Jirafeau - Package Updates
-
[1.8.0]
- Update Jirafeau to 4.6.0
- Full changelog
- New configuration options for allowing to require, check or generate file download passwords
- Re-implemented server side encryption using PHP's Sodium extension (the formerly used mcrypt extension is deprecated)
- Keep and show basic download stats
- Removed Lighttpd's mod_usertrack from Docker config
- Added
<meta name="viewport"to template header to support responsive themes
-
[1.8.1]
- Update Jirafeau to 4.6.1
- Full Changelog
- Removed the download button and the corresponding link for encrypted files from the admin interface
- Fixed an issue with sending the wrong filesize after decrypting an encrypted file
- Fixed the possibility to bypass the check for CVE-2022-30110 (prevent preview of SVG images) by sending a manipulated HTTP request with a MIME type like "image/svg+XML".
- We now provide Docker images for AMD64 and ARM64 systems
- Lots of code refactoring and cleanup
- Few more little fixes
- Typo and spelling mistakes
-
[1.9.0]
- symlink custom tos to
/app/data/tos.local.txt
- symlink custom tos to
-
[1.9.1]
- Update Jirafeau to 4.6.2
- Full Changelog
- Allow to configure the language and the availabilities for files for a Docker container (issue #20)
- Added an example
docker-compose.yamlfile for configuring the Docker container - Fixed an error occuring on some systems while building the Docker image (issue #24)
- Script upload was broken due to a missing
returnstatement (issue #23) - Upgrade from 4.6.1: in-place upgrade
-
[1.10.0]
- Update base image to 5.0.0
-
[1.11.0]
- add checklist
-
[1.11.1]
- Update Jirafeau to 4.6.3
- Full Changelog
- Fixed the possibility to bypass the checks for CVE-2022-30110 and CVE-2024-12326 (prevent preview of SVG images and other critical files) by sending a manipulated HTTP request with a MIME type like "image/png,text/html". When doing the preview, the MIME type "text/html" takes precedence and you can execute for example JavaScript code.
- Compare password hashes using
hash_equals()
-
[1.12.0]
- Update Jirafeau to 4.7.0
- Full Changelog
- Added feature for using shortened download links. This requires a web server that supports URL rewriting, like Apache with
mod_rewrite. - Added CSS class
tosfor addressing the link to the "Terms of Service" page - Download stats introduced in version 4.6.0 were accidentally removed in version 4.6.1. This feature is now available again.
- Generated download passwords were not shown after the upload was completed
- Uploading a file using
script.phpwith an upload password set always ended up in an "Error 2". This is fixed now.
