Timber Timber Versions Save

Create WordPress themes with beautiful OOP code and the Twig Template Engine

v2.1.0

3 weeks ago

2.1.0 (2024-04-10)

Security fix

  • Fix a security vulnerability where a file processed through Timber image operations could possibly execute arbitrary code in certain circumstances (13c6b0f).

Details The vulnerability could be exploited if your website processes user file inputs (like a form upload) or sideloaded images directly with one of the Timber image operations like Resize, Letterbox, Retina, ToJpg or ToWebp without prior checks whether the uploaded files are really images. We couldn’t replicate the vulnerability in a default WordPress installation, where a user uploads files through the media library. But there could be cases where your website might be vulnerable if a user can upload files in another way.

[!IMPORTANT] This vulnerability only exists for websites running on PHP 7.4.

Features

  • Add new timber/cache/transient_key filter to cache methods for transient key used for caching (#2878) (b347677)
  • Add new timber/image_helper/sideload_image/basename filter for sideloaded images basename (e4ff72f)
  • Add new timber/output/pre-cach filter to $output before it is cached (#2910) (d1356fd)
  • Add User::is_current() and User::profile_link() methods (#2924) (b048da8)
  • Add WordPress escaping functions via Twig filters (#2933) (a88aa00)
  • Allow pagination object to be generated using $prefs only (99219a9) and (2834fd4)
  • Bump php-stubs/acf-pro-stubs to ^6.0 (ac17052)
  • Update ECS config and apply standards (#2893) (71111e1)

Bug Fixes

  • Add classes in MenuItem (#2905) (7e00eeb)
  • Allow overwrite of default avatar in comments. (#2786) (9c6e0e3), closes #2468
  • Fix minor coding style issue in loader.php to make ECS happy (#2950) (6e8b6ab)
  • Ignore acf_get_field_type void errors (441ef9e)
  • Make PostIterator::last_post() nullable (#2918) (064dde7)
  • Prevent unneeded blog switching in multisite env (#2781) (d81f995)
  • Fix unnecessary lowercasing parameters in Timber\URLHelper (#2877) (664ea62)
  • Fix some file permissions in docs (#2842) (337d54d)
  • Tests: Split test running for integrations (plugins) (#2904) (8d03809)
  • Tests: Fix tests failing since Twig 3.8.0 (#2895) (f4a233e)
  • Tests: Fix missing constants in static analysis test (ae50ccd)
  • Tests: Use new filter in tests (c12e9af)
  • Tests: Fix phpstan tests by (#2886)
  • Docs: Simplify an if-check in the ACF docs (96d2874)

Miscellaneous Chores

  • Add script descriptions in Composer file (#2951) (5785128)
  • Add Timber authors (567475e)
  • Create SECURITY.md (#2939) (be36065)
  • Remove Lando config (#2899) (6fa8ffc)
  • Update links in CONTRIBUTING.md (3b2c855)
  • deps: bump lycheeverse/lychee-action from 1.8.0 to 1.9.1 (1ca79af)
  • deps: bump lycheeverse/lychee-action from 1.9.1 to 1.9.3 (#2907) (eecfb03)
  • deps: bump peter-evans/create-issue-from-file from 4 to 5 (#2906) (64703f8)
  • deps: bump ramsey/composer-install from 2 to 3 (#2941) (97010c4)
  • deps: bump tj-actions/changed-files from 39 to 42 (964f11a)

New Contributors

Full Changelog: https://github.com/timber/timber/compare/2.0.0...v2.1.0

1.24.1

3 weeks ago

Security fix

  • Fix a security vulnerability where a file processed through Timber image operations could possibly execute arbitrary code in certain circumstances.

Details
The vulnerability could be exploited if your website processes user file inputs (like a form upload) or sideloaded images directly with one of the Timber image operations like Resize, Letterbox, Retina, ToJpg or ToWebp without prior checks whether the uploaded files are really images. We couldn’t replicate the vulnerability in a default WordPress installation, where a user uploads files through the media library. But there could be cases where your website might be vulnerable if a user can upload files in another way.

[!IMPORTANT] This vulnerability only exists for websites running on PHP 7.4 or lower.

What’s changed

Contributors

Full Changelog: https://github.com/timber/timber/compare/1.24.0...1.24.1

1.23.1

3 weeks ago

Security fix

  • Fix a security vulnerability where a file processed through Timber image operations could possibly execute arbitrary code in certain circumstances.

Details
The vulnerability could be exploited if your website processes user file inputs (like a form upload) or sideloaded images directly with one of the Timber image operations like Resize, Letterbox, Retina, ToJpg or ToWebp without prior checks whether the uploaded files are really images. We couldn’t replicate the vulnerability in a default WordPress installation, where a user uploads files through the media library. But there could be cases where your website might be vulnerable if a user can upload files in another way.

[!IMPORTANT] This vulnerability only exists for websites running on PHP 7.4 or lower.

What’s changed

Contributors

  • @Sonicrrrr reported the security vulnerability. Thanks!

