Security and Maintenance Release

danpros released this 29 Apr 04:20

· 242 commits to master since this release

295ea2d

What's new:

Directory traversal vulnerabilities fix by @jinhaochan.
Avatar for users.
Allow to upload WebP image.
Text editor improvement. More info: #725
Language updates.
Fix inverted question mark in BBEdit (Mac). More info: #715

Note for Directory traversal vulnerabilities

These vulnerabilities can only be triggered if a user has a valid account, and is logged in.

Note for WebP image

HTMLy use getimagesize to check whether the image is valid or not. The getimagesize added WebP support in PHP 7.1

What's Changed

Update German language files by @sb0001 in #712
Update it_IT.ini by @eagleman in #713
Update zh_TW.ini to v2.9.6 by @XD9527 in #719
Security Fix by @jinhaochan in #728

New Contributors

@jinhaochan made their first contribution in #728

Full Changelog: v2.9.6...v2.9.7

Contributors

eagleman, jinhaochan, and 2 other contributors

Assets 3