Chevereto 3.14.0.beta.1 (2019-12-20)
- Added support for WebP
- Added brute force protection for cookie based login attempts
- Added HTTP only and secure cookie flags
- Added auth token at /update (CSRF)
- Added restricted paths for Bulk content importer
- Improved login system (cookie device based)
- Fixed XSS vulnerability in site settings
- Fixed XSS vulnerability in user profile
- Fixed XSS vulnerability in WhatsApp share button
- Fixed bug in anywhere uploader [11710]
- Fixed bug in maintenance mode (disabled reCaptcha verify)
- Fixed bug in missing translate for "flood" string [11757]
- Fixed bug with missing language strings [11714]
- Deprecated use of HTTP_* headers for client IP resolution
- Deprecated $_SESSION based login
- Removed public access for Bulk importer job results
- Updated dependencies (composer)
- Updated German, Italian and Spanish translations
Check README.txt file and http://chevereto.com/docs for install or update instructions. If you edited some or part of the affected files merge your changes.
- Added support for WebP
- Added brute force protection for cookie based login attempts
- Added HTTP only and secure cookie flags
- Added auth token at /update (CSRF)
- Added restricted paths for Bulk content importer
- Improved login system (cookie device based)
- Fixed XSS vulnerability in site settings
- Fixed XSS vulnerability in user profile
- Fixed XSS vulnerability in WhatsApp share button
- Fixed bug in anywhere uploader [11710]
- Fixed bug in maintenance mode (disabled reCaptcha verify)
- Fixed bug in missing translate for "flood" string [11757]
- Fixed bug with missing language strings [11714]
- Deprecated use of HTTP_* headers for client IP resolution
- Deprecated $_SESSION based login
- Removed public access for Bulk importer job results
- Updated dependencies (composer)
- Updated German, Italian and Spanish translations
Check README.txt file and http://chevereto.com/docs for install or update instructions. If you edited some or part of the affected files merge your changes.