484 and #3504
- Listing search and filter #3496
- Customizable footer for Pro subscriptions #3374
- New section in admin panel to view and manage invitations #3505
- Add user_id to the listing CSV export #3511
- HSTS support #3512
- Add filters in User search and filters #3515
- Add Conversations search in admin panel #3521
- Admin can act as another user (post listings as, edit profile) #3525
- Admin can resend confirmation email #3529
- Add Review search in admin panel #3537
- Social media sharing specific texts #3538
- Custom link behind marketplace logo #3564
- Ability to edit default top bar menu links #3565
- Admins should be able to see closed listings #3582
- User can browse all their listings in a table #3584
- Make "Per unit" the default pricing unit for product marketplace #3462
- Better messaging for closed marketplaces #3465
- Allow 65 characters in the listing title #3497
- Characters are escaped in URLs #3546
- Updated list of supported and unsupported languages #3577
- Bug in Hong Kong bank account form #3456
- Bug in transaction agreement text #3468
- Bug in availability per hour manager #3467
- Layout for social media image #3475
- Amazon Web service mail verification #3471
- Number of users when searching in the admin panel #3483
7.4.0 - 2018-10-09
- View Listings page in the admin panel #3340
- Locations section in the custom landing pages #3341
- Background color and image for any section #3296
- Custom fields for user profiles #3332
- Add a section button for info-2-columns and info-3-columns in the custom landing pages #3362
- File name in the design tab and profile settings to show the stored file #3364
- Allow markdown in user profiles "About you" section #3370
- "Expired" status in View listings page #3387
- Allow spaces at the end of the e-mails in signup form #3394
- Added Puerto Rico as a Stripe supported country #3399
- Added support for INR with PayPal #3416
- Added support for ARS with PayPal #3415
- Direct link to the admin panel when logging in as admin user#3414
- Added checkmarks to the user fields #3441
- Added the use of session token in Google's autocomplete feature #3401
- Icons to payment provider's page #3444
- Rename admin panel sections #3350
- Rename save listings button #3355
- Video section variations on the custom landing pages #3367
- Renamed the default category to "default category" #3362
- Allow links in the custom user text fields #3373
- Google maps dynamic map for static maps in the listing page #3382
- Change Static map for embedded maps in the listing page #3395
- Update to Circle CI 2.0 #3360
- Profile image is only used once it has been processed #3427
- Fix data deletion task to handle missing images #3349
- Requester name in waiting for confirmation messages in the inbox #3357
- Fixed bug in Hungarian Forint minimum transaction size #3366
- Stripe fee information in listing page #3384
- Fixed displaying design page #3451
- Display bug in checkbox user fields #3385
- Fixed a broken link when no date was selected for free "per day" and "per night" listings #3410
- Allow to leave dropdown option unselected if it is not mandatory #3446
7.3.1 - 2018-06-07
- Add soundcloud link support in custom landing page footer #3300
- Add checkbox for consent for receiving emails from admins to signup process #3318
- Add popup notification when giving admin rights to a new user #3329
- Add link to privacy policy in the signup page #3328
- Allow admins to disable end-user Analytics #3319
- Allow links in custom listing text fields #3297
- Add View reviews section in the admin panel #3267
- Add possibility to export transaction as CSV file #3245
- Improve user deletion to clear personal data more thoroughly #3325
- Delete automatically transactions that fail with Stripe #3326
- Prevent an admin from deleting their account if they are the only admin in the marketplace#3320
- Split first name and last name from Stripe account connection form #3317
- Remove feature flag for export transactions feature #3288
- Fix Dockerfile issue where bundler was trying to install binaries in root-owner directory #3321. Thanks, Nick Meiremans.
