Skip to content

@ssddanbrown ssddanbrown released this Mar 24, 2019 · 92 commits to master since this release

Security Release

This release works on the changes from v0.25.4 and v0.25.3 to include additional security measures on file uploads.

For this release, Uploaded image files which have a name that includes more than a single extension are prevented from being uploaded since these could be used to upload executable files on some web-servers. In addition, Attachment uploads are now saved with randomly generated file names to make such upload operations safer to file name exploits.

Additional Changes

This release also contains the following translation updates:

Assets 2
You can’t perform that action at this time.