Chevereto 3.14.0

2020-01-02

• Added support for WebP
• Added support for APNG
• Added HTTP only and secure cookie flags
• Added auth token at /update (CSRF)
• Added brute force protection for cookie based login attempts
• Added restricted paths for Bulk content importer
• Fixed XSS vulnerability in site settings
• Fixed XSS vulnerability in user profile
• Fixed XSS vulnerability in WhatsApp share button
• Fixed bug in anywhere uploader [11710 (opens new window)]
• Fixed bug in maintenance mode (disabled reCaptcha verify)
• Fixed bug in missing language strings [11714 (opens new window)]
• Fixed bug in missing translate string [11757 (opens new window)]
• Fixed bug in not working SEO URLs for images [11784 (opens new window)]
• Fixed bug in not working "Upload to album" button [11774 (opens new window)]
• Fixed bug in image viewer [11775 (opens new window)]
• Deprecated use of HTTP_* headers for client IP resolution (must use mod_remoteip, ngx_http_realip_module)
• Deprecated $_SESSION based login
• Removed public access for Bulk importer job results
• Improved login system (device based)
• Updated dependencies (composer)
• Updated Chinese Simplified, Dutch, German, Italian and Spanish translations