Terminalfour: 8.3.19
- Date Released:
- April 23 2024
General
Overview
We're delighted to announce the release of 8.3.19 which includes lots of exciting improvements and fixes related to accessibility, managing content/page layouts, form builder improvements, and much more. Let's dive in...
Improved Accessibility of the platform
Based on client feedback and 3rd party accessibility audits we’ve focused on improving the accessibility of the Terminalfour Platform to ensure a better experience for all users. We take accessibility extremely seriously, and our work in this area is not complete. We’ll continue to make improvements based on user feedback and ongoing accessibility testing in subsequent releases.
Improved color contrast
RDSM-37057 and RDSM-37056
We’ve tweaked the colors used throughout the platform to ensure there’s sufficient color contrast. Button and badge colors have been darkened, labels have been made easier to read, and overall text is more legible for all users.
Improved Keyboard Navigation and Screen reader support
RDSM-37281, RDSM-37645, RDSM-37578, RDSM-37577, RDSM-37050, RDSM-37047, RDSM-36997, and RDSM-37046
For those users who require assistive technology, or who prefer keyboard navigation to pointer devices, this release improves the experience in these areas. Screen readers will now announce with more context, and keyboard navigation has improved across the board (especially within tabs and modals).
Introducing Handlebars
RDSM-37325
Handlebars offers a new way to create your Content Layouts and Page Layouts that’s more powerful than traditional T4 tags, but much more approachable than programmable layouts. Our goal is to offer the right mix of flexibility and ease-of-use and we can't wait for you to give it a try.
Handlebars allows you to create Content Layouts and Page Layouts with placeholders and simple logic that will be filled in with data at Publish time, making it easier to manage and manipulate content without needing extensive coding expertise or familiarity with the complexities of Programmable Layouts.
An “Intro to Handlebars” is available in the documentation area to show you what it’s capable of and we’d love to get your feedback.
Webhooks comes to Terminalfour
RDSM-37065
This release also introduces Webhooks to the Terminalfour platform, starting with Form Builder submissions.
From 8.3.19 you can now send form submissions to a 3rd party service automatically as soon as they’re received allowing for easier integration with other platforms.
Rather that 3rd party systems having to connect to Terminalfour to check for new submissions, we'll send them to the system of your choice as soon as submissions are received.
Webhooks can be used with no-code automation platforms such as Zapier to automatically send your form submission data wherever it makes sense for your use-case.
We’re excited to extend this webhook functionality to other areas of the product but we’d love your feedback to know where would provide the most value. Perhaps when a publish completes? Or a new Content Type, or Section is created? Let us know!
Security
This release also further bolsters the security of the Terminalfour platform in a number of areas based on feedback we've received from recurring 3rd party penetration testing as well as feedback directly from users.
User locking
RDSM-34924
For local users (i.e. those not authenticating with SSO or a 3rd party authentication service) we’ve introduced automatic user locking based on recurring failed login attempts.
If users enter an incorrect password 8 times in a row, their account will be automatically locked.
Users will be sent an email when their account is unlocked that includes a link to unlock their account and create a new password. Admins also have the ability to filter for, and unlock locked users.
Users account will automatically unlock after 24 hours.
XSS/XXE issues
We have addressed issues in the following areas:
- (XXE) Processing XML in the Data Object, Content Syncer etc
RDSM-37339 - (XSS) Section Metadata
RDSM-37522 - (XSS) Mediums (Users and Workflow)
RDSM-32500 - (XSS) Section/Content Linking
RDSM-33798 - (XSS) External Content Syncer
RDSM-32501 - (XSS) Content Names in Direct Edit
RDSM-37395 - (XSS) A-Z Navigation Object
RDSM-30149 - (XSS) Forms (when mapped to existing content types)
RDSM-36991 - (XSS) Page Layout names in channel configuration
RDSM-33902
Other Improvements
- Improved error handling in Direct Edit when a page contains broken JavaScript
RDSM-33909 - Redesigned Direct Edit menu bringing clearer labels and visual consistency
RDSM-37535
- The left menu’s state will be remembered between page changes, meaning if you want to minimize the left menu – it will stay minimized!
