2.3.1 (2024-12-18)

Bug Fixes

• Update Twig & twig/cache-extra dependencies to version 3.17 to fix unit tests (cbac2e0)
• Use correct deprecation_info for Twig callables (#3064) (72a013e)
• Fix bug with Attachment::path() method (#3073) (5434dde)
• Fix get location by ID in Timber::get_menu_location() (#3066) (5b33ba8)
• Fix bug when Timber::get_menu(0) returns alphabetically first menu instead of nothing (#3070) (d278f95)
• Fix avatar test (#3071) (0e65e54)

Full changelog

Full Changelog: v2.3.0...v2.3.1

New Contributors

• @ashmatadeen made their first contribution in #3057
• @mrfsrf made their first contribution in #3064

Become a sponsor

Do you love using Timber for your projects? Consider supporting us by becoming a sponsor. Your sponsorship helps us maintain & improve Timber for everyone! 💚🌲 Join the Timber family today.

2.3.0 (2024-11-08)

Features

• Add support for AVIF image format #3015 (#3019) (92716c1)

Bug Fixes

• Add more default arguments to Timber\PagesMenu::build() method (#3050) (c7aea5d)
• Apply Rector code standard on Timber\MenuItem (5d64d9a)
• Fix menu location compatibility with WPML (#2733) (8603855)
• Fix URI to FS parsing in Timber\ImageHelper (#3027) (87d3ef4), closes #3024
• Fixes an issue where in some cases images would not be rounded properly by image operations which lead to artifacts in images. (#3046) (10ab23d)
• Run CS fixes on codebase (#3047) (48dc3fc)

Miscellaneous Chores

• Add several files to export-ignore (0cd0cdf)
• deps: bump lycheeverse/lychee-action from 1.10.0 to 2.0.2 (#3053) (480534f)
• deps: bump tj-actions/changed-files from 44 to 45 (#3031) (880c0ff)
• Inherit funding from GitHub repo (5623a79)

Full changelog

Full Changelog: v2.2.0...v2.3.0

New Contributors

• @heybran made their first contribution in #3013
• @arlg made their first contribution in #3019
• @Jasonlgrd made their first contribution in #3034
• @SvenJuergens made their first contribution in #3042

Become a sponsor

Do you love using Timber for your projects? Consider supporting us by becoming a sponsor. Your sponsorship helps us maintain & improve Timber for everyone! 💚🌲 Join the Timber family today.

2.2.0 (2024-05-15)

Features

• Upgrade Timber minimum requirements (PHP 8.1 / WordPress 6.2 / Twig 3.5) and testing (#2970) (a2f0f07)
• Introduce Rector to upgrade code for PHP 8.1 (#2977) (9edf999)

Bug Fixes

• Allow Timber\PostExcerpt::read_more to accept bool value (#2937) (85e2a32)
• Fix a bug with URL check for avatars (#3002) (456c24e)
• Fix deprecation notice since twig 3.10 to now use EscaperRuntime instead of EscaperExtension (#2997) (295349b)
• Fix problem when an empty ACF taxonomy relationship field transform loads all terms instead of none. (#2960) (f95b82a)
• Fix regression in image resize where crops with the default crop setting (#2998) (8090247)
• Fix typos in codebase (#2968) (e40ceb3)
• Improve doing_it_wrong messages for using deprecated parameters in Timber::get_attachment() and Timber::get_image() (#2999) (e6cdf7e)
• Remove security patch not needed in PHP 8 (#2983) (8a30865)
• Update admin notice for minimum required WordPress version (#3001) (66e92a5)

Miscellaneous Chores

• deps: bump lycheeverse/lychee-action from 1.9.3 to 1.10.0 (#2980) (dd34720)
• deps: bump tj-actions/changed-files from 42 to 44 (#2959) (66eabe2)
• Set proper return types on build methods (#2976) (6b72908)
• Update all links in the codebase and documentation to https (#2947) (05af54f)

Full changelog

Full Changelog: v2.1.0...v2.2.0

New Contributors

• @baglio made their first contribution in #2991

Become a sponsor

Do you love using Timber for your projects? Consider supporting us by becoming a sponsor. Your sponsorship helps us maintain & improve Timber for everyone! 💚🌲 Join the Timber family today.

