FarCry Core 7.2.10 released


#1

FarCry Core 7.2.10 has been released.

This release contains S3 CDN bug fixes including AWS4 signature support, some performance improvements, better 404 handling for some requests, and a number of security enhancements.

Bug

  • [FC-1934] - Friendly URL autodetect (pingFU) sometimes fails on initialisation
  • [FC-3107] - ACF error when getting a list of scheduled task jobs
  • [FC-3108] - Show 404 for downloads when invalid typename is used
  • [FC-3111] - Library picker pagination has incorrect formAction URL
  • [FC-3113] - Editing a friendly URL in “Manage Friendly URLs” throws an error
  • [FC-3114] - Only set ACL on S3 if there are ACLs to apply
  • [FC-3116] - autoSetLabel fails if webskin permission is denied to displayLabel
  • [FC-3118] - objectBroker removeWebskin() returning a null
  • [FC-3135] - application.fc.lib.error.showErrorPage() throws error if a farcry type that no longer exists
  • [FC-3139] - Redirects to correct URL case cause infinite redirects
  • [FC-3159] - Changing the Navigation alias for Home breaks the entire site

New Feature

  • [FC-3142] - enable ftLibraryData & ftLibraryDataTypename for typeahead formtool

Improvement

  • [FC-3112] - Improve login performance
  • [FC-3117] - Sanitize filenames with lowercase characters to avoid case sensitivity issues across systems
  • [FC-3141] - Add endpoints for healthcheck readiness and liveness probes
  • [FC-3145] - S3 lib - add S3 path to struct returned by ioGetFileLocation()
  • [FC-3146] - show a 404 for non-webtop requests inside core
  • [FC-3147] - Update S3 CDN to use AWS4 signing
  • [FC-3148] - sanitize sort column and direction in objectadmin
  • [FC-3150] - sanitize git/svn client paths
  • [FC-3151] - validate state and country data in formtools
  • [FC-3152] - remove ActivateURL method from email and URL formtools
  • [FC-3153] - encode HTML output in formtools “display” methods
  • [FC-3154] - authenticate() test for locked/disabled accounts regardless of password match
  • [FC-3155] - rotate and invalidate sessions on login/logout
  • [FC-3156] - return the same message for forgot username/password regardless of match to prevent enumeration
  • [FC-3158] - remove obsolete scaffolds

Download

Releases available for download from the website:

http://www.farcrycore.org/downloads

Or available direct from GitHub:


#2

#3

I just downloaded this yesterday to upgrade an existing site on lucee. It’s throwing a page not found error on physical files. I first noticed this trying to access the webtop. A bit of head scratching and I finally rolled back to a version of 7.2.10 taken from the 7.2 branch a couple of months ago it all works OK. See below fo the error…


#4

Hi Phil,

We’ve patched this issue in p720 on 5th November, could you update to the head of p720 and give that a try?

cheers,
Justin