hooks System.Linq.Dynamic.Core's QueryOptimizer so OrderBy / ThenBy
selectors derived from ISortedResultRequest.Sorting are constrained to
plain property or field access; anything else throws AbpValidationException
- Clear configuration entry when Region or ServiceURL is set to null
- Annotate DeleteObjectsAsync prefix and continuationToken as nullable
- Replace vague Region placeholder in aws.md example
- Skip container wiring in test module when AWS credentials are absent
- Dispose AmazonS3Client in test cleanup
- Validate Region or ServiceURL early in DefaultAmazonS3ClientFactory
- Normalize trailing slash in ServiceURL test assertions
- Clarify Region and ServiceURL coupling in XML docs and aws.md
- Add DisablePayloadSigning configuration to send UNSIGNED-PAYLOAD instead of streaming chunked signature, required by R2
- Make CreateS3ClientConfig async to allow subclasses to do I/O
- Document trailing-slash behavior of ServiceURL
- Extend test module to use external bucket with per-run prefix cleanup
- Document DisablePayloadSigning in aws.md and link from index.md
The implicit DisplayTemplate context caused the Razor source generator
to compile 'context.Item as IHasExtraProperties' into
'context as IHasExtraProperties' (dropping the .Item access). Since
CellDisplayContext<TItem> itself does not implement IHasExtraProperties,
the cast was always null and the cell rendered empty.
Renaming the context with Context="rowContext" produces the correct
'rowContext.Item as IHasExtraProperties' codegen and the cell now
shows the property value.
ABP dynamic HTTP client proxy uses HttpCompletionOption.ResponseHeadersRead,
but several paths in ClientProxyBase and DynamicHttpProxyInterceptor dropped
the response without disposing it, leaving the underlying connection
occupied until the server closed it or the client timed out.
Fixes#25475
Filter out UserExceptionInformer category from AbpExceptionHandlingLoggerProvider so logs written by the informer do not re-enter the same provider, which previously caused infinite recursion and a browser stack overflow.
Fixes#25463
- Use CliUrls.WwwAbpIo instead of hardcoded abp.io host/URL in the
401/403 license hint, so dev/staging environments show the right URL
- Include server-provided RemoteServiceErrorResponse details (e.g. Code:
LicenseExpired) in the CliUsageException message when available
- Narrow GetAbpRemoteServiceErrorAsync catch to JSON deserialization
exceptions (System.Text.Json + Newtonsoft) so OOM and other runtime
errors are no longer swallowed
- Dispose HttpResponseMessage in DownloadSourceCodeContentAsync via
finally block, matching the pattern used by sibling methods
- Use generic EnsureSuccessfulHttpResponseAsync for user-supplied
TemplateSource downloads so non-abp.io 401/403 responses don't show
a misleading abp.io license hint
- Add tests for Newtonsoft JsonException handling and non-JSON exception
propagation
Asserting GetType() == typeof(Exception) locks the test to the base
type. The remaining message assertions already cover the intent of
ensuring the underlying JSON parse error does not surface.
- Drop manual HttpResponseMessage dispose in DownloadSourceCodeContentAsync,
consistent with Volo.Abp.Http.Client.ClientProxyBase and ASP.NET Core OAuth
handlers (default HttpCompletionOption.ResponseContentRead does not need
manual disposal)
- Fix "occured" -> "occurred" typos in two log lines
- Remove unused using Microsoft.Extensions.Options from test
- RemoteServiceExceptionHandler: catch all non-cancellation exceptions
during error response deserialization (was only catching Newtonsoft
JsonReaderException, but the active serializer throws System.Text.Json
JsonException, leaking '<' is an invalid start of a value to users)
- AbpIoSourceCodeStore: wrap 401/403 responses from abp.io endpoints in
CliUsageException with login + license hint, so users get an actionable
message instead of HTML-as-JSON parse failure
- Add unit tests for RemoteServiceExceptionHandler covering HTML body,
valid JSON error, 5xx, and OperationCanceledException propagation
Previously the SkiaSharp resizer ignored ImageResizeArgs.Mode entirely
and always stretched, so callers that never specified a mode were
implicitly relying on stretch output. Map None and Default to Stretch
to preserve that observable behavior while still honoring explicit
Max/Min/Crop/Pad/BoxPad values.
- SkiaSharp resizer now honors ImageResizeArgs.Mode (Stretch, Max, Min,
Crop, Pad, BoxPad) instead of stretching to the target dimensions
regardless of mode. None and Default normalize to Crop to match the
ImageSharp contributor.
