Chevereto v3.14.0

Not open for further replies.


The Chevere Guru
Chevereto Staff
Chevereto v3.14.0
Released on January 2nd 2020
  • Added support for WebP
  • Added support for APNG
  • Added HTTP only and secure cookie flags
  • Added auth token at /update (CSRF)
  • Added brute force protection for cookie based login attempts
  • Added restricted paths for Bulk content importer
  • Fixed XSS vulnerability in site settings
  • Fixed XSS vulnerability in user profile
  • Fixed XSS vulnerability in WhatsApp share button
  • Fixed bug in anywhere uploader [11710]
  • Fixed bug in maintenance mode (disabled reCaptcha verify)
  • Fixed bug in missing language strings [11714]
  • Fixed bug in missing translate string [11757]
  • Fixed bug in not working SEO URLs for images [11784]
  • Fixed bug in not working "Upload to album" button [11774]
  • Fixed bug in image viewer [11775]
  • Deprecated use of HTTP_* headers for client IP resolution (must use mod_remoteip, ngx_http_realip_module)
  • Deprecated $_SESSION based login
  • Removed public access for Bulk importer job results
  • Improved login system (device based)
  • Updated dependencies (composer)
  • Updated Chinese Simplified, Dutch, German, Italian and Spanish translations
Check README.txt file and for install or update instructions. If you edited some or part of the affected files merge your changes.
Not open for further replies.