#### What type of PR is this?
/area core
/kind improvement
/milestone 2.22.x
#### What this PR does / why we need it:
See #7967
#### Which issue(s) this PR fixes:
Fixes#7967
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.22.x
#### What this PR does / why we need it:
When OOME occurs, the created empty thumbnail files won't be cleaned up. As a result, subsequent requests of the thumbnail will respond 200(OK) status only.
#### Does this PR introduce a user-facing change?
```release-note
None
```
### What type of PR is this?
/kind bug
#### What this PR does / why we need it:
Ref: #7903
#### Which issue(s) this PR fixes:
Fixes#7661Fixes#7903
#### Does this PR introduce a user-facing change?
```release-note
修复因文件类型与文件拓展名匹配导致无法上传部分文件的问题
```
#### What type of PR is this?
/kind bug
/are core
/milestone 2.22.x
#### What this PR does / why we need it:
This PR replaces TemplateEngine with SpringTemplateEngine in ThumbnailImgTagPostProcessorTest because ongl dependencies was removed by Thymeleaf Spring6.
If we don't include thymeleaf dependency manually, the unit test will fail as below:
```java
java.lang.NoClassDefFoundError: ognl/PropertyAccessor
at org.thymeleaf.standard.StandardDialect.getVariableExpressionEvaluator(StandardDialect.java:178)
at org.thymeleaf.standard.StandardDialect.getExecutionAttributes(StandardDialect.java:392)
at org.thymeleaf.DialectSetConfiguration.build(DialectSetConfiguration.java:263)
at org.thymeleaf.EngineConfiguration.<init>(EngineConfiguration.java:123)
at org.thymeleaf.TemplateEngine.initialize(TemplateEngine.java:341)
at org.thymeleaf.TemplateEngine.getConfiguration(TemplateEngine.java:411)
at run.halo.app.core.attachment.thumbnail.ThumbnailImgTagPostProcessorTest.setUp(ThumbnailImgTagPostProcessorTest.java:42)
at java.base/java.lang.reflect.Method.invoke(Method.java:580)
at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
Caused by: java.lang.ClassNotFoundException: ognl.PropertyAccessor
at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:641)
at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:188)
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:526)
... 10 more
```
> https://github.com/halo-dev/halo/actions/runs/19129978229/job/54668145618
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind cleanup
/area core
/milestone 2.22.x
#### What this PR does / why we need it:
This PR upgrades to Gradle [9.2.0](https://github.com/gradle/gradle/releases/tag/v9.2.0) and enable configuration cache by default.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.22.x
#### What this PR does / why we need it:
This PR enforces emai lvalidation and normalize case for password reset and verification.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/7900
#### Does this PR introduce a user-facing change?
```release-note
优化重置密码时因邮箱可输入大小写导致的问题
```
#### What type of PR is this?
/kind cleanup
/area core
/milestone 2.22.x
#### What this PR does / why we need it:
This PR removes unused fields(`status.loginAt` and `status.loginHistory`) from User and UserVo classes.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind cleanup
/area core
/milestone 2.22.x
#### What this PR does / why we need it:
This PR changes dependency `:ui:doBuild` to mustRunAfter for task `:application:copyUiDist` to speed up build process in IDEA. So that we can run our unit tests quicker and run task `bootRun` during UI development.
#### Special notes for your reviewer:
Make sure executing task `./gradlew build` will include UI resources.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.22.x
#### What this PR does / why we need it:
This PR refactors RequestSynchronizer to list all names in batches for improved performance and refactors reconciler classes to replace DefaultExtensionMatcher with syncAllListOptions for improved query handling.
See https://github.com/halo-dev/halo/pull/6145 for more.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind bug
/kind improvement
/kdin api-change
/area core
/area plugin
/milestone 2.22.x
#### What this PR does / why we need it:
This PR refactors index engine entirely to improve indexing and query performance.
Meanwhile, these changes allow developers to configure various index types instead of String only, such as Boolean, Integer, Instant an so on.
#### Which issue(s) this PR fixes:
This PR also fixes some potential bugs, such as <https://github.com/halo-dev/halo/issues/7622>, <https://github.com/halo-dev/halo/pull/6934>, <https://github.com/halo-dev/halo/issues/6466> and so on.
Fixes https://github.com/halo-dev/halo/issues/7622
#### Special notes for your reviewer:
Make sure these changes are backwardly compatible for old data.