- Fix Stripe payout scheduler #3309
- Fix last 4 digits of SSN passing to Stripe for US bank accounts #3282
- [Critical] Fix several parameter validation bugs that opened the app to SQL injection
- Update sinatra dependency #3344
- Update multiple dependencies
- Present form auto-complete for Stripe secret keys #3338
7.3.0 - 2018-02-23
- Per hour availability 3166
- Support for NZ bank account with Stripe 3165
- "View conversations" section in admin panel 3173
- Account tokens for Stripe bank account connections 3234
- Made user confirmation form more secure 3170
- Confirmation days x after end time of the transaction 3205
7.2.0 - 2017-11-22
- Add rack-attack for request throttling #3078
- Stripe integration #3018
- Sending emails from admin to specified subset of users #3058
- Custom Scripts are now also enabled in Custom Landing Page #3080
- Allow admins to edit their Custom Outgoing Email and Sender Name #3106
- Allow admins to unban users 3108
- Ability to disable Stripe and PayPal 3112
- Allow admins to search users by name or email 3113
- Add an unsubscribe link to invitation emails 3136
- Add more information texts about holding funds with Stripe 3150
- Lowered daily limits for invitations from 50 to 10 3134
- Increased unsubscribe auth token validity from 1 week to 4 weeks 3138
- Fixed correct use of outgoing email address, if configured, when sending manual emails to users #3058
- Fixed sounds of videos in Custom Landing Pages not working #3101
- Fixed listing image reordering when some images were deleted #3107
- Fixed incorrect use of name of receipt email 3127
- Fixed many bugs related to Stripe integration
- Fixed many bugs related to code refactoring
7.1.0 - 2017-09-15
- Added configuration for trusted proxies #3040
- Currencies can now be formatted with translations #3043
- Transaction status is now named Completed everywhere instead of Confirmed #3028
- WebTranslateIt API keys were updated #3029
- Force meta tags content to be HTML escaped #3047
- Upgrade to latest ruby 2.3.4 with latest rubygems (2.6.13+) #3056
- Fixed image deletion in Android 3023
- Fixed changing the names of custom listing field options 3024
- Fixed image ordering usability in Android 3034
- Fixed not sending automatic emails to expired and deleted marketplaces 3044
- Fixed carousel black box rendering issue 3045
- Fixed datepicker issue with per night availability 3046
- Fixed listing checkbox layout issue on mobile 3048
- Fixed admin layout issue in Safari 3066
- Fixed error message layout placement when reviewing without grade 3067
- Fixed managing availability of rejected booking dates 3068
7.0.0 - 2017-08-08
- Updated Rails to 5.1.1 and Node to 7.8 #2976
6.4.0 - 2017-06-09
- New feature: User can reorder listing images #2970
- Change instructions how to compile assets. This reduces the JavaScript bundle size drastically. c613cac
- Fixed transaction button styles. Styles were broken in IE Edge. #2968
- Fixed admin UI language change. #2969
- Fix old mobile browser compatibility by removing dependency to Intl api. #2979
- Fixed cross-community security issues #2978
6.3.0 - 2017-04-24
- Migrate from database session store to cookie-based session store #2935
- Removed default twitter handle #2906
- Fix cropped cover photo in big screens #2895
- Add missing padding to homepage search field in mobile view #2895
- Fix unwanted scrolling in listing page by removing comment text area auto focus #2917
- Fix faulty feature flag dependency handling #2932
- Fix map bug where multiple listings close to each other caused the icon cluster to disapper when zoomed closed enough #2942
- Fix issue #2885: Landing page always shows Sign up button for private marketplace, even if the user is logged in #2944
- Fix issue with fetching correct node.js release signing keys in Dockerfile #2964
- Upgrade Nokogiri and rubyzip gems #2943
6.2.0 - 2017-03-09
- Add support for redis as cache store #2786
- Add support for using PayPal in fake mode for development purposes. Read more #2598
- Add support for linking to member invitation page in CLP #2859
- New feature: Hide irrelevant search filters when a category or subcategory is selected #2882
- Landing page Markdown support #2887
- Add instructions how to configure Harmony service #2892
- Add support for display name #2869
- Add support for customizing community description and slogan color #2898
- Fixed broken transaction button styles #2723
- Fixed number of issues in the Order Types form #2858
- Fixed an issue which caused sign up to fail partially if the Facebook profile picture upload failed #2886
6.1.0 - 2016-10-31
- Updated Node.js to the latest LTS (long term support) version 6.9 #2655
- Updated NPM packages #2655
- Update
react_on_railsgem #2655 - Upgrade Facebook SDK from v2.2 to v2.8 #2666
- Instruct crawlers not to follow auth paths, add crawling delay for bots that support the directive #2693
- Avoid redirect to correct S3 bucket endpoint when bucket is not in
us-east-1region #2605 - Added missing database indexes #2621, #2634, #2670
- Fix bug:
rake assets:precompilefails if MySQL is not available. Issue fixed by upgradingmoney-railsgem from 1.3 to 1.4 #2612 by @nicolaracco
- Fixed insecure gem urls in Gemfile #2635
6.0.0 - 2016-09-27
- Dropped official support for MySQL server version 5.6. Only MySQL 5.7 is officialy supported. This release contains no other changes.
5.12.0 - 2016-09-27
- Added date picker for "per night" listing unit type #2481
- SEO: Added
rel=nextandrel=prevlinks to give a hint to crawlers about the paginated content #2505 - Added New layout admin page where marketplace admins can enable new layout designs for the whole marketplace or just for themselves to try out #2338 and #2469
- Added functionality to edit Post a new listing button text #2448
- Sitemap #2492, thanks Dan Moore (@mooreds) for helping!
