Daniela Soares Feitosa (1):
Fixed html escape on suborganization plugin
Lucas Melo (2):
chat.js: escape html tags in messages
CustomFormsPlugin: order fields by creation time
Rodrigo Souto (3):
Fixing performance issue with full blog view
Fixing blog archives block performance issue
This is our bugfix release called Paumaris
. It's a small version but has important performance optimizations. Check it out!
Blog Archives Block
This block is that one that shows the post counts by year/month of the user's block. Instead of just retrieving the counts, this block was loading all the blog posts on memory to then filter the counts on Ruby side. In some production environments where users have 2o thousands posts or so this block was slowing the request time pretty drastically and consuming a lot of memory. On this version it's just rerieving what it needs and it's blazing fast!
On the Search Tag view, when displaying blogs, the "last posts" field was doing the mistake we found on the Blog Archives Block in order to list just the last 3 posts. We also optimized this page.
Chat XSS Vulnerability
The chat was sending messages without filtering it's html. This was a big security vulnerability that permitted XSS attacks through the chat. We fixed this prbolem on this version.
Custom Forms fields order
The fields order on Custom Forms weren't being persisted after the form creation. This was causing some forms to became strange for the users with questions that should be in the end appearing on top. Now the fields positions are considered and the form always display them in the order they were positioned on its configuration.
Some more mistaken escaped html
We found some html that was still being escaped unnintentionally on the SubGroups
plugin. They are fixed in this version.
About the tests
On the Blog Archives Block performance optimization we needed to use some PostgreSQL
specific queries. This new code made some tests fail when running on an sqlite database. Since we are migrating to use only PostgreSQL
on all of our environments (development, test and production) we'll not monkey patch or anything to solve this issue. That's true that at the same time our test suite is not fully passing with a PostgreSQL
database but we are working on it.
That's all for this version. See you on the next one! o/