2.1.0 (2024-04-10)

Security fix

• Fix a security vulnerability where a file processed through Timber image operations could possibly execute arbitrary code in certain circumstances (13c6b0f).

Details
The vulnerability could be exploited if your website processes user file inputs (like a form upload) or sideloaded images directly with one of the Timber image operations like Resize, Letterbox, Retina, ToJpg or ToWebp without prior checks whether the uploaded files are really images. We couldn’t replicate the vulnerability in a default WordPress installation, where a user uploads files through the media library. But there could be cases where your website might be vulnerable if a user can upload files in another way.

Features

• Add new timber/cache/transient_key filter to cache methods for transient key used for caching (#2878) (b347677)
• Add new timber/image_helper/sideload_image/basename filter for sideloaded images basename (e4ff72f)
• Add new timber/output/pre-cach filter to $output before it is cached (#2910) (d1356fd)
• Add User::is_current() and User::profile_link() methods (#2924) (b048da8)
• Add WordPress escaping functions via Twig filters (#2933) (a88aa00)
• Allow pagination object to be generated using $prefs only (99219a9) and (2834fd4)
• Bump php-stubs/acf-pro-stubs to ^6.0 (ac17052)
• Update ECS config and apply standards (#2893) (71111e1)

Bug Fixes

• Add classes in MenuItem (#2905) (7e00eeb)
• Allow overwrite of default avatar in comments. (#2786) (9c6e0e3), closes #2468
• Fix minor coding style issue in loader.php to make ECS happy (#2950) (6e8b6ab)
• Ignore acf_get_field_type void errors (441ef9e)
• Make PostIterator::last_post() nullable (#2918) (064dde7)
• Prevent unneeded blog switching in multisite env (#2781) (d81f995)
• Fix unnecessary lowercasing parameters in Timber\URLHelper (#2877) (664ea62)
• Fix some file permissions in docs (#2842) (337d54d)
• Tests: Split test running for integrations (plugins) (#2904) (8d03809)
• Tests: Fix tests failing since Twig 3.8.0 (#2895) (f4a233e)
• Tests: Fix missing constants in static analysis test (ae50ccd)
• Tests: Use new filter in tests (c12e9af)
• Tests: Fix phpstan tests by (#2886)
• Docs: Simplify an if-check in the ACF docs (96d2874)

Miscellaneous Chores

• Add script descriptions in Composer file (#2951) (5785128)
• Add Timber authors (567475e)
• Create SECURITY.md (#2939) (be36065)
• Remove Lando config (#2899) (6fa8ffc)
• Update links in CONTRIBUTING.md (3b2c855)
• deps: bump lycheeverse/lychee-action from 1.8.0 to 1.9.1 (1ca79af)
• deps: bump lycheeverse/lychee-action from 1.9.1 to 1.9.3 (#2907) (eecfb03)
• deps: bump peter-evans/create-issue-from-file from 4 to 5 (#2906) (64703f8)
• deps: bump ramsey/composer-install from 2 to 3 (#2941) (97010c4)
• deps: bump tj-actions/changed-files from 39 to 42 (964f11a)

New Contributors

• @expedition-robin-martijn made their first contribution in #2877
• @rubas made their first contribution in #2918
• @jl-a made their first contribution in #2910
• @phasdev made their first contribution in #2863
• @ecupaio made their first contribution in #2945
• @jasalt made their first contribution in #2962
• @Sonicrrrr reported a security vulnerability. Thanks!
• @dependabot made their first contribution in #2885
• @github-actions made their first contribution in #2913

Full Changelog: 2.0.0...v2.1.0

Security fix

• Fix a security vulnerability where a file processed through Timber image operations could possibly execute arbitrary code in certain circumstances.

Details
The vulnerability could be exploited if your website processes user file inputs (like a form upload) or sideloaded images directly with one of the Timber image operations like Resize, Letterbox, Retina, ToJpg or ToWebp without prior checks whether the uploaded files are really images. We couldn’t replicate the vulnerability in a default WordPress installation, where a user uploads files through the media library. But there could be cases where your website might be vulnerable if a user can upload files in another way.