- Mocha test setup for new frontend architecture #2550
- Deprecated use of MySQL server version 5.6.x 2566
- Removed configuration for TravisCI (CircleCI now fully in use) #2489
- Updated React on Rails to 6.0.5 #2428 and #2472
- Updated React Storybook to version 2.13.0 #2528
- Changed ActiveRecord schema format to :sql #2531
- Upgraded Paperclip and Delayed::Paperclip, dropped deprecated AWS SDK v1 #2522
- Upgraded mysql2 dependency #2565
- Correctly add https or http to links generated in
community.rb#2459 - Transactions in
initiatedstate showed wrong total price in the transaction page if the item quantity was more than one #2452 - Fix bug in infinite scroll: The current page was not taken into account #2532
- Fix bug: Testimonial reminders were sent even if user had disabled them #2557
- Fix regression: Add quantity pickers to non-payment transactions #2568
5.11.0 - 2016-08-24
RAILS_ENV=productionenvironment added to therake assets:compilecommand in README #2440 by @pcm211
5.10.0 - 2016-08-23
- Disable Braintree payments #2423
5.9.0 - 2016-08-18
- Add support for using CDN for dynamic assets (uploaded images, custom compiled stylesheets) when S3 is otherwise in use #2314
- Add possibility to choose between light and dark background image filter for hero and info sections in custom landing pages #2310
- Add Pinterest link support in custom landing page footer #2356
-
Fix some asset links not respecting
asset_hostsetting on landing pages #2320 -
Fix JS errors in development by replacing
babel-polyfillwithes6-shim#2087
5.8.0 - 2016-07-15
- Add whitelabel_branding based on features #2052
- Onboarding topbar and wizard enabled for everyone #2250
- Ability to add Google Maps API key #2172
- Landing page. See the documentation
- Fix some React dependency issues caused startup timing/ordering #2046 and #2053
- Fix issue that caused Google Maps Geocoder to return wrong location if the listing address contained an ampersand (&) #2075
- Fix pluralization error for Turkish (tr-TR) #2292
5.7.1 - 2016-05-12
- Fix missing map icon #2032
- Add instructions for handling libv8 installation problems #2023
- Add React Storybook styleguide for React component development #2030
5.7.0 - 2016-05-11
- Add a new job queue (css_compile) for css compilations #1815
- Add a warning message which will be shown 15 minutes before the next scheduled maintenance #1835
- Expose used feature flags to Google Tag Manager #1856
- React on Rails development environment #1918.
- Add ability to create a new account with username or email which is already in use in another marketplace #1753 #1939
- Prevents cookies from leaking to subdomains, fixes #1992, adds a new configuration key:
cookie_session_key#1966
- Marketplace ID is removed from the Admin Settings URL #1839
- The application now depends on React components, which need to be built to run Sharetribe. Instructions here. This change is related to React on Rails environment #1918.
- Update Ruby to 2.3.1 #2020
- Google Analytics and Kissmetrics tracking snippets are deprecated in favor of Google Tag Manager #1857
- Delete duplicated memberships from the database #1838
- Remove ability to join other marketplaces with an existing account #1753 #1939
- Errors from Braintree API were ignored #1832 by @priviterag
- Fallback language handling was broken #1869
- Confirmation pending page redirects to homepage if the account is already confirmed #1976
- Fix bug: "Resend confirmation instructions" button didn't resend the confirmation email #1963
- Updated Paperclip gem #1836
- Unauthorized users were able to upload new listing images #1866
- Change session expiration time from one year to one month #1877
- Correctly reset old password and salt #1961
5.6.0 - 2016-03-11
- Add default queue name to jobs #1814
- Update Ruby to 2.2.4 #1774
- Wrong action was executed when radio buttons were clicked back and forth #1802
- Redirect to HTTPS (if configured) before requesting HTTP basic authentication: #1793
5.5.0 - 2016-03-02
- Migrate legacy passwords to Devise's Bcrypt hashing #1781
- Add listing id to option selections table: #1761 and #1762
- Support optional site-wide HTTP basic authentication: #1766
- Fixed broken FontAwesome asset path #1756
- Listing author wasn't able to give feedback if the transaction starter skipped the feedback #1767
- Update Rails to 4.2.5.2 #1786
5.4.0 - 2016-02-22
- Update Ruby to 2.1.8 #1750
- Update JSON Web Token gem #1723
- Configure Delayed Job queue adapter for ActiveJob #1749
5.3.0 - 2016-02-15
- Updated Rails to 4.2.5.1 #1691
5.2.2 - 2016-02-09
- Initial support for upcoming new search platform. #1404
- Save model attributes to cache instead of model instances #1714
5.2.1 - 2016-02-03
- Removed environment variable
devise_allow_insecure_token_lookup. #1675
- Fixed Mercury Editor image uploader #1694
- Updated Devise gem to version 3.5 #1675
- Updated Sprockets gem to version 2.12.4 #1692
- Remove HTTP end-point that let unauthorized caller to destroy images uploaded via Mercury Editor #1695
5.2.0 - 2016-01-29
- Added
secret_key_base#1671 - Added pessimistic version number for all the gems in Gemfile. Now we can safely run
bundle updateto update gems with patch level updates. #1663 - Added a new environment variable
delayed_job_max_run_timewhich controls the maximum time for a single Delayed Job job. #1668 - Added a new environment variable
devise_allow_insecure_token_lookupfor seamless migration from earlier versions. See UPGRADE.md for more information. #1672
- Gemfile clean up. Removed bunch of unused gems. #1625
- Removed ability to downgrade to Rails 3. #1669
- Updating a listing field changes the sorting order #1673
5.1.0 - 2016-01-21
- Marketplace admins can select if the custom field creates a search filter on the homepage #1653
- CHANGELOG, UPGRADE and RELEASE files #1658
5.0.0 - 2015-12-31
- Rails upgraded from 3.2 to 4.0
For older releases, see RELEASE_NOTES.md.