#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
限制缩略图生成仅针对附件库中的图片,防止任意 URI 的生成行为带来的潜在攻击风险
先 merge #7077 后才能合并此 PR
#### Does this PR introduce a user-facing change?
```release-note
限制缩略图生成仅针对附件库中的图片,防止任意 URI 的生成行为带来的潜在攻击风险
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
修复可能为因为并发调用缩略图生成导致多次创建缩略图的问题
此 PR 为 #7031 的补充,并且会清理以前重复生成的缩略图记录和文件
#### Does this PR introduce a user-facing change?
```release-note
修复可能为因为并发调用缩略图生成导致多次重复缩略图记录的问题
```
#### What type of PR is this?
/area ui
/kind improvement
/milestone 2.20.x
#### What this PR does / why we need it:
为通过备份文件恢复的界面添加空状态提示。
<img width="1192" alt="image" src="https://github.com/user-attachments/assets/2267e61d-9886-408a-a13f-e986f2172203">
#### Does this PR introduce a user-facing change?
```release-note
为通过备份文件恢复的界面添加空状态提示。
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
对本地缩略图的原图链接和尺寸增加唯一性检查避免重复
#### Does this PR introduce a user-facing change?
```release-note
对本地缩略图的原图链接和尺寸增加唯一性检查避免重复
```
#### What type of PR is this?
/area ui
/milestone 2.20.x
#### What this PR does / why we need it:
升级 Tiptap 的依赖至 [2.10.x](https://github.com/ueberdosis/tiptap/releases)。
#### Does this PR introduce a user-facing change?
```release-note
升级 Tiptap 的依赖至 2.10.x。
```
#### What type of PR is this?
/kind cleanup
/area core
#### What this PR does / why we need it:
This PR upgrades to [Gradle 8.11](https://github.com/gradle/gradle/releases/tag/v8.11.1) because Spring Boot 3.4.0 is using that version.
#### Does this PR introduce a user-facing change?
```release-note
升级至 Gradle 8.11
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR removes template engine instead of clearing cache of template engine after upgrading theme to resolve incomplete cache clear.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/7056
#### Special notes for your reviewer:
1. Try to install the theme `theme-earth 1.12.0`
2. Request index page and you will see the `上一页` which should be `下一页`
3. Try to upgrade to the theme `theme-earth 1.12.1`
4. Request index page and you should see the `下一页` directly.
#### Does this PR introduce a user-facing change?
```release-note
修复升级主题后语言包未更新的问题
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
修复新创建的标签在主题端展示关联文章数量为 null 的问题
#### Which issue(s) this PR fixes:
Fixes#7042
#### Does this PR introduce a user-facing change?
```release-note
修复新创建的标签在主题端展示关联文章数量为 null 的问题
```
#### What type of PR is this?
/kind feature
#### What this PR does / why we need it:
This PR adds support for detecting OpenHarmony as a device operating system.
#### Which issue(s) this PR fixes:
Fixes#7039
#### Special notes for your reviewer:
This PR introduces minor changes in the device OS detection logic.
#### Does this PR introduce a user-facing change?
```release-note
新设备登录通知的操作系统名支持展示鸿蒙替代 Unknown
```
#### What type of PR is this?
/kind documentation
#### What this PR does / why we need it:
增加专业版简要说明。
#### Which issue(s) this PR fixes:
Fixes #
#### Special notes for your reviewer:
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind cleanup
#### What this PR does / why we need it:
This PR bumps version to 2.20.9-SNAPSHOT.
#### Does this PR introduce a user-facing change?
```release-note
None
```
<!-- Thanks for sending a pull request! Here are some tips for you:
1. 如果这是你的第一次,请阅读我们的贡献指南:<https://github.com/halo-dev/halo/blob/main/CONTRIBUTING.md>。
1. If this is your first time, please read our contributor guidelines: <https://github.com/halo-dev/halo/blob/main/CONTRIBUTING.md>.
2. 请根据你解决问题的类型为 Pull Request 添加合适的标签。
2. Please label this pull request according to what type of issue you are addressing, especially if this is a release targeted pull request.
3. 请确保你已经添加并运行了适当的测试。
3. Ensure you have added or ran the appropriate tests for your PR.
-->
#### What type of PR is this?
/kind documentation
<!--
添加其中一个类别:
Add one of the following kinds:
/kind bug
/kind cleanup
/kind documentation
/kind feature
/kind improvement
适当添加其中一个或多个类别(可选):
Optionally add one or more of the following kinds if applicable:
/kind api-change
/kind deprecation
/kind failing-test
/kind flake
/kind regression
-->
#### What this PR does / why we need it:
增加部署至阿里云图标
<!--
如果当前 Pull Request 的修改不会造成用户侧的任何变更,在 `release-note` 代码块儿中填写 `NONE`。
否则请填写用户侧能够理解的 Release Note。如果当前 Pull Request 包含破坏性更新(Break Change),
Release Note 需要以 `action required` 开头。
If no, just write "NONE" in the release-note block below.
