Releases: bigin/Scriptor
Releases · bigin/Scriptor
v2.2.0 Docker plugin installs + privacy hardening
Install non-Packagist plugins into the Docker image, stop leaking visitor IPs to a third-party CDN, and a generic "deploy a site as a Scriptor fork" guide. All additive; no breaking changes since 2.1.0.
Added
SCRIPTOR_PLUGIN_REPOSDocker build-arg. Scriptor's owncomposer.jsonships clean (no plugin VCS sources), so the image needs a generic way to learn where to fetch non-Packagist plugins. The new build-arg takes a space-separated list of VCS URLs and registers each viacomposer config repositories.*ahead of the existingSCRIPTOR_PLUGINSrequire. Orthogonal args:REPOS= where,
PLUGINS= which. (docs/install.md,docs/demo.md.)- "Deploy a site as a Scriptor fork" guide (
docs/deploy-as-fork.md). Two remotes (origin= site,upstream= Scriptor), the additive "never edit Scriptor's files" rule, 3-way-merge behaviour, tag-based updates, and thedocker-compose.override.ymloverlay plus the prod overlay. Linked from the README.
Fixed
- The basic theme bundles UIkit locally instead of the jsDelivr CDN. It loaded
uikit.min.css/jsfromcdn.jsdelivr.net, sending every visitor's IP to a third-party CDN on page load. A privacy/GDPR concern. UIkit 3.9.4 (the exact version the CDN served) is now vendored under the theme's public assets and referenced viathemeAssetUrl(). - Plugin VCS repos register with
no-apifor reproducible builds. Composer otherwise resolved github.com metadata through the rate-limited GitHub API and fell back to an SSH clone the build container has no key for. Each repo is now{"type":"vcs","url":…,"no-api":true}, so public repos build with no token and no SSH key. Site::$version/Editor::$versionreport the real version. Both were stuck at2.0.0-devsince 2.0.0; they now read2.2.0.
Changed
composer.jsondrops thebigins/*plugin VCS repositories. Scriptor ships as a clean, generic CMS; plugin source URLs are consumer concerns, supplied by whatever site installs the plugins (e.g.scriptor-cms-siteat Docker build time).
v2.0.1 — dependency refresh + doc polish
What's Changed
- docs(readme): rename "What's new in 2.0" to "Highlights" by @bigin in #60
- chore(composer): drop "flat file" keyword, refresh description by @bigin in #61
- docs(readme): rewrite the "library" example to match the real surface by @bigin in #62
- chore(deps): bump bigins/imanager 2.0.1 -> 2.0.2 by @bigin in #63
- chore(deps): bump bigins/imanager 2.0.2 -> 2.1.0 by @bigin in #64
- chore(deps): bump bigins/imanager 2.1.0 -> 2.2.0 by @bigin in #65
- chore(deps): bump bigins/imanager 2.2.0 -> 2.2.1 by @bigin in #66
Full Changelog: v2.0.0...v2.0.1
Contributors
bigin
Assets 2
v2.0.0
What's Changed
- Phase 14a: bootstrap iManager 2.0 container in Scriptor by @bigin in #18
- Phase 14b-1: Frontend skeleton on iManager 2.0 container by @bigin in #19
- Phase 14b-2: BasicTheme rewritten on iManager 2.0 stack by @bigin in #21
- Phase 14b-3: ImageUrlBuilder — on-demand thumbnails on iManager 2.0 by @bigin in #22
- Phase 14c-1: editor auth on iManager 2.0 (login/logout, CSRF) by @bigin in #23
- Phase 14c-2: editor pages module on iManager 2.0 by @bigin in #24
- fix(routing): single-entry router so /editor/* works on Caddy/Nginx by @bigin in #25
- Phase 14c-3: editor profile module on iManager 2.0 by @bigin in #26
- Phase 14c-4: editor settings module on iManager 2.0 by @bigin in #27
- Phase 14c-5: editor install module on iManager 2.0 by @bigin in #28
- Phase 14d-1: editor upload endpoint + FilePond vendoring by @bigin in #29
- Phase 14d-2: pages edit form on FilePond + existing files listing by @bigin in #30
- Phase 14d-3: frontend renders FileRepository uploads by @bigin in #31
- Phase 14e-2: domain-event listeners (file cleanup + cache invalidation) by @bigin in #32
- fix(upload): align FilePond multipart field name with the endpoint by @bigin in #33
- fix(pages): render migrated 1.x images with inline thumbnail preview by @bigin in #34
- feat(images): caption / alt text per image, end-to-end by @bigin in #35
- Phase 14f: cleanup — delete 1.x library, refresh docs, perf smoke by @bigin in #36
- docs: add pre-cutover handover for the imanager-2.0 → master rename by @bigin in #37
- Fix/page content double encoding by @bigin in #38
- Fix/promote legacy images by @bigin in #39
- Phase 14b-2: BasicTheme rewritten on iManager 2.0 stack by @bigin in #20
- docs: import iManager Phase-14 plan (Scriptor-Integration) by @bigin in #40
- feat(demo): add Scriptor 2.0 Docker demo stack by @bigin in #41
- fix(demo): make the Docker stack actually work end-to-end by @bigin in #42
- fix(pages): server-side cycle guard for parent save by @bigin in #43
- chore: switch iManager dep to Packagist 2.0 stable by @bigin in #44
- chore(htaccess): refresh Apache fallback rules for 2.0 layout by @bigin in #45
- Refactor/public webroot by @bigin in #46
- chore(rebrand): scriptor-cms.dev — domain + banner + IONOS isolation by @bigin in #47
- docs(refactor): note accepted dotfile-leak on ServBay Caddy by @bigin in #48
- docs(plan): hetzner demo deploy — nginx-proxy + Let's Encrypt by @bigin in #49
- docs(hetzner): point at scriptor-cms-ops as implementation home by @bigin in #50
- fix(url): trust X-Forwarded-Proto for site URL scheme by @bigin in #51
- refactor(docker): split scriptor-app into data + uploads volumes by @bigin in #52
- feat(demo): seed from scriptor-cms.dev snapshot instead of programmatic by @bigin in #53
- fix(demo): recreate FTS5 index after seed restore by @bigin in #54
- chore(deps): bump bigins/imanager 2.0.0 -> 2.0.1 by @bigin in #55
- docs(demo): refresh for SQL-dump seed + volume split + scriptor.cms c… by @bigin in #56
- chore(security): harden response headers + session cookie by @bigin in #57
- chore(repo): mark bundled JS/CSS libraries as linguist-vendored by @bigin in #58
- docs(changelog): cut 2.0.0 — fold Unreleased + post-cutover work by @bigin in #59
Full Changelog: v1.12.1...v2.0.0
Contributors
bigin
Assets 2
v1.12.1
v1.12.0
Added file write lock mechanism. Enables seamless storage of Item data even during concurrent requests.
Updated for PHP 8.2 compatibility, corrected namespaces, removed redundant images, initiated PHP strict typing adjustments, and integrated a self-hosted web font for the editor area.