v0.26.0

See our blog post about the highlights for admins in this release.

Upgrade notes

As usual, we recommend that you have a full backup, of the database, application code and static files.

To update, follow these steps:

1. Update your Gemfile:

gem "decidim", "0.26.0"
gem "decidim-dev", "0.26.0"

2. Run these commands to upgrade and make sure you get all the latest migrations:

bundle update decidim
bin/rails decidim:upgrade
bin/rails db:migrate

And then follow the steps and commands detailed in these notes.

General notes

Register assets paths

To prevent Zeitwerk from trying to autoload classes from the app/packs folder, it's necesary to register these paths for each module and for the application using the method Decidim.register_assets_path on initializers. This is explained in the webpacker migration guides for applications and modules), and was implemented in #8449.

Blocked user in global search

PR #8658 Blocked users are present in global search, to update the search and make them disappear, Run in a bin/rails console or create a migration with:

Decidim::User.find_each(&:try_update_index_for_search_resource)

Please be aware that it could take a while if your database has a lot of Users.

Fix statistics in Comments

As per #8012, for fixing statistic in comments. There's a rake task that you need to run:

bin/rails decidim_comments:update_participatory_process_in_comments

Base64 images migration

As per #8250, we've replaced the default base64 editor images attachment with the use of ActiveStorage attachments. This PR also adds a task to parse all editor contents and replace existing base64 images with attachments. The task parses all the attributes which can be edited from admin using the WYSIWYG editor. The task requires an argument with the email of an admin used to create EditorImage instances. To run this task execute:

bin/rails decidim:active_storage_migrations:migrate_inline_images_to_active_storage[admin_email]

User workflows change to prevent user enumeration attacks

Until now it was possible to see if an email account was registered in Decidim, by using features like "Forgot your password", as the response changed if the email existed ("You will receive an email with instructions on how to reset your password in a few minutes") that's different to a non-existing user account ("could not be found. Did you sign up previously?"). This allows User Enumration attacks, where a malicious actor can check if anyone has an acount in the platform. As per #8537, anyone has the same answer always "If your email address exists in our database, you will receive a password recovery link at your email address in a few minutes".

Unconfirmed access disabled by default

As per #8233, by default all participants must confirm their email account to sign in. Implementors can change this setting as a initializer configuration:

Decidim.configure do |config|
  config.unconfirmed_access_for = 2.days
end

Added

• decidim-budgets: Port decidim-budgets improvements from AjuntamentdeBarcelona/decidim #8249
• decidim-elections: Improve evote admin logs #8263
• decidim-blogs, decidim-meetings: Add card images to meetings and blog posts #8276
• decidim-admin: Align UI groups filtering with the rest of decidim #8105
• decidim-admin, decidim-proposals: Improve error messages in admin panel #8193
• decidim-elections: Allow to mark trustees as missing #8314
• decidim-admin: Add sorting to private participants in a participatory space #8242
• decidim-comments: Improve control of comments in meetings and debates #8027
• decidim-proposals: Offer a way to see all proposals in withdrawn proposal list #8251
• decidim-admin, decidim-proposals: Configurable default order for proposals #8295
• decidim-assemblies: Filter assemblies by assembly type in admin #7153
• decidim-assemblies: Non participant assembly members avatar #8277
• decidim-core: Add image file upload in QuillJS editor #8250
• decidim-meetings: Make meeting report editable by the author in front-end #8209
• decidim-core: Improve dialog accessibility #8294
• decidim-meetings: Ability for users to withdraw their meetings #8248
• decidim-admin: Add colors accessibility warning in admin Appearance #8354
• decidim-proposals: Import proposal answers #8271
• decidim-core: Add more actions in QuillJS toolbar #8120
• decidim-meetings: Add more filter options to directory meetings page #8333
• decidim-assemblies, decidim-conferences, decidim-participatory processes: Add filters for Participatory process admins section #8106
• decidim-budgets: Show modal when user is trying to leave with pending vote #8387
• decidim-meetings: Meetings iframe visibility #8307
• decidim-budgets: Add search, filters and sorting to admin panel budget projects #8592
• decidim-core: Describe the notifications' time with words #8564
• decidim-comments, decidim-core: Add link to comments in Notifications #8607
• decidim-comments, decidim-core: Add full content of comments in notifications #8581
• decidim-core: Change colors on mobile navigation bar #8628
• decidim-core, decidim-proposals: Add author to proposals in notifications #8603
• decidim-comments, decidim-core, decidim-meetings, decidim-proposals: Allow participants to receive translated content by email #8174
• decidim-admin: Add search, filters, pagination and sorting to moderated users #8620
• decidim-surveys: Add "title and description" in surveys #8588

