v0.25.0.rc2

⛔ This version is broken and can't be used because there were some incompatibilities with npm packages. If you want to try v0.25.0 then you'll need to use at least the v0.25.0.rc4.

Upgrade Notes

Comments statistics change

• #8012 Participatory space to comments, to fix the statistics. Use
  rake decidim_comments:update_participatory_process_in_comments to migrate existing comments to the new structure.

Added

Nothing.

Changed

Nothing.

Fixed

• Backport "Fix webpacker dependency lock" to v0.25 #8289
• Backport "Fix NPM packages versioning during release process" #8284
• decidim-accountability: Backport "Fix accountability notifications proposal title" to v0.25 #8287
• Backport "Fix Luxembourgish locale" to v0.25 #8282
• decidim-debates, decidim-meetings, decidim-proposals: Backport - Fix characters not encoded in title to 0.25 #8292
• decidim-core: Backport "Fix invalid i18n values for diff changeset" to v0.25 #8305
• decidim-meetings: Backport "Fix live? missing method delegation in online_meeting cell" to v0.25 #8309
• decidim-comments: Backport: Fix statistics in Comments (#8012) #8316
• decidim-core: Backport: [CVE-2021-22942] Possible Open Redirect in Host Authorization Middleware #8320
• decidim-core: Backport "Remove unnecessary spacer from external link indicator" to v0.25 #8319
• Backport "Fix CSS validation tests caused by a bug on the validation service" #8325
• decidim-core: Backport "Fix missing icons after CORS" to v0.25 #8318
• Backport "Update foundation-sites to 6.7.0 for better Dart Sass compatibility" to v0.25 #8300

Removed

Nothing.

v0.25.0.rc1

⛔ This version is broken and can't be used because there were some incompatibilities with npm packages. If you want to try v0.25.0 then you'll need to use at least the v0.25.0.rc4.

General notes

Rails 6 upgrade

As per #7471, we have upgraded to Ruby on Rails 6.0. Depending on how much code you've you'll need to check in your app and modules that they are compatible with Rails 6. For more information about how to do this read Ruby on Rails 6.0 Release Notes.

There are a couple of legacy migrations that need to be changed so the app works as expected:

wget https://raw.githubusercontent.com/decidim/decidim/3af2148a427f86f99209798f8cd3599d017a865a/decidim-forms/db/migrate/20170515144119_create_decidim_forms_answers.rb -O $(ls db/migrate/*_create_decidim_forms_answers.decidim_forms.rb)
wget https://raw.githubusercontent.com/decidim/decidim/3af2148a427f86f99209798f8cd3599d017a865a/decidim-initiatives/db/migrate/20191002082220_move_signature_type_to_initative_type.rb -O $(ls db/migrate/*_move_signature_type_to_initative_type.decidim_initiatives.rb)

Webpacker migration

As per #7464 and #7733 Decidim has been upgraded to use Webpacker to manage its assets. It's a huge change that requires some updates in your applications. Please refer to the guides:

• Migrate to Webpacker an instance app
• Migrate to Webpacker a module

ActiveStorage migration

As per #7598 and #7902 we migrate from CarrierWave to ActiveStorage. To enable this migration we provide two tasks:

rails decidim:active_storage_migrations:migrate_from_carrierwave_to_active_storage
rails decidim:active_storage_migrations:check_migration_from_carrierwave_to_active_storage
# Replace legacy migration. See full explanation for details
wget https://raw.githubusercontent.com/decidim/decidim/c9ed6740e8025fd482b49dad71cc1788b5e572c0/decidim-core/db/migrate/20180810092428_move_organization_fields_to_hero_content_block.rb -O $(ls db/migrate/*_move_organization_fields_to_hero_content_block.decidim.rb) 

See full explanation (click to expand)

PR #7598 migrates attachments from CarrierWave to ActiveStorage. There was a migration to move some organization fields to a content block (decidim-core/db/migrate/20180810092428_move_organization_fields_to_hero_content_block.rb) including the use of CarrierWave to migrate an image. This part has been removed. Please, if your application has the old migration replace its content with the changed file to avoid errors in the future because CarrierWave dependency will be eliminated.

