# Chevereto 3.14.0

2020-01-02

  • Added support for WebP
  • Added support for APNG
  • Added HTTP only and secure cookie flags
  • Added auth token at /update (CSRF)
  • Added brute force protection for cookie based login attempts
  • Added restricted paths for Bulk content importer
  • Fixed XSS vulnerability in site settings
  • Fixed XSS vulnerability in user profile
  • Fixed XSS vulnerability in WhatsApp share button
  • Fixed bug in anywhere uploader [11710 (opens new window)]
  • Fixed bug in maintenance mode (disabled reCaptcha verify)
  • Fixed bug in missing language strings [11714 (opens new window)]
  • Fixed bug in missing translate string [11757 (opens new window)]
  • Fixed bug in not working SEO URLs for images [11784 (opens new window)]
  • Fixed bug in not working "Upload to album" button [11774 (opens new window)]
  • Fixed bug in image viewer [11775 (opens new window)]
  • Deprecated use of HTTP_* headers for client IP resolution (must use mod_remoteip, ngx_http_realip_module)
  • Deprecated $_SESSION based login
  • Removed public access for Bulk importer job results
  • Improved login system (device based)
  • Updated dependencies (composer)
  • Updated Chinese Simplified, Dutch, German, Italian and Spanish translations