Skip to content

Security and PHP8.2 compat release (No DB Patch)

Choose a tag to compare
@bbalet bbalet released this 01 May 08:52
· 3 commits to master since this release

Please download the file (as the other files require an extra step for setup)

This release requires PHP>=8.1.

This release fixes security issues and fixes some bugs.

It is recommended to change the file log extension to log instead of php in order to prevent security exploits based on log injection.
If you migrate from an older version of Jorani, please add this variable into the configuration:

$config['log_file_extension'] = 'log';

Don't forget to forbid the access to the log folder in Apache configuration.

Thanks to David Uton (m3n0sd0n4ld) for detailed security analysis