#### Does this PR introduce a user-facing change?
```release-note
优化索引引擎以提升索引和查询性能
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.22.x
#### What this PR does / why we need it:
This PR enhances thumbnail retrieval to support relative permalinks and in-site checks.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/kind bug
/area core
/milestone 2.22.x
#### What this PR does / why we need it:
This PR enhances thumbnail generation with configurable quality and also fixes incorrect thumbnail generation due to invalid cache key.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/7801
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.22.x
#### What this PR does / why we need it:
This PR refactors thumbnail generation to support configurable concurrent threads and disable option.
#### Does this PR introduce a user-facing change?
```release-note
支持配置缩略图生成启用、禁用和并发量
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.22.x
#### What this PR does / why we need it:
This PR use ResourceTransformer to implement thumbnails for all images under attachments, such as `attachments/migrate-from-1.x`, `attachments/migrate-from-wp`.
#### Does this PR introduce a user-facing change?
```release-note
None
```
Added plugin-shiki v1.0.1 and plugin-editor-hyperlink-card v1.5.2 to the presetPluginUrls in build.gradle to support their automatic download and inclusion.
#### What type of PR is this?
/kind bug
/area core
/milestone 2.22.x
#### What this PR does / why we need it:
This PR fixes recursive update issue in concurrent map for thumbnail generation.
```java
java.lang.IllegalStateException: Recursive update
at java.base/java.util.concurrent.ConcurrentHashMap.replaceNode(Unknown Source) ~[na:na]
```
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.22.x
#### What this PR does / why we need it:
This PR fixes invalid characters in permalink URI construction.
```java
java.lang.IllegalArgumentException: Invalid character ' ' for PATH in "/upload/2021/04/Web 14ecd358cce14f9f9ca0fa7a1716b5d8.pdf"
at org.springframework.web.util.HierarchicalUriComponents.verifyUriComponent(HierarchicalUriComponents.java:422) ~[spring-web-6.2.11.jar:6.2.11]
at org.springframework.web.util.HierarchicalUriComponents$FullPathComponent.verify(HierarchicalUriComponents.java:922) ~[spring-web-6.2.11.jar:6.2.11]
at org.springframework.web.util.HierarchicalUriComponents.verify(HierarchicalUriComponents.java:386) ~[spring-web-6.2.11.jar:6.2.11]
at org.springframework.web.util.HierarchicalUriComponents.<init>(HierarchicalUriComponents.java:146) ~[spring-web-6.2.11.jar:6.2.11]
at org.springframework.web.util.UriComponentsBuilder.buildInternal(UriComponentsBuilder.java:346) ~[spring-web-6.2.11.jar:6.2.11]
at org.springframework.web.util.UriComponentsBuilder.build(UriComponentsBuilder.java:334) ~[spring-web-6.2.11.jar:6.2.11]
at run.halo.app.core.attachment.endpoint.LocalAttachmentUploadHandler.doGetPermalink(LocalAttachmentUploadHandler.java:296) ~[classes/:2.22.0-SNAPSHOT]
at run.halo.app.core.attachment.endpoint.LocalAttachmentUploadHandler.getPermalink(LocalAttachmentUploadHandler.java:266) ~[classes/:2.22.0-SNAPSHOT]
at run.halo.app.core.user.service.impl.DefaultAttachmentService.lambda$getPermalink$12(DefaultAttachmentService.java:128) ~[classes/:2.22.0-SNAPSHOT]
```
#### Does this PR introduce a user-facing change?
```release-note
修复可能无法正常获取附件链接的问题
```
#### What type of PR is this?
/area ui
/kind improvement
/milestone 2.21.x
#### What this PR does / why we need it:
Add auto-height prop to formkit textarea to support automatic resizing based on content length.
#### Does this PR introduce a user-facing change?
```release-note
Console 端的部分多行文本输入框支持自动高度。
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.21.x
#### What this PR does / why we need it:
This PR fixes the always show of ghost user in post contributors.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/7710
#### Does this PR introduce a user-facing change?
```release-note
修复文章贡献者中始终显示已删除用户的问题
```
#### What type of PR is this?
/kind improvement
/area plugin
/milestone 2.21.x
#### What this PR does / why we need it:
This PR restores context ClassLoader mangement during plugin lifecycle to prevent resource leak.