Changed

• decidim-elections: Validate census CSV headers #8264
• decidim-meetings: Improve Attendees count error handling on frontend #8238
• decidim-core: Disable unconfirmed access by default #8233
• decidim-meetings: Rename 'upcoming events' content block to 'upcoming meetings' #8412
• decidim-core: Change user workflows to prevent user enumeration attacks #8537
• decidim-comments: Backport "Show hidden comments replies" to v0.26 #8868

Fixed

• decidim-accountability: Fix accountability notifications proposal title #8240
• decidim-elections: Remove white spaces in Census #8262
• decidim-debates, decidim-meetings, decidim-proposals: Fix characters not encoded in title #8253
• decidim-proposals: Fix flaky test on proposals splitting #8302
• decidim-core: Fix invalid i18n values for diff changeset #8299
• decidim-meetings: Fix live? missing method delegation in online_meeting cell #8241
• decidim-comments: Fix statistics in Comments #8012
• decidim-budgets: Fix some explore budgets specs #8303
• decidim-core: Fix missing icons after CORS [#82...

v0.26.0.rc2

Added

Nothing.

Changed

Nothing.

Fixed

• decidim-meetings: Backport "Fix for preview unpublished meetings by admin user" to v0.26 #8724
• decidim-comments: Backport "Adds emojis when user edits a comment" to v0.26 #8743
• decidim-core: Backport "Properly mark sender and recipient in Conversation" to v0.26 #8746
• decidim-participatory processes: Backport "Fix order by weight in processes groups' processes content block" to v0.26 #8771
• decidim-core: Backport "Don't display blocked users in mentions" to v0.26 #8770

Removed

Nothing.

Internal

• Backport "Revert the i18n-tasks initialization syntax" to v0.26 #8696
• Backport "Lock graphql version to 1.12 minor" to v0.26 #8695
• Disable codeclimate's stylelint #8711

Developer improvements

• Backport "Fix webpacker generator for modules" to v0.26 #8750

Full Changelog: v0.26.0.rc1...v0.26.0.rc2

v0.26.0.rc1

⛔ This version is broken and can't be used because there were some issues when updating to rubygems. If you want to try v0.26.0 then you'll need to use at least the v0.26.0.rc2.

General notes

Register assets paths

To prevent Zeitwerk from trying to autoload classes from the app/packs folder, it's necesary to register these paths for each module and for the application using the method Decidim.register_assets_path on initializers. This is explained in the webpacker migration guides for applications and modules), and was implemented in #8449.

Unconfirmed access disabled by default

As per #8233, by default all participants must confirm their email account to sign in. Implementors can change this setting as a initializer configuration:

Decidim.configure do |config|
  config.unconfirmed_access_for = 2.days
end

User workflows change to prevent user enumeration attacks

Until now it was possible to see if an email account was registered in Decidim, by using features like "Forgot your password", as the response changed if the email existed ("You will receive an email with instructions on how to reset your password in a few minutes") that's different to a non-existing user account ("could not be found. Did you sign up previously?"). This allows User Enumration attacks, where a malicious actor can check if anyone has an acount in the platform. As per #8537, anyone has the same answer always "If your email address exists in our database, you will receive a password recovery link at your email address in a few minutes".

Blocked user in global search

PR #8658 Blocked users are present in global search, to update the search and make them disappear, Run in a rails console or create a migration with:

  Decidim::User.find_each(&:try_update_index_for_search_resource)

Please be aware that it could take a while if your database has a lot of Users.

