From: Patrick Canterino Date: Sun, 25 Jan 2026 13:39:52 +0000 (+0100) Subject: Begin a new release cycle X-Git-Tag: 4.7.2~15 X-Git-Url: https://git.p6c8.net/jirafeau/jirafeau.git/commitdiff_plain/f2587c7774f5f13b20b50c145e880f1cc850278b?hp=f1b3cb91458721a5c2a5a8779b35113688f8f0bd Begin a new release cycle --- diff --git a/CHANGELOG.md b/CHANGELOG.md index c687514..0abc9df 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,6 +12,10 @@ 5. Follow the installation wizard, it should propose you the same data folder or even update automatically 6. Check your `/lib/config.local.php` and compare it with the `/lib/config.original.php` to see if new configuration items are available. If a new item is missing in your `config.local.php`, this may trigger some errors as Jirafeau may expect to have them. +## Version 4.7.x (not yet released) + +- ... + ## Version 4.7.1 - Fixed another possibility to bypass the checks for [CVE-2022-30110](https://www.cve.org/CVERecord?id=CVE-2022-30110), [CVE-2024-12326](https://www.cve.org/CVERecord?id=CVE-2024-12326) and [CVE-2025-7066](https://www.cve.org/CVERecord?id=CVE-2025-7066) (prevent preview of SVG images and other critical files) by sending a manipulated HTTP request with a MIME type like "image". When doing the preview, the browser tries to automatically detect the MIME type resulting in detecting SVG and possibly executing JavaScript code. To prevent this, MIME sniffing is disabled. diff --git a/lib/settings.php b/lib/settings.php index 5a8d3a7..e015067 100644 --- a/lib/settings.php +++ b/lib/settings.php @@ -43,7 +43,7 @@ if ($cfg['debug'] === true) { /* Jirafeau package */ define('JIRAFEAU_PACKAGE', 'Jirafeau'); -define('JIRAFEAU_VERSION', '4.7.1'); +define('JIRAFEAU_VERSION', '4.7.x-dev'); define('JIRAFEAU_WEBSITE', 'https://gitlab.com/jirafeau/Jirafeau');