v4.0.1

misterunknown released this 23 Nov 14:59

· 31 commits to master since this release

4ff8fe8

Release info

This is mainly a security update release. It prevents a SSRF attack via the "remote upload" function.

Other notable changes:

includes are now done via ### instead of @@@ to keep valid PHP syntax (e.g. to use php -l
detect browser language instead of use config value
docker: bugfix installation of php extensions

For more check the full changelog below.

Special thanks to @novashdima for contributing and 季宇辰 for pointing out the SSRF security issue.

Full Changelog: v4.0.0...v4.0.1

Contributors

novashdima

Assets 8