PR#7902 provides a task to migrate existing CarrierWave attachment files to ActiveStorage. Keep in mind that the ActiveStorage migration PRs don't delete CarrierWave attachments and preserve the columns used by it. To guarantee the access to CarrierWave files the gem must be installed (the current core engine maintains that dependency) and configured as it was before the migration to ActiveStorage. The task downloads each file using CarrierWave uploaders and uploads it again using ActiveStorage. This PR provides 2 tasks:

• The task to copy files to ActiveStorage. The task generates a log file in log/ with a line with the result of each migration. The result can be:
  • [OK] Migrated - [OK] Checksum identical if the file was copied successfully and the checksums of the origin and copied files are identical. This should be the expected result.
  • [KO] Migrated - [KO] Checksum different if the file was copied successfully but the checksums are different.
  • [SKIP] Migrated The migration was skipped because the task detected that there was already an existing file attached with ActiveStorage (the other task allows us to check if CarrierWave and ActiveStorage files are identical.
  • [ERROR] Exception if any error prevents the migration of the file. The error message is included in the result.

The task also creates a mapping of paths in tmp/attachment_mappings.csv with the id of the instance, the name of the CarrierWave attribute and its origin path and the destination path in ActiveStorage. To run this task execute:

rails decidim:active_storage_migrations:migrate_from_carrierwave_to_active_storage

Note that the migration generates instances of ActiveStorage::Attachment in case they are not yet created. To repeat the migration from scratch it would be enough to delete all ActiveStorage::Attachment items (be careful not to delete attachments that were created earlier with ActiveStorage)

• The task to check migration and compare files. This task finds each CarrierWave attachment file and looks for corresponding ActiveStorage attachment and compares them if possible. The result for each attachment can be:
  • [OK] Checksum identical if both files exist and checkums are identical.
  • [KO] Checksum different if both files exist but checkums are different.
  • [SKIP] Pending migration if the ActiveStorage file is not present.
  • [ERROR] Exception if there is any error in the checking process. The error message is included in the result.

To run this task execute:

rails decidim:active_storage_migrations:check_migration_from_carrierwave_to_active_storage

Statistics change

As per #8147, the participants stats will not take into account deleted and blocked users.

Meetings merge minutes and close actions

With changes introduced in #7968 the Decidim::Meetings::Minutes model and related table are removed and the attributes of the previously existing minutes are migrated to Decidim::Meetings::Meeting model in the closing_report, video_url, audio_url and closing_visible columns.

See full explanation (click to expand)

These are the different results of the merge according to the initial data:

• It there was no minutes data and the meeting was not closed nothing changes
• If there was no minutes data and the meeting was closed, the meeting remains closed with the closing_visible attribute to true. In this way the closing data will remain visible.
• If there was minutes data and the meeting was not closed, the meeting is closed and the minutes description value is copied to the meeting closing_report, the video_url and audio_url minutes attributes values are copied to the respective meeting attributes and the minutes visible attribute value is copied to the meeting closing_visible attribute.
• If there was minutes data and the meeting was closed, the meeting remains closed and the meeting closing_report value remains if present. Elsewere the minutes description value is copied to the meeting closing_report. the video_url and audio_url minutes attributes values are copied to the respective meeting attributes and the minutes visible attribute value is copied to the meeting closing_visible attribute. In this case the visibility of closing report may change to false if there was a minutes with visible set to false.

Please, note that if there was previously minutes_description and closing_report data for a meeting, after applying the changes of this release, the minutes_description data will be lost.

If there is previous activity of creation or edition of minutes, Decidim::ActionLog instances and an associated PaperTrail::Version instance for each one will have been created pointing to these elements in their polymorphic associations. To avoid errors, the migration includes changing those associations to point to the meeting and changing the action to close in the action log items. This change is not reversible

New Job queues

PR #7986 splits some jobs from the :default queue to two new queues:

• :exports
• :translations

If your application uses Sidekiq and you set a manual configuration file, you'll need to update it to add these two new queues. Otherwise these queues will never run.