Fix statistics in Comments

As per #8012, for fixing statistic in comments. There's a rake task that you need to run:

rake decidim_comments:update_participatory_process_in_comments

Base64 images migration

As per #8250, we've replaced the default base64 editor images attachment with the use of ActiveStorage attachments. This PR also adds a task to parse all editor contents and replace existing base64 images with attachments. The task parses all the attributes which can be edited from admin using the WYSIWYG editor. The task requires an argument with the email of an admin used to create EditorImage instances. To run this task execute:

rails decidim:active_storage_migrations:migrate_inline_images_to_active_storage[admin_email]

Added

• decidim-budgets: Port decidim-budgets improvements from AjuntamentdeBarcelona/decidim #8249
• decidim-elections: Improve evote admin logs #8263
• decidim-blogs, decidim-meetings: Add card images to meetings and blog posts #8276
• decidim-admin: Align UI groups filtering with the rest of decidim #8105
• decidim-admin, decidim-proposals: Improve error messages in admin panel #8193
• decidim-elections: Allow to mark trustees as missing #8314
• decidim-admin: Add sorting to private participants in a participatory space #8242
• decidim-comments: Improve control of comments in meetings and debates #8027
• decidim-proposals: Offer a way to see all proposals in withdrawn proposal list #8251
• decidim-admin, decidim-proposals: Configurable default order for proposals #8295
• decidim-assemblies: Filter assemblies by assembly type in admin #7153
• decidim-assemblies: Non participant assembly members avatar #8277
• decidim-core: Add image file upload in QuillJS editor #8250
• decidim-meetings: Make meeting report editable by the author in front-end #8209
• decidim-core: Improve dialog accessibility #8294
• decidim-meetings: Ability for users to withdraw their meetings #8248
• decidim-admin: Add colors accessibility warning in admin Appearance #8354
• decidim-proposals: Import proposal answers #8271
• decidim-core: Add more actions in QuillJS toolbar #8120
• decidim-meetings: Add more filter options to directory meetings page #8333
• decidim-assemblies, decidim-conferences, decidim-participatory processes: Add filters for Participatory process admins section #8106
• decidim-budgets: Show modal when user is trying to leave with pending vote #8387
• decidim-meetings: Meetings iframe visibility #8307
• decidim-budgets: Add search, filters and sorting to admin panel budget projects #8592
• decidim-core: Describe the notifications' time with words #8564
• decidim-comments, decidim-core: Add link to comments in Notifications #8607
• decidim-comments, decidim-core: Add full content of comments in notifications #8581
• decidim-core: Change colors on mobile navigation bar #8628
• decidim-core, decidim-proposals: Add author to proposals in notifications #8603
• decidim-comments, decidim-core, decidim-meetings, decidim-proposals: Allow participants to receive translated content by email #8174
• decidim-admin: Add search, filters, pagination and sorting to moderated users #8620
• decidim-surveys: Add "title and description" in surveys #8588

Changed

• decidim-elections: Validate census CSV headers #8264
• decidim-meetings: Improve Attendees count error handling on frontend #8238
• decidim-core: Disable unconfirmed access by default #8233
• decidim-meetings: Rename 'upcoming events' content block to 'upcoming meetings' #8412
• decidim-core: Change user workflows to prevent user enumeration attacks #8537

Fixed

• decidim-accountability: Fix accountability notifications proposal title #8240
• decidim-elections: Remove white spaces in Census #8262
• decidim-debates, decidim-meetings, decidim-proposals: Fix characters not encoded in title #8253
• decidim-proposals: Fix flaky test on proposals splitting #8302
• decidim-core: Fix invalid i18n values for diff changeset #8299
• decidim-meetings: Fix live? missing method delegation in online_meeting cell #8241
• decidim-comments: Fix statistics in Comments #8012
• decidim-budgets: Fix some explore budgets specs #8303
• decidim-core: Fix missing icons after CORS #8290
• decidim-core: Remove unnecessary spacer from external link indicator #8291
• decidim-core: [CVE-2021-22942] Possible Open Redirect in Host Authorization Middleware #8265
• decidim-debates: Fix "last comment by" when commenter is a user group #8279
• decidim-proposals: Similar proposal functionality brea...

v0.25.2

Upgrade notes

As usual, we recommend that you have a working backup (of the database, static files, and codebase) before upgrading. It's also a good idea to test it first in a staging or preproduction server.

To update, follow these steps:

1. Update your Gemfile:

gem "decidim", "0.25.2"
gem "decidim-dev", "0.25.2"

2. Run these commands to upgrade and make sure you get all the latest migrations:

bundle update decidim
bin/rails decidim:upgrade
bin/rails db:migrate

3. Restart your application server.

Added

Nothing.