What’s changed

• Allow the Timber\PostPreview::read_more to accept a boolean value by @gerardo-rodriguez in #2578
• Fix tests failing with WordPress 6.4 by @gchtr in #2964
• Remove functionality that disabled updates via the dashboard for major and minor releases by @Levdbas in #2963

Contributors

• @Sonicrrrr reported the security vulnerability. Thanks!
• @gerardo-rodriguez made their first contribution in #2578

Full Changelog: 1.24.0...1.24.1

Security fix

• Fix a security vulnerability where a file processed through Timber image operations could possibly execute arbitrary code in certain circumstances.

Details
The vulnerability could be exploited if your website processes user file inputs (like a form upload) or sideloaded images directly with one of the Timber image operations like Resize, Letterbox, Retina, ToJpg or ToWebp without prior checks whether the uploaded files are really images. We couldn’t replicate the vulnerability in a default WordPress installation, where a user uploads files through the media library. But there could be cases where your website might be vulnerable if a user can upload files in another way.

What’s changed

• Fix tests failing with WordPress 6.4 by @gchtr in #2964
• Remove functionality that disabled updates via the dashboard for major and minor releases by @Levdbas in #2963

Contributors

• @Sonicrrrr reported the security vulnerability. Thanks!

Full Changelog: 1.23.0...1.23.1

Bugfixes

• Fixed dynamic properties warnings in PHP 8.2 by @trsteel88 in #2860
• Fixed a type error when a WebP image can’t be generated by @marleylinku in #2865

New Contributors

• @trsteel88 made their first contribution in #2860
• @marleylinku made their first contribution in #2865

Full Changelog: 1.23.0...1.24.0

Timber 2.0 is a big update. There are a lot of breaking changes. You need to thoroughly test your websites in your local development environment before update your live websites.

You can install Timber 2.0 by following the Installation Guide. When installing Timber through Composer, you need to require the 2.0.0 version:

composer require timber/timber:^2.0

Documentation

• 📚 Documentation for Timber 2.0
• 🆙 Upgrade Guide for Timber 2.0

In case you find errors, please open an issue. In case you’re stuck or have questions, create a discussion.

What’s new in Timber 2.0

For information on what’s new in Timber 2.0, follow the Upgrade Guide.

Dropping plugin support

Timber 2.0 is not available as a WordPress plugin anymore, but will only be available as a Composer package. If you’re still using the plugin version of Timber 1.0, you might want to switch to the Composer version first. You can find more information about this in the following links:

• Announcement: Dropping support for the plugin version of Timber
• Guide: How do I switch over from the plugin version to the Composer based version of Timber?

The overall goals of Timber 2.0 include:

• Making Timber’s functions and methods more consistent.
• Making Timber easier to handle and extend.
• Refactoring how Timber Core works under the hood to improve compatibility with WordPress Core and be ready for future challenges.
• Making Timber more compatible with other plugins.

High-level changes include:

• Compatibility with the newest version of PHP.
• A newer, streamlined API for accessing Posts, Terms, Users, Comments and Menus.
• An upgraded Context.
• A new Attachment class for WordPress attachments that are not images.
• A big update for how fetching meta values works.
• Better integration with the WordPress Date and Time functionality.
• Better options to control and extend Twig.
• Class Maps for a more loosely coupled way to extend Timber with your own Post, Term, User, Menu, MenuItem, and Comment objects.
• No more direct instantiation of the classes mentioned above. Use Class Maps instead.
• New PostCollectionInterface for a unified way to deal with various lists of posts.
• An updated WP-CLI integration.
• A new way to add your own Integrations for Timber.

What’s changed since 2.0.0-rc.1

Here’s what’s changed since the last 2.0.0-rc.1 release. (Full Changelog: 2.0.0-rc.1...2.0.0)

Changes

• 2.x Revert final constructors by @gchtr in #2827
• Renamed the master branch to 1.x and made 2.x the default branch.

Bugfixes

• Site overwrite magic __call method by @Levdbas in #2798
• Consider fields value when returning terms from query by @jrathert in #2806
• Initialize typed properties correctly in ExternalImage::build() by @jrathert in #2818 and @nlemoine in #2825

Documentation

• Add documentation and plugin notice about the end of the plugin version by @Levdbas in #2800
• Add note about installing the release candidate by @gchtr in #2796
• Add drop support notice to issue template by @nlemoine in #2810
• Add note about PostsIterator and removal of timber/class/posts_iterator filter by @gchtr in #2835
• Update v2 caching docs by @Levdbas in #2797
• Fix Attachment size doc block by @nlemoine in #2824
• Explained theme path, link and URI helpers in Cheatsheet by @Levdbas in #2787
• Updated plugin support part by @Levdbas in #2805
• Changing functions section references $filters instead of $functions by @niclm in #2799

Become a sponsor

Do you love using Timber for your projects? Consider supporting us by becoming a sponsor. Your sponsorship helps us maintain & improve Timber for everyone! 💚🌲 Join the Timber family today.

