- Removed is_writable check for ../repository folder, fixes (see #423)
- Make gallary images clickable (see #411)
- Docker update, container port changed from 80 to 8080 (see #376)
Notes / Breaking Changes:
This could be a breaking change for those who use docker or docker-compose. Please check your configuration (docker-compose.yml) and update container port to 8080
- Lockout bugfix
- Added configurable lockout for incorrect login attempts (see configuration_sample.php)
- Dockerfile fix
- Estonian translation added, thanks @ihvz
- CI pipeline fix
- Docker config updated
- CI pipelines added
- Security fix, see #349
- Persian translations added
- Arabic translations added
- Brazilian Portuguese translations added
- Output buffer flush fix
- Database auth adapter session fix
- Development mode warning added, see installation docs https://docs.filegator.io/install.html
- This version patches a security vulnerabilities please upgrade asap
- Hebrew translation with RTL added, see #301 (Thanks yaniv1983)
- Romanian translation added, see #302 (Thanks enyedi)
- Default error_reporting set to pre-php8 (Fixes #307)
- Fix file deletion error when overwrite on upload #293 (Thanks iwiniwin)
- PHP 8.1 issue fixed, see #295 (Thanks bashgeek)
- Small bug fixes
- Default cookie options added: cookie_httponly=true, cookie_secure=null
- Clickjacking prevention with X-Frame-Options/Content-Security-Policy headers
- Fixes #243, #239, #246, #251, #254, #257
- Slovenian translation added, (Thanks megamiska.eu)
- Dependency bumps
- Docs update
- Default logo update to vector
Notes / Breaking Changes:
The new default value of the cookie_secure option is null, which makes cookies secure when the request is using HTTPS and doesn't modify them when the request uses HTTP. The new behavior is a good balance between making your app "safe by default" and not breaking any existing app.
If your filegator is used inside an iFrame, it may stop working after the upgrade. Set 'allow_insecure_overlays' to true to maintain compatibility. https://github.com/filegator/filegator/blob/63645f6e047eef828a96f913bd421f7018c94e05/configuration_sample.php#L75
- Better search with configurable simultaneous search limit, fixes #234
- Invalidate sessions when the user is changed, prevents session fixation (json, database)
- Cookie samesite defaults to Lax, fixes #232
- Composer update
- Flysystem patch GHSA-9f46-5r25-5wfm
- Min supported PHP version is now 7.2.5
- New csrf token key config option added
- Ldap adapter improvements, new config param for attributes, pr #184 (Thanks @lzkill)
- Logger added to security service, fixes #183
- Japanese translation added (Thanks @tubuanha)
- Two consecutive periods bugfix for #202
- Axios auto-transform json turned off, fixes #201
- Show filesize and remaining time on download #181 (Thanks @ahaenggli)
- Min supported PHP version is now 7.2
- New feature - hiding files/folders on front-end, fixes #76 (Thanks @ahaenggli)
- Fixes #135 (Thanks @ahaenggli)
- Fixes #153 (Thanks @Gui13)
- Fixes #163
- Swedish language added #174 (Thanks leifa71)
- New feature - upload folder with drag&drop, fixes #25 (Thanks @ahaenggli)
- New LDAP auth adapter (Thanks @ahaenggli)
- Fixes #17 (Thanks @ahaenggli)
- Hungarian translation added (Thanks zsolti19850610)
- New config: 'download_inline' #141 (download configured extensions inline in the browser)
- Korean language added #119 (Thanks Jinhee-Kim)
- Galician language added #126 (Thanks vinpoloaire)
- Russian language added #128 (Thanks BagriyDmitriy)
- This version patches a security vulnerability #116 please upgrade
- disabling axios response auto-transformation when editing content, fixes #110
- config params: .json and .md extensions added as 'editable' by default
- config params: timezone support added, mostly for accurate logging, defaults to UTC
- fixes #102
- inclusive terminology: BC! please replace ip_whitelist/ip_blacklist to ip_allowlist/ip_denylist in your configuration.php
- fixes #113 #108
- add mime-types to download headers
- support for vector images (svg)
- fonts update
- catch/fix NavigationDuplicated errors
- libzip BC fix
- zip adapter fix
- composer update dependencies
- npm update / audit fix
- right-click opens single file context menu
- fixes #81, #82, #86
- WordPress Auth adapter is now included in the main repo
- New config: 'guest_redirection' (useful for external auth adapters)
- More css classes so the elements can be easily hidden (e.g. add_to_head style)
- Integrated filegator#74
- Updated docs
- Translations added: Polish, Italian
- Bump symfony, dibi
- New config param: overwrite files on upload
- Download filename bugfix
- Language fix
- View PDF files in the browser (thanks @pauloklaus)
- Fixes #31 #51
- Password reveal added to login screen
- Language fix
- Fixes for #41 #42 #43 #45 #46 #47
- Slovak translation (thanks @jannyba)
- Search feature
- Better editor & image gallery
- New config:
editable
(file extensions that can be opened with editor) - New config:
date_format
- File preview & edit feature added (preview images, edit txt files)
- Translations added, Bulgarian, Serbian, French
- Translations added, Dutch, Chinese
- npm updates, vue & vue-cli
- Symfony update, fixes CVE-2019-18888
- Fix for filename sanitize/cut during upload process
- Fix for multibyte filename uploads
- Fix for UTF8 filename issues (#12) - may brake existing download links generated with previous versions
- Fixed file upload bug - merging chunks after upload was failing
- Initial release