1.6.2

• Fixed SSRF vulnerability in remote URL upload
• Updated dependencies

Full Changelog: 1.6.1...1.6.2

1.6.1

• Added Chevereto news section at Dashboard
• Removes top-bar border

Full Changelog: 1.6.0...1.6.1

1.6.0

• Added official support for Docker multi-arch
• Added support for environment variables
• Added chevereto-free.github.io doc links
• Removes invasive upgrade remarks

Full Changelog: 1.5.1...1.6.0

1.5.1

• Fixed LiteSpeed Web Server bug

Full Changelog: 1.5.0...1.5.1

1.5.0

• Added enforced WebP availability
• Added header to disable FLoC
• Added header to disable iframe embedding
• Migrated ownership to @rodber
• Remove upgrade button from admin user dropdown
• Removed Bulk importer
• Removed FUNDING
• Removed Moderation
• Removed multi-language support
• Removed subdomain wildcards
• Updated "Powered by chevereto-free"
• Updated default theme color

Full Changelog: 1.4.2...1.5.0

1.4.2

• Added tag-based release artifact builder #100
  • Builds $TAG.zip and $TAG-dev.zip artifacts
• Added hardened URL upload constrains #107
  • Restrict schemes to http, https and ftp
  • Restrict to allow only public IP addresses
• Added hardened .htaccess Apache HTTP Server restrictions #102
  • Restrict .php in public upload paths
  • Limits to only GET requests
• Added improved installation/update instructions
  • Manual and Composer-based alternatives
• Added extra checking for unwanted file extensions #101
  • Will now panic if a unwanted file get sneaked in the process
• Changed image (logo, colors) #106
  • Chevereto-Free finally use it's own logo
  • Chevereto-Free now looks less like "Chevereto"
• Changed self-update to use the new zip release artifact #109
  • Avoids .git et al and provides a smaller package
• Fixed bug with embed codes after upload #99

Full Changelog: 1.4.1...1.4.2

1.4.1

• Fixed XSS affecting oEmbed implementation
• Fixed self-XSS affecting duplicate upload

Full Changelog: 1.4.0...1.4.1

1.4.0

• Added deprecation messages
• Changed licensing back to AGPLv3
• Fixed XSS bug CVE-2021-31721 [12782]
• Removed "Powered by" disabler
• Updates dependencies

Full Changelog: 1.3.0...1.4.0

1.3.0

Forked from Chevereto v3.16.2

Photo by Tom Gainor from Unsplash

• Added configurable homepage to route /upload
• Added image moderation
• Added configurable NSFW lock
• Added database locks (replace the old filesystem based locks)
• Added follow scroll for dashboard settings header
• Added support for image oEmbed
• Added support for ModerateContent
• Deprecated listing viewer go to full screen action
• Fixed bug in AZ listing [11638]
• Fixed bug in footer.js.php (fatal error)
• Fixed bug in functions.render.php [Chevereto-Free #61]
• Fixed bug in missing translation for viewer keyboard hints
• Fixed bug in queue locking [12401]
• Fixed bug in user sign up (dark mode setting) [12516]
• Fixed bug with NFS writable folders [Chevereto-Free #65]
• Fixed bug with XenForo 2 (PUP) [12233]
• Improved "Aw, Snap!" instructions on debug
• Improved documentation linking in dashboard
• Improved phpBB support for PUP [Chevereto-Free #58]
• Updated all vendor dependencies
• Updated Chinese Simplified, Czech, Dutch, Hebrew, Italian, Japanese, Korean, Portuguese, Russian, Spanish, Thai, Turkish, Ukrainian and Vietnamese translations

Full Changelog: 1.2.3...1.3.0

1.2.3

• Fixes #70 (No A-Z sorting in 1.2.2)

Full Changelog: 1.2.2...1.2.3