Skip to content

@Alanaktion Alanaktion released this Apr 21, 2020 · 1 commit to master since this release

This release fixes an upgrade issue introduced in v1.7.8, and improves PHP 7.4 compatibility.

Thanks to @charisma2 for reporting the compatibility issue!

Assets 3

@Alanaktion Alanaktion released this Apr 20, 2020 · 6 commits to master since this release

This security release fixes an issue allowing users with file upload permissions to upload and execute malicious files. It introduces a new configuration option, security.file_blacklist, which is a regular expression used to filter uploaded files by name. It also restricts access to uploaded files at the web server level, where supported.

Users on nginx should add a new location block to their configuration:

location ~ ^/uploads/ {
    deny all;
}

Big thanks to @niebardzo for reporting this issue, with an example of the exploit on our demo environment, and for responsible disclosure.

See the Advisory

Assets 3

@Alanaktion Alanaktion released this Nov 20, 2019 · 17 commits to master since this release

Phproject 1.7.7 adds a number of fixes and improvements, and updates some of the core code to make better use of modern PHP standards and features.

Also included are a number of updated translations:

  • Spanish additions by Alan Hardman
  • Polish additions from Piotrek Icikowski
  • Chinese additions from CuanPo Lee
Assets 3

@Alanaktion Alanaktion released this Dec 24, 2018 · 41 commits to master since this release

Phproject 1.7.6 adds support for PHP 7.3 and includes a variety of bug fixes.

Also, this may be the last release for some time, as I am not currently able to dedicate significant time to this project. If anyone is interested in contributor access to keep Phproject maintained, let me know via email (alan@phproject.org).

Assets 3

@Alanaktion Alanaktion released this Sep 5, 2018 · 48 commits to master since this release

Phproject v1.7.5 includes several bug fixes and new translations, including a complete Estonian translation from bss on Crowdin.

Changelog

Assets 3
Pre-release
Pre-release

@Alanaktion Alanaktion released this Sep 5, 2018 · 49 commits to master since this release

Includes most bug fixes and changes up to v1.7.5

Assets 2

@Alanaktion Alanaktion released this May 1, 2018 · 71 commits to master since this release

Version 1.7.4 includes a bug fix for v1.7.3 and earlier's session management on PHP 7, as well as the latest version of the Fat-free framework, which includes several bug fixes and feature enhancements. Upgrading directly to this release instead of v1.7.3 is recommended to avoid session errors.

Assets 3

@Alanaktion Alanaktion released this Feb 19, 2018 · 80 commits to master since this release

Release 1.7.3 fixes an issue with updating older versions to 1.7.2.

Assets 3

@Alanaktion Alanaktion released this Feb 8, 2018 · 83 commits to master since this release

Phproject 1.7.2 includes several bug fixes primarily focused on PHP 7.2 compatibility.

Assets 3

@Alanaktion Alanaktion released this Jan 3, 2018 · 90 commits to master since this release

Phproject 1.7.1 fixes a critical bug in Phproject 1.7. All 1.7 users should upgrade immediately.

Assets 3
You can’t perform that action at this time.