Releases: frappe/frappe
Releases Β· frappe/frappe
v15.60.0
What's Changed
- Adds new API methods to retrieve and update onboarding status in the User DocType, backporting the feature to an earlier branch. (#31830)
Full Changelog: v15.59.0...v15.60.0
Authors: @shariquerik
Contributors
shariquerik
Assets 2
v15.59.0
What's Changed
- Fixes text sanitization in "Awesome Bar" for list view searches to address potential malicious input. (#31540)
- Generates Auto Email Reports in separate background tasks and uses a dedicated "long" queue for large data sets, reducing the likelihood of timeouts. (#31652)
- Reverts the update that displayed a read-only reason in the form headline, removing the loading issue introduced by that feature. (#31672)
- Adds an option in List View Settings to disable automatic recency filters for large DocTypes. (#31680)
- Rounds off the
X-RateLimit-Remainingvalue to whole seconds and displays leftover request time in full-second increments. (#31686) - Increases the Value field in SMS Parameter from 140 to 255 characters, allowing for longer SMS gateway credentials. (#31695)
- Fixes missing translations for query-based report headers, so they display in the selected language. (#31697)
- Shows the
add_total_rowcheckbox in Report only ifreport_typeis not "Report Builder." (#31684) - Prevents overriding existing filters in list views and applies the automatic recency filter only when no user, saved, or default filters are active. (#31702)
- Adds stricter validation to First Name, Middle Name, and Last Name fields in User, removing any HTML tags or invalid inputs. (#31701)
- Replaces xss_sanitise with jQuery.text() for link text in attach fields, removing the possibility of injecting unwanted content. This modifies how the displayed text is sanitized when showing attached file links. (#31704)
- Adds support for the "Timespan" operator in
evaluate_filtersto allow date-based filtering on documents. (#31709) - Persists indexes added via
db.add_indexso they are not cleared in subsequent updates. (#31712) - Translates link field labels in Webform when the linked DocType is configured for translations, allowing users to see these labels in their selected language. (#31705)
- Uses
DOMParserinfrappe.utils.is_htmlto detect anchor tags and wraps partial HTML strings in a container forshow_message. This update supports anchor tags and other element nodes without breaking the parsing process. (#31710) - Stops generating type information for virtual fields, preventing linter errors from redeclared properties. (#31722)
- Adds a confirmation prompt before removing an attachment when clicking the "Clear" button in the attach control. This prompt helps users avoid unintended deletions. (#31724)
- Encodes URL filters containing special characters (e.g.
&), so they do not break filtering functionality. (#31726) - Removes repeated calls to
get_permitted_fieldsin the Sales Invoice list, which reduces load time. Improves how child fields are recognized to avoid extra permission checks. (#31749) - Makes attachments in the
email_signaturefield of User public by default, preventing signature images from being sent as private files. (#31756) - Returns 1 or 0 instead of a boolean for
is_fc_sitein boot data to prevent errors caused by the system misinterpreting the boolean value. (#31754) - Gives priority to user-defined sorting settings over the doctype default sorting when both are present. (#31759)
- Adds new banners to the sidebar in the CRM and Support modules, prompting users to consider Frappe CRM or Frappe Helpdesk. (#31763)
- Displays the reason for read-only status in a Formβs headline when a Workflow prevents editing, clarifying why the Form cannot be edited without relying on separate alerts. (#31771)
- Sets the MariaDB connection to utf8mb4 collation and updates User Settings so that emojis or special characters can be stored without triggering collation errors. (#31766)
- Fixes an unintentional card movement in the Kanban view by adding a 20px fallback tolerance, so cards only move after being dragged that distance. (#31789)
Full Changelog: v15.58.1...v15.59.0
Authors: @Mutantpenguin, @kalungia, @barredterra, @Sanket322, @gavindsouza, @tarunps, @marination, @BreadGenie, @ankush, @prateekkaramchandani, @sagarvora, @akhilnarang, @cogk, @iamejaaz
Reviewers: @Mutantpenguin, @ankush, @gavindsouza, @barredterra, @akhilnarang, @iamejaaz, @marination
Contributors
Mutantpenguin, ankush, and 12 other contributors
Assets 2
v14.95.0
What's Changed
- Generates Auto Email Reports in separate background tasks and uses a dedicated "long" queue for large data sets, reducing the likelihood of timeouts. (#31651)
- Overrides the
sanitize_columnfunction to return the processed column name and removes unused string filters in the query builder. (#31579) - Rounds off the
X-RateLimit-Remainingvalue to whole seconds and displays leftover request time in full-second increments. (#31685) - Fixes missing translations for query-based report headers, so they display in the selected language. (#31696)
- Adds stricter validation to First Name, Middle Name, and Last Name fields in User, removing any HTML tags or invalid inputs. (#31700)
- Replaces xss_sanitise with jQuery.text() for link text in attach fields, removing the possibility of injecting unwanted content. This modifies how the displayed text is sanitized when showing attached file links. (#31703)
- Encodes URL filters containing special characters (e.g.