Changed

Nothing.

Fixed

• decidim-surveys: Backport fix notification after creating survey #8467
• decidim-budgets, decidim-comments: Backport comment's get link in project view (#8450) #8469
• decidim-core: Backport "Fix 404 link in 'how to participate' home content block" to v0.25 #8521
• decidim-system: Backport "Add pptx in allowed_file_extensions (of admin)" to v0.25 #8533
• decidim-generators: Backport "Freezing webpacker to RC.5 until RC.7 is fixed" to v0.25 #8536
• decidim-meetings: Backport "Fix meetings with multiple dates" to v0.25 #8522
• decidim-conferences: Backport "Fix conference speakers when there isn't any avatar" to v0.25 #8538
• decidim-assemblies, decidim-participatory processes: Backport "Fix the copy of components weights in participatory processes and assemblies" to v0.25 #8539

Improved

Nothing.

Removed

Nothing.

Developer improvements

Nothing.

Full Changelog: v0.25.1...v0.25.2

v0.25.1

To update, follow these steps:

1. Update your Gemfile:

gem "decidim", "0.25.1"
gem "decidim-dev", "0.25.1"

2. Run these commands to upgrade and make sure you get all the latest migrations:

bundle update decidim
bin/rails decidim:upgrade
bin/rails db:migrate

Added

Register assets paths

To prevent Zeitwerk from trying to autoload classes from the app/packs folder, it's necesary to register these paths for each module and for the application using the method Decidim.register_assets_path on initializers. This is explained in the webpacker migration guides for applications and modules), and was implemented in #8449.

Unconfirmed access disabled by default

As per #8233, by default all participants must confirm their email account to sign in. Implementors can change this setting as a initializer configuration:

Changed

Nothing.

Fixed

• decidim-proposals: Backport: Any user can access proposal's pages representing the "create a proposal" steps (#8390) #8407
• Backport "Increase text contrast in current phase of a participatory process" #8436
• decidim-core: Backport "Include only public entities in the following page" to 0.25 #8406
• decidim-generators: Backport "Fix railties requirements on created applications" #8439
• decidim-blogs: Backport "Add missing translations" #8441
• decidim-core: Backport "Fix javascript exception when geocoding proposals is disabled" #8437
• decidim-core: Force Rails version to 6.0 #8440
• Backport "Fix CVE-2021-41136" #8443
• decidim-comments: Backport "Refresh comments component after updating" to v0.25 #8446
• decidim-core: Backport "Fix webpacker issue when using zeitwerk" to 0.25 #8447
• decidim-core: Backport "Improve Zeitwerk assets paths to ignore" to 0.25 #8454

Improved

• decidim-core: Backport "Enforce redirects to include the organization host" to 0.25 #8405
• decidim-core: Backport: Disallow redirection to the host when performing redirect_back #8402
• decidim-core: Backport "Update omniauth gem and dependencies" #8442

Removed

Nothing.

Developer improvements

• Backport "Fix railties requirements on created applications" #8439
• Backport "Fixing generator webpacker issues" #8438

v0.25.0

See our blog post about the highlights for admins in this release.

Upgrade notes

As prerequisites, you'll need:

• Node.js version 16.9.x (this version is mandatory)
• Npm version 7.21.x (it works with other versions, but this is the recommended)

We strongly recommend that you have a database and static files backup as this is a huge release. It's the biggest release from the beginning, as we're updating to Rails 6, migrating to Webpacker and ActiveStorage.

To update, follow these steps:

1. Update your Gemfile:

gem "decidim", "0.25.0"
gem "decidim-dev", "0.25.0"

2. Run these commands to upgrade and make sure you get all the latest migrations:

bundle update decidim
bin/rails decidim:upgrade
bin/rails db:migrate

And then follow the steps and commands detailed in these notes, especially the ones about Rail 6 upgrade, migrating to Webpacker and migrating to Active Storage.

Again, we strongly recommend that you have a full backup of your database and static files before updating to this release.

General notes

Rails 6 upgrade

As per #7471, we have upgraded to Ruby on Rails 6.0. Depending on how much code you've you'll need to check in your app and modules that they are compatible with Rails 6. For more information about how to do this read Ruby on Rails 6.0 Release Notes.

