# ChurchCRM 7.1.0

**Release Date**: April 5, 2026  
**Previous Release**: [7.0.5](./7.0.5.md)

---

## 🎨 MAJOR: Complete UI Modernization – AdminLTE → Tabler/Bootstrap 5

This release represents a **complete redesign of the entire user interface**. Every page, component, and interaction has been modernized with a fresh, contemporary design system.

### What Changed Visually
| Before | After |
|--------|-------|
| AdminLTE + Bootstrap 4 | **Tabler + Bootstrap 5** |
| Dense, cramped layouts | Spacious, modern design |
| Legacy alert styling | Clean, consistent badges & alerts |
| Fixed sidebar navigation | **Responsive sidebar** (collapses on mobile/tablet) |
| RTL layout issues | Full RTL support with Tabler RTL mode |
| Static dashboards | Modern cards, improved spacing, better readability |

### Key Visual Improvements
- **Modern color palette** – Tabler's refined color system
- **Improved typography** – Better contrast and readability
- **Responsive design** – Floating menu toggle for tablet/mobile
- **Consistent iconography** – Tabler Icons throughout
- **RTL-ready** – Full right-to-left layout support
- **Accessible forms** – Better form styling and validation feedback
- **Cleaner dashboards** – Card-based layouts with proper spacing

### Pages Redesigned in This Release
- **Main Dashboard** – Modern card-based layout with stats
- **People Section** – Cleaner profile layouts, improved action menus
- **Family Management** – Streamlined editor with Bootstrap 5 forms
- **Groups** – Reports, settings, and class views all modernized
- **Events** – New stats dashboard and calendar interface
- **Finance** – Reports redesigned with improved data tables
- **Admin Pages** – Onboarding wizard, settings panels, system configuration
- **All Forms** – Input fields, dropdowns, date pickers with modern styling
- **All Tables** – DataTables with consistent styling and responsive design
- **Modals & Alerts** – Fresh styling with better visual hierarchy

### Sidebar Navigation Changes
- **Responsive menu** – Collapses to icon-only on mobile/tablet
- **Floating toggle** – Easy access on smaller screens
- **Better organization** – Grouped menu items with improved labels
- **Consistent styling** – All nav items use Tabler components

---

## 🎉 Major Features

### UI/UX Modernization
- **Tabler/Bootstrap 5 Migration** – Complete overhaul from AdminLTE/BS4 to modern Tabler + BS5 design system (#8302)
  - Global BS4→BS5 cleanup sweep (#8340)
  - Responsive sidebar with floating menu toggle for tablet/mobile (#8318)
  - RTL locale support with Tabler RTL layout (#8326)
  - Improved dashboard layout and backup/restore UX

### Admin Onboarding & Setup
- **Admin Onboarding UX** – New "Get Started" wizard and setup progress checklist (#8295)
- **Upgrade Page Modernization** – UX overhaul with Tabler styling and streamlined wizard flow (#8368)
- **Kiosk Admin Improvements** – Setup instructions card and enhanced management UI (#8349)
- **"Start Fresh" Guided Path** – Manual data entry option for new installations (#8293)
- **Restore Page Streamline** – Simplified for new-install (onboarding) context (#8294)

### Core Features
- **Unified Communication System** – Configurable property exclusions for communication workflows (#8386)
- **Church Info Consolidation** – Single page with address defaults, replacing scattered settings (#8383)
- **People Settings Panel** – New settings panel in people dashboard (#8371)
- **Notes CRUD API** – Full API support with middleware and comprehensive Cypress tests (#8347)
- **CSV Import Modernization** – Drag-and-drop upload, auto-mapping, and Propel-based execution (#8299)
- **Native Browser Print Support** – Replaced legacy PrintView with native `window.print()` (#8341)
- **Missing Email Page Redesign** – Person-centric view with age filters (#8354)
- **Calendar UX Modernization** – Full UX overhaul with offcanvas layout and bug fixes (#8388)
- **Events Dashboard Redesign** – New stats visualization and improved UI (#8352)
- **Groups Section Cleanup** – Reports, map, settings panel, Sunday School class view updates (#8324)
- **Post-Login Redirect** – Unauthenticated users are now redirected to their originally requested URL after login (server-side, no open-redirect exposure) (#8444)
- **Notification System Improvements** – Wildcard version matching and per-user dismissal for in-app notifications (#8402)
- **Export Landing Page** – New `/admin/export` page consolidating CSV exports, ChMeetings export, and database backup into a single hub (#8475)