&), so they do not break filtering functionality. (#31725) - Shows the
add_total_rowcheckbox in Report only ifreport_typeis not "Report Builder." (#31683) - Makes attachments in the
email_signaturefield of User public by default, preventing signature images from being sent as private files. (#31755) - Adds new banners to the sidebar in the CRM and Support modules, prompting users to consider Frappe CRM or Frappe Helpdesk. (#31762)
- Fixes a bug that caused
map_docsto always call the original whitelisted methods, and consolidates override logic into a single utility. (#31768) - Sets the MariaDB connection to utf8mb4 collation and updates User Settings so that emojis or special characters can be stored without triggering collation errors. (#31765)
- Fixes an unintentional card movement in the Kanban view by adding a 20px fallback tolerance, so cards only move after being dragged that distance. (#31788)
Full Changelog: v14.94.3...v14.95.0
Authors: @iamejaaz, @cogk, @akhilnarang, @Sanket322, @ankush, @tarunps, @barredterra
Reviewers: @barredterra, @akhilnarang
Contributors
ankush, akhilnarang, and 5 other contributors
Assets 2
v15.58.1
What's Changed
- Reverts the update that displayed a read-only reason in the form headline, removing the loading issue introduced by that feature. (#31675)
Full Changelog: v15.58.0...v15.58.1
Authors: @akhilnarang
Reviewers: @akhilnarang
Contributors
akhilnarang
Assets 2
v15.58.0
What's Changed
- Displays the reason in the Form headline when the record is read-only due to a Workflow, replacing the confusing alert with a clearer message. (#31515)
- Fixes missing translations by syncing from Crowdin for Turkish, Bosnian, Persian, Swedish, German, and Spanish. This update reflects newly added or changed text in these languages. (#31125)
- Updates the translation reference file to include newly introduced text for translation. (#31413)
- Fixes the spelling mistake in the
DocStatusconstant to reference the correct doc status when saving or updating documents. (#31518) - Adjusts the test sequence for
DocStatusso cancellation checks run in the intended order. (#31519) - Speeds up
frappe.qb.get_queryby caching field parsing, reducing repeated work needed to generate queries with multiple fields. (#31529) - Reverts the DataTable version to 1.17.16 so that the sticky column feature is temporarily removed while related issues are worked on. (#31535)
- Prevents blacklisted SQL functions from being used in grouping or sorting by updating the function detection logic. (#31543)
- Adds a "Login with Frappe Cloud" button to the login page and removes the forced redirect, letting users pick from all available login methods. (#31546)
- Limits
profileoutput to 200 lines, preventing excessively large logs. This narrows down cprofiler captures to the most relevant data in typical usage. (#31545) - Triggers the
on_session_creationhook for OAuth logins, adding a corresponding record in the activity log. (#31553) - Separates multiple headlines into distinct color-coded blocks with individual close buttons, preventing them from being merged into a single message. (#31493)
- Removes extra references to
frappe.localin recurring Redis cache lookups, providing a modest speed increase of about 5β10%. (#31558) - Removes forced cache reloading from
get_doc, eliminating an unnecessary Redis call and speeding up document retrieval. (#31559) - Adds direct support for 'None' input in
add_to_dateand uses a more efficient date parser to speed up date handling. (#31562) - Speeds up repeated calls to
frappe.callby caching function signatures, reducing overhead per call. (#31563) - Skips updating DefaultValue records when the value remains unchanged, avoiding unnecessary writes and improving system responsiveness. (#31568)
- Fixes partial detection of special characters in field inputs by switching from 'match' to 'search' in the
_sanitize_fieldfunction. (#31571) - Speeds up the rate limiter by switching to
time.time()instead of datetime-based calls and removing the "X-RateLimit-Used" header, reducing overhead in handling requests. (#31564) - Replaces the Python-based parser with the C-based 'fromisoformat' method, reducing parsing time. This speeds up queries that handle datetime fields without altering existing data formats. (#31561)