There are a couple of legacy migrations that need to be changed so the app works as expected:

wget https://raw.githubusercontent.com/decidim/decidim/3af2148a427f86f99209798f8cd3599d017a865a/decidim-forms/db/migrate/20170515144119_create_decidim_forms_answers.rb -O $(ls db/migrate/*_create_decidim_forms_answers.decidim_forms.rb)
[ -f db/migrate/*_move_signature_type_to_initative_type.decidim_initiatives.rb ] && wget https://raw.githubusercontent.com/decidim/decidim/3af2148a427f86f99209798f8cd3599d017a865a/decidim-initiatives/db/migrate/20191002082220_move_signature_type_to_initative_type.rb -O $(ls db/migrate/*_move_signature_type_to_initative_type.decidim_initiatives.rb)

Webpacker migration

As per #7464 and #7733 Decidim has been upgraded to use Webpacker to manage its assets. It's a huge change that requires some updates in your applications. Please refer to the guides:

• Migrate to Webpacker an instance app
• Migrate to Webpacker a module

ActiveStorage migration

As per #7598 and #7902 we migrate from CarrierWave to ActiveStorage. To enable this migration we provide two tasks:

rails decidim:active_storage_migrations:migrate_from_carrierwave_to_active_storage
rails decidim:active_storage_migrations:check_migration_from_carrierwave_to_active_storage
# Replace legacy migration. See full explanation for details
wget https://raw.githubusercontent.com/decidim/decidim/c9ed6740e8025fd482b49dad71cc1788b5e572c0/decidim-core/db/migrate/20180810092428_move_organization_fields_to_hero_content_block.rb -O $(ls db/migrate/*_move_organization_fields_to_hero_content_block.decidim.rb) 

See full explanation (click to expand)

PR #7598 migrates attachments from CarrierWave to ActiveStorage. There was a migration to move some organization fields to a content block (decidim-core/db/migrate/20180810092428_move_organization_fields_to_hero_content_block.rb) including the use of CarrierWave to migrate an image. This part has been removed. Please, if your application has the old migration replace its content with the changed file to avoid errors in the future because CarrierWave dependency will be eliminated.

PR#7902 provides a task to migrate existing CarrierWave attachment files to ActiveStorage. Keep in mind that the ActiveStorage migration PRs don't delete CarrierWave attachments and preserve the columns used by it. To guarantee the access to CarrierWave files the gem must be installed (the current core engine maintains that dependency) and configured as it was before the migration to ActiveStorage. The task downloads each file using CarrierWave uploaders and uploads it again using ActiveStorage. This PR provides 2 tasks:

• The task to copy files to ActiveStorage. The task generates a log file in log/ with a line with the result of each migration. The result can be:
  • [OK] Migrated - [OK] Checksum identical if the file was copied successfully and the checksums of the origin and copied files are identical. This should be the expected result.
  • [KO] Migrated - [KO] Checksum different if the file was copied successfully but the checksums are different.
  • [SKIP] Migrated The migration was skipped because the task detected that there was already an existing file attached with ActiveStorage (the other task allows us to check if CarrierWave and ActiveStorage files are identical.
  • [ERROR] Exception if any error prevents the migration of the file. The error message is included in the result.

The task also creates a mapping of paths in tmp/attachment_mappings.csv with the id of the instance, the name of the CarrierWave attribute and its origin path and the destination path in ActiveStorage. To run this task execute:

rails decidim:active_storage_migrations:migrate_from_carrierwave_to_active_storage

Note that the migration generates instances of ActiveStorage::Attachment in case they are not yet created. To repeat the migration from scratch it would be enough to delete all ActiveStorage::Attachment items (be careful not to delete attachments that were created earlier with ActiveStorage)

• The task to check migration and compare files. This task finds each CarrierWave attachment file and looks for corresponding ActiveStorage attachment and compares them if possible. The result for each attachment can be:
  • [OK] Checksum identical if both files exist and checkums are identical.
  • [KO] Checksum different if both files exist but checkums are different.
  • [SKIP] Pending migration if the ActiveStorage file is not present.
  • [ERROR] Exception if there is any error in the checking process. The error message is included in the result.

To run this task execute:

rails decidim:active_storage_migrations:check_migration_from_carrierwave_to_active_storage

Statistics change

As per #8147, the participants stats will not take into account deleted and blocked users.

