Bump Umbraco.Cms from 17.3.5 to 17.4.0#248
Open
dependabot[bot] wants to merge 1 commit into
Open
Conversation
--- updated-dependencies: - dependency-name: Umbraco.Cms dependency-version: 17.4.0 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Updated Umbraco.Cms from 17.3.5 to 17.4.0.
Release notes
Sourced from Umbraco.Cms's releases.
17.4.0
Upgrade Notes
Be aware of a change to behaviour for detecting the Umbraco application URL. Previously,
ApplicationMainUrlwas automatically set from the Host header of incoming HTTP requests. In environments where Umbraco is not behind a reverse proxy that validates the Host header, this could allow a forged Host header to overwrite the URL used in password reset links, user invitations, and other email notifications. While this is normally mitigated by proper hosting configuration and settingUmbracoApplicationUrlexplicitly, we felt that the auto-detection behaviour should be hardened up and become an opt-in rather than the default. You can read more about this under "Breaking Changes" below, the linked PR and the documentation.There are a few updates related to performance in this release that are worth investigating for larger sites. Using output cache in your projects, with intelligent and customisable detection of page invalidation, is now a configuration option for templated websites, with extension points also applied for the Delivery API. We have optimised content cache rebuild after schema updates, with an option for deferred rebuild in the background. If considering a project with significant expected concurrency for member login and registration, and you prefer to use an external service for member management, the new option for lightweight external members will be worth reviewing.
If working with AI tools such as Umbraco MCP, additions to management API endpoints that expose JSON schema for data types and allow for patch updates of specific properties, should improve accuracy and reliability.
As usual please find the full list of PRs that have contributed to Umbraco 17.4 as follows.
What's Changed Since 17.4.0-rc3
Full Changelog: umbraco/Umbraco-CMS@release-17.4.0-rc3...release-17.4.0
What's Changed Since 17.4.0-r2
📦 Dependencies
🔒 Security
localize.htmlString()helper to prevent XSS in HTML-rendered translations by @iOvergaard in Backoffice: Add localize.htmlString() helper to prevent XSS in HTML-rendered translations umbraco/Umbraco-CMS#22731🐛 Bug Fixes
Fallback.ToAncestorswith no match throwing exception at property level (closes #22759) umbraco/Umbraco-CMS#22763Full Changelog: umbraco/Umbraco-CMS@release-17.4.0-rc2...release-17.4.0-rc3
What's Changed Since 17.4.0-rc
🐛 Bug Fixes
Full Changelog: umbraco/Umbraco-CMS@release-17.4.0-rc...release-17.4.0-rc2
What's Changed Since the Previous Version (17.3.5)
🙌 Notable Changes
... (truncated)
17.4.0-rc3
Upgrade Notes
Be aware of a change to behaviour for detecting the Umbraco application URL. Previously,
ApplicationMainUrlwas automatically set from the Host header of incoming HTTP requests. In environments where Umbraco is not behind a reverse proxy that validates the Host header, this could allow a forged Host header to overwrite the URL used in password reset links, user invitations, and other email notifications. While this is normally mitigated by proper hosting configuration and settingUmbracoApplicationUrlexplicitly, we felt that the auto-detection behaviour should be hardened up and become an opt-in rather than the default. You can read more about this under "Breaking Changes" below, the linked PR and the documentation.There are a few updates related to performance in this release that are worth investigating for larger sites. Using output cache in your projects, with intelligent and customisable detection of page invalidation, is now a configuration option for templated websites, with extension points also applied for the Delivery API. We have optimised content cache rebuild after schema updates, with an option for deferred rebuild in the background. If considering a project with significant expected concurrency for member login and registration, and you prefer to use an external service for member management, the new option for lightweight external members will be worth reviewing.
If working with AI tools such as Umbraco MCP, additions to management API endpoints that expose JSON schema for data types and allow for patch updates of specific properties, should improve accuracy and reliability.
As usual please find the full list of PRs that have contributed to Umbraco 17.4 as follows.
What's Changed Since 17.4.0-r2
📦 Dependencies
🔒 Security
localize.htmlString()helper to prevent XSS in HTML-rendered translations by @iOvergaard in Backoffice: Add localize.htmlString() helper to prevent XSS in HTML-rendered translations umbraco/Umbraco-CMS#22731🐛 Bug Fixes
Fallback.ToAncestorswith no match throwing exception at property level (closes #22759) umbraco/Umbraco-CMS#22763Full Changelog: umbraco/Umbraco-CMS@release-17.4.0-rc2...release-17.4.0-rc3
What's Changed Since 17.4.0-rc
🐛 Bug Fixes
Full Changelog: umbraco/Umbraco-CMS@release-17.4.0-rc...release-17.4.0-rc2
What's Changed Since the Previous Version (17.3.5)
🙌 Notable Changes
... (truncated)
17.4.0-rc2
Upgrade Notes
Be aware of a change to behaviour for detecting the Umbraco application URL. Previously,
ApplicationMainUrlwas automatically set from the Host header of incoming HTTP requests. In environments where Umbraco is not behind a reverse proxy that validates the Host header, this could allow a forged Host header to overwrite the URL used in password reset links, user invitations, and other email notifications. While this is normally mitigated by proper hosting configuration and settingUmbracoApplicationUrlexplicitly, we felt that the auto-detection behaviour should be hardened up and become an opt-in rather than the default. You can read more about this under "Breaking Changes" below, the linked PR and the documentation.There are a few updates related to performance in this release that are worth investigating for larger sites. Using output cache in your projects, with intelligent and customisable detection of page invalidation, is now a configuration option for templated websites, with extension points also applied for the Delivery API. We have optimised content cache rebuild after schema updates, with an option for deferred rebuild in the background. If considering a project with significant expected concurrency for member login and registration, and you prefer to use an external service for member management, the new option for lightweight external members will be worth reviewing.
