From f22730edca97de078422deb0ceaf4fa5abb9dace Mon Sep 17 00:00:00 2001 From: Adam Daley Date: Sat, 11 Jul 2026 13:40:54 +0100 Subject: [PATCH 1/6] Update docs banner for 0.8.4 release --- src/content/docs/index.mdoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/content/docs/index.mdoc b/src/content/docs/index.mdoc index 23b0ae8..ed866ac 100644 --- a/src/content/docs/index.mdoc +++ b/src/content/docs/index.mdoc @@ -4,8 +4,8 @@ description: Learn what FOSSBilling is, where to start, and how to get involved tableOfContents: false banner: content: | - 0.8.3 is here! Check out the - release notes + 0.8.4 is here! Check out the + release notes and the 0.7 → 0.8 upgrade guide for details. --- From 25f9a1ee948de856251ef28112c7669492c68912 Mon Sep 17 00:00:00 2001 From: Adam Daley Date: Sat, 11 Jul 2026 17:49:44 +0100 Subject: [PATCH 2/6] Document 0.8.4 upgrade and changelog details --- .../docs/maintenance/Updating/0-7-to-0-8.mdoc | 10 ++++++++++ src/content/docs/maintenance/changelog.mdoc | 17 +++++++++++++++++ 2 files changed, 27 insertions(+) diff --git a/src/content/docs/maintenance/Updating/0-7-to-0-8.mdoc b/src/content/docs/maintenance/Updating/0-7-to-0-8.mdoc index 3b0f074..6dfa2d2 100644 --- a/src/content/docs/maintenance/Updating/0-7-to-0-8.mdoc +++ b/src/content/docs/maintenance/Updating/0-7-to-0-8.mdoc @@ -504,6 +504,16 @@ Cron jobs now carry an `is_cron` flag, and the system no longer falls back to an Custom modules that relied on admin-level permission fallback during cron runs (e.g. for subscription renewals, deposit payments) need review. Use the `is_cron` flag to determine context and ensure your module works with the correct identity during cron. {% /aside %} +## Admin Permissions Group Rework (0.8.4) + +Admin permissions have moved from per-user to a Doctrine-backed group model. Each staff member belongs to a group; permissions are set at the group level. + +{% aside type="caution" %} +Custom modules or themes that check permissions directly via `$staff->hasPermission(...)` or inspect the `role`/`permissions` fields on the staff entity may need updating. The `manage_settings` permission is now enforced on extension configuration pages. +{% /aside %} + +Existing staff are auto-migrated to temporary groups on upgrade, and `manage_settings` is backfilled to all groups to preserve prior behavior. After updating, review your groups under **System** → **Staff Groups** and assign permissions. Use the `has_permission` Twig function for template checks; in PHP, use the staff service's group-aware methods instead of reading the `permissions` field directly. + ## Deprecations & Removals (Summary) | Component | Status | Notes | diff --git a/src/content/docs/maintenance/changelog.mdoc b/src/content/docs/maintenance/changelog.mdoc index 7728ff7..019d338 100644 --- a/src/content/docs/maintenance/changelog.mdoc +++ b/src/content/docs/maintenance/changelog.mdoc @@ -18,6 +18,23 @@ FOSSBilling publishes release notes and tagged versions on GitHub. Use the links For the latest changes, start with the [most recent release](https://github.com/FOSSBilling/FOSSBilling/releases/latest). +### Version 0.8.4 + +| Area | Summary | +|------|---------| +| **Breaking: Admin Permissions** | Admin permissions reworked from per-user to a group-based model. Existing staff are auto-migrated to temporary groups on upgrade. Custom modules/themes checking permissions directly may need updating. | +| **Security** | Server manager credentials masked in API/admin UI; `manage_settings` permission enforced on extension config pages; Stripe webhooks require signing secret; server manager input hardened | +| **Stripe** | Recurring subscriptions via Setup Intents and webhooks; invoice paid webhook and currency normalization | +| **Client Profiles** | Per-user timezone support; country code selector and number formatter; custom client fields sorted and cap raised to 20; custom client IDs exposed in API | +| **Knowledge Base** | Migrated to Doctrine with improved search, view counts, and canned responses; Markdown-safe sanitization for ticket/KB messages | +| **Admin UX** | Ticket replies editable with revision history; staff notification emails scoped to admin groups; ribbon-style suspended badges; rate limit