Meetings merge minutes and close actions

With changes introduced in #7968 the Decidim::Meetings::Minutes model and related table are removed and the attributes of the previously existing minutes are migrated to Decidim::Meetings::Meeting model in the closing_report, video_url, audio_url and closing_visible columns.

See full explanation (click to expand)

These are the different results of the merge according to the initial data:

• It there was no minutes data and the meeting was not closed nothing changes
• If there was no minutes data and the meeting was closed, the meeting remains closed with the closing_visible attribute to true. In this way the closing data will remain visible.
• If there was minutes data and the meeting was not closed, the meeting is closed and the minutes description value is copied to the meeting closing_report, the video_url and audio_url minutes attributes values are copied to the respective meeting attributes and the minutes visible attribute value is copied to the meeting closing_visible attribute.
• If there was minutes data and the meeting was closed, the meeting remains closed and the meeting closing_report value remains if present. Elsewere the minutes description value is copied to the meeting closing_report. the video_url and audio_url minutes attributes values are copied to the respective meeting attributes and the minutes visible attribute value is copied to the meeting closing_visible attribute. In this case the visibility of closing report may change to false if there was a minutes with visible set to false.

Please, note that if there was previously minutes_description and closing_report data for a meeting, after applying the changes of this release, the minutes_description data will be lost.

If there is previous activity of creation or edition of minutes, Decidim::ActionLog instances and an associated PaperTrail::Version instance for each one will have been created pointing to these elements in their polymorphic associations. To avoid errors, the migration includes changing those associations to point to the meeting and changing the action to close in the action log items. This change is not reversible

New Job queues

PR #7986 splits some jobs from the :default queue to two new queues:

• :exports
• :translations

If your application uses Sidekiq and you set a manual configuration file, you'll need to update it to add these two new queues. Otherwise these queues will never run.

User groups in global search

PR #8061 adds user groups to the globa...

v0.25.0.rc4

✔️ This is the first working version of the v0.25.0 release.

To see the full explanation on how to update to this version we recommend that you read all the other release candidates' notes: rc1, rc2, and rc3.

Upgrade notes

As prerequisites, you'll need:

• Node.js version 16.9.x (this version is mandatory)
• Npm version 7.21.x (it works with other versions, but this is the recommended)

We strongly recommend that you have a database and static files backup as this is a huge release. It's the biggest release from the beginning, as we're updating to Rails 6, migrating to Webpacker and ActiveStorage.

To update, follow these steps:

Update your Gemfile:

gem "decidim", "0.25.0.rc4"
gem "decidim-dev", "0.25.0.rc4"

Run these commands to upgrade and make sure you get all the latest migrations:

bundle update decidim
bin/rails decidim:upgrade
bin/rails db:migrate

And then follow the steps and commands detailed in the other release candidates, especially the ones about migrating to Webpacker and migrating to Active Storage.

• Release Candidate 1 notes
• Release Candidate 2 notes
• Release Candidate 3 notes

Again, we strongly recommend that you have a full backup of your database and static files before updating to this release.

Added

Nothing.

Changed

Nothing.

Fixed

Nothing.

Improved

Nothing.

Removed

Nothing.

Developer improvements

• Backport "Update NPM version" #8344

v0.25.0.rc3

⛔ This version is broken and can't be used because there were some incompatibilities with npm packages. If you want to try v0.25.0 then you'll need to use at least the v0.25.0.rc4.

Added

Nothing.

Changed

Nothing.

Fixed

• decidim-debates: Backport "Fix "last comment by" when commenter is a user group" #8337
• decidim-comments: Backport "Fix issues with dynamic comments polling" to v0.25 #8340
• decidim-core: Backport "Remove npm decidim packages with dependencies from other decidim packages" #8339

Improved

Nothing.

Removed

Nothing.

Developer improvements

• Backport "Fix CSS validation tests caused by a bug on the validation service" #8325
• Backport "Remove npm decidim packages with dependencies from other decidim packages" #8339

v0.25.0.rc2

⛔ This version is broken and can't be used because there were some incompatibilities with npm packages. If you want to try v0.25.0 then you'll need to use at least the v0.25.0.rc4.