### Media & Photos
- **Avatar Click-to-View Lightbox** – System-wide photo viewing via avatar clicks with Uppy v5.1.1 upgrade (#8376)

## 🔧 Technical Improvements

### Refactoring
- **DonationFundService Extraction** – Extracted from FinancialService for better separation of concerns (#8337)
- **Sunday School Full Cleanup** – Migrated legacy files, fixed N+1 queries, added comprehensive tests (#8343)
- **Type Safety Improvements** – Replaced loose type comparisons with strict equality across codebase (#8344)
- **Fiscal Year Formatting** – Unified with `FinancialService::formatFiscalYear()` (#8380)
- **Functions.php Removal** – Deleted legacy global include; all 17 functions migrated to typed static methods on `Utils/` classes; 94 pages updated (#8448)
- **People/Family Settings Split** – Separated People Setup settings into People, Families, and New Members panels (#8369)
- **Type-Safe SystemConfig Getters** – Replaced raw `SystemConfig::getValue()` calls with typed getters and added output escaping for XSS prevention (#8467)

### Bug Fixes
- **Add-to-Group Bug** – Fixed broken add-to-group for multi-role groups + GroupPropsEditor trim(null) (#8345)
- **Donation Fund Active Field** – Fixed "Active" field always showing "Yes" and changes not retained (#8319)
- **Kiosk Device List** – Fixed empty device list due to missing KioskDeviceQuery import (#8338)
- **PDF Report Generation** – Fixed 500 errors with improved null value handling (#8394)
- **Country/State Dropdowns** – Fixed in FamilyEditor (#8372)
- **Settings Panel UX** – Cleaned up dead config settings, improved SystemSettings UI (#8323)
- **Card Structure Anti-pattern** – Fixed card-body p-0 patterns with table-responsive (#8355)
- **mailto Links** – Fixed to open in new tab (#8395)
- **PHP fileinfo Extension** – Graceful handling when PHP fileinfo extension is missing for photo uploads (#8401)
- **Photo Upload Error Messages** – Persistent, accurate errors for file-too-large and MIME type violations (no longer auto-dismissing toasts) (#8412)
- **PersonEditor/FamilyEditor Form Submission** – Replaced unreliable FAB buttons with standard form submit buttons; fixed form submission failures (#8406)
- **Button Icon Gap** – Fixed missing icon-text spacing in buttons sitewide after BS5/Tabler migration (#8447)
- **Email Copy Links** – Fixed email copying behavior across family and person views (#8403)
- **Person Custom Fields Fatal Error** – Fixed fatal error when saving Person Custom Fields (#8474)

### Infrastructure & Dependencies
- **PHP Version Update** – Updated all references to PHP 8.4 minimum (#8381)
- **CI/Test Infrastructure**
  - Consolidated test workflow with dynamic PHP matrix (#8385)
  - Split CI test jobs into parallel API and UI runs for faster feedback (#8348)
  - Improved Cypress test reporting with grouped checks and readable names
  - Fixed person profile avatar selector and CI report truncation
- **Dependency Updates**
  - Removed abandoned `doctrine/annotations` dev dependency (#8396)
  - Resolved all 14 Dependabot security alerts via npm overrides (`npm audit` now 0 vulnerabilities) (#8454)
  - Updated `@uppy/dashboard` to v5.1.1
  - Updated `@fortawesome/fontawesome-free` to 7.2.0
  - Migrated from `i18next-parser` to `i18next-cli` (#8374)
  - Updated `@tabler/icons-webfont`, `@uppy/xhr-upload`, `mini-css-extract-plugin`
  - Consolidated locale build system and cleanup scripts (#8463)
  - Updated various patch versions in composer and npm dependencies
- **Security**
  - Fixed Quill XSS vulnerability (downgraded to 2.0.2)
  - Added log injection prevention with sanitized value logging
  - Fixed CSRF gap on password-change endpoint (#8446)
  - Added session fixation protection (`session_regenerate_id` after login) (#8446)
  - Hardened session cookies: `HttpOnly`, `SameSite=Lax`, `Secure` flags (#8446)
  - Added missing HTTP headers: `X-Content-Type-Options`, `Referrer-Policy` (#8446)
  - Fixed reflected/stored XSS, API auth bypass, and command injection across 11 files; converted 6 raw-SQL files to Propel ORM (#8460)
  - Patched 6 additional SQL injection and permission bypass vulnerabilities (#8464)
  - Updated minimum password length default to 8 characters (NIST SP 800-63B) (#8446)
  - Allowed Gravatar images in CSP policy
  - Added Discord webhook notifications for security events (real-time alerting)

