Chevereto v3.14.0

Status
Not open for further replies.

Rodolfo

The Chevere Guru
Chevereto Staff
Chevereto v3.14.0
Released on January 2nd 2020
  • Added support for WebP
  • Added support for APNG
  • Added HTTP only and secure cookie flags
  • Added auth token at /update (CSRF)
  • Added brute force protection for cookie based login attempts
  • Added restricted paths for Bulk content importer
  • Fixed XSS vulnerability in site settings
  • Fixed XSS vulnerability in user profile
  • Fixed XSS vulnerability in WhatsApp share button
  • Fixed bug in anywhere uploader [11710]
  • Fixed bug in maintenance mode (disabled reCaptcha verify)
  • Fixed bug in missing language strings [11714]
  • Fixed bug in missing translate string [11757]
  • Fixed bug in not working SEO URLs for images [11784]
  • Fixed bug in not working "Upload to album" button [11774]
  • Fixed bug in image viewer [11775]
  • Deprecated use of HTTP_* headers for client IP resolution (must use mod_remoteip, ngx_http_realip_module)
  • Deprecated $_SESSION based login
  • Removed public access for Bulk importer job results
  • Improved login system (device based)
  • Updated dependencies (composer)
  • Updated Chinese Simplified, Dutch, German, Italian and Spanish translations
Check README.txt file and http://chevereto.com/docs for install or update instructions. If you edited some or part of the affected files merge your changes.
 
Status
Not open for further replies.
Top