hooks System.Linq.Dynamic.Core's QueryOptimizer so OrderBy / ThenBy
selectors derived from ISortedResultRequest.Sorting are constrained to
plain property or field access; anything else throws AbpValidationException
- Clear configuration entry when Region or ServiceURL is set to null
- Annotate DeleteObjectsAsync prefix and continuationToken as nullable
- Replace vague Region placeholder in aws.md example
- Skip container wiring in test module when AWS credentials are absent
- Dispose AmazonS3Client in test cleanup
- Validate Region or ServiceURL early in DefaultAmazonS3ClientFactory
- Normalize trailing slash in ServiceURL test assertions
- Clarify Region and ServiceURL coupling in XML docs and aws.md
- Add DisablePayloadSigning configuration to send UNSIGNED-PAYLOAD instead of streaming chunked signature, required by R2
- Make CreateS3ClientConfig async to allow subclasses to do I/O
- Document trailing-slash behavior of ServiceURL
- Extend test module to use external bucket with per-run prefix cleanup
- Document DisablePayloadSigning in aws.md and link from index.md
ABP dynamic HTTP client proxy uses HttpCompletionOption.ResponseHeadersRead,
but several paths in ClientProxyBase and DynamicHttpProxyInterceptor dropped
the response without disposing it, leaving the underlying connection
occupied until the server closed it or the client timed out.
Fixes#25475
Filter out UserExceptionInformer category from AbpExceptionHandlingLoggerProvider so logs written by the informer do not re-enter the same provider, which previously caused infinite recursion and a browser stack overflow.
Fixes#25463
- Narrow GetAbpRemoteServiceErrorAsync catch to JSON deserialization
exceptions (System.Text.Json + Newtonsoft) so OOM and other runtime
errors are no longer swallowed
- Dispose HttpResponseMessage in DownloadSourceCodeContentAsync via
finally block, matching the pattern used by sibling methods
- Use generic EnsureSuccessfulHttpResponseAsync for user-supplied
TemplateSource downloads so non-abp.io 401/403 responses don't show
a misleading abp.io license hint
- Add tests for Newtonsoft JsonException handling and non-JSON exception
propagation
Asserting GetType() == typeof(Exception) locks the test to the base
type. The remaining message assertions already cover the intent of
ensuring the underlying JSON parse error does not surface.
- Drop manual HttpResponseMessage dispose in DownloadSourceCodeContentAsync,
consistent with Volo.Abp.Http.Client.ClientProxyBase and ASP.NET Core OAuth
handlers (default HttpCompletionOption.ResponseContentRead does not need
manual disposal)
- Fix "occured" -> "occurred" typos in two log lines
- Remove unused using Microsoft.Extensions.Options from test
- RemoteServiceExceptionHandler: catch all non-cancellation exceptions
during error response deserialization (was only catching Newtonsoft
JsonReaderException, but the active serializer throws System.Text.Json
JsonException, leaking '<' is an invalid start of a value to users)
- AbpIoSourceCodeStore: wrap 401/403 responses from abp.io endpoints in
CliUsageException with login + license hint, so users get an actionable
message instead of HTML-as-JSON parse failure
- Add unit tests for RemoteServiceExceptionHandler covering HTML body,
valid JSON error, 5xx, and OperationCanceledException propagation
- SkiaSharp resizer now honors ImageResizeArgs.Mode (Stretch, Max, Min,
Crop, Pad, BoxPad) instead of stretching to the target dimensions
regardless of mode. None and Default normalize to Crop to match the
ImageSharp contributor.
- BoxPad now Max-fits the source into the target box first when the
source exceeds it, instead of cropping with negative offsets.
- SkiaSharp compressor caches the bitmap stream length before
SKBitmap.Decode takes ownership of it, so the post-encode size check
no longer accesses a disposed stream and tolerates non-seekable
inputs reaching the contributor directly.
- Add resizer tests for every mode (exact target size for fixed modes,
bounded size for Max/Min, pixel-level transparency check for BoxPad
with a source larger than the target), and a compressor test that
feeds a non-seekable stream directly to the contributor.
Existing tests only checked Result.Length which doesn't depend on
Position, so a contributor that forgot to seek the result stream back
to 0 would still pass. Add an explicit Position == 0 assertion plus a
CopyToAsync round-trip that compares the copied length against the
result stream length, so the same regression cannot slip in again.