Meanwhile, it also fixes Class initialization error when starting plugins.
Superseds https://github.com/halo-dev/halo/pull/7725
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind bug
/area plugin
/milestone 2.21.x
#### What this PR does / why we need it:
This PR fixes the problem that loading resources from class path during static initialization doesn't work.
#### Does this PR introduce a user-facing change?
```release-note
修复部分场景下无法正常启动插件的问题
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.21.x
#### What this PR does / why we need it:
This PR allows ListResult to be deserialized with JSON. So we can resolve ListResult response of APIs correctly.
#### Does this PR introduce a user-facing change?
```release-note
None
```
* Add 'hidden' field to comment and reply requests
Signed-off-by: Ryan Wang <i@ryanc.cc>
* Add support for filtering comments with hidden
* Specify hidden=false and approved=true for anonymous users
* Set default hidden flag only if null in comments
* Add 'private reply' option to comment modals
* Add private tag for hidden comments and replies
* Allow hiding comments only
* Enhance comment visibility logic to allow owners to view hidden comments
* Remove hidden input for reply form
Signed-off-by: Ryan Wang <i@ryanc.cc>
* Refine i18n
Signed-off-by: Ryan Wang <i@ryanc.cc>
---------
Signed-off-by: Ryan Wang <i@ryanc.cc>
Co-authored-by: John Niang <johnniang@foxmail.com>
#### What type of PR is this?
/area core
/area ui
/milestone 2.21.x
/kind feature
#### What this PR does / why we need it:
Optimize comment notification template to support rich text rendering
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/area code
/milestone 2.21.x
/kind improvement
#### What this PR does / why we need it:
Comments are allowed to contain `s` tags and `code` tags with class attributes for the following reasons:
1. `s`: The comment component uses tiptap editor's [strikethrough extension](https://tiptap.dev/docs/editor/extensions/marks/strike#:~:text=while%20you%20type.-,Restrictions,-The%20extension%20will) which enforces the use of `s` tags for strikethrough text and cannot be changed.
2. `code[class]`: Used for code highlighting (class="language-*")
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.21.x
#### What this PR does / why we need it:
This PR replaces the dependency `thymeleaf-spring6` to apply the memory leak fix of <https://github.com/halo-dev/thymeleaf/pull/1>.
Please note that this is a temporary fix, and we would revert this PR after Thymeleaf official released a new version including my fix.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/7289
#### Special notes for your reviewer:
1. Execute command ab -c 100 -n 1000 -H 'Accept: text/html' -H 'Cache-Control: no-cache' http://localhost:8090/ and then press Ctrl + C to stop the thread.
2. See logs in Halo
#### Does this PR introduce a user-facing change?
```release-note
修复在特定情况下模板引擎可能出现内存泄漏的问题
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.21.x
#### What this PR does / why we need it:
This PR checks if the contents of comment and reply are valid before persistence to prevent users from XSS attacks.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/7675
#### Special notes for your reviewer:
Try to comment or reply with the contents from <https://cheatsheetseries.owasp.org/cheatsheets/XSS_Filter_Evasion_Cheat_Sheet.html>.
#### Does this PR introduce a user-facing change?
```release-note
检测评论和回复内容是否合法以防止 XSS 攻击
```
#### What type of PR is this?
/area core
/kind improvement
/milestone 2.21.x
#### What this PR does / why we need it:
This PR optimizes SEO tag generation with the following changes:
1. Site description and keywords settings now only apply to the homepage and are no longer inserted on other pages.
2. Added meta description tags for category archive pages, using the category description as content.
3. Improved the help text descriptions for SEO options in system settings.
#### Which issue(s) this PR fixes:
Fixes#7662
#### Does this PR introduce a user-facing change?
```release-note
优化页面的 SEO 标签的生成
```
#### What type of PR is this?
/kind feature
/kind api-change
/area core
/milestone 2.21.x
#### What this PR does / why we need it:
This PR adds a new endpoint `POST /login/social/{auth_provider_name}?remember-me=true` to make the social login support remember-me mechanism.
#### Does this PR introduce a user-facing change?
```release-note
支持社交登录时选择是否保持登录
```
#### What type of PR is this?
/area core
/milestone 2.21.x
#### What this PR does / why we need it:
Bump all preset plugins and theme version
#### Does this PR introduce a user-facing change?
```release-note
None
```
