1 # Jirafeau's change log
3 ## Note about upgrading
5 "in-place upgrade" refers to this general procedure:
7 1. Backup your Jirafeau installation!
8 2. Block access to Jirafeau
9 3. Checkout the new version with Git using the [tagged release](https://gitlab.com/jirafeau/Jirafeau/tags)
10 * If you have installed Jirafeau just by uploading files on your server, you can download the desired version, overwrite/remove all files and chown/chmod files if needed. Keep a backup of your local configuration file tough.
11 4. With you browser, go to your Jirafeau root page
12 5. Follow the installation wizard, it should propose you the same data folder or even update automatically
13 6. Check your `/lib/config.local.php` and compare it with the `/lib/config.original.php` to see if new configuration items are available. If a new item is missing in your `config.local.php`, this may trigger some errors as Jirafeau may expect to have them.
15 ## Version 4.6.1 (not yet released)
17 - Removed the download button and the corresponding link for encrypted files from the admin interface
18 - Fixed an issue with sending the wrong filesize after decrypting an encrypted file
19 - Fixed the possibility to bypass the check for CVE-2022-30110 (prevent preview of SVG images) by sending a manipulated HTTP request with a MIME type like "image/svg+XML".
20 - We now provide Docker images for AMD64 and ARM64 systems
21 - Lots of code refactoring and cleanup
22 - Few more little fixes
23 - Typo and spelling mistakes
25 New configuration items:
26 - `one_time_download_preselected` for preselecting the checkbox for deleting the file after the first download
30 - New configuration options for allowing to require, check or generate file download passwords
31 - Re-implemented server side encryption using PHP's `Sodium` extension (the formerly used `mcrypt` extension is deprecated)
32 - Keep and show basic download stats
33 - Removed Lighttpd's `mod_usertrack` from Docker config
34 - Added `<meta name="viewport"…` to template header to support responsive themes
35 - Removed usage of deprecated `strftime()` function
36 - Few more little fixes
37 - Typo and spelling mistakes
39 New configuration items:
40 - `download_password_requirement`, `download_password_gen_len`, `download_password_gen_chars`, `download_password_policy` and `download_password_policy_regex` for configuring file download passwords
41 - `admin_ip` for limiting access to the admin interface to certain IP addresses
42 - `admin_http_auth_user` is now an array (the possibility to use a string is preserved for backward compatibility)
46 - Even more new translation, thanks a lot to all contributors!
47 - Support for automatic dark theme
48 - Fixed wobling admin buttons (light and dark default themes)
49 - Disable file deduplication by default
50 - Fix side effects of setting too high values in php configuration for async upload
51 - Add support for X-Sendfile
52 - Retry on more type of possible errors
53 - Move docker image to PHP 8.1
54 - Print more error details in case of issue
55 - Few more little fixes
56 - IRC channel to discuss :)
58 New configuration items:
59 - `max_upload_chunk_size_bytes` option
61 - Defaulting `file_hash` option from `md5` to `random`
66 - Admin pannel can output informations for bug opening
68 - Fix autocomplete field for passwords
70 - Disallow file preview for image/svg+xml files
71 - Expiry after a fortnight (2 weeks)
72 - Typo and spelling mistakes
73 - Upgrade from 4.3.0: in-place upgrade
75 New configuration items:
76 - `fortnight` value in `availabilities` array (default to `true`)
80 - Fix various docker errors
81 - Fix various upload errors
82 - Add composer (useful for CI)
84 - Add option 'store_uploader_ip' to avoid uploaders ip logging
85 - Upgrade from 4.2.0: in-place upgrade
87 New configuration items:
88 - `store_uploader_ip` (default to `true`)
92 - New file_hash option to eventually speed-up file identification process
93 - one_time_download is now optional
94 - Litespeed workaround for large files
95 - Admin interface can compute data folder size
96 - REUSE compliance test
97 - multiple docker features: mcrypt support, daily cleanup, unprivileged user
98 - Add upload password capability in script options
99 - Various bugfixes around retries and error management
100 - Automatically lower chunk size sent to server refusing large chunks
101 - Romanian lang support and other various lang support
102 - Upgrade from 4.1.1: in-place upgrade
106 - Fix lang sanity check
107 - Upgrade from 4.1.0: in-place upgrade
111 - Fix upload password and allowed ip (#201)
112 - Code refactorisation of IP checking
113 - Fix expiration dates
114 - Add better support for Accept-Language
116 - More languages supported and language fixes
117 - Upgrade from 4.0.0: in-place upgrade
121 - Removed plain-text password support for admin auth (breaking change).
122 - Default folder sub-division to 8 characters (breaking change).
123 - New option `upload_ip_nopassword` to allow a list of IP to access Jirafeau without password
124 - Bugfix with LibreJS
125 - Other minor bug fixes
126 - More languages supported
128 ### Upgrade from 3.4.1 to 4.0.0
130 You may have to change your administrator password in your config file as admin password are only stored using sha256 (SHA2).