User groups in global search

PR #8061 adds user groups to the global search and previously existing groups need to be indexed, otherwise it won't be available as search results. Run in a rails console or create a migration with:

  Decidim::UserGroup.find_each(&:try_update_index_for_search_resource)

Please be aware that it could take a while if your database has a lot of groups.

Improved menu API

As per #7368, #7382 the entire admin structure has been migrated from menus being rendered in partials, to the existing menu structure. Before, this change adding a new menu item to an admin submenu required partial override.

See full explanation and examples (click to expand)

As per #7545 the menu API has been enhanced to support removal of elements and reordering. All the menu items have an identifier that allow any developer to ...

v0.24.3

Added

Nothing.

Changed

Nothing.

Fixed

• decidim-participatory processes: Fix attachment title migration generating possibly invalid values #8044
• decidim-comments, decidim-consultations: Fix for commenting in consultation questions #8062
• decidim-core: Fix boolean fields for .reported? and .hidden? which is nil if no report exists #8082
• decidim-core: Fix redirects broken by Terms and Conditions redirect #8083
• decidim-core: Use correct newsletter cell for web view #8081
• decidim-core, decidim-proposals: Remove proposals filters cache #8038
• decidim-core, decidim-meetings: Include resources on maps only when the geocoding got valid coords #8039
• decidim-core: Fix editor when formatting starts with a linebreak #8024
• decidim-admin: Use symbols for polymorphic route arguments #8060

Removed

Nothing.

Developer improvements

• Bump gems versions to fix dependendabot alerts #8041
• Bump bundle version for security reasons #8084

v0.23.6

Added:

Nothing.

Changed:

Nothing.

Fixed:

• decidim-core: Fix report mailers when author is a meeting #7874
• decidim-comments: Fix TypeError in newsletters #7875
• decidim-core: Open attachments in new tab #7917
• decidim-core: Validate nickname using correct regexp #7920
• decidim-proposals: Cast proposal and collaborative drafts titles to text #7927
• decidim-core: Don't show deleted users on user group members page #7926
• decidim-admin: Disable select inputs with the subform toggler as well #7958
• decidim-core: Fix fragment caching with multiple locales #7959

Removed:

Nothing.

Developer improvements:

• Update to Rails 5.2.6 #7950

v0.24.2

Added

Nothing.

Changed

Nothing.

Fixed

• decidim-core: CSV exporter should take into account locales from all resources #7860
• decidim-comments: Fix TypeError in newsletters #7876
• decidim-core: Open attachments in new tab #7918
• decidim-core: Validate nickname using correct regexp #7921
• decidim-proposals: Cast proposal and collaborative drafts titles to text #7928
• decidim-core: Fix editor: remove br tags from inside a tags #7957
• decidim-core: Fix fragment caching with multiple locales #7960

Removed

Nothing.

Developer improvements

• Do not change the global test app configs during specs #7816
• Update to Rails 5.2.6 #7949

v0.24.1

Added

Nothing.

Changed

Nothing.

Fixed

• decidim-admin: Add admin missing translations (#7702) #7766
• decidim-initiatives: Fix permission for initiative edit and update #7654
• decidim-conferences: Fix validations for registration related fields in Conference form #7734
• decidim-admin, decidim-conferences: Add Conferences and Admin missing translations (#7653) #7765

Removed

Nothing.

Developer improvements

• Do not modify the controller class in the controller tests that rende… #7775
• Upgrade to Rails 5.2.5 #7806

v0.23.5

Added

Nothing.

Changed

Nothing.

