Skip to content
v1.7.13
Compare
Choose a tag to compare

Phproject 1.7.13 includes several security fixes, most notably for XSS and file access control. Improvements for PHP 8 are also included in the release.

v1.7.12
Compare
Choose a tag to compare

Phproject 1.7.12 fixes bugs and security issues. Updating is recommended where possible.

Full Changelog: v1.7.11...v1.7.12

v1.7.11
Compare
Choose a tag to compare

Phproject 1.7.11 fixes an issue creating sprints that was introduced in 1.7.10.

Phproject 1.7.10 introduced major security fixes, so you should definitely upgrade when possible!

v1.7.10
4032f44
Compare
Choose a tag to compare

Phproject v1.7.10 includes fixes for critical security issues. It is strongly recommended to install it immediately.

This release should be compatible with typical use cases but it does introduce a breaking change to all core POST routes, so any users modifying any controller behavior should verify compatibility before upgrading.

For details on the security updates included in Phproject 1.7.10, see the related security advisory.

v1.7.9
Compare
Choose a tag to compare

This release fixes an upgrade issue introduced in v1.7.8, and improves PHP 7.4 compatibility.

Thanks to @charisma2 for reporting the compatibility issue!

v1.7.8
Compare
Choose a tag to compare

This security release fixes an issue allowing users with file upload permissions to upload and execute malicious files. It introduces a new configuration option, security.file_blacklist, which is a regular expression used to filter uploaded files by name. It also restricts access to uploaded files at the web server level, where supported.

Users on nginx should add a new location block to their configuration:

location ~ ^/uploads/ {
    deny all;
}

Big thanks to @niebardzo for reporting this issue, with an example of the exploit on our demo environment, and for responsible disclosure.

See the Advisory

v1.7.7
Compare
Choose a tag to compare

Phproject 1.7.7 adds a number of fixes and improvements, and updates some of the core code to make better use of modern PHP standards and features.

Also included are a number of updated translations:

  • Spanish additions by Alan Hardman
  • Polish additions from Piotrek Icikowski
  • Chinese additions from CuanPo Lee
v1.7.6
Compare
Choose a tag to compare

Phproject 1.7.6 adds support for PHP 7.3 and includes a variety of bug fixes.

Also, this may be the last release for some time, as I am not currently able to dedicate significant time to this project. If anyone is interested in contributor access to keep Phproject maintained, let me know via email (alan@phproject.org).

v1.7.5
Compare
Choose a tag to compare

Phproject v1.7.5 includes several bug fixes and new translations, including a complete Estonian translation from bss on Crowdin.

Changelog

Compare
Choose a tag to compare

v1.7.5a

Pre-release
Pre-release

Includes most bug fixes and changes up to v1.7.5