This is a bug fix and security release. It updates the dependency on publify_core from ~> 10.0.0 to ~> 10.0.2. This includes the following two security updates:

• Safely link target URLs for Redirects in admin (publify_core#148 by mvz)
• Upgrade jquery-ui-rails to version 7.0 (publify_core#149 by mvz)

See the publify_core changelog for further details.

It also update various other dependencies

This major release updates Publify to Rails 6.1 in preparation of the upgrade to Rails 7.0. It also updates the set of supported Rubies to 2.7 through 3.2.

Security-related changes

• Require at least Rails 6.1.6.1 #1068
• Update puma dependency to require at least version 5.6.4 #1064

Updated dependencies

• Upgrade to Rails 6.1 #987, #1014,
• Support only Ruby 2.7 through 3.2 #1013, #1041, #1115, #1120
• Update various other dependencies (various pull requests)

Breaking changes

• Remove support for Textile as a text format #1001
• Require email uniqueness to be case-insensitive #1080

Other changes

• Add arabic language to the project #1060 by ahmedhamid13
• Fix article search rendering in bootstrap theme #1101
• Remove local copies of engines and use external ones instead #1099
• Require AWS configuration to be present when choosing AWS storage #1082
• Replace deprecated non-digest-assets configuration #1019

Internal changes

• Remove sitealizer table #1089 by SupriyaMedankar
• Remove itunes fields from resources #1092 by SupriyaMedankar
• Remove page_caches table #1090 by SupriyaMedankar
• Remove dynamic_form dependency #991

See also the changelogs for publify_core,publify_textfilter_code and publify_amazon_sidebar.

This release fixes several security issues:

• Disallow comments on draft articles #1048
• Disallow images in comments #1054
• Hide bodies of password-protected articles in search results #1057
• Do not create article meta description for password-protected articles #1061

Additionally, it includes the following changes:

• Clean up Feedback validation #1051
• Bump mimimum puma and Rails versions #1050
• Fix password reset process #1055
• Fix password protected article reveal #1049
• Provide correct article_id input in bulkops form #1058
• Bump minimum required Rails version #1062

This release fixes a security issue:

• Fix setting the article password from the Admin #1044

This release fixes a minor security issue:

• Rate-limit Devise logins and password resets

Additionally, it includes the following change:

• Add documentation about use of the media library

This release fixes several security issues. Please upgrade as soon as possible

• Force session cookie to be secure in production
• Block ability to switch themes using a GET request; use a POST instead
• Disallow user self-registration rather than hiding it
• Let the browser not cache admin pages
• Limit the set of allowed mime types for uploaded media
• Limit allowed HTML in articles, pages and notes

Additionally, it includes the following changes:

• Fix resource size display in admin resource list
• Trigger download of media in the Media Library in admin instead of displaying them directly

This release fixes a security issue and includes the following changes

• Explicitly require at least version 1.12.5 of nokogiri to avoid a security issue
• Drop support for Ruby 2.4 since it is incompatible with nokogiri 1.12.5

This is a bugfix release that includes the following changes

• Bump Rails dependency to 5.2.6
• Replace mimemagic with marcel

This is a bugfix release

• Fix the publify:textile_to_markdown task. This task failed on feedback and pages.

This is a small release that just updates some dependencies to fix security issues:

• Bump minimum Rails version to 5.2.4.5
• Update activerecord-session_store dependency to 2.0.0