management UI; Discord community button | +| **Invoicing** | PDF invoice attachment to emails; configurable reminder intervals; zero-price order invoices; price validation at order creation; renewal price and duplicate-payment fixes | +| **Bug Fixes** | MySQL 8.0.22+ REGEXP charset conflict in patches 67/74; registrar adapter autoloader fix; PayPal duplicate subscription handling; Product Promotions crash on NULL flags; domain double-activation fix; UpdatePatcher undefined method from 0.6.x upgrades; Twig 500 error pages; cron defaults on fresh installs; DirectAdmin account deletion recovery | +| **Development** | Email, Extension, Support modules migrated to Doctrine; frontend JS migrated to TypeScript; document fields migrated to custom client fields | +| **Dependencies** | Twig v3.28.0; CKEditor 5 v48.3.0; Sentry v4.29.0; Stripe PHP v20.3.0; PostCSS v8.5.16; Autoprefixer v10.5.2; Rector v2.5.0 | + +[View the full 0.8.4 release notes](https://github.com/FOSSBilling/FOSSBilling/releases/tag/0.8.4) for the complete list of changes. + ### Version 0.8.3 | Area | Summary | From 147bdcf486ea6755a4cd9e0d096b197ff81b6b8d Mon Sep 17 00:00:00 2001 From: Adam Daley Date: Sat, 11 Jul 2026 17:55:19 +0100 Subject: [PATCH 3/6] Update src/content/docs/maintenance/Updating/0-7-to-0-8.mdoc Co-authored-by: cubic-dev-ai[bot] <191113872+cubic-dev-ai[bot]@users.noreply.github.com> --- src/content/docs/maintenance/Updating/0-7-to-0-8.mdoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/content/docs/maintenance/Updating/0-7-to-0-8.mdoc b/src/content/docs/maintenance/Updating/0-7-to-0-8.mdoc index 6dfa2d2..dd7be87 100644 --- a/src/content/docs/maintenance/Updating/0-7-to-0-8.mdoc +++ b/src/content/docs/maintenance/Updating/0-7-to-0-8.mdoc @@ -506,7 +506,7 @@ Custom modules that relied on admin-level permission fallback during cron runs ( ## Admin Permissions Group Rework (0.8.4) -Admin permissions have moved from per-user to a Doctrine-backed group model. Each staff member belongs to a group; permissions are set at the group level. +Admin permissions have moved from per-user to a Doctrine-backed group model. Staff members can belong to multiple groups; permissions are set at the group level. {% aside type="caution" %} Custom modules or themes that check permissions directly via `$staff->hasPermission(...)` or inspect the `role`/`permissions` fields on the staff entity may need updating. The `manage_settings` permission is now enforced on extension configuration pages. From f7006e3884e197843e5e274ce3c9d9dd6abc153b Mon Sep 17 00:00:00 2001 From: Adam Daley Date: Sat, 11 Jul 2026 17:55:33 +0100 Subject: [PATCH 4/6] Update src/content/docs/maintenance/changelog.mdoc Co-authored-by: cubic-dev-ai[bot] <191113872+cubic-dev-ai[bot]@users.noreply.github.com> --- src/content/docs/maintenance/changelog.mdoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/content/docs/maintenance/changelog.mdoc b/src/content/docs/maintenance/changelog.mdoc index 019d338..a90810d 100644 --- a/src/content/docs/maintenance/changelog.mdoc +++ b/src/content/docs/maintenance/changelog.mdoc @@ -31,7 +31,7 @@ For the latest changes, start with the [most recent release](https://github.com/ | **Invoicing** | PDF invoice attachment to emails; configurable reminder intervals; zero-price order invoices; price validation at order creation; renewal price and duplicate-payment fixes | | **Bug Fixes** | MySQL 8.0.22+ REGEXP charset conflict in patches 67/74; registrar adapter autoloader fix; PayPal duplicate subscription handling; Product Promotions crash on NULL flags; domain double-activation fix; UpdatePatcher undefined method from 0.6.x upgrades; Twig 500 error pages; cron defaults on fresh installs; DirectAdmin account deletion recovery | | **Development** | Email, Extension, Support modules migrated to Doctrine; frontend JS migrated to TypeScript; document fields migrated to custom client fields | -| **Dependencies** | Twig v3.28.0; CKEditor 5 v48.3.0; Sentry v4.29.0; Stripe PHP v20.3.0; PostCSS v8.5.16; Autoprefixer v10.5.2; Rector v2.5.0 | +| **Dependencies** | Twig v3.28.0; CKEditor 5 v48.3.0; Sentry v4.29.0; Stripe PHP v20.3.1; PostCSS v8.5.16; Autoprefixer v10.5.2; Rector v2.5.5 | [View the full 0.8.4 release