- Removes repeated expiry-setting steps for the rate limiter key and only sets expiry on the first request in each time window, reducing unnecessary overhead. (#31572)
- Avoids repeatedly parsing the same field in queries, which reduces overhead and speeds up data processing. (#31565)
- Speeds up numeric rounding in the
fltfunction and reading the rounding method from System Settings by reducing repeated lookups. (#31560) - Skips the unnecessary "redirect_after_login" query for returning users. This check only applies to new sign-ups, so it no longer runs on every request. (#31567)
- Introduces a partially timestamp-based naming format that uses elements from the request ID and random data, reducing naming collisions when multiple records are created at the same time. (#31569)
- Overrides the
sanitize_columnfunction to return the processed column name and removes unused string filters in the query builder. (#31580) - Prevents renaming a document when
naming_ruleis "By fieldname" andautonamematchestitle_fieldwithallow_renamedisabled, and shows only one field in the rename dialog if renaming is allowed. (#31588) - Adds a new "Analytics on Prepared Reports" for measuring runtime and memory usage in the Prepared Report DocType. Restricts access to this report to System Managers. (#31587)
- Adds a new Grid Page Length field in DocType that controls how many rows display per page in child tables, retaining 50 as the default. (#31510)
- Restricts DocTypes to update and fetch fields in one pass, reducing overhead for custom field creation. This approach consolidates field operations for more efficient updates. (#31591)
- Queues each Auto Email Report separately to reduce the likelihood of timeouts when sending large amounts of data. (#31596)
- Fixes missing parentheses in the
get_permission_query_conditionsfor the Dashboard doctype, so combined SQL conditions evaluate correctly. (#31601) - Uses additional filter operators in DocType list views to automatically fill relevant fields when creating new entries. (#31610)
- Updates the DB queryβs regex to properly handle underscores in field names, which avoids incorrect parsing of queries containing underscores. (#31617)
- Hides the
translate_datacheckbox in "Query Report" when the language is set to 'en', 'en-GB', or 'en-US'. (#31597) - Fixes mismatched data in exported Excel files when using the "translate value" option in a "Report." The exported data now reflects the on-screen values in the "Report." (#31513)
- Sets attachments in Email Account as public by default so recipients can see pasted images. (#31620)
- Adds currency precision formatting when exporting Query Report, allowing currency fields to use configured decimal places. (#31622)
- Fixes permission checking for new File records so that users with "only if creator" permission are not incorrectly flagged. (#31628)
- Fixes partial loading of data in "Reports" beyond around 50 rows. Restores custom columns so they correctly appear in Excel exports. (#31631)
- Sets the report name as the file name when exporting to Excel, matching the PDF export naming convention. (#31634)
- Syncs updated translations from CrowdIn for multiple languages. The newly merged strings reflect the latest localized content within relevant fields. (#31533)
- Adds a new Add Translate Data field in Report to toggle translation of data in the "Query Report" view. (#31642)
- Adds a parameter to disable host header overrides in
get_url(), letting you control the domain used when generating links. (#31574) - Displays each message in its own block to keep headings distinct and allow color customization. Adds Grid Page Length to child tables in DocType, clarifies read-only forms with a headline, and updates translations for several languages. (#31644)
Full Changelog: v15.57.2...v15.58.0
Authors: @gavindsouza, @CaioMatins, @ankush, @tarunps, @shariquerik, @sagarvora, @akhilnarang, @ruthra-kumar, @frappe-pr-bot, @marination, @Sugesh393, @iamejaaz, @sokumon, @BreadGenie, @Z4nzu
Reviewers: @ankush, @sagarvora, @ruthra-kumar, @akhilnarang, @marination, @barredterra, @iamejaaz, @sokumon
Contributors
ruthra-kumar, ankush, and 14 other contributors
Assets 2
v14.94.3
What's Changed
- Reloads the document before updating its Title. This prevents "Document has been modified..." errors that happen when other fields change at the same time. (#31447)
