A minor patch to fix a bug in collection pagination.

A minor maintenance release to harden the WebAuthn service class.

A minor patch:

Tighten access-control-origin header, close open redirects, improve validation and add resource limits to JS.

Tuskfish CMS now supports login with Windows Hello, Touch ID, Face ID, iOS and Android devices, and hardware security keys like the Yubikey. This is implemented as a second factor after password check for two-factor authentication (2FA) login security.

Users can register and revoke their 2FA credentials by visiting Preferences => Two-Factor Authentication in the Admin panel. Registration of a credential only takes a few seconds. Once a credential is registered, two-factor login becomes mandatory, so it is a good idea to register more than one device to avoid lock out. Users can revert to simple password login by revoking all their 2FA credentials.

Technically this is an implementation of the FIDO 2 / WebAuthn standards. Users register passkeys from platform authenticators (Hello, Touch ID etc) or hardware security keys (CTAP2 authenticators). Credentials are public-key based and origin-bound; no shared secrets are stored.

Minor bugfixes:

Reverted cache writes to avoid use of remove(), as this function is normally disabled in php.ini; tidied cached file names (prevent param separator being used on first param); fixed bug in gallery logic that prevented dynamic changes in columns to suit display width.

Tuskfish V2.2 brings a lot of improvements, including a group permissions system to control access to routes and individual content items, fourteen new colourful themes, and a new default theme preference for flipping the look and fee. of your site. All content types can now be set as 'static' with a new 'in feed' toggle switch, there is optional support for better thumbnail generation and colour space support with ImageMagick 6 available. The entire codebase has been reviewed with AI assistance for bugs, security issues, and compliance with PHP 8.4/8.5, Bootstrap 5 and HTML5. Core libraries have been updated. Note: I pushed a minor bugfix update so the current version is 2.2.1.

Tuskfish 2.1 is a feature release that adds an extensible system for creating and managing blocks (the equivalent of 'widgets' in Wordpress or 'modules' in Joomla). Three block types ship by default: A Spotlight block for highlighting a particular piece of content, and 'Recent Content' block that lists the last X pieces of content filtered by tag and type, and custom HTML blocks. The code base has been updated to use recent language features. The minimum PHP version is now 8.3.

I was tempted to call this the "2025 update" but since I usually take leave in December and spend most of it tinkering, quite likely I'll do some of this before new year or at least by the end of January. The next Tuskfish CMS release will be version 2.1. Core functionality will remain unchanged, but I will add support for blocks, and if I can sort out a couple of issues, native multilanguage. Not a crappy hacked up multilanguage, but one that is baked into the core and seamless. I'll be making use of some of the more recent language features in PHP, which will raise the minimum version required to PHP 8.3. Please note that the contemporary versions of PHP are now V8.3 and V8.4, with V8.2 now end of life.

Tuskfish 2.0.8 is an incremental update with a bunch of small fixes and refinements. New features include an alternate compact template option for collections that displays child content as a list, support for a 3rd Yubikey hardware token, and extension of html toggling of content online status extended to admin search results. There are several improvements to the video templates as well: They are now responsive, and alternate selectable templates are available for common aspect ratios including 16:9, 4:3, 21:9 and 1:1.

Optional support for ImageMagick V6 is now available. This gives much better quality thumbnails than PHP's native GD2 library, but at the cost of some manual configuration. You need to:

• Have ImageMagic installed on your webserver (most hosting companies provide this).
• Access to PHP's exec() function must be enabled (it is often disabled by default through the disable_functions setting in php.ini).
• Swap in an alternative ResizeImage.php trait file (provided).
• Configure the file path to an sRGB.icc colour profile on your server (you can download one if necessary).
• Clear the image cache (html/cache), which will cause thumbnails to be rebuilt.

You can adjust the level of compression and sharpening in the trait file method createThumbnailWithExec().

Tuskfish 2.0.7 is a minor update to fix small bugs and add htmx support. Back end toggling of content on/offline now uses a htmx call to avoid reloading the whole page. This makes management easier when you have a large amount of content. The htmx library is now available in /vendor, but it is only used in the back end administrative theme.

Tuskfish 2.0.6 introduces automatic content expiry and sitemap update functionality, via a daily cron job script, updates third party libraries (jQuery 3.7.0, FontAwesome 6.4.0 and TinyMCE 6.4.2). A few bugs were fixed including custom RSS feed error if ID was empty, and indexing of soft 404 and enclosure links has been allowed.

Tuskfish 2.0.5 is a maintenance release with no new features, but updates to third party libaries (Bootstrap 5.2, DICE 4.03, FontAwesome 6.2, HTMLPurifier 4.14, jQuery 3.6.1). It includes one bugfix: .png compression was misconfigured (off), so automatic thumbnail generation in templates will now return vastly smaller file sizes.

A user management system is available as of Tuskfish v2.0.4, which allows trusted users to be enrolled as Editors who can create and edit content. The user management system is only accessible to the site Administrator, who is the gatekeeper for whom is allowed editorial privileges. Editors do not have access to the site preferences, but it is still a very sensitive role.

Tuskfish 2.0.3 brings compatibility with PHP 8.1, so if you want to wring the last few milliseconds of performance out of your site, use this version. New features include support for embedding Youtube videos, a sitemap generation facility, a 'minimum views' preference before displaying the views counter, and a live character counter for the meta description field. Third party libraries have also been updated, including adoption of Bootstrap 5.1.

Tuskfish 2 is a rewrite of Tuskfish CMS to adopt a strict model-view-viewmodel (+ controller) architecture (MVVM + C). You can think of it as traditional MVC except the view is split into a view and a viewModel to abstract the model/view relationship, which improves flexibility and reuse of components. A front end controller and static router have been added to allow custom URL schemes. With the adoption of namespaces, Tuskfish 2 is now a very modern (if small) PHP application.

Tuskfish 2 is a rewrite of Tuskfish CMS to adopt a strict model-view-viewmodel (+ controller) architecture. You can think of it as traditional MVC except the view is split into a view and a viewModel to abstract the model/view relationship, which improves flexibility and reuse of components. A front end controller and static router has been added to allow custom URL schemes. With the adoption of namespaces, Tuskfish 2 is now a very modern (if small) PHP application.

A maintenance release. Further internal refactoring to improve the structure and extensibility, and updates to third party libraries. An XSS vulnerability present in Bootstrap 4.0 has been patched through an update to Bootstrap V4.1.3.

Changelog:

• Add canonical URL link.
• Clean up base URL / links on index page (remove unnecessary 'index.php').
• Use title for image alt tag if no caption is set.
• Refactor of methods towards smaller logical components and improved compliance with the single responsibility principle.
• Removal of magic method accessors and mutators in favour of manual getters and setters.
• Improved error messages to increase clarity.
• Extended bad login count and retry delay to include 2-factor authentication.
• Fixes to pagination control.
• Implement admin side content object controller to clean up the admin script.
• Fix https://tuskfish.biz conversions in content module.
• Manually set cache limiter in some pages to avoid 'document expired' errors when using the browser back button.
• Bugfix for taglinks being deleted when a tag is edited.
• Update to FontAwesome 5.5.
• Update Bootstrap to V4.1.3 and remove unnecessary files.
• Remove popper.js library (now bundled in Bootstrap).
• Update TinyMCE to V4.8.5.