-# Note about upgrading
+# Jirafeau's change log
+
+## Note about upgrading
"in-place upgrade" refers to this general procedure:
1. Backup your Jirafeau installation!
2. Block access to Jirafeau
-3. Checkout the new version with Git using the [tagged release](https://gitlab.com/mojo42/Jirafeau/tags)
+3. Checkout the new version with Git using the [tagged release](https://gitlab.com/jirafeau/Jirafeau/tags)
* If you have installed Jirafeau just by uploading files on your server, you can download the desired version, overwrite/remove all files and chown/chmod files if needed. Keep a backup of your local configuration file tough.
4. With you browser, go to your Jirafeau root page
5. Follow the installation wizard, it should propose you the same data folder or even update automatically
6. Check your `/lib/config.local.php` and compare it with the `/lib/config.original.php` to see if new configuration items are available. If a new item is missing in your `config.local.php`, this may trigger some errors as Jirafeau may expect to have them.
-# version 4.5
+## Version 4.6.1
+
+- Removed the download button and the corresponding link for encrypted files from the admin interface
+- Fixed an issue with sending the wrong filesize after decrypting an encrypted file
+- Fixed the possibility to bypass the check for CVE-2022-30110 (prevent preview of SVG images) by sending a manipulated HTTP request with a MIME type like "image/svg+XML".
+- We now provide Docker images for AMD64 and ARM64 systems
+- Lots of code refactoring and cleanup
+- Few more little fixes
+- Typo and spelling mistakes
+- Upgrade from 4.6.0: in-place upgrade
+
+New configuration items:
+- `one_time_download_preselected` for preselecting the checkbox for deleting the file after the first download
-- Fix side effects of setting too high values in php configuration.
+## Version 4.6.0
+
+- New configuration options for allowing to require, check or generate file download passwords
+- Re-implemented server side encryption using PHP's `Sodium` extension (the formerly used `mcrypt` extension is deprecated)
+- Keep and show basic download stats
+- Removed Lighttpd's `mod_usertrack` from Docker config
+- Added `<meta name="viewport"…` to template header to support responsive themes
+- Removed usage of deprecated `strftime()` function
+- Few more little fixes
+- Typo and spelling mistakes
+- Upgrade from 4.5.0: in-place upgrade
+
+New configuration items:
+- `download_password_requirement`, `download_password_gen_len`, `download_password_gen_chars`, `download_password_policy` and `download_password_policy_regex` for configuring file download passwords
+- `admin_ip` for limiting access to the admin interface to certain IP addresses
+- `admin_http_auth_user` is now an array (the possibility to use a string is preserved for backward compatibility)
+
+## Version 4.5.0
+
+- Even more new translation, thanks a lot to all contributors!
+- Support for automatic dark theme
+- Fixed wobling admin buttons (light and dark default themes)
+- Disable file deduplication by default
+- Fix side effects of setting too high values in php configuration for async upload
+- Add support for X-Sendfile
+- Retry on more type of possible errors
+- Move docker image to PHP 8.1
+- Print more error details in case of issue
+- Few more little fixes
+- IRC channel to discuss :)
New configuration items:
-- `max_upload_chunk_size_bytes` option
+- `max_upload_chunk_size_bytes` option
+- `dark_style` option
+- Defaulting `file_hash` option from `md5` to `random`
-# version 4.4.0
+## Version 4.4.0
- Add docker options
- Admin pannel can output informations for bug opening
New configuration items:
- `fortnight` value in `availabilities` array (default to `true`)
-# version 4.3.0
+## Version 4.3.0
- Fix various docker errors
- Fix various upload errors
New configuration items:
- `store_uploader_ip` (default to `true`)
-# version 4.2.0
+## Version 4.2.0
- New file_hash option to eventually speed-up file identification process
- one_time_download is now optional
- Romanian lang support and other various lang support
- Upgrade from 4.1.1: in-place upgrade
-# Version 4.1.1
+## Version 4.1.1
- Fix lang sanity check
- Upgrade from 4.1.0: in-place upgrade
-# Version 4.1.0
+## Version 4.1.0
- Fix upload password and allowed ip (#201)
- Code refactorisation of IP checking
- More languages supported and language fixes
- Upgrade from 4.0.0: in-place upgrade
-# Version 4.0.0
+## Version 4.0.0
- Removed plain-text password support for admin auth (breaking change).