- Hides the "Submit" button in quick entries for submittable documents if the user does not have submit permission, preventing a permission error. (#31477)
- Speeds up
frappe.qb.get_queryby caching field parsing, reducing repeated work needed to generate queries with multiple fields. (#31528) - Fixes text sanitization in "Awesome Bar" for list view searches to address potential malicious input. (#31539)
- Prevents blacklisted SQL functions from being used in grouping or sorting by updating the function detection logic. (#31542)
- Fixes partial detection of special characters in field inputs by switching from 'match' to 'search' in the
_sanitize_fieldfunction. (#31570) - Queues each Auto Email Report separately to reduce the likelihood of timeouts when sending large amounts of data. (#31595)
- Fixes missing parentheses in the
get_permission_query_conditionsfor the Dashboard doctype, so combined SQL conditions evaluate correctly. (#31600) - Updates the DB queryβs regex to properly handle underscores in field names, which avoids incorrect parsing of queries containing underscores. (#31616)
- Uses additional filter operators in DocType list views to automatically fill relevant fields when creating new entries. (#31618)
- Sets attachments in Email Account as public by default so recipients can see pasted images. (#31619)
- Fixes permission checking for new File records so that users with "only if creator" permission are not incorrectly flagged. (#31627)
- Upgrades the cryptography library to 44.0.1 to address GHSA-79v4-65xg-pq4g and aligns pyOpenSSL to ensure compatibility with this new version. (#31621)
- Adds a parameter to disable host header overrides in
get_url(), letting you control the domain used when generating links. (#31573)
Full Changelog: v14.94.2...v14.94.3
Authors: @tarunps, @gavindsouza, @ankush, @iamejaaz, @CaioMatins, @Ninad1306, @akhilnarang, @frappe-pr-bot
Reviewers: @ankush, @iamejaaz, @gavindsouza, @sagarvora, @akhilnarang
Contributors
ankush, akhilnarang, and 7 other contributors
Assets 2
v15.57.2
What's Changed
- Reverts the DataTable version to 1.17.16 so that the sticky column feature is temporarily removed while related issues are worked on. (#31536)
Full Changelog: v15.57.1...v15.57.2
Authors: @iamejaaz
Contributors
iamejaaz
Assets 2
v15.57.1
What's Changed
- Fixes the sequence of checks in test code to properly verify
DocStatustransitions. (#31520)
Full Changelog: v15.57.0...v15.57.1
Authors: @sagarvora
Contributors
sagarvora
Assets 2
v15.57.0
What's Changed
- Fixes an issue in Query Report that causes custom columns to display incorrect values when multiple link columns point to the same doctype. (#31304)
- Unifies error handling across multiple endpoints by refining type checks, updating status codes, and ignoring
disable_tracebackwhen_dev_serveris True. (#31310) - Escapes HTML in messages from the website contact form. This reduces the chance of unintentional code rendering in emails. (#31314)
- Removes the outdated whitelisted method from Desk Page retrieval and updates "getpage" to handle name-based requests. (#31318)
- Adds the correct exception context to
sys.exc_info, so logs show accurate error details. (#31324) - Fixes permission checks in multiple DocTypes, including Communication and Web Form, to enforce that only authorized users can read or email documents. (#31338)
- Allows including
client_idin OAuth 2.0 requests in Connected App for servers that require it. (#31339) - Adds the missing
backend_app_flowfield when retrieving Email Account, allowing the backend app flow to be recognized. This change restores the ability to fetch emails using the configured backend app flow. (#31344) - Reverts the earlier HTML sanitization in assignment notes and switches the Description field in ToDo to a Text Editor format. (#31341)
- Retrieves only the required fields from DocType data to minimize unnecessary queries and reduce overhead. (#31358)
- Updates the phonenumber library to accept phone numbers starting with +592 7 as valid for GY, which addresses validation errors on forms. (#31343)
- Fixes printing for a custom DocType by skipping file lookups in custom modules, preventing template-not-found errors. (#31376)
- Adds additional color options to the Calendar view, allowing events to be shown with a wider range of distinct colors. (#31373)
- Adds a check in the
