v0.24.3

Added

Nothing.

Changed

Nothing.

Fixed

• decidim-participatory processes: Fix attachment title migration generating possibly invalid values #8044
• decidim-comments, decidim-consultations: Fix for commenting in consultation questions #8062
• decidim-core: Fix boolean fields for .reported? and .hidden? which is nil if no report exists #8082
• decidim-core: Fix redirects broken by Terms and Conditions redirect #8083
• decidim-core: Use correct newsletter cell for web view #8081
• decidim-core, decidim-proposals: Remove proposals filters cache #8038
• decidim-core, decidim-meetings: Include resources on maps only when the geocoding got valid coords #8039
• decidim-core: Fix editor when formatting starts with a linebreak #8024
• decidim-admin: Use symbols for polymorphic route arguments #8060

Removed

Nothing.

Developer improvements

• Bump gems versions to fix dependendabot alerts #8041
• Bump bundle version for security reasons #8084

v0.23.6

Added:

Nothing.

Changed:

Nothing.

Fixed:

• decidim-core: Fix report mailers when author is a meeting #7874
• decidim-comments: Fix TypeError in newsletters #7875
• decidim-core: Open attachments in new tab #7917
• decidim-core: Validate nickname using correct regexp #7920
• decidim-proposals: Cast proposal and collaborative drafts titles to text #7927
• decidim-core: Don't show deleted users on user group members page #7926
• decidim-admin: Disable select inputs with the subform toggler as well #7958
• decidim-core: Fix fragment caching with multiple locales #7959

Removed:

Nothing.

Developer improvements:

• Update to Rails 5.2.6 #7950

v0.24.2

Added

Nothing.

Changed

Nothing.

Fixed

• decidim-core: CSV exporter should take into account locales from all resources #7860
• decidim-comments: Fix TypeError in newsletters #7876
• decidim-core: Open attachments in new tab #7918
• decidim-core: Validate nickname using correct regexp #7921
• decidim-proposals: Cast proposal and collaborative drafts titles to text #7928
• decidim-core: Fix editor: remove br tags from inside a tags #7957
• decidim-core: Fix fragment caching with multiple locales #7960

Removed

Nothing.

Developer improvements

• Do not change the global test app configs during specs #7816
• Update to Rails 5.2.6 #7949

v0.24.1

Added

Nothing.

Changed

Nothing.

Fixed

• decidim-admin: Add admin missing translations (#7702) #7766
• decidim-initiatives: Fix permission for initiative edit and update #7654
• decidim-conferences: Fix validations for registration related fields in Conference form #7734
• decidim-admin, decidim-conferences: Add Conferences and Admin missing translations (#7653) #7765

Removed

Nothing.

Developer improvements

• Do not modify the controller class in the controller tests that rende… #7775
• Upgrade to Rails 5.2.5 #7806

v0.23.5

Added

Nothing.

Changed

Nothing.

Fixed

• decidim-participatory processes: Fix process serializer to consider nil images #7615
• decidim-proposals: Backport proposal imports fix to 0.23 #7610
• decidim-core: Make category in the API non-mandatory #7625
• decidim-proposals: Don't copy counters when copying proposals #7640
• decidim-proposals: Fix rendering of proposals in map #7644
• decidim-proposals: Show all proposals in map (#7660) #7677

Removed

Nothing.

Developer improvements

• Fix migration from #7640 #7650
• Lint file #7652
• Bump mimemagic to 0.3.6 #7718
• Update Rails to 5.2.5 and carrierwave to 1.3.2 #7807

v0.24.0

Upgrade Notes

Bump Ruby to v2.7

We've bumped the minimum Ruby version to 2.7.1, thanks to 2 PRs:

• #6320
• #6522

Comments no longer use react

As per #6498, the comments component is no longer implemented with the react component. In case you had customized the react component, it will still work as you would expect as the GraphQL API has not disappeared anywhere. You should, however, gradually migrate to the "new way" (Trailblazer cells) in order to ensure compatibility with future versions too.

Consultations module deprecation

As the new Votings module is being developed and will eventually replace the Consultations module, the latter enters the deprecation phase.

Authorization metadata is now encrypted in the database

As per #6947, the JSON values for the authorizations' metadata and verification_metadata columns in the decidim_authorizations database table are now automatically encrypted because they can contain identifiable or sensitive personal information connected to a user account. Storing this data in plain text in the database would be a security risk.