Upgrade Notes

Comments statistics change

• #8012 Participatory space to comments, to fix the statistics. Use
  rake decidim_comments:update_participatory_process_in_comments to migrate existing comments to the new structure.

Added

Nothing.

Changed

Nothing.

Fixed

• Backport "Fix webpacker dependency lock" to v0.25 #8289
• Backport "Fix NPM packages versioning during release process" #8284
• decidim-accountability: Backport "Fix accountability notifications proposal title" to v0.25 #8287
• Backport "Fix Luxembourgish locale" to v0.25 #8282
• decidim-debates, decidim-meetings, decidim-proposals: Backport - Fix characters not encoded in title to 0.25 #8292
• decidim-core: Backport "Fix invalid i18n values for diff changeset" to v0.25 #8305
• decidim-meetings: Backport "Fix live? missing method delegation in online_meeting cell" to v0.25 #8309
• decidim-comments: Backport: Fix statistics in Comments (#8012) #8316
• decidim-core: Backport: [CVE-2021-22942] Possible Open Redirect in Host Authorization Middleware #8320
• decidim-core: Backport "Remove unnecessary spacer from external link indicator" to v0.25 #8319
• Backport "Fix CSS validation tests caused by a bug on the validation service" #8325
• decidim-core: Backport "Fix missing icons after CORS" to v0.25 #8318
• Backport "Update foundation-sites to 6.7.0 for better Dart Sass compatibility" to v0.25 #8300

Removed

Nothing.

v0.25.0.rc1

⛔ This version is broken and can't be used because there were some incompatibilities with npm packages. If you want to try v0.25.0 then you'll need to use at least the v0.25.0.rc4.

General notes

Rails 6 upgrade

As per #7471, we have upgraded to Ruby on Rails 6.0. Depending on how much code you've you'll need to check in your app and modules that they are compatible with Rails 6. For more information about how to do this read Ruby on Rails 6.0 Release Notes.

There are a couple of legacy migrations that need to be changed so the app works as expected:

wget https://raw.githubusercontent.com/decidim/decidim/3af2148a427f86f99209798f8cd3599d017a865a/decidim-forms/db/migrate/20170515144119_create_decidim_forms_answers.rb -O $(ls db/migrate/*_create_decidim_forms_answers.decidim_forms.rb)
wget https://raw.githubusercontent.com/decidim/decidim/3af2148a427f86f99209798f8cd3599d017a865a/decidim-initiatives/db/migrate/20191002082220_move_signature_type_to_initative_type.rb -O $(ls db/migrate/*_move_signature_type_to_initative_type.decidim_initiatives.rb)

Webpacker migration

As per #7464 and #7733 Decidim has been upgraded to use Webpacker to manage its assets. It's a huge change that requires some updates in your applications. Please refer to the guides:

• Migrate to Webpacker an instance app
• Migrate to Webpacker a module

ActiveStorage migration

As per #7598 and #7902 we migrate from CarrierWave to ActiveStorage. To enable this migration we provide two tasks:

rails decidim:active_storage_migrations:migrate_from_carrierwave_to_active_storage
rails decidim:active_storage_migrations:check_migration_from_carrierwave_to_active_storage
# Replace legacy migration. See full explanation for details
wget https://raw.githubusercontent.com/decidim/decidim/c9ed6740e8025fd482b49dad71cc1788b5e572c0/decidim-core/db/migrate/20180810092428_move_organization_fields_to_hero_content_block.rb -O $(ls db/migrate/*_move_organization_fields_to_hero_content_block.decidim.rb) 

See full explanation (click to expand)

PR #7598 migrates attachments from CarrierWave to ActiveStorage. There was a migration to move some organization fields to a content block (decidim-core/db/migrate/20180810092428_move_organization_fields_to_hero_content_block.rb) including the use of CarrierWave to migrate an image. This part has been removed. Please, if your application has the old migration replace its content with the changed file to avoid errors in the future because CarrierWave dependency will be eliminated.