If yes, a release note is required:
Enter your extended release note in the block below. If the PR requires additional action from users switching to the new release, include the string "action required".
-->
```release-note
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
隐藏关键通知项设置以避免用户意外禁用而无法收到通知
#### Which issue(s) this PR fixes:
Fixes#6967
#### Does this PR introduce a user-facing change?
```release-note
隐藏关键通知项设置以避免用户意外禁用而无法收到通知
```
What type of PR is this?
/area ui
/kind improvement
/milestone 2.20.x
What this PR does / why we need it:
期望支持在用户详情页面支持变更用户角色及删除用户 。
Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/6944
Special notes for your reviewer:
Does this PR introduce a user-facing change?
```release-note
支持在用户详情页面支持变更用户角色及删除用户 。
```
#### What type of PR is this?
/area ui
/kind improvement
/milestone 2.20.x
#### What this PR does / why we need it:
在创建附件分组或者存储策略时,支持检查是否有已存在的名称。
#### Which issue(s) this PR fixes:
Fixes#6946
#### Special notes for your reviewer:
#### Does this PR introduce a user-facing change?
```release-note
在创建附件分组或者存储策略时,支持检查是否有已存在的名称。
```
#### What type of PR is this?
/area ui
/kind bug
/milestone 2.20.x
#### What this PR does / why we need it:
修复使用 Secret 输入框创建 Secret 时,stringData 的 key 可能为 undefined 的问题。
#### Which issue(s) this PR fixes:
See https://github.com/halo-sigs/plugin-alist/issues/23#issuecomment-2443499980 for more
#### Special notes for your reviewer:
#### Does this PR introduce a user-facing change?
```release-note
修复使用 Secret 输入框创建 Secret 时,stringData 的 key 可能为 undefined 的问题。
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR rearranges order of security configurers. Especially, SecurityWebFiltersConfigurer has lower priority to configure than other security configurers.
So we can catch internal authentication in plugins.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area ui
/milestone 2.20.x
#### What this PR does / why we need it:
支持在附件上传界面创建新分组。
#### Which issue(s) this PR fixes:
Fixes#6942
#### Special notes for your reviewer:
#### Does this PR introduce a user-facing change?
```release-note
支持在附件上传界面创建新分组。
```
#### What type of PR is this?
/kind improvement
#### What this PR does / why we need it:
在附件,列表模式中,为 jpeg 后缀文件添加图标。
#### Which issue(s) this PR fixes:
Fixes #
#### Special notes for your reviewer:
#### Does this PR introduce a user-facing change?
```release-note
为 jpeg 后缀文件添加图标
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR upgrades to Spring Boot [3.4.0-RC1](https://github.com/spring-projects/spring-boot/releases/tag/v3.4.0-RC1).
#### Does this PR introduce a user-facing change?
```release-note
升级 Spring Boot 至 3.4.0-RC1
```
#### What type of PR is this?
/kind feature
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR adds support for hooking user creating. Plugin developers can define extension points of `UserPreCreatingHandler` and `UserPostCreatingHandler` to do something else.
#### Does this PR introduce a user-facing change?
```release-note
支持在插件中定义用户创建的前置和后置处理器
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
修复索引比较会因为全是 0 的字符串与其他字符串可能相等的问题
原因是遇到了全是 0 的字符串会因为跳过前导 0 的逻辑导致全部忽略了
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
修复登录页面路由会被自定义页面覆盖导致无法登录的问题
#### Which issue(s) this PR fixes:
Fixes#6893
#### Does this PR introduce a user-facing change?
```release-note
修复登录页面路由会被自定义页面路由覆盖导致无法登录的问题
```
#### What type of PR is this?
/kind bug
/area plugin
/milestone 2.20.x
#### What this PR does / why we need it:
修复插件配置可能因为缺少校验导致使用时类型转换失败从而影响 Halo 使用的问题
#### Which issue(s) this PR fixes:
Fixes#6899
#### Does this PR introduce a user-facing change?
```release-note
修复插件配置可能因为缺少校验导致使用时类型转换失败从而影响 Halo 使用的问题
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
修复使用 `singlePageFinder.list()` 时会提示缺少 spec.deleted 索引的问题
#### Which issue(s) this PR fixes:
Fixes#6919
#### Does this PR introduce a user-facing change?
```release-note
修复使用 `singlePageFinder.list()` 时会提示缺少 spec.deleted 索引的问题
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
修复登录时切换了其他语言但是登录成功后始终显示中文的问题
此问题为 https://github.com/halo-dev/halo/pull/6891 导致
#### Does this PR introduce a user-facing change?
```release-note
修复登录时切换了其他语言但是登录成功后始终显示中文的问题
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR adds the annotations `@NestedConfigurationProperties` to let Spring Configuration Processor generate fully metadata.
