14.10.1

Bug Fixes

• Ship the correct v14 "Create new page" wizard guard — 14.10.0 shipped a stale compiled bundle of the page-wizard guard, built from an earlier source revision. It committed all visible FormEngine inputs on each wizard button press instead of only the focused field, which could fire unrelated onChange handlers. The bundle is now rebuilt from source, so the shipped behavior matches the intended focused-input-only commit that 14.10.0's notes described.

Internal

• Added a CI guard that runs npm run build and fails when the compiled assets in Resources/Public/ differ from the source, so a stale bundle can never ship again.

Full Changelog: 14.10.0...14.10.1

14.10.0

Bug Fixes

• Prevent empty pages from the v14 "Create new page" wizard (#139) — TYPO3 v14's new-page modal wizard strips empty form values before posting, and FormEngine syncs visible→hidden inputs only on change/blur. Clicking Next before a field had committed silently created pages with title='' and a misleading fallback slug like parent-page-name-1. sluggi now commits the focused FormEngine input on each wizard button pointerdown (client-side fix). As a safety net, a server-side DataHandler hook (RejectNewPageWithoutSource) aborts the new-page insert when the wizard submitted no source-field values and no TCA / userTS default would supply one — so an empty submission fails visibly instead of saving a page with a meaningless fallback slug.

• Fix Setup module exception on TYPO3 v14 (#140, #141) — TYPO3 v14.3 migrated backend user settings to TCA, and FormEngine now expects every column to carry a nested config array. sluggi's legacy flat registration of sluggiCollapsedControls in ext_tables.php triggered Undefined array key "config" (exception #1476107295) when opening the Setup module. The setting is now registered through the new ExtensionManagementUtility::addUserSetting() API in Configuration/TCA/Overrides/be_users.php; the legacy registration is kept behind a method_exists() guard so v12/v13 continue to work unchanged. Thanks to @peter-neumann-dev for the report and the PR!

Dependencies

• Dropped support for TYPO3 v14.0–v14.2. Those releases were not LTS, and the user-settings TCA migration that powers addUserSetting() only landed in v14.3. The minimum supported TYPO3 v14 version is now v14.3+. sluggi continues to support TYPO3 12.4 and 13.4.26+.

Full Changelog: 14.9.1...14.10.0

14.9.1

Bug Fixes

• Regenerate URL path now uses the persisted title in restricted-column edit forms — previously when editing only the URL path (e.g. via the list module's "edit this column" link, columnsOnly[pages][0]=slug), clicking the regenerate button produced a default-<random> slug like /parent/default-78c5c76409. In that form context TYPO3 doesn't render the title input, so the sluggi web component had no source-field value to send; core's SlugHelper::generate() saw an empty title and fell back to its safety net. sluggi's slug-suggest endpoint now hydrates missing source-field values from the persisted record (workspace-aware) before delegating to core, so the proposal reflects the actual title. Submitted values still win over DB values.

• Explain why hidden pages don't get a redirect on URL change — sluggi already silently skipped redirect creation for hidden (draft) pages since 14.8.3, but editors had no way to know that ahead of save. The slug field now shows an inline note ("This page is hidden — saving will not create a redirect for the changed URL path.") whenever redirect control is enabled and the page is hidden. The note is suppressed when the editor has no chance to change the slug from this form (slug locked, or auto-synced without source-field inputs visible).

Full Changelog: 14.9.0...14.9.1

14.9.0

Features

• Accurate post-save toast for slug changes (forge #101226, forge #99828) — replaces TYPO3 core's misleading post-save notification ("Slugs updated and redirects created") with one whose wording reflects what actually happened. The new toast names the edited page in the message — The URL path for page "About Us" (UID 42) was updated. — and counts only pages whose slug actually changed in the database plus sys_redirect rows that were actually persisted. Multi-edit saves list each edited page; the recursive context-menu "Re-apply URL paths recursively" flow gets its own wording. Singular/plural grammar is correct on its own (no more "1 redirects created"). Revert update and Revert redirect actions still work and reload only the edit iframe so the success notification persists. Auto-sync (source-field changes triggering slug regeneration) is covered too. Requires redirect_control to be enabled.

Full Changelog: 14.8.3...14.9.0

14.8.3

Bug Fixes

• No prompt or redirect when renaming the slug on a draft page — editing the slug on a hidden (draft) page no longer pops up the "Create Redirects?" question, and no redirect is created. Drafts were never reachable by visitors, so the redirect would only have been noise.

