Skip to content
Choose a tag to compare
  • Fixed SSRF vulnerability in remote URL upload
  • Updated dependencies

Full Changelog: 1.6.1...1.6.2

Choose a tag to compare
  • Added Chevereto news section at Dashboard
  • Removes top-bar border

Full Changelog: 1.6.0...1.6.1

Choose a tag to compare
  • Added official support for Docker multi-arch
  • Added support for environment variables
  • Added doc links
  • Removes invasive upgrade remarks

Full Changelog: 1.5.1...1.6.0

Choose a tag to compare
  • Fixed LiteSpeed Web Server bug

Full Changelog: 1.5.0...1.5.1

Choose a tag to compare
  • Added enforced WebP availability
  • Added header to disable FLoC
  • Added header to disable iframe embedding
  • Migrated ownership to @rodber
  • Remove upgrade button from admin user dropdown
  • Removed Bulk importer
  • Removed FUNDING
  • Removed Moderation
  • Removed multi-language support
  • Removed subdomain wildcards
  • Updated "Powered by chevereto-free"
  • Updated default theme color

Full Changelog: 1.4.2...1.5.0

Choose a tag to compare
  • Added tag-based release artifact builder #100
    • Builds $ and $ artifacts
  • Added hardened URL upload constrains #107
    • Restrict schemes to http, https and ftp
    • Restrict to allow only public IP addresses
  • Added hardened .htaccess Apache HTTP Server restrictions #102
    • Restrict .php in public upload paths
    • Limits to only GET requests
  • Added improved installation/update instructions
    • Manual and Composer-based alternatives
  • Added extra checking for unwanted file extensions #101
    • Will now panic if a unwanted file get sneaked in the process
  • Changed image (logo, colors) #106
    • Chevereto-Free finally use it's own logo
    • Chevereto-Free now looks less like "Chevereto"
  • Changed self-update to use the new zip release artifact #109
    • Avoids .git et al and provides a smaller package
  • Fixed bug with embed codes after upload #99

Full Changelog: 1.4.1...1.4.2

Choose a tag to compare
  • Fixed XSS affecting oEmbed implementation
  • Fixed self-XSS affecting duplicate upload

Full Changelog: 1.4.0...1.4.1

Choose a tag to compare
  • Added deprecation messages
  • Changed licensing back to AGPLv3
  • Fixed XSS bug CVE-2021-31721 [12782]
  • Removed "Powered by" disabler
  • Updates dependencies

Full Changelog: 1.3.0...1.4.0

Choose a tag to compare


Forked from Chevereto v3.16.2

Photo by Tom Gainor from Unsplash

  • Added configurable homepage to route /upload
  • Added image moderation
  • Added configurable NSFW lock
  • Added database locks (replace the old filesystem based locks)
  • Added follow scroll for dashboard settings header
  • Added support for image oEmbed
  • Added support for ModerateContent
  • Deprecated listing viewer go to full screen action
  • Fixed bug in AZ listing [11638]
  • Fixed bug in footer.js.php (fatal error)
  • Fixed bug in functions.render.php [Chevereto-Free #61]
  • Fixed bug in missing translation for viewer keyboard hints
  • Fixed bug in queue locking [12401]
  • Fixed bug in user sign up (dark mode setting) [12516]
  • Fixed bug with NFS writable folders [Chevereto-Free #65]
  • Fixed bug with XenForo 2 (PUP) [12233]
  • Improved "Aw, Snap!" instructions on debug
  • Improved documentation linking in dashboard
  • Improved phpBB support for PUP [Chevereto-Free #58]
  • Updated all vendor dependencies
  • Updated Chinese Simplified, Czech, Dutch, Hebrew, Italian, Japanese, Korean, Portuguese, Russian, Spanish, Thai, Turkish, Ukrainian and Vietnamese translations

Full Changelog: 1.2.3...1.3.0

Choose a tag to compare
  • Fixes #70 (No A-Z sorting in 1.2.2)

Full Changelog: 1.2.2...1.2.3