You need to do changes to your code if you have been querying these tables in the past through the Decidim::Authorization model as follows:

Decidim::Authorization.where(
  name: "your_authorization_handler"
).where("metadata ->> 'gender' = ?", "f").find_each do |authorization|
  puts "#{authorization.user.name} is a #{authorization.metadata["gender"]}"
end

The problem with this code is that the data in the metadata ->> 'gender' column is now encrypted, so your search would not match any records in the database. Instead, you can do the following:

Decidim::Authorization.where(
  name: "your_authorization_handler"
).find_each do |authorization|
  next unless authorization.metadata["gender"] == "f"

  puts "#{authorization.user.name} is a #{authorization.metadata["gender"]}"
end

As you notice, when you are accessing the metadata or verification_metadata columns through the Active Record object, you can utilize the data in plain text. This is because the accessor method for these columns will automatically decrypt the data in the hash object.

This is less performant but it is more secure. Security weighs more.

Added

• decidim-initiatives: Show draft initiatives #6584
• decidim-budgets: Add scope to proposals import in budgets #6525
• Add new languages: Korean, Vietnamese and Chinese #6648
• decidim-core, decidim-meetings: Add online meetings #6572
• decidim-core: Allow customization of the upload help messages #6683
• decidim-admin, decidim-assemblies, decidim-elections: Add elections trustees role #6535
• decidim-elections: Add the trustee zone for users #6615
• decidim-elections: Elections design improvements #6721
• decidim-elections, decidim-forms: Election feedback form #6548
• decidim-meetings: Missing i18n on closed debate notification #6746
• decidim-admin, decidim-core, decidim-debates, decidim-meetings, decidim-proposals: Improve moderation panel #6677
• decidim-budgets: Budget voting projects rule (select min-max projects) #6753
• decidim-meetings: Let users close meetings from public pages #6703
• decidim-elections: Add preview of questions to an election #6749
• decidim-core: feat: send notification to reported content authors #6747
• decidim-core: Allow subhero content block to hold HTML tags #6810
• decidim-core: Add info to report email for moderators #6725
• decidim-meetings: Add registration system to meetings #6662
• decidim-initiatives: Filter created initiatives only by author #6658
• decidim-proposals: Add locales for cost report #6767
• decidim-admin, decidim-core: Detect the use of spam-bots and ban non compliant users (part 1) #6696
• decidim-core: Send report email when reported resource is translated to default org language #6726
• decidim-elections: Setup election for bulletin board #6813
• decidim-initiatives: Edit initiative as promoter #6790
• decidim-admin, decidim-core: Send notification to resource's authors when it is hidden by a moderator #6885
• decidim-meetings: Add a config flag to disable the registration code #6698
• decidim-elections: Show election results #6768
• decidim-admin: Add HTML titles in Admin panel #6666
• decidim-core, decidim-elections: Export election results #6846
• decidim-admin, decidim-participatory processes: Implement ContentBlock for Process Groups (Admin UI) #6655
• decidim-meetings: Automatically enable registrations when meeting is "on this platform" #6874
• decidim-core, decidim-proposals: Allow user to drag address on proposal map #6291
• decidim-conferences: Localize a string in conference speaker #6866
• decidim-participatory processes: Add HTML Content Blocks in Process Groups #6823
• decidim-core: Adds spinner to block page while ajax petition is executed #6611
• decidim-participatory processes: Add Metadata Content Block in Process Groups #6699
• decidim-participatory processes: Add Participatory Processes Content Block in Process Groups #6826
• decidim-admin: Add a general moderation panel #6955
• decidim-participatory processes: Edit link in groups and show group in processes #6827
• decidim-participatory processes: Improve highlights of Process Groups #6828
• decidim-participatory processes: Improvements in Process Groups and processes block #6853
• decidim-debates: Archive Debates #6940
• decidim-admin, decidim-core: Let components define settings with type time #6948
• decidim-debates: Export debate comments #6962
• decidim-elections: Add and use decidim-bulletin_board gem #6997
• decidim-meetings: Allow creation of hybrid meetings #6891
• decidim-core, decidim-verifications: Encrypt authorization metadata #6947
• decidim-admin, decidim-core, decidim-system: Make it possible to allow some pages to display publicly even when organization access is limited #6951
• decidim-surveys: Start and end dates for survey #7016
• decidim-admin, decidim-core, decidim-verifications: Improve management of managed user #6748
• decidim-participatory processes: Let admins enter the Space Private Users section in admin #7067
• decidim-admin, decidim-core: Detect the use of spam-bots and ban non compliant users (part 2) #6804
• decidim-meetings: Add comments export to meetings #6946
• decidim-consultations: See a deprecation callout in Consultations #7095
• decidim-debates: Add scope to debates #6326
• decidim-budgets: Sum Budgets finished and pending orders in admin panel #7010
• decidim-admin, decidim-assemblies, decidim-participatory processes: Allow admin to be registered as a participatory space user [#6890](http...

