From: Patrick Canterino <patrick@patrick-canterino.de>
Date: Mon, 19 Jan 2026 18:36:45 +0000 (+0100)
Subject: Updated CHANGELOG
X-Git-Tag: 4.7.1~2
X-Git-Url: https://git.p6c8.net/jirafeau/pcanterino.git/commitdiff_plain/e12401c2e7e8554c24e4a4fd23aa2f124fb07f19?hp=37bcb9abfc0066306a60fecd6ea89879f245fa3f

Updated CHANGELOG
---

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 20eea31..7fb6eb5 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -16,6 +16,7 @@
 
 - Fixed another possibility to bypass the checks for [CVE-2022-30110](https://www.cve.org/CVERecord?id=CVE-2022-30110), [CVE-2024-12326](https://www.cve.org/CVERecord?id=CVE-2024-12326) and [CVE-2025-7066](https://www.cve.org/CVERecord?id=CVE-2025-7066) (prevent preview of SVG images and other critical files) by sending a manipulated HTTP request with a MIME type like "image". When doing the preview, the browser tries to automatically detect the MIME type resulting in detecting SVG and possibly executing JavaScript code. To prevent this, MIME sniffing is disabled.
 - The default value of `max_upload_chunk_size_bytes` was set to `5000000`. Higher values could trigger a bug Chromium-based browsers on servers with HTTP/3 enabled, causing asynchronous uploads to fail.
+- Docker image: Updated PHP to 8.3 and removed `mime-types.conf` from `lighttpd.conf`
 - Upgrade from 4.7.0: in-place upgrade, you also should set `max_upload_chunk_size_bytes` to `5000000` in your `config.local.php`!
 
 ## Version 4.7.0