assign_tofunction to detect empty HTML indescriptionand replace it with default text if none is found. (#31367) - Fixes the "object is not iterable" error that prevented emails from sending with the "Next Action Email Template" by passing the document as a dictionary for rendering. (#31380)
- Adds a check for
scorein the password strength response, preventing errors on the User form when Enable Password Policy is turned off. (#31393) - Introduces
DocStatus.DRAFT,DocStatus.SUBMITTED, andDocStatus.CANCELLEDand updates their usage to standardize code references. Removes unnecessary type conversions and setsas_valuemore frequently for consistent document handling. (#31394) - Casts integer-based filters to strings for "Link" and "Data" fields so that relevant database indexes can be used in MariaDB. (#31398)
- Adds a prefix index to the
file_urlfield in File, reducing table-wide scans when searching by URL. (#31404) - Fetches data from docstatus=1 child table rows in global search, allowing submitted child records to appear in the results. (#31407)
- Adds a "Force Unlock" prompt on "save" after 30 minutes and automatically unlocks old locked Documents after 3 hours. (#31412)
- Adds an option in System Settings to disable auto-dormancy detection. Disables dormancy by default on self-hosted sites and clarifies site activity in "System Health" report. (#31416)
- Stops silently ignoring exceptions in tests for System Health Report by re-raising them in a test environment. (#31418)
- Adds translation support to footer item labels so they display in the selected language. (#31434)
- Adds a check for active background jobs in the
ready-for-migrationcommand, stopping site migration from starting if tasks are still running. (#31440) - Changes the URL field in Webhook Request Log from
DatatoTextso it can handle longer addresses. (#31430) - Prevents ignoring cached workspace data when the initial result is empty, reducing excessive database queries. (#31446)
- Removes a duplicate filter field in the List View to avoid inconsistent results when applying multiple filters. (#31437)
- Adds a validation step in User when resetting passwords from the website, preventing invalid password updates. (#31464)
- Adds a check to verify if a child doctype is actually linked through a DocField or in a parent record before retrieving its documents, preventing unnecessary lookups. (#31424)
- Removes the duplicate "View File" link from the File form and keeps only the button, reducing duplication when opening files. (#31435)
- Prevents filters from becoming null after switching to a different field type, so the intended filter value remains set. (#31164)
- Adds a check in File to compare the
duplicate_fileURL with the incoming URL, preventing incorrect duplicate detection. (#31425) - Prevents scheduled jobs from starting while the system is in maintenance mode in Scheduled Job Type. (#31456)
- Removes the
ignore_permissionsargument from deletion calls, so the standard checks apply when removing child records. (#31475) - Hides the "Submit" button in quick entries for submittable documents if the user does not have submit permission, preventing a permission error. (#31478)
- Skips the "order_by" directive when counting via open_count to avoid unnecessary sorting and reduce overhead. (#31481)
- Prevents script-based Report from being converted to a prepared report if an exce 8000 ption occurs. (#31485)
- Resolves the "No template found at path:" error when printing documents with a custom Print Format by reverting some of the previous changes. (#31488)
- Removes extra slashes from the
report/route in the Workspace card to avoid broken URLs when opening reports in a new tab. (#31270) - Adds route-based filters to Timesheet Detail so that fields are automatically populated from the URL. (#31498)
- Sanitizes preview data in Data Import and file names in attachment controls, preventing unsafe code from being displayed. (#31497)
- Upgrades the cryptography library to 44.0.1 to address GHSA-79v4-65xg-pq4g and aligns pyOpenSSL to ensure compatibility with this new version. (#31499)
- Removes user authentication from the desk, updates the trial banner to accurately reflect the current plan, and redirects Frappe Cloud users to "site-login" upon logout. (#31494)
- Reverts the DataTable version to 1.17.16 so that the sticky column feature is temporarily removed while related issues are worked on. (#31504)