v0.24.0.rc2

Added

Nothing.

Changed

Nothing.

Fixed

• decidim-core: Fix invalid signature on message decryption #7490
• decidim-assemblies, decidim-participatory processes: Fix NULL error with weight field in assemblies & processes #7491
• decidim-core: Fix record encryptor hash values JSON parsing for legacy unencrypted hash values #7496
• decidim-admin: Only share tokens if component exists #7504
• decidim-core: Invalidate all user sessions when destroying the account #7511
• decidim-proposals: Fix non-unique IDs element in filter hash cash #7533
• decidim-core: Fix record encryptor trying to decrypt or decode non-String values #7538
• decidim-core: Fix record encryptor trying to decrypt empty strings #7547
• decidim-admin, decidim-budgets: New Admin users cannot accept Terms and conditions #7520
• decidim-core, decidim-proposals: Fix cells caching by using cache_key_with_version instead of cache version #7556
• decidim-debates, decidim-meetings, decidim-proposals: Fix user profile timeline activity cards texts showing "New resource" on updates #7558
• decidim-core: Sanitize address inputs #7576

Removed

Nothing.

Developer improvements

• Remove duplicated migration #7521

v0.23.4

Added

Changed

Fixed

• decidim-admin: Fix and tests to avoid registered users being invited again #7455
• decidim-proposals: Fix the proposal body validation error messages #7495
• decidim-admin: Only share tokens if component exists #7503
• decidim-core: Invalidate all user sessions when destroying the account #7510
• decidim-core: Fix user profile timeline activity cards texts showing "New resource" on updates #7559
• decidim-core: Sanitize address inputs #7577

Removed

v0.24.0.rc1

Upgrade Notes

Bump Ruby to v2.7

We've bumped the minimum Ruby version to 2.7.1, thanks to 2 PRs:

• #6320
• #6522

Comments no longer use react

As per #6498, the comments component is no longer implemented with the react component. In case you had customized the react component, it will still work as you would expect as the GraphQL API has not disappeared anywhere. You should, however, gradually migrate to the "new way" (Trailblazer cells) in order to ensure compatibility with future versions too.

Consultations module deprecation

As the new Votings module is being developed and will eventually replace the Consultations module, the latter enters the deprecation phase.

Authorization metadata is now encrypted in the database

As per #6947, the JSON values for the authorizations' metadata and verification_metadata columns in the decidim_authorizations database table are now automatically encrypted because they can contain identifiable or sensitive personal information connected to a user account. Storing this data in plain text in the database would be a security risk.

You need to do changes to your code if you have been querying these tables in the past through the Decidim::Authorization model as follows:

Decidim::Authorization.where(
  name: "your_authorization_handler"
).where("metadata ->> 'gender' = ?", "f").find_each do |authorization|
  puts "#{authorization.user.name} is a #{authorization.metadata["gender"]}"
end

The problem with this code is that the data in the metadata ->> 'gender' column is now encrypted, so your search would not match any records in the database. Instead, you can do the following:

Decidim::Authorization.where(
  name: "your_authorization_handler"
).find_each do |authorization|
  next unless authorization.metadata["gender"] == "f"

  puts "#{authorization.user.name} is a #{authorization.metadata["gender"]}"
end

As you notice, when you are accessing the metadata or verification_metadata columns through the Active Record object, you can utilize the data in plain text. This is because the accessor method for these columns will automatically decrypt the data in the hash object.

This is less performant but it is more secure. Security weighs more.

