Skip to content

Releases: Alanaktion/phproject

v1.7.14

31 Jan 00:14
@Alanaktion Alanaktion
v1.7.14
This tag was signed with the committer’s verified signature.
Alanaktion Alan Hardman
GPG key ID: 27A79A65774B4AF0
Learn about vigilant mode.
d5739cf
Compare
Choose a tag to compare
v1.7.14 Latest
Latest

This release adds several improvements and fixes, notably:

  • Full support for PHP 8.1 and 8.2 (#406, #410)
  • Updated translations
  • Improvements to restricted access mode, allowing issue authors to access their created issues (#413)
  • All third-party libraries are updated to their latest compatible release (both JS and PHP)

Breaking changes:

  • PHP < 7.4 is no longer supported — Phproject aims to support any active PHP release as well as any PHP version actively supported by an Ubuntu LTS release (Currently PHP 7.4, 8.0, 8.1, and 8.2)
Assets 3

1.7.13

12 Mar 19:12
@Alanaktion Alanaktion
v1.7.13
This tag was signed with the committer’s verified signature.
Alanaktion Alan Hardman
GPG key ID: 27A79A65774B4AF0
Learn about vigilant mode.
bc48348
Compare
Choose a tag to compare
1.7.13

Phproject 1.7.13 includes several security fixes, most notably for XSS and file access control. Improvements for PHP 8 are also included in the release.

Assets 3

v1.7.12

28 Jan 03:49
@Alanaktion Alanaktion
v1.7.12
This tag was signed with the committer’s verified signature.
Alanaktion Alan Hardman
GPG key ID: 27A79A65774B4AF0
Learn about vigilant mode.
11989f5
Compare
Choose a tag to compare
v1.7.12

Phproject 1.7.12 fixes bugs and security issues. Updating is recommended where possible.

Full Changelog: v1.7.11...v1.7.12

Assets 3

v1.7.11

14 Sep 03:46
@Alanaktion Alanaktion
v1.7.11
This tag was signed with the committer’s verified signature.
Alanaktion Alan Hardman
GPG key ID: 27A79A65774B4AF0
Learn about vigilant mode.
643926a
Compare
Choose a tag to compare
v1.7.11

Phproject 1.7.11 fixes an issue creating sprints that was introduced in 1.7.10.

Phproject 1.7.10 introduced major security fixes, so you should definitely upgrade when possible!

Assets 3

v1.7.10

10 Sep 23:20
@Alanaktion Alanaktion
v1.7.10
This tag was signed with the committer’s verified signature.
Alanaktion Alan Hardman
GPG key ID: 27A79A65774B4AF0
Learn about vigilant mode.
4032f44
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.7.10

Phproject v1.7.10 includes fixes for critical security issues. It is strongly recommended to install it immediately.

This release should be compatible with typical use cases but it does introduce a breaking change to all core POST routes, so any users modifying any controller behavior should verify compatibility before upgrading.

For details on the security updates included in Phproject 1.7.10, see the related security advisory.

Assets 3

v1.7.9

21 Apr 15:33
@Alanaktion Alanaktion
v1.7.9
This tag was signed with the committer’s verified signature.
Alanaktion Alan Hardman
GPG key ID: 27A79A65774B4AF0
Learn about vigilant mode.
5c4cfda
Compare
Choose a tag to compare
v1.7.9

This release fixes an upgrade issue introduced in v1.7.8, and improves PHP 7.4 compatibility.

Thanks to @charisma2 for reporting the compatibility issue!

Assets 3

v1.7.8

20 Apr 23:09
@Alanaktion Alanaktion
v1.7.8
This tag was signed with the committer’s verified signature.
Alanaktion Alan Hardman
GPG key ID: 27A79A65774B4AF0
Learn about vigilant mode.
78e0090
Compare
Choose a tag to compare
v1.7.8

This security release fixes an issue allowing users with file upload permissions to upload and execute malicious files. It introduces a new configuration option, security.file_blacklist, which is a regular expression used to filter uploaded files by name. It also restricts access to uploaded files at the web server level, where supported.

Users on nginx should add a new location block to their configuration:

location ~ ^/uploads/ {
    deny all;
}

Big thanks to @niebardzo for reporting this issue, with an example of the exploit on our demo environment, and for responsible disclosure.

See the Advisory

Assets 3

v1.7.7

20 Nov 18:02
@Alanaktion Alanaktion
v1.7.7
This tag was signed with the committer’s verified signature.
Alanaktion Alan Hardman
GPG key ID: 27A79A65774B4AF0
Learn about vigilant mode.
ca34ae6
Compare
Choose a tag to compare
v1.7.7

Phproject 1.7.7 adds a number of fixes and improvements, and updates some of the core code to make better use of modern PHP standards and features.

Also included are a number of updated translations:

  • Spanish additions by Alan Hardman
  • Polish additions from Piotrek Icikowski
  • Chinese additions from CuanPo Lee
Assets 3

v1.7.6

24 Dec 17:25
@Alanaktion Alanaktion
v1.7.6
This tag was signed with the committer’s verified signature.
Alanaktion Alan Hardman
GPG key ID: 27A79A65774B4AF0
Learn about vigilant mode.
2ac15c2
Compare
Choose a tag to compare
v1.7.6

Phproject 1.7.6 adds support for PHP 7.3 and includes a variety of bug fixes.

Also, this may be the last release for some time, as I am not currently able to dedicate significant time to this project. If anyone is interested in contributor access to keep Phproject maintained, let me know via email (alan@phproject.org).

Assets 3

v1.7.5

05 Sep 14:49
@Alanaktion Alanaktion
v1.7.5
This tag was signed with the committer’s verified signature.
Alanaktion Alan Hardman
GPG key ID: 27A79A65774B4AF0
Learn about vigilant mode.
05e9443
Compare
Choose a tag to compare
v1.7.5

Phproject v1.7.5 includes several bug fixes and new translations, including a complete Estonian translation from bss on Crowdin.

Changelog

Assets 3