From: Patrick Canterino Date: Sun, 22 Jun 2025 13:12:28 +0000 (+0200) Subject: Begin a new release cycle X-Git-Tag: 4.7.0~10 X-Git-Url: https://git.p6c8.net/jirafeau/pcanterino.git/commitdiff_plain/ab1f34106e6117ebc1cb80cf3a6528c40fc97065 Begin a new release cycle --- diff --git a/CHANGELOG.md b/CHANGELOG.md index a00d820..19f69e4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,6 +12,10 @@ 5. Follow the installation wizard, it should propose you the same data folder or even update automatically 6. Check your `/lib/config.local.php` and compare it with the `/lib/config.original.php` to see if new configuration items are available. If a new item is missing in your `config.local.php`, this may trigger some errors as Jirafeau may expect to have them. +## Version 4.6.x (not yet released) + +- ... + ## Version 4.6.3 - Fixed the possibility to bypass the checks for [CVE-2022-30110](https://www.cve.org/CVERecord?id=CVE-2022-30110) and [CVE-2024-12326](https://www.cve.org/CVERecord?id=CVE-2024-12326) (prevent preview of SVG images and other critical files) by sending a manipulated HTTP request with a MIME type like "image/png,text/html". When doing the preview, the MIME type "text/html" takes precedence and you can execute for example JavaScript code. diff --git a/lib/settings.php b/lib/settings.php index cc4a9b2..cbdfaff 100644 --- a/lib/settings.php +++ b/lib/settings.php @@ -43,7 +43,7 @@ if ($cfg['debug'] === true) { /* Jirafeau package */ define('JIRAFEAU_PACKAGE', 'Jirafeau'); -define('JIRAFEAU_VERSION', '4.6.3'); +define('JIRAFEAU_VERSION', '4.6.x-dev'); define('JIRAFEAU_WEBSITE', 'https://gitlab.com/jirafeau/Jirafeau');