Skip to content

2.85.1

Published on Juny 18th, 2026

Sym8 2.85.1 brings a major set of improvements focused on accessibility, user experience, and security.

The installer and authentication workflows have been redesigned with modern, accessible form markup, improved validation handling, and better support for assistive technologies. Login, password recovery, unban-by-email, and all default Symphony error pages now feature a clean, responsive interface based on Pico CSS. This release also improves the interaction between Symphony core and the Anti Brute Force extension.

Sym8 2.85.1 continues the modernization of Symphony CMS while keeping the familiar Symphony foundation.

Download ZIP (1.5 MB)

Changelog

🎯 Enhancements

  • Improved accessibility and usability of installer and authentication forms. Forms now use explicit label/input relationships via for/id attributes, accessible validation messages via aria-describedby, and password visibility toggles for password fields. (#45, #47)

  • Modernized the authentication workflow and Symphony error pages with Pico CSS. Login, password recovery, logout, unban-by-email, and all default error templates now provide a cleaner, responsive, and mobile-friendly user experience. (#47, #50)

  • Improved error handling and HTTP status code support. All defined 4xx status codes are now served as proper page headers, can be customized through workspace templates, and receive dedicated page blueprints. Added support for HTTP 429 (Too Many Requests) for rate limiting and brute force protection. (#31, #32, #35, #36)

  • Improved interaction between Symphony core and the Anti Brute Force extension. Blocked authentication requests now discard submitted POST data to prevent accidental form resubmission and unnecessary escalation from temporary bans to blacklisting. (#39, #41, #51)

  • Improved asset handling with versioned URLs and ES module support. Scripts and stylesheets can now include the Symphony version for cache busting, and JavaScript modules are supported natively. (#34, #48)

  • Added improved security handling for error details. Debug information such as backtraces and SQL queries is now only displayed to authenticated backend users. (#49)

🐛 Bugfixes

  • Fixed missing extension error handling by using the correct Symphony error page. (#43)

  • Fixed XSLT layer error handling to use the generic Symphony error template instead of unstyled output. (#52)

  • Fixed PHP 8 compatibility issues in the XSLT error template. (#50)

  • Restored underscore support in handle generation to preserve traditional Symphony handle behaviour. (#42)

  • Fixed Anti Brute Force email handling when no sender address is configured. (#41)

🧩 Change by components

Core

  • Added HTTP 429 status code support for rate limiting and brute force protection.
  • Improved handling of all 4xx HTTP responses.
  • Added customizable 4xx error pages and page blueprints.
  • Improved authentication form accessibility and usability.
  • Modernized login, password recovery, logout, and error interfaces.
  • Added asset versioning support for CSS and JavaScript resources.
  • Added ES module support for JavaScript assets.
  • Improved error handling and access restrictions for debug information.
  • Improved POST handling after blocked requests and error pages.

Extensions

Anti Brute Force

  • Updated to version 2.3.0.
  • Improved handling of blocked login requests.
  • Prevented unnecessary escalation from temporary bans to blacklisting.
  • Updated HTTP status handling for banned and blacklisted responses.
  • Improved unban email workflow and messaging.

Breadcrumb

  • Added new extension version 1.3.

✅ Validation

  • Tested installer workflow with validation errors.
  • Tested login, password recovery, logout, and unban-by-email workflows.
  • Tested Anti Brute Force behaviour with temporary bans and blacklisted IP addresses.
  • Verified that blocked requests no longer resubmit POST data.
  • Tested HTTP status codes for all supported error pages.
  • Verified responsive behaviour on mobile devices.
  • Verified accessibility improvements using explicit form associations and error descriptions.
  • Tested error templates with PHP 8.
back