Full Changelog: 14.8.2...14.8.3

14.8.2

Bug Fixes

• Revert update now undoes all changed slugs in multi-edit saves — previously when several page slugs were changed in one multi-edit save, the post-save "Revert update" notification reverted only the last page. Core's BackendUtility::setUpdateSignal stores the slug-changed signal under a single key with last-writer-wins semantics, so only the last record's correlation id survived. sluggi now installs one shared correlation id on every outermost DataHandler whose datamap touches a slug, when the request body holds slug changes for more than one data[pages] entry. Slug history rows across the multi-edit save share that id, so core's existing single-revert undoes all changed pages. Field-only DataHandlers, nested DataHandlers and callers with their own correlation aspects (cascade, move, slug rebuild) keep their default correlation — unrelated field changes in the same save are not affected by the slug revert.

Full Changelog: 14.8.1...14.8.2

14.8.1

Bug Fixes

• Disable slug actions that would cross the editor's hierarchy lock — when a non-admin editor opened a page whose stored slug diverged from the rootline and lay outside their permitted hierarchy, the regenerate button, sync-on toggle, and "update URL path" source-confirm badge were all live but every triggered save was guaranteed to fail with a permission error. They are now disabled with an inline advice block that explains the divergence ("Actual hierarchy path: …"), names the safe actions the editor can take ("turn auto-sync off to make this explicit", "lock the URL so future edits don't change it"), and falls back to "contact an administrator" when no self-service action helps. This complements 14.8.0's read-only "Custom URL path" mode for the partial-permission case where the editor still has slug field access but their available actions cannot resolve the divergence.

• Backend silent-skip guard for sync regeneration — HandlePageUpdate now silently skips slug regeneration when the regenerated value would cross an editor's locked hierarchy prefix. Previously a same-save title change with sync on could still produce a slug the editor was not allowed to write, surfacing as a hard save error after the page tree appeared to update.

Changes

• "Hierarchy path:" relabelled to "Actual hierarchy path:" in the inline mismatch advice, so it reads as the contrast against the page's current custom URL rather than a generic header.

Full Changelog: 14.8.0...14.8.1

14.8.0

Features

• Read-only "Custom URL path" mode for stuck restricted users — when a page is locked, its URL points outside the editor's permitted hierarchy, and the editor has no full-path-edit permission, the URL field is now rendered read-only with a single "ask administrator" note. The previous "URL prefix doesn't match the page hierarchy. Use regenerate to correct it." advice was misleading there — the lock would block regenerate. Editors with full-path-edit permission keep the regular controls and the "Edit full path" escape hatch.
• Harmonised mismatch copy around "Custom URL path" — every mismatch indicator (tooltip, inline note, notification, ask-admin variant) now uses "Custom URL path" as the headline, lowering the cognitive switch between the two related presentations.

Changes

• Locked pages now have their URL updated on move — previously a slug_locked=1 page that was moved between parents kept its old slug. The page then sat under its new parent but carried a slug from the old location, exposing that foreign parent path to non-admins editing the page. Move now always rewrites the slug to match the new parent (the lock prevents edits, not relocations); the lock state itself is preserved so the slug stays protected against future regeneration.

Dependencies

• Bump socks to 2.8.8 to pull in patched ip-address (CVE-2026-42338).

Full Changelog: 14.7.0...14.8.0

14.7.0

Features

• masi compatibility: cascade slug regeneration when an editor toggles exclude_slug_for_subpages (provided by b13/masi) on a page. All descendants are regenerated against the new ancestor URL prefix; locked children are skipped, sync-disabled children are still updated, and the cascade reuses the DataHandler correlation ID so undo and redirect creation treat it as one unit. Activates only when b13/masi is installed.

Bug Fixes

• Fix slug source fallback chain registration (#138) — when the pages slug field was configured with a fallback chain like [['nav_title', 'title']], only the last field of each chain was registered as a slug source. The preferred field had no badge, no data-sluggi-source attribute, and the web component never listened to its changes, so editing it did not regenerate the slug. The TCA override now iterates every chain member, and a new EnsureSlugSourceRenderTypes form data provider re-applies the renderType and per-field metadata on processedTca after TcaColumnsRemoveUnused.
• Fix same-save slug lock handling — when a lock toggle and a title change arrived in the same save, sluggi evaluated lock state against the pre-save DB value and regenerated the slug anyway. Lock and sync are now evaluated against the merged in-flight state, so a same-save lock activation correctly suppresses regeneration.

Full Changelog: 14.6.0...14.7.0

14.6.0

Features

• Reserved URL paths: Site operators can declare URL path prefixes that TYPO3 pages must never occupy (e.g. /api, /typo3, /fileadmin). Configure per site in config/sites/<identifier>/settings.yaml under sluggi.reservedPaths, or add the wazum/sluggi site set as a dependency to edit the list in the Sites backend module. Defaults to /typo3 and /fileadmin so editors can't accidentally shadow the backend or file mount.

  Segment-aware matching — /api blocks /api and /api/v1 but not /api-docs. Reserved slugs are rejected on save with TYPO3's standard invalid-field UX, and redirects from grandfathered reserved slugs are skipped.

Full Changelog: 14.5.1...14.6.0