Jirafeau - Package Updates
-
[1.12.0]
- Update Jirafeau to 4.7.0
- Full Changelog
- Added feature for using shortened download links. This requires a web server that supports URL rewriting, like Apache with
mod_rewrite. - Added CSS class
tosfor addressing the link to the "Terms of Service" page - Download stats introduced in version 4.6.0 were accidentally removed in version 4.6.1. This feature is now available again.
- Generated download passwords were not shown after the upload was completed
- Uploading a file using
script.phpwith an upload password set always ended up in an "Error 2". This is fixed now.
-
[1.12.1]
- Update Jirafeau to 4.7.1
- Full Changelog
- Fixed another possibility to bypass the checks for CVE-2022-30110, CVE-2024-12326 and CVE-2025-7066 (prevent preview of SVG images and other critical files) by sending a manipulated HTTP request with a MIME type like "image". When doing the preview, the browser tries to automatically detect the MIME type resulting in detecting SVG and possibly executing JavaScript code. To prevent this, MIME sniffing is disabled.
- The default value of
max_upload_chunk_size_byteswas set to5000000. Higher values could trigger a bug Chromium-based browsers on servers with HTTP/3 enabled, causing asynchronous uploads to fail.
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login