This release coincides with the final version to the WordPress.org site. To streamline future support and upgrades, the Timber Team is focused on Composer as the formal release channel.

With the upcoming release of Timber 2.0, we will not release a 2.0 version and beyond as a plugin, but only as a Composer package. We advise everyone to switch to the Composer based install as soon as possible.

Switching to the Composer based version

• Announcement: Dropping support for the plugin version of Timber
• Guide: How do I switch over from the plugin version to the Composer based version of Timber?
• Backstory: Why we are dropping support for the plugin in the first place
• GitHub issue: Roadmap for Timber 2.0

What's Changed

• Improve GitHub pull request template by @gchtr in #2641
• Update bug report template and CODEOWNERS by @gchtr in #2711
• Add Erik to Contributors List by @jarednova in #2735
• Fix PHPDoc typo by @LogicEveryWhere in #2709
• Add sponsorship information to Readme by @gchtr in #2777
• doc: Add drop support notice to issue template by @nlemoine in #2810
• Add documentation and plugin notice about the end of the plugin version by @Levdbas in #2800
• Workflow: fix path to guide by @Levdbas in #2823

New Contributors

• @LogicEveryWhere made their first contribution in #2709

Full Changelog: 1.22.1...1.23.0

This is the first Release Candidate of the new Timber 2.0 version. Please test this version thoroughly. In case you find errors, please open an issue. In case you have questions, create a discussion.

If you want to stay updated on the next steps, subscribe to Roadmap for Timber 2.0.

You can try out the next Timber version by following the Installation Guide. When installing Timber through Composer, you need to require the 2.0.0-rc.1 version:

composer require timber/timber:2.0.0-rc.1

What’s changed

Here’s what’s changed since the last 2.0.0-beta.2 release. For information on what's new in version 2.0, please see the Upgrade Guide

Changes

• Make object constructors final by @gchtr in #2660
• Refactor file models by @nlemoine in #2753

Removals

• Remove audio & video methods from Post by @nlemoine in #2750
• Remove unused private property by @nlemoine in #2751
• Remove unused param from Timber\Term::build() by @gchtr in #2754

Bug fixes

• Fix PostFactory::is_image incorrectly using wp_check_filetype by @stayallive in #2730
• Fix custom field test by @nlemoine in #2749
• Fix PHPStan issues on level 2 by @gchtr in #2668
• Fix a bug when the_post hook runs twice on each post in a loop by @gchtr in #2756
• Fix a bug when |time_ago didn’t consider timezones correctly by @gchtr in #2758
• Fix URLHelper methods is_local and is_external by @mcaskill in #2767
  • Optimize URLHelper methods is_local and is_external by @gchtr in #2782
• Fix implicit conversion from float to int by @gchtr in #2775
• Add check to image create functions by @Levdbas in #2780

Documentation

• Add @api tag to Helper by @Levdbas in #2746
• Fix PHPDoc typo by @LogicEveryWhere in #2709
• Update property and method docblocks in Theme.php. by @Levdbas in #2744
• Fix some small issues in Getting Started docs by @gchtr in #2761
• Cleanup todo in code by @gchtr in #2757
• Link checker report fixes by @Levdbas in #2747

Testing and tools

• Fix MariaDB in automatic tests by @gchtr in #2776
• Fix some Coding Standard issues by @gchtr in #2779
• Fix skipped tests by @gchtr in #2760
• Coding Standards: improve imports by @nlemoine in #2700
• Fix: phpstan issues & use fully qualified imports by @nlemoine in #2783

New Contributors

• @stayallive made their first contribution in #2730
• @LogicEveryWhere made their first contribution in #2709

Full Changelog: 2.0.0-beta.2...2.0.0-rc.1

Become a sponsor

Do you love using Timber for your projects? Consider supporting us by becoming a sponsor. Your sponsorship helps us maintain & improve Timber for everyone! 💚🌲 Join the Timber family today.