OpenCATS v0.10.0

What's Changed

• Travis ci fix by @RussH in #659
• attachments module will require authentication by @RussH in #658
• candidates: for the edit form, add missing asterisks + "Owner" check by @xalt7x in #653
• joborders: for forms, take a default company name from the database by @xalt7x in #652
• Use mb_substr() for correct abbreviation of non-ASCII characters by @xalt7x in #651
• Fix javascript "back button" links by @xalt7x in #650
• Add "txt" to the list of safe file extensions by @xalt7x in #649
• add 'uploads' folder content to be excluded from pushed in .gitignore… by @meorajrul in #665
• fix session error when domain are not set, default to empty by @meorajrul in #664
• Feature/migrate ci to GitHub actions by @RussH in #695
• Fix "Other" section overlap on company edit page by @anonymoususer72041 in #673
• Company forms layout alignment by @anonymoususer72041 in #674
• Fix candidate city search mode by @anonymoususer72041 in #679
• Security: Add default robots.txt by @anonymoususer72041 in #680
• security: restrict direct attachment access and upload file types by @anonymoususer72041 in #681
• feat: add configurable default phone country calling code by @anonymoususer72041 in #686
• chore(docker): remove obselete compose version by @RussH in #711
• fix: respect user date format for activities, calendar events and core date fields by @anonymoususer72041 in #683
• feat: introduce address2 and replace address textareas with inputs by @anonymoususer72041 in #675
• feat: add required-field support for additional careers portal inputs by @anonymoususer72041 in #677
• security: switch password storage to password_hash() with legacy MD5 migration by @anonymoususer72041 in #685
• feat: add consolidated contact activity stream to Company details view by @anonymoususer72041 in #688
• Normalize initial database state for new installations by @anonymoususer72041 in #689
• security: do not expose database password to the client during upgrade by @anonymoususer72041 in #691
• security: add baseline security headers by @anonymoususer72041 in #692
• Fix README-testing.md instructions by @anonymoususer72041 in #696
• fix: unblock failing tests by restoring admin seed + syncing fixtures by @anonymoususer72041 in #715
• refactor: remove redundant test.sql fixture by @anonymoususer72041 in #716
• Fix Schema.php migrations 365–368 overwritten during PR689 conflict resolution by @RussH in #718
• security: CSRF protection for state-changing requests (high risk) by @anonymoususer72041 in #693
• chore: enforce LF line endings by @anonymoususer72041 in #698
• refactor: handle E.164 extraction in extractPhoneNumber by @anonymoususer72041 in #707
• fix: resolve duplicate schema migration 366 (renumber to 370) by @anonymoususer72041 in #721
• security: XSS hardening across high-risk output surfaces by @anonymoususer72041 in #697
• fix: preselect Email activity type in edit form by @anonymoususer72041 in #699
• security: escape address2 in careers portal form output by @anonymoususer72041 in #723
• feat: require explicit activity type selection when logging activities by @anonymoususer72041 in #700
• fix: prevent special character corruption with explicit escaping encodings by @anonymoususer72041 in #701
• chore: reorder candidate job order status seed data by @anonymoususer72041 in #727
• fix: clean up extra field records when deleting definitions by @anonymoususer72041 in #728
• feat: treat NULL install schema version as snapshot by @anonymoususer72041 in #719
• chore: fix doublequote string style violations in first-party JavaScript by @anonymoususer72041 in #722
• fix: restore CATSWebTestCase::post signature compatibility by @anonymoususer72041 in #730
• fix: stop storing HTML entities and decode legacy entity-encoded data by @anonymoususer72041 in #702
• fix: render line breaks in activity notes by @anonymoususer72041 in #733
• feat: add activity type for candidate status changes by @anonymoususer72041 in #737
• fix: quote reserved YAML scalars in test/behat.yml by @anonymoususer72041 in #744
• chore: improve composer.json structure and metadata by @anonymoususer72041 in #745
• fix: stabilize Docker-based integration test readiness by @anonymoususer72041 in #750
• fix: preserve job order regarding when editing by @anonymoususer72041 in #704
• chore: update composer dependencies by @anonymoususer72041 in #752
• chore: refresh Behat/Mink test stack by @anonymoususer72041 in #746
• refactor: migrate MyISAM tables to InnoDB by @anonymoususer72041 in #705
• security: restrict AJAX during upgrade and escape installer config writes by @anonymoususer72041 in #706
• chore: upgrade phpunit to 8.5 by @anonymoususer72041 in #753
• feat: rename Call activity to Not reached by @anonymoususer72041 in #726
• fix: correct candidate re-apply update mapping and guard empty ownership emails by @anonymoususer72041 in #729
• fix: allow site admins to use administrative hide by @anonymoususer72041 in #708
• feat: standardize status change activity logging by @anonymoususer72041 in #741
• fix: add file-based cache busting for JavaScript and stylesheet assets by @anonymoususer72041 in #749
• security: escape activity notes before applying nl2br by @anonymoususer72041 in #751
• feat: sort activity lists newest-first by @anonymoususer72041 in #717
• fix: normalize candidate activity note escaping by @anonymoususer72041 in #757
• chore: remove legacy testing infrastructure by @anonymoususer72041 in #754
• security: harden template output escaping by @anonymoususer72041 in #761
• chore: remove unused Codacy coverage dependency by @anonymoususer72041 in #770
• chore: remove obsolete Travis CI configuration by @anonymoususer72041 in #777
• feat: allow manually setting activity date and time by @anonymoususer72041 in #758
• refactor: migrate bundled lib dependencies to Composer by @anonymoususer72041 in #755
• refactor: stop persisting inline HTML for status change activity notes by @anonymoususer72041 in #713
• feat: make state optional for job orders by @anonymoususer72041 in #743
• chore: bump phpmailer/phpmailer from 7.0.2 to 7.1.1 by @dependabot[bot] in #789
• chore: remove legacy lib files by @anonymoususer72041 in #778
• chore: modernize PHPUnit 8 test setup and deprecated APIs by @anonymoususer72041 in #756
• chore: remove unused legacy settings from config.php and test/config.php by @anonymoususer72041 in #738
• refactor: move activity description escaping to templates by @anonymoususer72041 in #762
• feat: exclude closed jobs from activity references by @anonymoususer72041 in #764
• security: add missing authorization checks to AJAX endpoints and module actions by @anonymoususer72041 in #724
• chore: upgrade to PHP 7.4 by @anonymou...

