X-Git-Url: https://git.p6c8.net/jirafeau.git/blobdiff_plain/d76baeb068461f6f27c40a2fed1eae56586f08a7..0ebffccac2f5632b3ad31b801519cc0c186f3006:/README.md?ds=sidebyside diff --git a/README.md b/README.md index c62e252..87a7df3 100644 --- a/README.md +++ b/README.md @@ -1,10 +1,20 @@ +# SECURITY ANNOUNCEMENT + +## 3th Mai 2018 + +Multiple security vulnerabilities has been reported by [Bishopfox team](https://www.bishopfox.com/) on Jirafeau project. + +The next release of Jirafeau (3.4.1) will include security fixes and is planned 12th Mai 2018. + +Upgrading Jirafeau is recommended. + # Jirafeau Welcome to the official Jirafeau project, an [Open-Source software](https://en.wikipedia.org/wiki/Open-source_software). -Jirafeau is a project permitting a "one-click-filesharing", which makes it possible to upload a file in a simple way and give an unique link to it. +Jirafeau allows your to "one-click-filesharing". It makes possible to upload a file in a simple way and give an unique link to it. -A demonstration of the latest version is available on [jirafeau.net](http://jirafeau.net/). +A demonstration of the latest version is available on [jirafeau.net](https://jirafeau.net/). ![Screenshot1](http://i.imgur.com/TPjh48P.png) @@ -98,22 +108,15 @@ Installation steps: 1. The "Terms of Service" text file changed * To reuse previous changes to the ToS, move the old ```/tos_text.php``` file to ```/lib/tos.local.txt``` and remove all HTML und PHP Tags, leaving a regular text file -### From version 2.0.0 to 3.0.0 - -1. No special change to upgrade to 3.0.0 - -### From version 3.0.0 to 3.1.0 - -1. No special change to upgrade to 3.1.0 - -### From version 3.1.0 to 3.2.0 - -1. No special change to upgrade to 3.2.0 - -### From version 3.2.0 to 3.2.1 - -1. No special change to upgrade to 3.2.1 +### from version 2.0.0 to 3.4.0 +There is nothing special to do to update from/to the following versions: +- 2.0.0 -> 3.0.0 +- 3.0.0 -> 3.1.0 +- 3.1.0 -> 3.2.0 +- 3.2.0 -> 3.2.1 +- 3.2.1 -> 3.3.0 +- 3.3.0 -> 3.4.0 ### Troubleshooting @@ -143,6 +146,14 @@ location ~ /var-.* { } ``` +If you are using lighttpd, you can deny access to ```var``` folder in your configuration: + +``` +$HTTP["url"] =~ "^/var-*" { + url.access-deny = ("") +} +``` + You should also remove un-necessessary write access once the installation is done (ex: configuration file). An other obvious basic security is to let access users to the site by HTTPS (make sure `web_root` in you `config.local.php` is set with https). @@ -402,3 +413,22 @@ The very first version of Jirafeau after the fork of Jyraphe. ## Version 3.2.1 - fix download view after an upload + +## Version 3.3.0 + +- Added Docker Support +- Added a copy button next to links to copy URLs in clipboard +- Now use a delete page to confirm file deletion (#136) +- Fixed object ProgressEvent Error (#127) +- Added configuration tips for web servers +- More translations +- Style fixes +- Removed useless alias API support (some old toy) + +## Version 3.4.0 + +- Add encryption support in bash script +- Refactoring of lang system for simpler management +- Removed installation step asking for language +- Merged weblate contributions +- Fixed some spelling issues