RDSM-34736 - The UI for creating access control configuration has been updated to the v8 UI
RDSM-37077
- Improved Auto Variants behaviour: Now when you change an image in the Media library, the original auto variants will be updated with the newly uploaded image. (When upgrading to 8.3.19, existing auto-variants won't be changed until original images are updated)
RDSM-30869
Security fixes
The following issues have been resolved in 8.3.19:
Changes
| Issue Type | Issue key | Summary | Priority | Component/s |
|---|---|---|---|---|
| Change Request | RDSM-37075 | Update the front end of the Access Control Configuration page | P3 | Access control on published pages |
| Change Request | RDSM-35124 | Update the back end for the Access Control Configuration page | P3 | Access control on published pages |
| Epic | RDSM-37077 | Update the Access Control Configuration page | P3 | Access control on published pages |
| Bug | RDSM-37645 | Focus is lost after you select favicon (media) while editing channel | P3 | Accessibility |
| Bug | RDSM-37578 | It's not possible to approve or reject piece of content from the modal with the keyboard | P3 | Accessibility |
| Bug | RDSM-37577 | Focus is lost after you select section while editing channel | P3 | Accessibility |
| Bug | RDSM-37057 | All buttons, tags, links and badges fail to meet the minimum colour contrast ratio | P3 | Accessibility |
| Bug | RDSM-37056 | Active parent link on left navigation fails to meet colour contrast ratio | P3 | Accessibility |
| Bug | RDSM-37050 | No focus state on Category names | P3 | Accessibility |
| Bug | RDSM-37047 | Media Library expand and collapse options are inaccessible to keyboard users | P3 | Accessibility |
| Bug | RDSM-36997 | The Search Bar can be accessed by screen readers when hidden | P3 | Accessibility |
| Bug | RDSM-37046 | Site structure expand and collapse options are inaccessible to keyboard users | P4 | Accessibility |
| Bug | RDSM-36977 | Login and Logout are not logged unless "Access" logging is enabled | P3 | Audit Trail / Error Reports |
| Epic | RDSM-34924 | Set an account lockout after a defined number of incorrect password attempts | P3 | Authentication |
| Bug | RDSM-37395 | XSS is triggered when Direct Edit a section that has a piece of content that contains XSS that has been added via content or section link | P3 | Content |
| Bug | RDSM-37037 | Styles cannot be applied to Server Side Links anchor tag within the shadow root in TinyMCE | P3 | Content |
| Bug | RDSM-33909 | Direct Edit - If a content layout contains broken javascript it can prevent you from inline editing after you save the content. | P3 | Content |
| Bug | RDSM-33624 | Content link is appended to section link in Section / Content Link element | P3 | Content |
| Bug | RDSM-28060 | When typing in editor the warning message remains until editor loses focus | P3 | Content |
| Change Request | RDSM-35292 | Change the warning message when no text is entered in TinyMCE | P3 | Content |
| Bug | RDSM-36922 | Blank p tag added in media layouts | P4 | Content |
| Bug | RDSM-37628 | Approve Content page Reject Modal should have Reject Button | P4 | Content Approval |
| Change Request | RDSM-34759 | Rename "Section and content options" options in External Content Syncer | P3 | Content Syncer |
| Bug | RDSM-26342 | When element names have special characters, alias is changed in DB on each save without changing anything in the UI | P3 | Content Types |
| Bug | RDSM-25496 | Content type cannot be deleted due to SyntaxError: Unexpected token ) in console | P3 | Content Types |
| Change Request | RDSM-36676 | The "Content layout code" tab should be selected and open when a Content Layout is being edited | P3 | Content Types |
| Bug | RDSM-37509 | XXE vulnerability when processing XML | P2 | Data Object |
| Bug | RDSM-27616 | Duplicates of media in the one element get removed | P3 | Direct Edit |
| Change Request | RDSM-37535 | Ensure labels for left menu in Direct Edit are visible by default | P3 | Direct Edit |
| Bug | RDSM-36534 | Validation required for placeholder value, form fails to save when it exceeds 256 characters | P3 | Form Builder |
| Change Request | RDSM-37004 | In Form Builder, the existing lists should be ordered alphabetically | P3 | Form Builder |
| Epic | RDSM-37065 | Send Form Bank submissions to third-party systems with webhooks | P3 | Form Builder |
| Epic | RDSM-37325 | Handlebars Initial Release | P3 | GraalJS / Handlebars |
| Change Request | RDSM-37408 | Add "status" column to the Group listing page | P4 | Group Management |
| Bug | RDSM-37603 | User cannot use Enter/Return to expand a section after filtering for the section | P4 | Hierarchy |
| Bug | RDSM-31465 | Unnecessary br tag displayed in the delete section modal | P4 | Hierarchy |
| Change Request | RDSM-35175 | Automatically start the upgrader without requiring confirmation | P3 | Installer |
| Bug | RDSM-33233 | Clicking breadcrumb for media in approve content doesn't work | P3 | Media Library |
| Bug | RDSM-32378 | MediaBroker does not check if media item is scalable before trying to scale it | P3 | Media Library |
| Bug | RDSM-37799 | Save changes button is disabled for Moderators and Power users that have write access to a media category | P3 | Media Library |