- Adds translation logic for selected report data, including total rows, so that relevant fields appear in the chosen language. (#31505)
- Updates the error message in Email Account to clarify where to set the default outgoing email account. (#31507)
- Releases version 15 with multiple fixes for error-handling, type checking, and conflict resolution across various modules. It also allows specifying a 'client_id' parameter for OAuth 2.0 flows and updates HTML handling in the
send_messagemethod. (#31502)
Full Changelog: v15.56.1...v15.57.0
Authors: @gavindsouza, @Sanket322, @nabinhait, @iamejaaz, @venkat102, @BreadGenie, @barredterra, @marination, @nikkothari22, @Abdeali099, @cogk, @Nihantra-Patel, @karotkriss, @frappe-pr-bot, @ankush, @alexleach, @NagariaHussain, @akhilnarang, @borisroman, @asmitahase, @sagarvora, @shariquerik, @sokumon
Reviewers: @ankush, @gavindsouza, @cogk, @iamejaaz, @surajshetty3416, @BreadGenie, @netchampfaris, @akhilnarang
Contributors
alexleach, nabinhait, and 23 other contributors
Assets 2
v14.94.2
What's Changed
- Unifies error handling across multiple endpoints by refining type checks, updating status codes, and ignoring
disable_tracebackwhen_dev_serveris True. (#31309) - Escapes HTML in messages from the website contact form. This reduces the chance of unintentional code rendering in emails. (#31313)
- Removes the outdated whitelisted method from Desk Page retrieval and updates "getpage" to handle name-based requests. (#31317)
- Adds the correct exception context to
sys.exc_info, so logs show accurate error details. (#31323) - Fixes permission checks in multiple DocTypes, including Communication and Web Form, to enforce that only authorized users can read or email documents. (#31337)
- Reverts the earlier HTML sanitization in assignment notes and switches the Description field in ToDo to a Text Editor format. (#31340)
- Updates the phonenumber library to accept phone numbers starting with +592 7 as valid for GY, which addresses validation errors on forms. (#31342)
- Fixes printing for a custom DocType by skipping file lookups in custom modules, preventing template-not-found errors. (#31375)
- Adds a check in the
assign_tofunction to detect empty HTML indescriptionand replace it with default text if none is found. (#31366) - Fixes the "object is not iterable" error that prevented emails from sending with the "Next Action Email Template" by passing the document as a dictionary for rendering. (#31379)
- Casts integer-based filters to strings for "Link" and "Data" fields so that relevant database indexes can be used in MariaDB. (#31397)
- Adds a prefix index to the
file_urlfield in File, reducing table-wide scans when searching by URL. (#31403) - Fetches data from docstatus=1 child table rows in global search, allowing submitted child records to appear in the results. (#31406)
- Adds a check for active background jobs in the
ready-for-migrationcommand, stopping site migration from starting if tasks are still running. (#31439) - Changes the URL field in Webhook Request Log from
DatatoTextso it can handle longer addresses. (#31429) - Prevents ignoring cached workspace data when the initial result is empty, reducing excessive database queries. (#31449)
- Skips the
order_byparameter inload_from_dbwhen retrieving a single record by name, allowing the primary key index to be used. (#31452) - We have updated the Email Account doctype to set
login_idto "apikey" when using Sendgrid, which allows emails to be sent through that service. (#30032) - Prevents scheduled jobs from starting while the system is in maintenance mode in Scheduled Job Type. (#31455)
- Removes the
ignore_permissionsargument from deletion calls, so the standard checks apply when removing child records. (#31474) - Skips the "order_by" directive when counting via open_count to avoid unnecessary sorting and reduce overhead. (#31480)
- Resolves the "No template found at path:" error when printing documents with a custom Print Format by reverting some of the previous changes. (#31487)
- Sanitizes preview data in Data Import and file names in attachment controls, preventing unsafe code from being displayed. (#31496)
Full Changelog: v14.94.1...v14.94.2
Authors: @sokumon, @sagarvora, @gavindsouza, @ankush, @nikkothari22, @cogk, @karotkriss, @NagariaHussain, @iamejaaz, @akhilnarang
Contributors
ankush, akhilnarang, and 8 other contributors