From 84217f5fba23b31cfd13406a137820812096e7f9 Mon Sep 17 00:00:00 2001 From: Matt Johnson Date: Mon, 28 Oct 2024 09:04:42 -0600 Subject: [PATCH 1/3] Add strip image metadata setting --- docs/control-panel/settings/security-privacy.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/control-panel/settings/security-privacy.md b/docs/control-panel/settings/security-privacy.md index 62c4501a8..ea345aa85 100755 --- a/docs/control-panel/settings/security-privacy.md +++ b/docs/control-panel/settings/security-privacy.md @@ -152,6 +152,10 @@ Similar to the previous setting, when turned on, this setting requires IP addres Checks all file uploads for code injection attempts before finalizing the upload. Superadmins are exempt from image XSS filtering. +### Strip Image Metadata? + +This setting will remove all metadata from an image during upload, including GPS data. This requires the Imagick PHP extension. + ### Enable Rank Denial to submitted links? When enabled, all outgoing links are sent to a redirect page. This prevents spammers from [gaining page rank](https://support.google.com/webmasters/answer/96569?hl=en). From 492aa7ad4950072cc378b85385986f57e8dae093 Mon Sep 17 00:00:00 2001 From: Tom Jaeger Date: Wed, 6 Nov 2024 11:11:00 -0500 Subject: [PATCH 2/3] updated changelog for 7.5.3 --- docs/installation/changelog.md | 36 ++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/docs/installation/changelog.md b/docs/installation/changelog.md index 5c53a031c..dedd48fdb 100755 --- a/docs/installation/changelog.md +++ b/docs/installation/changelog.md @@ -8,6 +8,42 @@ --> # ExpressionEngine v7 Change Log +# Version 7.5.3 +(Release: November 6th, 2024) + +NOTE: **Important:** This version includes important security updates. + +- **Contributors** 🙌 +
+
+ +
+
+ +**Enhancements** 🚀 + +- Added Image meta data stripping as an option (requires Image Magic when enabled) +- Removed unnecessary white line at the bottom of the version area +- Moblog Set the socket to non-blocking before checking the socket response +- Added ability to pass filename through to channel set export in code + +**Bug Fixes** 💃🐛 +- Resolved [#4569](https://github.com/ExpressionEngine/ExpressionEngine/issues/4569) where older versions of PHP might throw an error during Pro access checks +- Resolved [#4559](https://github.com/ExpressionEngine/ExpressionEngine/issues/4559) where template export could raise a PHP warning +- Resolved [#4543](https://github.com/ExpressionEngine/ExpressionEngine/issues/4543) where a PHP notice could be shown during relationship sorting +- Resolved [#4511](https://github.com/ExpressionEngine/ExpressionEngine/issues/4511) where PHP warning was shown is the cache file was already cleared +- Resolved [#4504](https://github.com/ExpressionEngine/ExpressionEngine/issues/4504) where POSTed Channel Form values were sometimes not populated correctly in case of validation error +- Resolved [#4489](https://github.com/ExpressionEngine/ExpressionEngine/issues/4489) where Upload Location filter in the File Picker did not work correctly after going into subdirectory +- Fixed [icon position](https://github.com/ExpressionEngine/ExpressionEngine/pull/4541) for required field in grid field body +- Fixed frontedit js error (contentWindow is undefined) + # Version 7.5.2 (Release: October 29, 2024) From be0c62ae5dbb692fcb474e17034e6290cec7efb7 Mon Sep 17 00:00:00 2001 From: Matt Johnson Date: Wed, 6 Nov 2024 10:24:51 -0600 Subject: [PATCH 3/3] Update changelog.md --- docs/installation/changelog.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/installation/changelog.md b/docs/installation/changelog.md index dedd48fdb..bb9a8e0e1 100755 --- a/docs/installation/changelog.md +++ b/docs/installation/changelog.md @@ -29,7 +29,7 @@ NOTE: **Important:** This version includes important security updates. **Enhancements** 🚀 -- Added Image meta data stripping as an option (requires Image Magic when enabled) +- Added image metadata stripping as an option on upload (requires Image Magic PHP extension when enabled) - Removed unnecessary white line at the bottom of the version area - Moblog Set the socket to non-blocking before checking the socket response - Added ability to pass filename through to channel set export in code @@ -38,9 +38,9 @@ NOTE: **Important:** This version includes important security updates. - Resolved [#4569](https://github.com/ExpressionEngine/ExpressionEngine/issues/4569) where older versions of PHP might throw an error during Pro access checks - Resolved [#4559](https://github.com/ExpressionEngine/ExpressionEngine/issues/4559) where template export could raise a PHP warning - Resolved [#4543](https://github.com/ExpressionEngine/ExpressionEngine/issues/4543) where a PHP notice could be shown during relationship sorting -- Resolved [#4511](https://github.com/ExpressionEngine/ExpressionEngine/issues/4511) where PHP warning was shown is the cache file was already cleared +- Resolved [#4511](https://github.com/ExpressionEngine/ExpressionEngine/issues/4511) where PHP warning was shown in the cache file was already cleared - Resolved [#4504](https://github.com/ExpressionEngine/ExpressionEngine/issues/4504) where POSTed Channel Form values were sometimes not populated correctly in case of validation error -- Resolved [#4489](https://github.com/ExpressionEngine/ExpressionEngine/issues/4489) where Upload Location filter in the File Picker did not work correctly after going into subdirectory +- Resolved [#4489](https://github.com/ExpressionEngine/ExpressionEngine/issues/4489) where Upload Location filter in the File Picker did not work correctly after going into a subdirectory - Fixed [icon position](https://github.com/ExpressionEngine/ExpressionEngine/pull/4541) for required field in grid field body - Fixed frontedit js error (contentWindow is undefined)