## 🌍 Internationalization

### Complete Translation Coverage
- **46 active locales** with translated UI terms across every major region
- Full locale support for:
  - **Middle East**: Arabic (Egypt), Hebrew
  - **Africa**: Amharic (Ethiopia), Afrikaans, Swahili
  - **South Asia**: Hindi, Malayalam (new), Tamil, Telugu
  - **Southeast Asia**: Filipino/Tagalog (new), Indonesian, Thai, Vietnamese
  - **East Asia**: Chinese (Simplified & Traditional), Japanese, Korean
  - **Europe**: Albanian, Czech, Dutch, Estonian, Finnish, French, German, Greek, Hungarian, Italian, Norwegian Bokmål, Polish, Portuguese (Portugal & Brazil), Romanian, Russian, Spanish (Spain, Mexico, Colombia, Argentina, El Salvador), Swedish, Turkish, Ukrainian
  - **English Variants**: Australia, Canada, Great Britain, Jamaica, South Africa
- **New in 7.1.0**: Filipino (Tagalog — tl_PH) (#8481) and Malayalam (ml_IN) (#8480) locales added
- **RTL Layout Support** – Tabler RTL layout with deduplicated skin bundles
- **AI-Assisted Translation Skill** – New locale-translate skill for future translation workflows
- **Locale Build System Consolidation** – Streamlined build scripts and POEditor integration (#8463)

## 📊 Dashboard & UI Redesigns

Every dashboard has been redesigned with the new Tabler aesthetic:

- **Events Dashboard** – Stats visualization with improved UI and filtering (#8352)
- **Family Dashboard** – Enhanced wedding date workflows with modern styling (#8377)
- **Group Dashboard** – Cleaner layout with integrated settings panel (#8324)
- **People Dashboard** – New settings panel for streamlined user preferences (#8371)
- **Backup/Restore Dashboard** – Tabler-compliant with improved UX (#8321)
- **Admin Onboarding Dashboard** – Visual progress checklist and Get Started wizard (#8295)
- **Finance Pages** – Updated styling, better report display
- **Forms Throughout** – All form elements redesigned with Bootstrap 5 validation states

## 📝 Documentation & Developer Experience
- **Skill Documentation** – Comprehensive updates to development skills including:
  - PR review and post-PR learning workflows
  - Cypress testing patterns and allowedStatuses behavior
  - Tabler component implementation best practices
  - DataTable card structure patterns and anti-patterns
  - Print support implementation guide
  - Event color and calendar-related patterns
- **OpenAPI Specs** – Automatically updated to reflect API changes
- **Changelog Documentation** – Added documentation for releases 7.0.4 and 7.0.5
- **Import Cleanup Guidance** – Documented case-sensitivity gotchas in class imports
- **SECURITY.md** – Updated security policy and disclosure guidelines

## ✅ Testing Improvements
- **Person Profile Avatar Tests** – Fixed selector issues and improved CI reporting (#8350)
- **Family Wedding Date Workflow** – New Cypress test coverage (#8377)
- **Person Group-Add Test** – Self-contained API setup without cross-test dependencies (#8350)
- **Notes API Tests** – Comprehensive Cypress coverage for new Notes CRUD API (#8347)
- **Admin Logs Test** – Improvements to test reliability and reporting
- **Google Analytics Plugin Test** – Verify plugin can be disabled after demo import (#8421)

## 📦 Migration Guide

### Breaking Changes
1. **PHP 8.4 Minimum** – Code and references updated for PHP 8.4+
   - Strict type comparisons enforced across codebase
   - Legacy type juggling patterns removed
2. **UI Shell Migration** – AdminLTE/BS4 completely removed, Tabler/BS5 is now required
   - All custom CSS variables, class names, and utilities have been updated
   - Legacy `.well`, `.box` styles replaced with Tabler equivalents
   - Alert styling completely overhauled
3. **Print View Removal** – `PrintView` class removed; use native `window.print()` instead
4. **Functions.php Removal** – Legacy `Functions.php` deleted; all global helpers now in typed `Utils/` classes

## 📊 Release Statistics
- **200+ commits** since 7.0.5
- **30+ features** and major improvements
- **15+ bug fixes** addressing critical issues
- **46 locales** with complete translation coverage (including 2 new languages)
- **100% test coverage** for new APIs (Notes CRUD)
- **0 npm vulnerabilities** (14 Dependabot alerts resolved)

**Download**: [GitHub Release](https://github.com/ChurchCRM/CRM/releases/tag/v7.1.0)
