ProjectSend r1415
- New feature: throttle and ban failed log in attempts to prevent brute force attacks.
- New in security Settings: whitelist or blacklist IPs from the log in ban feature.
- New in Tools: unblock a banned IP address
- New feature: cron jobs. Set up a task that can send pending email notifications in batches, deletes expired files and orphan files.
- New Cron settings page: Enable/disable cron, change cron security key, select which tasks to run, enable or disable running via url, save log to database, send results via email.
- New in Tools: Cron log viewer
- Orphan files can now be filtered by allowed/not allowed.
- If Recaptcha is enabled, use it on login, password reset request and register forms
- New setting: disable sending email notifications of new files after adding/editing assignations. Enable this and combine it with a cron task to prevent long loading times after saving a file and overloading your mail server.
- Updates are now separated into different files, with the latest database update number being independent from the software version. Cleans up the process and makes adding new updates easier.
- Fixed installer issues (redirect loops and old sessions)
- Fix: Category edit: verify parent id is not equal to same category id (by luca-rigutti)
- While installing, get default timezone from system
- Added max-width to the logo image on the gallery template.
- Enable or disable debug from the custom config file, instead of using a core file
- Fixed translations not loading and warnings on php 8+
- Enable csv uploading by default
- Use curl -if available- to get new versions and news data, enables timeout to prevent long loading times
- Fixed: dashboard counters labels where not translatable
- When editing a user, if role is not client, some fields should be always null (phone, contact, address)
- Fixed XSS vulnerability on search forms
-
Fixed .htaccess (by RoboDoc)
- Batch actions are sent as post instead of get to prevent malicious users from sending an action url to an admin user
- Updated dependencies
- Prevent registering via POST if self registration is disabled
- Fixed Title TAG instead of file name (by deklica)
- Spellchecking + Changed all instances of “his” to “their” when referencing an unknown individual (by ehawman-rosenberg)
- Fixed JSON responses on widgets (by RiversideRocks)