131 To do so, edit `lib/config.local.php` and update `admin_password` option using `echo -n MyNewPassw0rd | sha256sum` command.
133 Subfolder division changed in Jirafeau storage. You can either start from a fresh `var-` folder or you need to migrate your data.
135 In order to migrate your existing data:
136 1. Be sure to have a working backup of your Jirafeau instance and/or the rest of your hosting before any operation
137 2. Go to `var-` folder
138 3. Be sure you have read and write permissions on files and folders with your current user
139 4. Run the following commands:
141 # Migrate files folder
142 find files -type f ! -name "*_count" | while read f; do bn="$(basename "$f")"; dst="files/${bn:0:8}/${bn:8:8}/${bn:16:8}/${bn:24:8}/"; mkdir -p "$dst"; mv "$f" "$dst" ; mv "${f}_count" "$dst"; done; find files -maxdepth 1 -type d -iname "?" -exec rm -rf {} \;
143 # Migrate links folder
144 find links -type f | while read link; do bn="$(basename "$link")"; mkdir "links/$bn"; mv "$link" "links/$bn/"; done; find links -maxdepth 1 -type d -iname "?" -exec rm -rf {} \;
149 - Security fixes, thanks [Bishopfox Team](https://www.bishopfox.com/)
152 - Advertise JavaScript license for LibreJS compatibility
154 - Upgrade from 3.4.0: in-place upgrade
158 - Add encryption support in bash script
159 - Refactoring of lang system for simpler management
160 - Removed installation step asking for language
161 - Merged weblate contributions
162 - Fixed some spelling issues
163 - Upgrade from 3.3.0 : in-place upgrade
167 - Added Docker Support
168 - Added a copy button next to links to copy URLs in clipboard
169 - Now use a delete page to confirm file deletion (#136)
170 - Fixed object ProgressEvent Error (#127)
171 - Added configuration tips for web servers
174 - Removed useless alias API support (some old toy)
175 - Upgrade from 3.2.1 : in-place upgrade
179 - fix download view after an upload
180 - Upgrade from 3.2.0 : in-place upgrade
184 - Update translations from Update translations from weblate
186 - Fix regression on admin password setting
187 - Upgrade from 3.1.0 : in-place upgrade
191 - Fix regression on user authentication (see #113)
192 - Some cosmetic change
193 - Upgrade from 3.0.0 : in-place upgrade
197 - Remove XHTML doctype, support HTML5 only → breaking change for older browsers
198 - Remove redundant code
199 - Remove baseurl usage and set absolute links instead, which for example fixes SSL issues
200 - Extend contribution guide
201 - Switch to PSR-2 code style (fix line endings, indentations, whitespaces, etc)
202 - Declare system requirements
203 - Catch API errors in upload form
204 - Allow clients to upload files depending on IP or password
205 - Set UTC as timezone to prevent date/time issues
206 - Show readable date & time information
207 - Fix UI glitches in admin panel and upload form
208 - Upgrade from 2.0.0 : in-place upgrade
212 - Various documentation improvements
213 - Simplify automatic generation of local configuration file
215 - Bash Script: Enhanced help, show version, return link to web view as well
216 - »Terms of Service« refactored - Enable admin to overwrite the ToS, without changing existing source code → breaking, see upgrade notes
218 ### Upgrade from version 1.2.0 to 2.0.0
220 The "Terms of Service" text file changed.
221 To reuse a custom version of your ToS, move your ```/tos_text.php``` file to ```/lib/tos.local.txt``` and remove all HTML und PHP Tags, leaving a regular text file.
225 - Link on API page to generate bash script
226 - More informative error codes for API
227 - Security Fix: Prevent authentication bypass for admin interface
228 - CLI script to remove expired files automatically with a cron job
229 - SHA-256 hash the admin password
230 - New theme "elegantish"
231 - Fix for JavaScript MIME-Type, prevents blocking the resource on some servers
232 - Show download link for a file in admin interface
233 - Default time for expiration (set to 'month' by default)
234 - New expiration time: 'quarter'
235 - A lot of translation contributions
237 - Upgrade from 1.1: in-place upgrade
242 - Add optional server side encryption
243 - Unlimited file size upload using HTML5 file API
244 - Show speed and estimated time during upload
246 - A lot of new languages
247 - Small API to upload files
248 - Limit access to Jirafeau using IP, mask, passwords
249 - Manage (some) proxy headers
250 - Configure your maximal upload size
251 - Configure file's lifetime durations
253 - Get Jirafeau's version in admin interface
255 ### Upgrade from version 1.0 to 1.1
257 - Download URL changed. Add a rewrite rule in your web server configuration to rename ```file.php``` to ```f.php``` to make older, still existing links work again-
258 - The default theme changed. Optionally change the theme in ```lib/config.local.php``` to "courgette"
262 The very first version of Jirafeau after the fork of Jyraphe.
266 - Delete link for each upload
267 - No more clear text password storage
268 - Simple language support
269 - Add an admin interface
272 - New path system to manage large number of files
273 - New option to show a page at download time
274 - Add option to activate or not preview mode