If working with AI tools such as Umbraco MCP, additions to management API endpoints that expose JSON schema for data types and allow for patch updates of specific properties, should improve accuracy and reliability.
As usual please find the full list of PRs that have contributed to Umbraco 17.4 as follows.
What's Changed Since 17.4.0-rc
🐛 Bug Fixes
Full Changelog: umbraco/Umbraco-CMS@release-17.4.0-rc...release-17.4.0-rc2
What's Changed Since the Previous Version (17.3.5)
🙌 Notable Changes
💥 Breaking Changes
ApplicationUrlDetectionsetting to control application URL auto-detection by @AndyButland in Application URL: AddApplicationUrlDetectionsetting to control application URL auto-detection umbraco/Umbraco-CMS#22307📦 Dependencies
System.Security.Cryptography.Xmlto resolve vulnerability warning by @AndyButland in Dependencies: PinSystem.Security.Cryptography.Xmlto resolve vulnerability warning umbraco/Umbraco-CMS#22514🚤 Performance
FullDataSetRepositoryCachePolicyusage across all repositories by @AndyButland in Performance: OptimizeFullDataSetRepositoryCachePolicyusage across all repositories umbraco/Umbraco-CMS#22264ContentTypeRepositorydeep-clone on cache reads (closes #22250) by @AndyButland in Performance: OptimizeContentTypeRepositorydeep-clone on cache reads (closes #22250) umbraco/Umbraco-CMS#22263GeneratedRegexinstead of generating at runtime in string extensions by @Henr1k80 in Performance: UseGeneratedRegexinstead of generating at runtime in string extensions umbraco/Umbraco-CMS#22534_publishedContentCachehas a cached version inMediaCacheServiceby @Henr1k80 in Performance: Avoid allocating a string if_publishedContentCachehas a cached version inMediaCacheServiceumbraco/Umbraco-CMS#22535UdiParser(eliminate closure, fix naming & formatting of exceptions) by @Henr1k80 in Performance: Micro-optimisation inUdiParser(eliminate closure, fix naming & formatting of exceptions) umbraco/Umbraco-CMS#22506... (truncated)
17.4.0-rc
Upgrade Notes
Be aware of a change to behaviour for detecting the Umbraco application URL. Previously,
ApplicationMainUrlwas automatically set from the Host header of incoming HTTP requests. In environments where Umbraco is not behind a reverse proxy that validates the Host header, this could allow a forged Host header to overwrite the URL used in password reset links, user invitations, and other email notifications. While this is normally mitigated by proper hosting configuration and settingUmbracoApplicationUrlexplicitly, we felt that the auto-detection behaviour should be hardened up and become an opt-in rather than the default. You can read more about this under "Breaking Changes" below, the linked PR and the documentation.There are a few updates related to performance in this release that are worth investigating for larger sites. Using output cache in your projects, with intelligent and customisable detection of page invalidation, is now a configuration option for templated websites, with extension points also applied for the Delivery API. We have optimised content cache rebuild after schema updates, with an option for deferred rebuild in the background. If considering a project with significant expected concurrency for member login and registration, and you prefer to use an external service for member management, the new option for lightweight external members will be worth reviewing.
If working with AI tools such as Umbraco MCP, additions to management API endpoints that expose JSON schema for data types and allow for patch updates of specific properties, should improve accuracy and reliability.
As usual please find the full list of PRs that have contributed to Umbraco 17.4 as follows.
What's Changed
🙌 Notable Changes
💥 Breaking Changes
ApplicationUrlDetectionsetting to control application URL auto-detection by @AndyButland in Application URL: AddApplicationUrlDetectionsetting to control application URL auto-detection umbraco/Umbraco-CMS#22307📦 Dependencies
System.Security.Cryptography.Xmlto resolve vulnerability warning by @AndyButland in Dependencies: PinSystem.Security.Cryptography.Xmlto resolve vulnerability warning umbraco/Umbraco-CMS#22514🚤 Performance
FullDataSetRepositoryCachePolicyusage across all repositories by @AndyButland in Performance: OptimizeFullDataSetRepositoryCachePolicyusage across all repositories umbraco/Umbraco-CMS#22264ContentTypeRepositorydeep-clone on cache reads (closes #22250) by @AndyButland in Performance: OptimizeContentTypeRepositorydeep-clone on cache reads (closes #22250) umbraco/Umbraco-CMS#22263GeneratedRegexinstead of generating at runtime in string extensions by @Henr1k80 in Performance: UseGeneratedRegexinstead of generating at runtime in string extensions umbraco/Umbraco-CMS#22534_publishedContentCachehas a cached version inMediaCacheServiceby @Henr1k80 in Performance: Avoid allocating a string if_publishedContentCachehas a cached version inMediaCacheServiceumbraco/Umbraco-CMS#22535UdiParser(eliminate closure, fix naming & formatting of exceptions) by @Henr1k80 in Performance: Micro-optimisation inUdiParser(eliminate closure, fix naming & formatting of exceptions) umbraco/Umbraco-CMS#22506OptimizeInvariantUrlRecordstimeout on SQL Server (closes #22377) by @AndyButland in Migrations: Fix potentialOptimizeInvariantUrlRecordstimeout on SQL Server (closes #22377) umbraco/Umbraco-CMS#22382🌈 Accessibility Improvements
... (truncated)
Commits viewable in compare view.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.