Jirafeau - Package Updates

nebulon

You can use this thread to track updates to the Jirafeau package.

Please open issues in a separate topic instead of replying here.

nebulon

[0.1.0]

• Initial version

nebulon

[0.2.0]

• Add cron job to cleanup expired files

girish

[0.3.0]

• Set the trust proxy IP

girish

[1.0.0]

• Run apache on port 8000

girish

[1.1.0]

• Update base image to v3
• Update PHP to 7.4

girish

[1.2.0]

• Make it possible to create a custom theme

girish

[1.3.0]

• Update base image to 3.2.0

girish

[1.4.0]

• Update Jirafeau to 4.4.0

nebulon

[1.5.0]

• Update Jirafeau to 4.5.0
• Full changelog
• Even more new translation, thanks a lot to all contributors!
• Support for automatic dark theme
• Fixed wobling admin buttons (light and dark default themes)
• Disable file deduplication by default
• Fix side effects of setting too high values in php configuration for async upload
• Add support for X-Sendfile
• Retry on more type of possible errors
• Move docker image to PHP 8.1
• Print more error details in case of issue
• Few more little fixes

girish

[1.6.0]

• Update base image to 4.0.0

girish

[1.6.1]

• Better config.php

girish

[1.7.0]

• Update base image to 4.2.0

Package Updates

[1.8.0]

• Update Jirafeau to 4.6.0
• Full changelog
• New configuration options for allowing to require, check or generate file download passwords
• Re-implemented server side encryption using PHP's Sodium extension (the formerly used mcrypt extension is deprecated)
• Keep and show basic download stats
• Removed Lighttpd's mod_usertrack from Docker config
• Added <meta name="viewport" to template header to support responsive themes

Package Updates

[1.8.1]

• Update Jirafeau to 4.6.1
• Full Changelog
• Removed the download button and the corresponding link for encrypted files from the admin interface
• Fixed an issue with sending the wrong filesize after decrypting an encrypted file
• Fixed the possibility to bypass the check for CVE-2022-30110 (prevent preview of SVG images) by sending a manipulated HTTP request with a MIME type like "image/svg+XML".
• We now provide Docker images for AMD64 and ARM64 systems
• Lots of code refactoring and cleanup
• Few more little fixes
• Typo and spelling mistakes

Package Updates

[1.9.0]

• symlink custom tos to /app/data/tos.local.txt

Package Updates

[1.9.1]

• Update Jirafeau to 4.6.2
• Full Changelog
• Allow to configure the language and the availabilities for files for a Docker container (issue #​20)
• Added an example docker-compose.yaml file for configuring the Docker container
• Fixed an error occuring on some systems while building the Docker image (issue #​24)
• Script upload was broken due to a missing return statement (issue #​23)
• Upgrade from 4.6.1: in-place upgrade

Package Updates

[1.10.0]

• Update base image to 5.0.0

Package Updates

[1.11.0]

• add checklist

Package Updates

[1.11.1]

• Update Jirafeau to 4.6.3
• Full Changelog
• Fixed the possibility to bypass the checks for CVE-2022-30110 and CVE-2024-12326 (prevent preview of SVG images and other critical files) by sending a manipulated HTTP request with a MIME type like "image/png,text/html". When doing the preview, the MIME type "text/html" takes precedence and you can execute for example JavaScript code.
• Compare password hashes using hash_equals()