+## Version 4.6.1
+
+- Removed the download button and the corresponding link for encrypted files from the admin interface
+- Fixed an issue with sending the wrong filesize after decrypting an encrypted file
+- Fixed the possibility to bypass the check for CVE-2022-30110 (prevent preview of SVG images) by sending a manipulated HTTP request with a MIME type like "image/svg+XML".
+- We now provide Docker images for AMD64 and ARM64 systems
+- Lots of code refactoring and cleanup
+- Few more little fixes
+- Typo and spelling mistakes
+- Upgrade from 4.6.0: in-place upgrade
+
+New configuration items:
+- `one_time_download_preselected` for preselecting the checkbox for deleting the file after the first download
+
+## Version 4.6.0
+
+- New configuration options for allowing to require, check or generate file download passwords
+- Re-implemented server side encryption using PHP's `Sodium` extension (the formerly used `mcrypt` extension is deprecated)
+- Keep and show basic download stats
+- Removed Lighttpd's `mod_usertrack` from Docker config
+- Added `<meta name="viewport"…` to template header to support responsive themes
+- Removed usage of deprecated `strftime()` function
+- Few more little fixes
+- Typo and spelling mistakes
+- Upgrade from 4.5.0: in-place upgrade
+
+New configuration items:
+- `download_password_requirement`, `download_password_gen_len`, `download_password_gen_chars`, `download_password_policy` and `download_password_policy_regex` for configuring file download passwords
+- `admin_ip` for limiting access to the admin interface to certain IP addresses
+- `admin_http_auth_user` is now an array (the possibility to use a string is preserved for backward compatibility)
+
+## Version 4.5.0