Full Changelog: https://github.com/timber/timber/compare/1.23.0...1.23.1

1.24.0

3 months ago

[!WARNING] Important information about Timber v1 With the release of Timber 2.0, we will not work on Timber v1 anymore. Please upgrade to Timber v2 as soon as you can.

In Timber v2, Composer is the only supported installation method. We are unable to continue releasing or supporting Timber as a plugin on WordPress.org. We advise everyone to switch to the Composer based install of Timber 1 as a first step.

For more information and a list of additional resources, please visit this https://github.com/timber/timber/discussions/2804.

Bugfixes

New Contributors

Full Changelog: https://github.com/timber/timber/compare/1.23.0...1.24.0

2.0.0

5 months ago

Timber 2.0 is a big update. There are a lot of breaking changes. You need to thoroughly test your websites in your local development environment before update your live websites.

You can install Timber 2.0 by following the Installation Guide. When installing Timber through Composer, you need to require the 2.0.0 version:

composer require timber/timber:^2.0

Documentation

In case you find errors, please open an issue. In case you’re stuck or have questions, create a discussion.

What’s new in Timber 2.0

For information on what’s new in Timber 2.0, follow the Upgrade Guide.

Dropping plugin support

Timber 2.0 is not available as a WordPress plugin anymore, but will only be available as a Composer package. If you’re still using the plugin version of Timber 1.0, you might want to switch to the Composer version first. You can find more information about this in the following links:

The overall goals of Timber 2.0 include:

  • Making Timber’s functions and methods more consistent.
  • Making Timber easier to handle and extend.
  • Refactoring how Timber Core works under the hood to improve compatibility with WordPress Core and be ready for future challenges.
  • Making Timber more compatible with other plugins.

High-level changes include:

What’s changed since 2.0.0-rc.1

Here’s what’s changed since the last 2.0.0-rc.1 release. (Full Changelog: https://github.com/timber/timber/compare/2.0.0-rc.1...2.0.0)

Changes

Bugfixes

Documentation

Become a sponsor

Do you love using Timber for your projects? Consider supporting us by becoming a sponsor. Your sponsorship helps us maintain & improve Timber for everyone! 💚🌲 Join the Timber family today.

1.23.0

6 months ago

This release coincides with the final version to the WordPress.org site. To streamline future support and upgrades, the Timber Team is focused on Composer as the formal release channel.

With the upcoming release of Timber 2.0, we will not release a 2.0 version and beyond as a plugin, but only as a Composer package. We advise everyone to switch to the Composer based install as soon as possible.

Switching to the Composer based version

What's Changed

New Contributors

Full Changelog: https://github.com/timber/timber/compare/1.22.1...1.23.0

2.0.0-rc.1

9 months ago

This is the first Release Candidate of the new Timber 2.0 version. Please test this version thoroughly. In case you find errors, please open an issue. In case you have questions, create a discussion.

If you want to stay updated on the next steps, subscribe to Roadmap for Timber 2.0.

You can try out the next Timber version by following the Installation Guide. When installing Timber through Composer, you need to require the 2.0.0-rc.1 version:

composer require timber/timber:2.0.0-rc.1

What’s changed

Here’s what’s changed since the last 2.0.0-beta.2 release. For information on what's new in version 2.0, please see the Upgrade Guide

Changes

Removals

Bug fixes

Documentation

Testing and tools

New Contributors

Full Changelog: https://github.com/timber/timber/compare/2.0.0-beta.2...2.0.0-rc.1

Become a sponsor

Do you love using Timber for your projects? Consider supporting us by becoming a sponsor. Your sponsorship helps us maintain & improve Timber for everyone! 💚🌲 Join the Timber family today.

2.0.0-beta.2

11 months ago

This is the second beta of the new Timber 2.0 version. A release candidate should follow before summer. If you want to stay updated on the next steps, then subscribe to the Roadmap for Timber 2.0 issue.

You can try out the next Timber version by following the Installation Guide. When installing Timber through Composer, you need to require the 2.0.0-beta.2 version:

composer require timber/timber:2.0.0-beta.2

In case you find errors, please open an issue. In case you have questions, create a discussion.

What’s changed

Here’s what’s changed since the last 2.0.0-beta.1 release.

Merged in from 1.x

New features

Bugfixes and cleanup

Removals

Testing and tools

Documentation

New Contributors

Full Changelog: https://github.com/timber/timber/compare/2.0.0-beta.1...2.0.0-beta.2

Become a sponsor

Do you love using Timber for your projects? Consider supporting us by becoming a sponsor. Your sponsorship helps us maintain & improve Timber for everyone! 💚🌲 Join the Timber family today.

1.22.1

1 year ago

What's Changed

Full Changelog: https://github.com/timber/timber/compare/1.22.0...1.22.1

1.22.0

1 year ago

This resolves issues with a prior deploy of 1.21.0 to WP.org by correctly targeting the versions of Twig and PHP.

What's Changed

Full Changelog: https://github.com/timber/timber/compare/1.21.0...1.22.0