We can execute command `./gradlew :application:compileJava` to generate `application/build/classes/java/main/META-INF/spring-configuration-metadata.json`. If you are using IDEA Ultimate, configuration hints related to Halo will be available.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
修正 OpenAPI 的分组匹配规则 之前有很多 PublicAPIs 没有出现在对应的组
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/area core
/kind cleanup
#### What this PR does / why we need it:
Remove unused dependencies and configuration files
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/area ui
/kind bug
/milestone 2.20.x
#### What this PR does / why we need it:
修复文章自动生成别名不按照别名生成策略生成的问题。
#### Which issue(s) this PR fixes:
Fixes#6913
#### Special notes for your reviewer:
需要测试:
1. 分类、标签创建和更新时的别名生成
2. 文章新建时,别名是否按照生成策略生成。
#### Does this PR introduce a user-facing change?
```release-note
修复文章自动生成别名不按照别名生成策略生成的问题。
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR excludes console and uc assets in security configuration to make them access by anonymous users.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/6908
#### Special notes for your reviewer:
```bash
http http://localhost:8090/uc/assets/index-E-uvwInx.css -ph
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: no-cache
Content-Encoding: gzip
Content-Length: 26213
Content-Type: text/css
Vary: Accept-Encoding
```
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/area core
/kind bug
/milestone 2.20.x
#### What this PR does / why we need it:
修复在低版本 Safari 浏览器中,注册表单中的按钮高度溢出的问题。
#### Which issue(s) this PR fixes:
Fixes#6910
#### Does this PR introduce a user-facing change?
```release-note
修复在低版本 Safari 浏览器中,注册表单中的按钮高度溢出的问题。
```
<!-- Fuck Safari -->
#### What type of PR is this?
/area ui
/kind bug
/milestone 2.20.x
#### What this PR does / why we need it:
修复通过登录跳转到文章编辑页面时,发布文章会跳转到个人中心的问题。
#### Which issue(s) this PR fixes:
Fixes#6901
#### Special notes for your reviewer:
测试步骤:
1. 新建文章,编写内容,但是不发布
2. 在新的浏览器选项卡中退出登录
3. 回到文章编辑页面,跳转到登录页面重新登录之后,发布文章
4. 观察是否会返回到 Console 的文章管理页面。
#### Does this PR introduce a user-facing change?
```release-note
修复通过登录跳转到文章编辑页面时,发布文章会跳转到个人中心的问题。
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
将 MySQL 的表创建脚本 name 列字符集改为 utf8mb4_bin 以使其对大小写敏感
Fixes https://github.com/halo-dev/halo/issues/4372
**how to test it?**
使用 docker 运行 MySQL
```shell
# mariadb 同样将镜像改为 mariadb 后执行相同步骤
docker run --name mysql-test -e MYSQL_ROOT_PASSWORD=root -e MYSQL_DATABASE=halo -p 3306:3306 --rm -d mysql:latest
```
然后执行表创建脚本并手动执行以下两条 SQL 能成功插入
```sql
insert into extensions(name,data,version) values('a', 'a', 0)
insert into extensions(name,data,version) values('A', 'A', 0)
```
#### Does this PR introduce a user-facing change?
```release-note
修改 MySQL 表创建脚本 name 列的字符集使其大小写敏感以解决可能会遇到切换数据库时因为数据冲突而无法导入备份的问题(这只对此版本及之后的新用户有效)
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
修复非 HTTPS 连接下无法记住用户语言偏好的问题
#### Which issue(s) this PR fixes:
Fixes#6888
#### Does this PR introduce a user-facing change?
```release-note
修复非 HTTPS 连接下无法记住用户语言偏好的问题
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR refactors sign up data binding using internal `bind` method in `ServerRequest` instead of binding my hand. It's more convenient and simpler.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR appends query `method=local` after redirection location in authentication failure handler to redirect to login page with local method.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/6894
#### Does this PR introduce a user-facing change?
```release-note
修复非默认登录方式登录失败之后跳转至默认登录方式的问题
```
Ryan Wang