Chevereto v3.14.0

Status
Not open for further replies.

Rodolfo

Chevereto Developer
Chevereto Staff
Hey there,

The next minor release is in the works and this is the changelog (so far):

Chevereto v3.14.0 pre-release notes
  • Added support for WebP
  • Added brute force protection for cookie based login attempts
  • Added auth token at /update (CSRF)
  • Added HTTP only and secure cookie flags
  • Added restricted paths for Bulk content importer
  • Improved login system (device based)
  • Fixed XSS vulnerability in site settings
  • Fixed XSS vulnerability in user profile
  • Fixed XSS vulnerability in WhatsApp share button
  • Fixed bug in anywhere uploader [11710]
  • Updated dependencies (composer)
  • Deprecated $_SESSION based login
  • Deprecated use of HTTP_* headers for client IP resolution
  • Removed public access for Bulk importer job results
This release provides support for WebP and must-have security fixes. As the changes are really massive, there will be a beta for this release within the following weeks.

Hope you like the update,
Rodolfo.

P.S. If you want to join the beta please let me know in the comments below. Please note before asking beta access: A beta release is not intended to run in production, it doesn't have the same support response and is not stable.
 

DeCysos

Phoenix Foto Service
Beta tester
Please access the beta program

Testing is done on different servers:
  1. Apache Server - MariaDB - php 7.3 - (Online)
  2. Apache Server - MariaDB - php 7.4 - (Online)
  3. Nginx Server - MariaDB - php 7.3 - (Offline @home VirtualBox)
--------------------------------
one please
The implementation of an external data store via FTPS
Currently I have rewritten the normal FTP connection in the live system to an FTPS connection. Since all my FTP servers only allow secure connections.

SFTP connections are not possible for some reason? Apparently missing a variable but the server requires. Port number maybe? Because I use others.
 
Last edited:

Rodolfo

Chevereto Developer
Chevereto Staff
I've added more features:
  • Improved login system (device based)
    Prior to this release, login for social networks was limited to one session at the time, meaning that you couldn't login in two devices at the same time or that you will get logged out at times. This has been completely changed in 3.14.0, login now works with device-based cookies which will allow us to control exactly all the logged devices and don't cause conflict among each other.

    Eventually, this will allow to list all the known login sessions and end users will be able to disconnect other devices. This may be useful for security or for merely keep a control of the account access.

  • Removed public access for Bulk importer job results
    The Bulk importer jobs are stored in plan txt log files. These now require admin access.

  • Updated dependencies (composer)
    All the third-party PHP dependencies have been updated. The goal is to support PHP 7.4 which seems that won't be any trouble (PHP 7.4 is already running in the demo).
I'm still working in the new login stuff, hope to get the beta ready by the next week.

The translation package should be ready within this week, it will include several strings that needs to be translated.
 

DeCysos

Phoenix Foto Service
Beta tester
Try now, hope it works otherwise it will be a very long week.
Everything accessible again----
edit 1: for a moment ^^
edit 2: work now
edit 3: Ah, I'd rather not look in anymore, I'm probably tinkering right now ;)
 
Last edited:

Rodolfo

Chevereto Developer
Chevereto Staff
I was right there watching the failed requests table. I spotted an issue and I fixed it already.

It will be burning by tomorrow, who knows :eek:
 

a925540390

Core license
License owner
[QUOTE =“ Rodolfo,帖子:60545,成员:1”]
我在那儿看着失败的请求表。我发现了一个问题,并且已经解决了。

明天会燃烧的,谁知道 :eek:
[/引用]
您好,根据我上次对Webp支持的反馈,很高兴您可以采纳此建议。不幸的是,在根据自定义进行修改后,我可以有限地支持webp上传。例如,webp具有静态图像和动态图像。成功上传Webp静态图像。Webp动态图像失败。我希望在新版本中解决此类问题。
 

Rodolfo

Chevereto Developer
Chevereto Staff
I didn't knew that webp has animation until few days ago when @DeCysos mentioned it. There's also animated png.

Support for both with be added eventually in 3.14.X
 

a925540390

Core license
License owner
Recently, I found another problem. It seems that the IOS system does not yet support webp. Can I use a picture bed to convert uploaded webp images, dynamically convert them to gif, statically convert them to png & jpg, and determine whether users use IOS in order to replace the link for the converted image.
 

Rodolfo

Chevereto Developer
Chevereto Staff
The problem with Apple is that they have their own next-gen format and as always, their force everybody to fit their universe. For now, I don't have any intentions for iOS workarounds regarding WebP.
 
Status
Not open for further replies.
Top