v 0.9.7.4 Bugfixes and Security fixes

maintenance release whilst the php8.2 compatible version is being worked.

As always - the -full packages include dependencies, whilst the source code packages WILL REQUIRE YOU TO RUN COMPOSER after installation, to download the dependencies

What's Changed

• Upgrade to GitHub-native Dependabot by @dependabot-preview in #533
• composer changes patch 2 by @RussH in #598
• Update FileUtility.php to permit .bak file extensions by @RussH in #620
• Revert htmlspecialchars for CKEditor by @RussH in #621
• Update copyright years by @xalt7x in #627
• Fixes #625 by @Bloafer in #629
• Sync allowed format lists in FileUtility.php and .htaccess files by @xalt7x in #631
• Update getDataGridPager.php by @RussH in #633
• adding XML index.php Legacy Root by @RussH in #636
• RussH patch cookies by @RussH in #641

New Contributors

• @dependabot-preview made their first contribution in #533
• @xalt7x made their first contribution in #627

Full Changelog: v0.9.7.2...0.9.7.4

Security release v0.9.7.2

This release applies controls to internal pages to restrict authenticated XSS vulnerabilities.
Closes #582
Closes #575
Closes #574

This release also changes the deployed releases to omit development packages.
Manual testing and Travis testing is successful - but as always, please report any issues back to the github project page asap.

*Composer does not have to be run for the -FULL package as it includes the php dependencies.

opencats v0.9.7-beta

Security release.

opencats-0.9.6 PHP 7.2 support

Merging develop back to master. Develop has been installed locally fo…

test release v3 - php 7.2

testing release mechanism

php7.x compatible version

updating test suite

test release - php 7.2

0.9.5-1

Update .travis.yml

php7.x compatible version

0.9.5

Revert "added the option to email a candidate from the candidate show…

Countach 0.9.4-3: Urgent Security Update

This is a security release and should be deployed immediately to address an open vulnerability affecting anyone who has enabled the Career Portal functionality. Please see the OpenCATS Security Announcement for details.