Fixed

• decidim-participatory processes: Fix process serializer to consider nil images #7615
• decidim-proposals: Backport proposal imports fix to 0.23 #7610
• decidim-core: Make category in the API non-mandatory #7625
• decidim-proposals: Don't copy counters when copying proposals #7640
• decidim-proposals: Fix rendering of proposals in map #7644
• decidim-proposals: Show all proposals in map (#7660) #7677

Removed

Nothing.

Developer improvements

• Fix migration from #7640 #7650
• Lint file #7652
• Bump mimemagic to 0.3.6 #7718
• Update Rails to 5.2.5 and carrierwave to 1.3.2 #7807

v0.24.0

Upgrade Notes

Bump Ruby to v2.7

We've bumped the minimum Ruby version to 2.7.1, thanks to 2 PRs:

• #6320
• #6522

Comments no longer use react

As per #6498, the comments component is no longer implemented with the react component. In case you had customized the react component, it will still work as you would expect as the GraphQL API has not disappeared anywhere. You should, however, gradually migrate to the "new way" (Trailblazer cells) in order to ensure compatibility with future versions too.

Consultations module deprecation

As the new Votings module is being developed and will eventually replace the Consultations module, the latter enters the deprecation phase.

Authorization metadata is now encrypted in the database

As per #6947, the JSON values for the authorizations' metadata and verification_metadata columns in the decidim_authorizations database table are now automatically encrypted because they can contain identifiable or sensitive personal information connected to a user account. Storing this data in plain text in the database would be a security risk.

You need to do changes to your code if you have been querying these tables in the past through the Decidim::Authorization model as follows:

Decidim::Authorization.where(
  name: "your_authorization_handler"
).where("metadata ->> 'gender' = ?", "f").find_each do |authorization|
  puts "#{authorization.user.name} is a #{authorization.metadata["gender"]}"
end

The problem with this code is that the data in the metadata ->> 'gender' column is now encrypted, so your search would not match any records in the database. Instead, you can do the following:

Decidim::Authorization.where(
  name: "your_authorization_handler"
).find_each do |authorization|
  next unless authorization.metadata["gender"] == "f"

  puts "#{authorization.user.name} is a #{authorization.metadata["gender"]}"
end

As you notice, when you are accessing the metadata or verification_metadata columns through the Active Record object, you can utilize the data in plain text. This is because the accessor method for these columns will automatically decrypt the data in the hash object.

This is less performant but it is more secure. Security weighs more.

