Version 2.2.21 - Sherbrooke
-------------------------------

Core - General
 - Fixes BR 12714 inherited content Fields from a base templates are missing in child templates (backend edit);
 - Fixes BR 12713 Pages extended of a page base can't be edited, if they don't contain a {content} tag;
 - Fixes a typo in class ErrorPage: missing line break after #[\AllowDynamicProperties] directive;

Version 2.2.20 - Saguenay
-------------------------------

Core - General
 - Compatibility fixes for PHP 8.2 and 8.3;
 - Smarty upgraded to version 4.5.2 (latest of the stable 4.5.x branch);
 - Made some changes to keep backward compatibility with previous versions of Smarty;
 - Fixed BR #12683: we now truncate the item_name at 50 characters;
 - Moved php files with functions to a specific folder tidying up for further changes;
 - Deprecated cms_html_entity_decode: scheduled to be removed; PHP native html_entity_decode now supports UTF-8 properly;
 - Fixed BRs #12677 and #12703: UDTs errors are now handled more gracefully - the error being triggered is shown on the popup;
 - News module is no longer mandatory;
 - New module added to core (UserGuide);
 - Installer now supports optional modules (News and UserGuide);
 - MenuManager is no longer installed back on upgrades;
 
Content Manager 1.1.13
 - Fixed a typo in admin_editcontent.tpl;
 
CmsJobManager 1.0.0
 - Considered a stable release, version is now 1.0.0;
 - Compatibility fixes for PHP 8.2 and 8.3;
 
DesignManager 1.1.11
 - Compatibility fixes for PHP 8.2 and 8.3;
 
FilePicker 1.0.8
 - BR #12671 - fix FilePicker prefix error;
  
MicroTiny 1.6.5
 - Compatibility fixes for PHP 8.2 and 8.3;
 - Removed mt_jsbool as it is not needed any longer and was breaking Smarty compatibility; 
 
Navigator 1.0.11
 - Compatibility fixes for PHP 8.2 and 8.3;

News 2.51.13
 - Compatibility fixes for PHP 8.2 and 8.3;
 - News is now an optional module, no longer installed by default;
 
UserGuide 1.0.0
 - Initial release;
 
Phar Installer Not SET
 - Compatibility fixes for PHP 8.2 and 8.3;
 - Supports core optional modules selection on advanced mode (currently News and UserGuide);
 - Modified Smarty 4.2.1 enough to work with PHP 8.3;
 - Regular Phar doesn't support Windows at this point while Expanded Phar does; 

Version 2.2.19 - Selkirk
-------------------------------

Core - General
 - BR #12647 - Wrong default action value in get_pageid_or_alias_from_url
 - FR #12638 - ability to add CSP headers on the backend: currently weak restrictions: self with script-src and script-src-elem set to unsafe-inline (optionally set on config admin_csp_header);
 - BR #12661 - fix page_selector allow_all parameter and set default to false;
 
Content Manager 1.1.12
 - BR #12635 - Apply button is shown for non-existing page;
 - BR #12474 Taking the default page down by accident through the content type;

File Manager 1.6.16
 - BR #12659 - FileManager upload Warning bug fix;

FilePicker 1.0.7
 - BR #12621 - FilePicker upload bug;
 - BR #12659 - FilePicker upload Warning bug fix;

Navigator 1.0.10
 - BR #12528 Navigator call doesn't clear excluded prefixes in some situations

Version 2.2.18 - Apex
-------------------------------
Core - General
 - Fallback function CMSMS\strftime. PHP Intl extension still recommended. The fallback solves issues on hosts that don't install it by default and don't allow users to install it.

Version 2.2.17 - Iqaluit
-------------------------------
Core - General
 - BR #12529 - Cacheable Pages have Bad Header Last-Modified;
 - BR #12543 - Lib file corrections;
 - BR #12618 - HasChildren() is broken;
 - BR #12587 - can't uninstall modules;
 - Compatibility fixes for PHP 7, 8.0 and 8.1;
 - Smarty upgraded to version 4.2.1;
    Note: Smarty 2 syntax is still supported, but deprecated
 - Add function CMSMS\strftime to replace deprecated PHP function. PHP Intl extension recommended to support this.
 - Enabled use of PHP functions trim,ltrim,rtrim in smarty templates
 - PHPMailer upgraded to version 6.6.0.
 - fixes BR #12529 Cacheable Pages have Bad Header Last-Modified;
 - added module's support for arrays in parameters;
 - Fixes to cms_mailer class mainly in terms of proxy design pattern getters and setters and autotls settings;
 - Smarty security policies changes: due to some modifications in the way updated Smarty now behaves, all static classes need to be registered for its use to be allowed in templates.

Content Manager 1.1.10
 - Differentiate new page from cloned page.
 - Compatibility fixes for PHP 7, 8.0 and 8.1.

Design Manager 1.1.10
 - BR #12545 - Module: DesignManager typo info on top file.
 - fixes typo BR #12545
 - Compatibility fixes for PHP 7, 8.0 and 8.1.

FilePicker 1.0.6
 - BR #12539 - Module FilePicker 1.0.5 files corrections.
 - Compatibility fixes for PHP 7, 8.0 and 8.1.

Module Manager 2.1.9
 - BR #12541 - Module ModuleManager 2.1.8 : corrections + compatible php 7.1.0 to 8.1.4.

News 2.51.12
 - BR #12543 - Lib file corrections.
 - Compatibility fixes for PHP 7, 8.0 and 8.1.

