FarCry Core 7.2.10 released

FarCry Core 7.2.10 has been released.

This release contains S3 CDN bug fixes including AWS4 signature support, some performance improvements, better 404 handling for some requests, and a number of security enhancements.

Bug

  • [FC-1934] - Friendly URL autodetect (pingFU) sometimes fails on initialisation
  • [FC-3107] - ACF error when getting a list of scheduled task jobs
  • [FC-3108] - Show 404 for downloads when invalid typename is used
  • [FC-3111] - Library picker pagination has incorrect formAction URL
  • [FC-3113] - Editing a friendly URL in “Manage Friendly URLs” throws an error
  • [FC-3114] - Only set ACL on S3 if there are ACLs to apply
  • [FC-3116] - autoSetLabel fails if webskin permission is denied to displayLabel
  • [FC-3118] - objectBroker removeWebskin() returning a null
  • [FC-3135] - application.fc.lib.error.showErrorPage() throws error if a farcry type that no longer exists
  • [FC-3139] - Redirects to correct URL case cause infinite redirects
  • [FC-3159] - Changing the Navigation alias for Home breaks the entire site

New Feature

  • [FC-3142] - enable ftLibraryData & ftLibraryDataTypename for typeahead formtool

Improvement

  • [FC-3112] - Improve login performance
  • [FC-3117] - Sanitize filenames with lowercase characters to avoid case sensitivity issues across systems
  • [FC-3141] - Add endpoints for healthcheck readiness and liveness probes
  • [FC-3145] - S3 lib - add S3 path to struct returned by ioGetFileLocation()
  • [FC-3146] - show a 404 for non-webtop requests inside core
  • [FC-3147] - Update S3 CDN to use AWS4 signing
  • [FC-3148] - sanitize sort column and direction in objectadmin
  • [FC-3150] - sanitize git/svn client paths
  • [FC-3151] - validate state and country data in formtools
  • [FC-3152] - remove ActivateURL method from email and URL formtools
  • [FC-3153] - encode HTML output in formtools “display” methods
  • [FC-3154] - authenticate() test for locked/disabled accounts regardless of password match
  • [FC-3155] - rotate and invalidate sessions on login/logout
  • [FC-3156] - return the same message for forgot username/password regardless of match to prevent enumeration
  • [FC-3158] - remove obsolete scaffolds

Download

Releases available for download from the website:

http://www.farcrycore.org/downloads

Or available direct from GitHub:

1 Like

I just downloaded this yesterday to upgrade an existing site on lucee. It’s throwing a page not found error on physical files. I first noticed this trying to access the webtop. A bit of head scratching and I finally rolled back to a version of 7.2.10 taken from the 7.2 branch a couple of months ago it all works OK. See below fo the error…

Hi Phil,

We’ve patched this issue in p720 on 5th November, could you update to the head of p720 and give that a try?

cheers,
Justin

1 Like