X-Git-Url: https://git.p6c8.net/jirafeau_project.git/blobdiff_plain/6eca3aa915782488ab0d688d7397c42e3fdf30b4..refs/heads/master:/CHANGELOG.md?ds=inline diff --git a/CHANGELOG.md b/CHANGELOG.md index d2598a0..13564df 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,23 +1,68 @@ -# Note about upgrading +# Jirafeau's change log + +## Note about upgrading "in-place upgrade" refers to this general procedure: 1. Backup your Jirafeau installation! 2. Block access to Jirafeau -3. Checkout the new version with Git using the [tagged release](https://gitlab.com/mojo42/Jirafeau/tags) +3. Checkout the new version with Git using the [tagged release](https://gitlab.com/jirafeau/Jirafeau/tags) * If you have installed Jirafeau just by uploading files on your server, you can download the desired version, overwrite/remove all files and chown/chmod files if needed. Keep a backup of your local configuration file tough. 4. With you browser, go to your Jirafeau root page 5. Follow the installation wizard, it should propose you the same data folder or even update automatically 6. Check your `/lib/config.local.php` and compare it with the `/lib/config.original.php` to see if new configuration items are available. If a new item is missing in your `config.local.php`, this may trigger some errors as Jirafeau may expect to have them. -# version 4.5 +## Version 4.6.1 + +- Removed the download button and the corresponding link for encrypted files from the admin interface +- Fixed an issue with sending the wrong filesize after decrypting an encrypted file +- Fixed the possibility to bypass the check for CVE-2022-30110 (prevent preview of SVG images) by sending a manipulated HTTP request with a MIME type like "image/svg+XML". +- We now provide Docker images for AMD64 and ARM64 systems +- Lots of code refactoring and cleanup +- Few more little fixes +- Typo and spelling mistakes +- Upgrade from 4.6.0: in-place upgrade + +New configuration items: +- `one_time_download_preselected` for preselecting the checkbox for deleting the file after the first download -- Fix side effects of setting too high values in php configuration. +## Version 4.6.0 + +- New configuration options for allowing to require, check or generate file download passwords +- Re-implemented server side encryption using PHP's `Sodium` extension (the formerly used `mcrypt` extension is deprecated) +- Keep and show basic download stats +- Removed Lighttpd's `mod_usertrack` from Docker config +- Added `