Added

• decidim-initiatives: Show draft initiatives #6584
• decidim-budgets: Add scope to proposals import in budgets #6525
• Add new languages: Korean, Vietnamese and Chinese #6648
• decidim-core, decidim-meetings: Add online meetings #6572
• decidim-core: Allow customization of the upload help messages #6683
• decidim-admin, decidim-assemblies, decidim-elections: Add elections trustees role #6535
• decidim-elections: Add the trustee zone for users #6615
• decidim-elections: Elections design improvements #6721
• decidim-elections, decidim-forms: Election feedback form #6548
• decidim-meetings: Missing i18n on closed debate notification #6746
• decidim-admin, decidim-core, decidim-debates, decidim-meetings, decidim-proposals: Improve moderation panel #6677
• decidim-budgets: Budget voting projects rule (select min-max projects) #6753
• decidim-meetings: Let users close meetings from public pages #6703
• decidim-elections: Add preview of questions to an election #6749
• decidim-core: feat: send notification to reported content authors #6747
• decidim-core: Allow subhero content block to hold HTML tags #6810
• decidim-core: Add info to report email for moderators #6725
• decidim-meetings: Add registration system to meetings #6662
• decidim-initiatives: Filter created initiatives only by author #6658
• decidim-proposals: Add locales for cost report #6767
• decidim-admin, decidim-core: Detect the use of spam-bots and ban non compliant users (part 1) #6696
• decidim-core: Send report email when reported resource is translated to default org language #6726
• decidim-elections: Setup election for bulletin board #6813
• decidim-initiatives: Edit initiative as promoter #6790
• decidim-admin, decidim-core: Send notification to resource's authors when it is hidden by a moderator #6885
• decidim-meetings: Add a config flag to disable the registration code #6698
• decidim-elections: Show election results #6768
• decidim-admin: Add HTML titles in Admin panel #6666
• decidim-core, decidim-elections: Export election results #6846
• decidim-admin, decidim-participatory processes: Implement ContentBlock for Process Groups (Admin UI) #6655
• decidim-meetings: Automatically enable registrations when meeting is "on this platform" #6874
• decidim-core, decidim-proposals: Allow user to drag address on proposal map #6291
• decidim-conferences: Localize a string in conference speaker #6866
• decidim-participatory processes: Add HTML Content Blocks in Process Groups #6823
• decidim-core: Adds spinner to block page while ajax petition is executed #6611
• decidim-participatory processes: Add Metadata Content Block in Process Groups #6699
• decidim-participatory processes: Add Participatory Processes Content Block in Process Groups #6826
• decidim-admin: Add a general moderation panel #6955
• decidim-participatory processes: Edit link in groups and show group in processes #6827
• decidim-participatory processes: Improve highlights of Process Groups #6828
• decidim-participatory processes: Improvements in Process Groups and processes block #6853
• decidim-debates: Archive Debates #6940
• decidim-admin, decidim-core: Let components define settings with type time #6948
• decidim-debates: Export debate comments #6962
• decidim-elections: Add and use decidim-bulletin_board gem #6997
• decidim-meetings: Allow creation of hybrid meetings #6891
• decidim-core, decidim-verifications: Encrypt authorization metadata #6947
• decidim-admin, decidim-core, decidim-system: Make it possible to allow some pages to display publicly even when organization access is limited #6951
• decidim-surveys: Start and end dates for survey #7016
• decidim-admin, decidim-core, decidim-verifications: Improve management of managed user #6748
• decidim-participatory processes: Let admins enter the Space Private Users section in admin #7067
• decidim-admin, decidim-core: Detect the use of spam-bots and ban non compliant users (part 2) #6804
• decidim-meetings: Add comments export to meetings #6946
• decidim-consultations: See a deprecation callout in Consultations #7095
• decidim-debates: Add scope to debates #6326
• decidim-budgets: Sum Budgets finished and pending orders in admin panel #7010
• decidim-admin, decidim-assemblies, decidim-participatory processes: Allow admin to be registered as a participatory space user [#6890](http...

v0.23.3

Added

• decidim-initiatives: Raise an alert when there's an error signing an initiative #7407
• decidim-proposals: Let admins delete proposal attachments #7435

Changed

Fixed

• decidim-initiatives: Fix initiatives type permissions page #7357
• decidim-meetings: Fix etherpad compatibility for old meetings #7387
• decidim-core: Fix subhero content block removing strip_tags from it #7414

Removed