FileManager 1.6.13
- Compatibility fixes for PHP 7, 8.0 and 8.1.


Version 2.2.16 - Truro
-------------------------------
Core - General
  - BR #12370 - Admin Log-Download : now downloading the log honors all filters but doesn't process paging
  - BR #12437 - Installer won't allow "<" symbol in database password
  - BR #12457 - Event Manager empty list when mysql mode only_full_group_by
  - BR #12484 - Cannot exit after Run UDT
  - BR #12495 - MySQL 8.0.2+ breaks groups without table prefix
  - BR #12499 - adminlog.tpl Wrongly formed date
  - BR #12500 - NameQuote function does not work properly
  - BR #12504 - Function call notification.
  - Fixed an issue with specific characters in a content block tab name breaking the editor
  - Adjust regex's incompatible with PCRE2
  - Avoid deprecated strftime() - deploy new replacement function locale_ftime() and new modifier-plugin localedate_format
  - A number of fixes for PHP 8 compatibility

Admin Search v1.0.6
  - BR #12443 - Admin Search fails on some searches with default mysql mode only_full_group_by (mysql 5.7.5+).
  - Removed license and copyright notices from module help text.
  - Escaping the search input field values.
  - More content object attributes are searched.
  - User Defined Tags can be searched.
  - Only places a user has permission to search are shown in the filter list (cached!).

Content Manager v1.1.9
  - Fix menu text/title setting.

FileManager v1.6.12
  - BR #12435 - Replacing an image file in filepicker doesn't update thumbnail.

FilePicker v1.0.5
  - FR #12483 - Additional FilePicker Help for usage as Content Block.

Navigator v1.0.9
  - BR #12456 - Navigator breadcrumbs with default page hidden from menu causes PHP notice.

Search v1.53
  - Added 'Manage Search' permission;
  - BR #12391 - Core search issue page/entry titles that start with numbers;
  
Phar Installer v1.3.15  
  - Fixed BR #12437 - Installer won't allow "<" symbol in database password; 
  - Added Russian lang file to installer;
  - use locale_ftime() instead of deprecated strftime();
  - escape name of groups table, to prevent reserved-word conflict when table-prefix is empty;
  - alterations to the links in final step: we now privilege links to CMSMS channels of contact and support;

Version 2.2.15 - Bonaventure
-------------------------------
Core - General
  - BR #12287 - Admin shortcuts popup refers to IRC.
  - BR #12292 - showbase parameter of metadata tag doesn't accept boolean value.
  - BR #12303 - No date displayed in the admin + category id not incremented.
  - BR #12305 - Removing actual Destination Page breaks Destination Page dropdown in Internal Page Link pages.
  - BR #12311 - log_performance_info - undefined variable: queries.
  - BR #12313 - 5 Stored XSS vulnerabilities in Settings - Content Manager.
  - BR #12317 - XSS on Settings News Module.
  - BR #12325 - Several XSS vulnerabilities.
  - BR #12335 - User pref admin homepage not properly displayed under certain conditions.
  - BR #12337 - GetContentBlockFieldInput $adding always false.
  - BR #12338 - Allow http/2 responses.
  - BR #12357 - Filepicker dropzone size issue.
  - FR #12345 - More user friendly admin session handling (partly implemented).
  - FR #12349 - Swap tabs on System Maintenance page.
  - Browsing to the main admin page in a new browser tab during a running session won't redirect to login form anymore.
  - (Error) messages in OneEleven won't dismiss on click.
  - Fix to Admin redirection after login on Windows platform.
  - Fix to the module API redirection to support arrays in parameters.
  
FileManager v1.6.12
  - Dropzone improvement like core FilePicker.

FilePicker v1.0.5
  - BR #11673 - FilePicker will not show svg images, when in the Content Manager.
  - BR #12312 - Stored XSS vulnerability in File Picker.

News v2.51.11
  - Minor code fix to encoding title content. 
  - BR #12322 - Stored Cross-Site Scripting. Minor, because it can only be performed by a person that has access rights to the Admin panel.
  - BR #12325 - Several XSS vulnerabilities.

Design Manager v1.1.9
  - Minor fixes for PHP warnings\notices;

Module Manager v2.1.8
  - BR #12291 - Reflected Cross site scripting
  - BR #12324 - Stored Cross-Site Scripting. Minor, because it can only be performed by a person that has access rights to the Admin panel.
  - Increased the Download Chunk Size field size to 4.
  
MicroTiny v2.2.5
  - BR #12351 - Escaping translation strings in tinymce_config.js.

Search v1.52
  - FR #11886 - Include module and modulerecord fields for content pages.

Phar Installer v1.3.13
  - Fixes to the reload button: now prevents browser's caching 
  - BR #11591 - fixed: Phar installer doesn't work with OPCache enabled
  
Version 2.2.13 - Moosomin
-------------------------------
Core - General
   - Explicitly add a function or two to the allowed functions in PHP secure mode.

DesignManger v1.1.7
   - Fix a warning in PHP 7.3+

FileManager v1.6.10
   - Fix minor XSS vulnerabilities in FileManager.

News v2.51.8
   - Fix a security issue in the default action with the idlist param
   (This version was also separately released in the forge)

Version 2.2.12 - Osoyoos
-------------------------------
NOTICE: Due to the nature of the security issue fixed in FileManager after upgrading you should change your database password.

Core - General
  - Fix warning in cms_html_entity_decode

FileManager v1.6.9.1
  - Security fixes for view action.