PR#7902 provides a task to migrate existing CarrierWave attachment files to ActiveStorage. Keep in mind that the ActiveStorage migration PRs don't delete CarrierWave attachments and preserve the columns used by it. To guarantee the access to CarrierWave files the gem must be installed (the current core engine maintains that dependency) and configured as it was before the migration to ActiveStorage. The task downloads each file using CarrierWave uploaders and uploads it again using ActiveStorage. This PR provides 2 tasks:

• The task to copy files to ActiveStorage. The task generates a log file in log/ with a line with the result of each migration. The result can be:
  • [OK] Migrated - [OK] Checksum identical if the file was copied successfully and the checksums of the origin and copied files are identical. This should be the expected result.
  • [KO] Migrated - [KO] Checksum different if the file was copied successfully but the checksums are different.
  • [SKIP] Migrated The migration was skipped because the task detected that there was already an existing file attached with ActiveStorage (the other task allows us to check if CarrierWave and ActiveStorage files are identical.
  • [ERROR] Exception if any error prevents the migration of the file. The error message is included in the result.

The task also creates a mapping of paths in tmp/attachment_mappings.csv with the id of the instance, the name of the CarrierWave attribute and its origin path and the destination path in ActiveStorage. To run this task execute:

rails decidim:active_storage_migrations:migrate_from_carrierwave_to_active_storage

Note that the migration generates instances of ActiveStorage::Attachment in case they are not yet created. To repeat the migration from scratch it would be enough to delete all ActiveStorage::Attachment items (be careful not to delete attachments that were created earlier with ActiveStorage)

• The task to check migration and compare files. This task finds each CarrierWave attachment file and looks for corresponding ActiveStorage attachment and compares them if possible. The result for each attachment can be:
  • [OK] Checksum identical if both files exist and checkums are identical.
  • [KO] Checksum different if both files exist but checkums are different.
  • [SKIP] Pending migration if the ActiveStorage file is not present.
  • [ERROR] Exception if there is any error in the checking process. The error message is included in the result.

To run this task execute:

rails decidim:active_storage_migrations:check_migration_from_carrierwave_to_active_storage

Statistics change

As per #8147, the participants stats will not take into account deleted and blocked users.

Meetings merge minutes and close actions

With changes introduced in #7968 the Decidim::Meetings::Minutes model and related table are removed and the attributes of the previously existing minutes are migrated to Decidim::Meetings::Meeting model in the closing_report, video_url, audio_url and closing_visible columns.

See full explanation (click to expand)

These are the different results of the merge according to the initial data:

• It there was no minutes data and the meeting was not closed nothing changes
• If there was no minutes data and the meeting was closed, the meeting remains closed with the closing_visible attribute to true. In this way the closing data will remain visible.
• If there was minutes data and the meeting was not closed, the meeting is closed and the minutes description value is copied to the meeting closing_report, the video_url and audio_url minutes attributes values are copied to the respective meeting attributes and the minutes visible attribute value is copied to the meeting closing_visible attribute.
• If there was minutes data and the meeting was closed, the meeting remains closed and the meeting closing_report value remains if present. Elsewere the minutes description value is copied to the meeting closing_report. the video_url and audio_url minutes attributes values are copied to the respective meeting attributes and the minutes visible attribute value is copied to the meeting closing_visible attribute. In this case the visibility of closing report may change to false if there was a minutes with visible set to false.

Please, note that if there was previously minutes_description and closing_report data for a meeting, after applying the changes of this release, the minutes_description data will be lost.

If there is previous activity of creation or edition of minutes, Decidim::ActionLog instances and an associated PaperTrail::Version instance for each one will have been created pointing to these elements in their polymorphic associations. To avoid errors, the migration includes changing those associations to point to the meeting and changing the action to close in the action log items. This change is not reversible

New Job queues

PR #7986 splits some jobs from the :default queue to two new queues:

• :exports
• :translations

If your application uses Sidekiq and you set a manual configuration file, you'll need to update it to add these two new queues. Otherwise these queues will never run.

User groups in global search

PR #8061 adds user groups to the global search and previously existing groups need to be indexed, otherwise it won't be available as search results. Run in a rails console or create a migration with:

  Decidim::UserGroup.find_each(&:try_update_index_for_search_resource)

Please be aware that it could take a while if your database has a lot of groups.

Improved menu API

As per #7368, #7382 the entire admin structure has been migrated from menus being rendered in partials, to the existing menu structure. Before, this change adding a new menu item to an admin submenu required partial override.

See full explanation and examples (click to expand)

As per #7545 the menu API has been enhanced to support removal of elements and reordering. All the menu items have an identifier that allow any developer to ...