# Chevereto 3.14.0
2020-01-02
- Added support for WebP
- Added support for APNG
- Added HTTP only and secure cookie flags
- Added auth token at /update (CSRF)
- Added brute force protection for cookie based login attempts
- Added restricted paths for Bulk content importer
- Fixed XSS vulnerability in site settings
- Fixed XSS vulnerability in user profile
- Fixed XSS vulnerability in WhatsApp share button
- Fixed bug in anywhere uploader [11710 (opens new window)]
- Fixed bug in maintenance mode (disabled reCaptcha verify)
- Fixed bug in missing language strings [11714 (opens new window)]
- Fixed bug in missing translate string [11757 (opens new window)]
- Fixed bug in not working SEO URLs for images [11784 (opens new window)]
- Fixed bug in not working "Upload to album" button [11774 (opens new window)]
- Fixed bug in image viewer [11775 (opens new window)]
- Deprecated use of HTTP_* headers for client IP resolution (must use mod_remoteip, ngx_http_realip_module)
- Deprecated $_SESSION based login
- Removed public access for Bulk importer job results
- Improved login system (device based)
- Updated dependencies (composer)
- Updated Chinese Simplified, Dutch, German, Italian and Spanish translations