| Change Request | RDSM-36687 | Set the max file size to be displayed in MB where appropriate | P3 | Media Library |
| Epic | RDSM-37281 | Ensure users can navigate site and media structures via the keyboard effectively | P3 | Media Library |
| Bug | RDSM-36561 | Links to categories in the child categories tab when editing a category do nothing | P4 | Media Library |
| Bug | RDSM-33205 | Edit page does not load for newly created media category | P4 | Media Library |
| Bug | RDSM-30869 | Update auto-variants of an image when the main image is updated | P4 | Media Library |
| Bug | RDSM-19702 | Cannot open media sub-category in certain scenario | P4 | Media Library |
| Bug | RDSM-24720 | Hovering over any category in the Media library shows as Not translated | Trivial | Media Library |
| Bug | RDSM-36465 | Publish to one file navigation object outputs nothing in preview when processT4Tags method is used for media type | P3 | Navigation |
| Change Request | RDSM-35263 | Rename "Number of pieces of content to display" option in Top Stories Navigation Object | P3 | Navigation |
| Change Request | RDSM-35186 | Rename "Number of pieces of content to display on page" and "Maximum number of pieces of content to display" options in Pagination Navigation Object | P3 | Navigation |
| Change Request | RDSM-34970 | Rename "Which piece of content to start at?" option in Top Content | P3 | Navigation |
| Change Request | RDSM-34845 | Rename "Number of pieces of content to display" option in Keyword Search | P3 | Navigation |
| Bug | RDSM-32608 | Accessibility report throws PublishProcessorException when it encounters a programmable layout | P3 | Programmable Layouts |
| Bug | RDSM-33684 | NullPointerException for cachedcontent that have no version | P4 | Programmable Layouts |
| Bug | RDSM-37095 | Pending publish overwrites approved published images in S3 and vice/versa when using PXL | P3 | Publish |
| Bug | RDSM-23008 | No audit trail results for task scheduler actions | P3 | Scheduler |
| Bug | RDSM-37522 | Metadata XSS issue | P3 | Section |
| Bug | RDSM-37339 | Web Objects are open to Blind Server Side Request Forgery vulnerability | P3 | Security |
| Bug | RDSM-36991 | XSS is triggered when creating a new form based on content type with Javascript in element name | P3 | Security |
| Bug | RDSM-33902 | Script tags are run on the Inheritable page layout dropdown in channel configuration | P3 | Security |
| Bug | RDSM-33798 | XSS is triggered when you open piece of content that contains XSS via content or section link | P3 | Security |
| Bug | RDSM-32501 | XSS issue on external content syncer screen | P3 | Security |
| Bug | RDSM-32500 | XSS issue on mediums page | P3 | Security |
| Bug | RDSM-30149 | Javascript (XSS) is triggered while creating A-Z navigation object when microsite name contains javascript | P3 | Security |
| Bug | RDSM-25787 | If you create submission with a name "<script> alert " then the e-form content type cannot be deleted | P3 | Security |
| Bug | RDSM-36642 | Execution rate field is not aligned correctly | P3 | User Experience |
| Bug | RDSM-33906 | Forms filtering by id sometimes doesn't retrieve results | P3 | User Experience |
| Bug | RDSM-31804 | Incorrect text on successful form-builder re-index. | P3 | User Experience |
| Change Request | RDSM-34866 | Update tooltips to use "Content Item" and "Content Items" rather than "piece of content" and "pieces of content" | P3 | User Experience |
| Change Request | RDSM-34736 | Once the main left menu is collapsed it should remain collapsed even when the user navigates to different page | P3 | User Experience |
| Change Request | RDSM-34241 | Change references of TERMINALFOUR to Terminalfour | P3 | User Experience |
| Bug | RDSM-37454 | HTML editor setting page documentation URLs are incorrect and do not navigate to the correct part of the page | P4 | User Experience |
| Bug | RDSM-37314 | Direct Edit: You should be able to click on any part of the "Insert content" line to insert new content | P4 | User Experience |
| Bug | RDSM-37026 | <br> in the message when a section is trying to remove | P4 | User Experience |
| Bug | RDSM-36435 | Notifications bar styling broken on section page | P4 | User Experience |
| Bug | RDSM-33501 | Section name validation should describe the error | P4 | User Experience |
| Bug | RDSM-28513 | Long section names with no spaces in publish notification do not get wrapped | P4 | User Experience |
| Bug | RDSM-20085 | User management search button must be used to search - enter doesn't work | P4 | User Experience |
| Bug | RDSM-22258 | UI issues with the content lock modal | Trivial | User Experience |
| Bug | RDSM-36653 | The link to the Media Item in the Workflow email doesn't work | P3 | Workflow |
Before upgrading
In advance of the upgrade please view the information and Technical Roadmap. Please contact us prior to upgrading we can provide you with the pre and post-upgrade tasks.
Priority
Please note that the priorities assigned to bugs differ from those assigned to Client Support tickets:
- P1 - Major rework of product.
- P2 - Major performance change.
- P3 - Regular priority change.
- P4 - Minor change.
- Trivial - Very minor UI changes.