X-Git-Url: https://git.p6c8.net/jirafeau.git/blobdiff_plain/471c7b967a8ca4efb933aa93a89665c1bb466706..b15d9743d761b176c8d522f3259017c093c5f382:/CHANGELOG.md

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 11a3fcd..944d835 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -12,14 +12,24 @@
 5. Follow the installation wizard, it should propose you the same data folder or even update automatically
 6. Check your `/lib/config.local.php` and compare it with the `/lib/config.original.php` to see if new configuration items are available. If a new item is missing in your `config.local.php`, this may trigger some errors as Jirafeau may expect to have them.
 
-## Version 4.6.1 (not yet released)
+## Version 4.6.2
+
+- Allow to configure the language and the availabilities for files for a Docker container (issue [#20](https://gitlab.com/jirafeau/Jirafeau/-/issues/20))
+- Added an example `docker-compose.yaml` file for configuring the Docker container
+- Fixed an error occuring on some systems while building the Docker image (issue [#24](https://gitlab.com/jirafeau/Jirafeau/-/issues/24))
+- Script upload was broken due to a missing `return` statement (issue [#23](https://gitlab.com/jirafeau/Jirafeau/-/issues/23))
+- Upgrade from 4.6.1: in-place upgrade
+
+## Version 4.6.1
 
 - Removed the download button and the corresponding link for encrypted files from the admin interface
 - Fixed an issue with sending the wrong filesize after decrypting an encrypted file
+- Fixed the possibility to bypass the check for [CVE-2022-30110](https://www.cve.org/CVERecord?id=CVE-2022-30110) (prevent preview of SVG images) by sending a manipulated HTTP request with a MIME type like "image/svg+XML". This issue has subsequently been reported as [CVE-2024-12326](https://www.cve.org/CVERecord?id=CVE-2024-12326).
 - We now provide Docker images for AMD64 and ARM64 systems
 - Lots of code refactoring and cleanup
 - Few more little fixes
 - Typo and spelling mistakes
+- Upgrade from 4.6.0: in-place upgrade
 
 New configuration items:
 - `one_time_download_preselected` for preselecting the checkbox for deleting the file after the first download
@@ -34,6 +44,7 @@ New configuration items:
 - Removed usage of deprecated `strftime()` function
 - Few more little fixes
 - Typo and spelling mistakes
+- Upgrade from 4.5.0: in-place upgrade
 
 New configuration items:
 - `download_password_requirement`, `download_password_gen_len`, `download_password_gen_chars`, `download_password_policy` and `download_password_policy_regex` for configuring file download passwords