- Default folder sub-division to 8 characters (breaking change).
- Other minor bug fixes
- More languages supported
-## Upgrade from 3.4.1 to 4.0.0
+### Upgrade from 3.4.1 to 4.0.0
You may have to change your administrator password in your config file as admin password are only stored using sha256 (SHA2).
To do so, edit `lib/config.local.php` and update `admin_password` option using `echo -n MyNewPassw0rd | sha256sum` command.
find links -type f | while read link; do bn="$(basename "$link")"; mkdir "links/$bn"; mv "$link" "links/$bn/"; done; find links -maxdepth 1 -type d -iname "?" -exec rm -rf {} \;
```
-# Version 3.4.1
+## Version 3.4.1
- Security fixes, thanks [Bishopfox Team](https://www.bishopfox.com/)
- Translation fixes
- other minor fixes
- Upgrade from 3.4.0: in-place upgrade
-# Version 3.4.0
+## Version 3.4.0
- Add encryption support in bash script
- Refactoring of lang system for simpler management
- Fixed some spelling issues
- Upgrade from 3.3.0 : in-place upgrade
-# Version 3.3.0
+## Version 3.3.0
- Added Docker Support
- Added a copy button next to links to copy URLs in clipboard
- Removed useless alias API support (some old toy)
- Upgrade from 3.2.1 : in-place upgrade
-# Version 3.2.1
+## Version 3.2.1
- fix download view after an upload
- Upgrade from 3.2.0 : in-place upgrade
-# Version 3.2.0
+## Version 3.2.0
- Update translations from Update translations from weblate
- Better style
- Fix regression on admin password setting
- Upgrade from 3.1.0 : in-place upgrade
-# Version 3.1.0
+## Version 3.1.0
- Fix regression on user authentication (see #113)
- Some cosmetic change
- Upgrade from 3.0.0 : in-place upgrade
-# Version 3.0.0
+## Version 3.0.0
- Remove XHTML doctype, support HTML5 only → breaking change for older browsers
- Remove redundant code
- Fix UI glitches in admin panel and upload form
- Upgrade from 2.0.0 : in-place upgrade
-# Version 2.0.0
+## Version 2.0.0
- Various documentation improvements
- Simplify automatic generation of local configuration file
- Bash Script: Enhanced help, show version, return link to web view as well
- »Terms of Service« refactored - Enable admin to overwrite the ToS, without changing existing source code → breaking, see upgrade notes
-## Upgrade from version 1.2.0 to 2.0.0
+### Upgrade from version 1.2.0 to 2.0.0
The "Terms of Service" text file changed.
To reuse a custom version of your ToS, move your ```/tos_text.php``` file to ```/lib/tos.local.txt``` and remove all HTML und PHP Tags, leaving a regular text file.
-# Version 1.2.0
+## Version 1.2.0
- Link on API page to generate bash script
- More informative error codes for API
- Code cleanups
- Upgrade from 1.1: in-place upgrade
-# Version 1.1
+## Version 1.1
- New skins
- Add optional server side encryption
- Preview URL
- Get Jirafeau's version in admin interface
-### From version 1.0 to 1.1
+### Upgrade from version 1.0 to 1.1
- Download URL changed. Add a rewrite rule in your web server configuration to rename ```file.php``` to ```f.php``` to make older, still existing links work again-
- The default theme changed. Optionally change the theme in ```lib/config.local.php``` to "courgette"