notes](https://github.com/FOSSBilling/FOSSBilling/releases/tag/0.8.4) for the complete list of changes. From 84d1c61e39c0bdc3485dfc920dabc8a58addc4a6 Mon Sep 17 00:00:00 2001 From: Adam Daley Date: Sat, 11 Jul 2026 17:56:08 +0100 Subject: [PATCH 5/6] Update src/content/docs/maintenance/Updating/0-7-to-0-8.mdoc Co-authored-by: cubic-dev-ai[bot] <191113872+cubic-dev-ai[bot]@users.noreply.github.com> --- src/content/docs/maintenance/Updating/0-7-to-0-8.mdoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/content/docs/maintenance/Updating/0-7-to-0-8.mdoc b/src/content/docs/maintenance/Updating/0-7-to-0-8.mdoc index dd7be87..1c8b1be 100644 --- a/src/content/docs/maintenance/Updating/0-7-to-0-8.mdoc +++ b/src/content/docs/maintenance/Updating/0-7-to-0-8.mdoc @@ -512,7 +512,7 @@ Admin permissions have moved from per-user to a Doctrine-backed group model. Sta Custom modules or themes that check permissions directly via `$staff->hasPermission(...)` or inspect the `role`/`permissions` fields on the staff entity may need updating. The `manage_settings` permission is now enforced on extension configuration pages. {% /aside %} -Existing staff are auto-migrated to temporary groups on upgrade, and `manage_settings` is backfilled to all groups to preserve prior behavior. After updating, review your groups under **System** → **Staff Groups** and assign permissions. Use the `has_permission` Twig function for template checks; in PHP, use the staff service's group-aware methods instead of reading the `permissions` field directly. +Existing staff group assignments are migrated automatically, with legacy non-admin staff from the old default group assigned to the **Migrated staff** group. For untouched legacy groups, `manage_settings` is backfilled on modules where access was already granted to preserve prior behavior. After updating, review staff group assignments and permissions in the admin panel. Use the `has_permission` Twig function for template checks; in PHP, use the staff service's group-aware methods instead of reading the `permissions` field directly. ## Deprecations & Removals (Summary) From 3bc3043782b0b769fcfc23647a94d149b2ba5760 Mon Sep 17 00:00:00 2001 From: Adam Daley Date: Sat, 11 Jul 2026 18:02:14 +0100 Subject: [PATCH 6/6] Update src/content/docs/maintenance/Updating/0-7-to-0-8.mdoc Co-authored-by: cubic-dev-ai[bot] <191113872+cubic-dev-ai[bot]@users.noreply.github.com> --- src/content/docs/maintenance/Updating/0-7-to-0-8.mdoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/content/docs/maintenance/Updating/0-7-to-0-8.mdoc b/src/content/docs/maintenance/Updating/0-7-to-0-8.mdoc index 1c8b1be..9e34f03 100644 --- a/src/content/docs/maintenance/Updating/0-7-to-0-8.mdoc +++ b/src/content/docs/maintenance/Updating/0-7-to-0-8.mdoc @@ -512,7 +512,7 @@ Admin permissions have moved from per-user to a Doctrine-backed group model. Sta Custom modules or themes that check permissions directly via `$staff->hasPermission(...)` or inspect the `role`/`permissions` fields on the staff entity may need updating. The `manage_settings` permission is now enforced on extension configuration pages. {% /aside %} -Existing staff group assignments are migrated automatically, with legacy non-admin staff from the old default group assigned to the **Migrated staff** group. For untouched legacy groups, `manage_settings` is backfilled on modules where access was already granted to preserve prior behavior. After updating, review staff group assignments and permissions in the admin panel. Use the `has_permission` Twig function for template checks; in PHP, use the staff service's group-aware methods instead of reading the `permissions` field directly. +Existing staff group assignments are migrated automatically, with legacy non-admin staff from the old default group assigned to the **Migrated staff** group. For untouched legacy groups, `manage_settings` is backfilled on selected core modules where access was already granted to preserve prior behavior. After updating, review staff group assignments and permissions in the admin panel. Use the `has_permission` Twig function for template checks; in PHP, use the staff service's group-aware methods instead of reading the `permissions` field directly. ## Deprecations & Removals (Summary)