- BoxPad now Max-fits the source into the target box first when the
source exceeds it, instead of cropping with negative offsets.
- SkiaSharp compressor caches the bitmap stream length before
SKBitmap.Decode takes ownership of it, so the post-encode size check
no longer accesses a disposed stream and tolerates non-seekable
inputs reaching the contributor directly.
- Add resizer tests for every mode (exact target size for fixed modes,
bounded size for Max/Min, pixel-level transparency check for BoxPad
with a source larger than the target), and a compressor test that
feeds a non-seekable stream directly to the contributor.
Existing tests only checked Result.Length which doesn't depend on
Position, so a contributor that forgot to seek the result stream back
to 0 would still pass. Add an explicit Position == 0 assertion plus a
CopyToAsync round-trip that compares the copied length against the
result stream length, so the same regression cannot slip in again.
Match the ImageSharp and Magick.NET resizer contributors which return
the result stream positioned at the start, so downstream consumers
read the bytes instead of getting an empty read at end-of-stream.
- Add SkiaSharpImageCompressorContributor and SkiaSharpCompressOptions so
Volo.Abp.Imaging.SkiaSharp ships a compressor alongside its existing
resizer.
- Bump Magick.NET-Q16-AnyCPU 14.9.1 -> 14.13.0 to clear the
NU1901/NU1902/NU1903 advisories.
- Mirror _models with Dictionary<TState, ...> populated in AddCheckModels
- GetModelOrNull goes through the dict, matching IsEnabledAsync's first-wins
- Pin first-wins via a regression test
- Add state-aware overload to ISimpleStateCheckerSerializer/Contributor
- Features and Permissions contributors recognise their batch checker and emit a per-state record
- PermissionDefinitionSerializer threads the owning permission through
- Pin equality semantics to match the batch runtime (default comparer)
When a state has multiple batch checkers (e.g. RequirePermissions plus
RequireFeatures), the per-state result was overwritten on every checker
pass, so a later 'true' silently masked an earlier 'false'. AND-combine
the results to require all checkers to pass.
MudBlazor 9 renders mud-tabs-vertical with the tabbar flush against the panels
container, making the active tab indicator visually touch the panel content.
Add 16px padding-inline-start on the panels area (and -end for the reverse layout)
so the tabbar and panels have breathing room.
MudBlazor 9 defaults .mud-input-label-inputcontrol to line-height: 1.15rem, which is
smaller than a typical 16px character with descenders. Letters like g, p, q, y in the
floated label visually clipped under the input baseline. Bump to 1.4rem so descenders
have room without enlarging the overall control.
Long label text (e.g. Turkish translations) on MudDatePicker / MudTimePicker overflowed
the input and visually overlapped the calendar toggle icon on the right. Reserve 40px
on the right for the end-adornment icon so the label clips with ellipsis.
- MudMenu: switch ActivatorContent to MenuContext.ToggleAsync pattern (v9 breaking)
- MudForm: rename Validate to ValidateAsync (v9.1 obsoletion)
- MudInput: replace AutoGrow with Sizing for textarea
- DataGrid: add white-space:nowrap on header to prevent CJK characters stacking vertically
- BlockUI: shrink loading spinner inside mud-dialog
- Search field: switch Label to Placeholder so the text shows next to the magnifier icon
- Soften IsSandboxed XML doc as a best-effort marker
- Replace #XXXXX placeholders with #25399
- Set Scriban MemberFilter to allowlist public properties only,
blocking method/field access and reflection escape paths
- Update Razor and Scriban safe-runtime docs to match
- Add reflection-escape, method-invocation and nested-property
tests for Scriban
ITemplateRenderingEngine exposes a new IsSandboxed property so callers can
decide whether editing a template requires elevated trust.
- TemplateRenderingEngineBase provides a virtual default of false (secure-by-default)
- RazorTemplateRenderingEngine declares IsSandboxed=false (compiles to .NET assembly via Roslyn)
- ScribanTemplateRenderingEngine declares IsSandboxed=true (DSL without .NET interop)
- Razor integration docs and TextTemplateManagement docs document the implications
- Migration guide for ABP 10.4 documents the new abstraction member
maliming
copilot-swe-agent[bot]
Engincan VESKE
Carlos Varela
Mohamed Nazem
SALİH ÖZKARA