Sulu releases 2.6.22 and 3.0.5
We’ve just published new patch releases for Sulu: Sulu 2.6.22 and Sulu 3.0.5. These updates provide security fixes, some bug fixes and a lot of improvements.
Security patch for admin endpoints
Previously, users who had a role in the Sulu Admin but no permission to access contacts could still access parts of the Contacts API (e.g., titles, positions, etc.). With the latest releases, we’ve added additional permission checks so these endpoints are only available to users who also have access to the contact entities. Thanks to sh4dowalker for reporting this issue.
The security advisory is as always available on GitHub here.
Sulu 3.0.5 with more performance improvements
This release improves the performance of various queries for the new content resolving and navigation. Make sure to update your database schema and to add the newly recommended indexes. We also fixed an issue where a dimension could be lost when an author or route was removed. The admin indexes are now extendable by new tagged interfaces. A few other improvements and fixes have been applied, for the full changelog, see the 3.0.5 release notes.
Sulu 2.6.22 fixes and improvements for upgrading
This release fixes an issue where image cropping could extend too close to the border. It also introduces case-insensitive search across all list views when using PostgreSQL—previously, this behavior was limited to MySQL. In addition, we’ve improved the PHPCR cleanup command and resolved several related issues to make the upgrade to 3.0 as smooth as possible. We also included a small UX enhancement by auto-focusing the title field in the Custom URL and Collection overlays. For the full changelog, see the 2.6.22 release notes. Thanks to all contributors!
Internal upgrade process: Enzyme to React Testing Library
We’re also steadily upgrading our JavaScript frontend stack. We’ve already migrated many tests from Enzyme to the React Testing Library. We started this effort years ago, but it is time-consuming and requires significant engineering capacity. With AI support, we can move this work forward much more efficiently.
As part of these improvements, we also upgraded our internal JS test setup from Jest 26 to Jest 29. These steps are essential to keep our JavaScript stack up to date. In upcoming minor releases, we’re planning additional major library updates so you always have modern, reliable libraries and tools when working with Sulu.
What is next?
We are still working on improving Sulu 3.0 and are working on stable releases of the Sulu 3.0 bundles. Thx for all who already tested the RC releases.
Your feedback shapes these releases. Report bugs or request features on GitHub, connect with us on Slack, or reach out through our website. We're listening.