Added

• decidim-initiatives: Show draft initiatives #6584
• decidim-budgets: Add scope to proposals import in budgets #6525
• Add new languages: Korean, Vietnamese and Chinese #6648
• decidim-core, decidim-meetings: Add online meetings #6572
• decidim-core: Allow customization of the upload help messages #6683
• decidim-admin, decidim-assemblies, decidim-elections: Add elections trustees role #6535
• decidim-elections: Add the trustee zone for users #6615
• decidim-elections: Elections design improvements #6721
• decidim-elections, decidim-forms: Election feedback form #6548
• decidim-meetings: Missing i18n on closed debate notification #6746
• decidim-admin, decidim-core, decidim-debates, decidim-meetings, decidim-proposals: Improve moderation panel #6677
• decidim-budgets: Budget voting projects rule (select min-max projects) #6753
• decidim-meetings: Let users close meetings from public pages #6703
• decidim-elections: Add preview of questions to an election #6749
• decidim-core: feat: send notification to reported content authors #6747
• decidim-core: Allow subhero content block to hold HTML tags #6810
• decidim-core: Add info to report email for moderators #6725
• decidim-meetings: Add registration system to meetings #6662
• decidim-initiatives: Filter created initiatives only by author #6658
• decidim-proposals: Add locales for cost report #6767
• decidim-admin, decidim-core: Detect the use of spam-bots and ban non compliant users (part 1) #6696
• decidim-core: Send report email when reported resource is translated to default org language #6726
• decidim-elections: Setup election for bulletin board #6813
• decidim-initiatives: Edit initiative as promoter #6790
• decidim-admin, decidim-core: Send notification to resource's authors when it is hidden by a moderator #6885
• decidim-meetings: Add a config flag to disable the registration code #6698
• decidim-elections: Show election results #6768
• decidim-admin: Add HTML titles in Admin panel #6666
• decidim-core, decidim-elections: Export election results #6846
• decidim-admin, decidim-participatory processes: Implement ContentBlock for Process Groups (Admin UI) #6655
• decidim-meetings: Automatically enable registrations when meeting is "on this platform" #6874
• decidim-core, decidim-proposals: Allow user to drag address on proposal map #6291
• decidim-conferences: Localize a string in conference speaker #6866
• decidim-participatory processes: Add HTML Content Blocks in Process Groups #6823
• decidim-core: Adds spinner to block page while ajax petition is executed #6611
• decidim-participatory processes: Add Metadata Content Block in Process Groups #6699
• decidim-participatory processes: Add Participatory Processes Content Block in Process Groups #6826
• decidim-admin: Add a general moderation panel #6955
• decidim-participatory processes: Edit link in groups and show group in processes #6827
• decidim-participatory processes: Improve highlights of Process Groups #6828
• decidim-participatory processes: Improvements in Process Groups and processes block #6853
• decidim-debates: Archive Debates #6940
• decidim-admin, decidim-core: Let components define settings with type time #6948
• decidim-debates: Export debate comments #6962
• decidim-elections: Add and use decidim-bulletin_board gem #6997
• decidim-meetings: Allow creation of hybrid meetings #6891
• decidim-core, decidim-verifications: Encrypt authorization metadata #6947
• decidim-admin, decidim-core, decidim-system: Make it possible to allow some pages to display publicly even when organization access is limited #6951
• decidim-surveys: Start and end dates for survey #7016
• decidim-admin, decidim-core, decidim-verifications: Improve management of managed user #6748
• decidim-participatory processes: Let admins enter the Space Private Users section in admin #7067
• decidim-admin, decidim-core: Detect the use of spam-bots and ban non compliant users (part 2) #6804
• decidim-meetings: Add comments export to meetings #6946
• decidim-consultations: See a deprecation callout in Consultations #7095
• decidim-debates: Add scope to debates #6326
• decidim-budgets: Sum Budgets finished and pending orders in admin panel #7010
• decidim-admin, decidim-assemblies, decidim-participatory processes: Allow admin to be registered as a participatory space user [#6890](http...

v0.24.0.rc2

Added

Nothing.

Changed

Nothing.

Fixed

• decidim-core: Fix invalid signature on message decryption #7490
• decidim-assemblies, decidim-participatory processes: Fix NULL error with weight field in assemblies & processes #7491
• decidim-core: Fix record encryptor hash values JSON parsing for legacy unencrypted hash values #7496
• decidim-admin: Only share tokens if component exists #7504
• decidim-core: Invalidate all user sessions when destroying the account #7511
• decidim-proposals: Fix non-unique IDs element in filter hash cash #7533
• decidim-core: Fix record encryptor trying to decrypt or decode non-String values #7538
• decidim-core: Fix record encryptor trying to decrypt empty strings #7547
• decidim-admin, decidim-budgets: New Admin users cannot accept Terms and conditions #7520
• decidim-core, decidim-proposals: Fix cells caching by using cache_key_with_version instead of cache version #7556
• decidim-debates, decidim-meetings, decidim-proposals: Fix user profile timeline activity cards texts showing "New resource" on updates #7558
• decidim-core: Sanitize address inputs #7576

Removed

Nothing.

Developer improvements

• Remove duplicated migration #7521

v0.23.4

Added

Changed

Fixed

• decidim-admin: Fix and tests to avoid registered users being invited again #7455
• decidim-proposals: Fix the proposal body validation error messages #7495
• decidim-admin: Only share tokens if component exists #7503
• decidim-core: Invalidate all user sessions when destroying the account #7510
• decidim-core: Fix user profile timeline activity cards texts showing "New resource" on updates #7559
• decidim-core: Sanitize address inputs #7577

Removed