- Add SkiaSharpImageCompressorContributor and SkiaSharpCompressOptions so
Volo.Abp.Imaging.SkiaSharp ships a compressor alongside its existing
resizer.
- Bump Magick.NET-Q16-AnyCPU 14.9.1 -> 14.13.0 to clear the
NU1901/NU1902/NU1903 advisories.
- Mirror _models with Dictionary<TState, ...> populated in AddCheckModels
- GetModelOrNull goes through the dict, matching IsEnabledAsync's first-wins
- Pin first-wins via a regression test
- Add state-aware overload to ISimpleStateCheckerSerializer/Contributor
- Features and Permissions contributors recognise their batch checker and emit a per-state record
- PermissionDefinitionSerializer threads the owning permission through
- Pin equality semantics to match the batch runtime (default comparer)
When a state has multiple batch checkers (e.g. RequirePermissions plus
RequireFeatures), the per-state result was overwritten on every checker
pass, so a later 'true' silently masked an earlier 'false'. AND-combine
the results to require all checkers to pass.
- Soften IsSandboxed XML doc as a best-effort marker
- Replace #XXXXX placeholders with #25399
- Set Scriban MemberFilter to allowlist public properties only,
blocking method/field access and reflection escape paths
- Update Razor and Scriban safe-runtime docs to match
- Add reflection-escape, method-invocation and nested-property
tests for Scriban
ITemplateRenderingEngine exposes a new IsSandboxed property so callers can
decide whether editing a template requires elevated trust.
- TemplateRenderingEngineBase provides a virtual default of false (secure-by-default)
- RazorTemplateRenderingEngine declares IsSandboxed=false (compiles to .NET assembly via Roslyn)
- ScribanTemplateRenderingEngine declares IsSandboxed=true (DSL without .NET interop)
- Razor integration docs and TextTemplateManagement docs document the implications
- Migration guide for ABP 10.4 documents the new abstraction member
InMemoryDynamicBackgroundWorker indirectly implements ISingletonDependency
via IBackgroundWorker, so conventional registration tries to register it
as a service. Its constructor takes a string workerName parameter that
the DI container cannot resolve, which crashes any host that runs
ServiceCollection validation (e.g. ASP.NET Core in Development, where
WebApplicationBuilder.Build() enables ValidateOnBuild). The dynamic worker
is created on demand by DefaultDynamicBackgroundWorkerManager and must
not be auto-registered, so mark it with [DisableConventionalRegistration].
- Look up the existing aria-describedby attribute with OrdinalIgnoreCase to match the casing rules used by HTML and TagHelperAttributeList
- Tokenize the existing value on all ASCII whitespace (space, tab, newline, carriage return, form feed) instead of just the literal space
- Cover the whitespace-separated case with a new test
Cover the new aria-describedby behaviour for <abp-input>:
- form-text rendered as <div>
- aria-describedby reaches the final HTML
- no-id case skips the InfoText id and aria-describedby
- caller-supplied aria-describedby is preserved (append + dedupe)
- [InputInfoText] attribute path produces a single aria-describedby
- Add TagHelperOutputExtensions.AppendAriaDescribedby helper that preserves caller-supplied tokens (space-separated id list) and dedupes
- Replace SetAttribute calls in AddInfoTextId/GetInfoAsHtml of abp-input/abp-select with the helper
- Cover the consumer-provided aria-describedby case with a new test
- Stop using the localized text as the aria-describedby value in AddInfoTextId; reference the actual id directly
- Skip rendering the InfoText id and aria-describedby when the input/select has no id (or an empty one) so the form never renders a non-unique "InfoText" id
- Cover the no-id case with a new test
- Move inputTag.Render after GetInfoAsHtml so aria-describedby reaches the final HTML
- Replace Attributes.Add with Attributes.SetAttribute for aria-describedby to avoid duplicates when [InputInfoText] and info="..." are both present
- Apply the same fixes to AbpInputTagHelperService for consistency
- Cover the [InputInfoText] attribute path with an additional test
- Extract provider name mapping into EfCoreDatabaseProviderHelper
- Match provider names by Contains instead of exact switch, so newer assembly names (e.g. MySql.EntityFrameworkCore) are recognized without code changes
- Add unit tests covering real provider assemblies and string fallbacks
maliming
copilot-swe-agent[bot]
Engincan VESKE
SALİH ÖZKARA