From 423ab02846286f94276d21e38ca1e296646618bf Mon Sep 17 00:00:00 2001 From: ArthurHoaro Date: Thu, 15 Dec 2016 10:04:05 +0100 Subject: PHP requirement increased to PHP 5.5 - See #599 --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) (limited to 'CHANGELOG.md') diff --git a/CHANGELOG.md b/CHANGELOG.md index 21d5436c..cf5a85e2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,8 @@ and this project adheres to [Semantic Versioning](http://semver.org/). ## [v0.9.0](https://github.com/shaarli/Shaarli/releases/tag/v0.9.0) - UNPUBLISHED +**WARNING**: Shaarli now requires PHP 5.5+. + ### Added ### Changed -- cgit v1.2.3 From 18e6796726d73d7dc90ecdd16c181493941f5487 Mon Sep 17 00:00:00 2001 From: ArthurHoaro Date: Thu, 15 Dec 2016 10:13:00 +0100 Subject: REST API structure using Slim framework * REST API routes are handle by Slim. * Every API controller go through ApiMiddleware which handles security. * First service implemented `/info`, for tests purpose. --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) (limited to 'CHANGELOG.md') diff --git a/CHANGELOG.md b/CHANGELOG.md index cf5a85e2..fe775b3e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,8 @@ and this project adheres to [Semantic Versioning](http://semver.org/). ### Added +- REST API: see [Shaarli API documentation](http://shaarli.github.io/api-documentation/) + ### Changed ### Fixed -- cgit v1.2.3 From a0df06517bada0f811b464017ce385290e02c2bf Mon Sep 17 00:00:00 2001 From: ArthurHoaro Date: Tue, 3 Jan 2017 11:42:21 +0100 Subject: Minor improvements regarding #705 (coding style, unit tests, etc.) --- CHANGELOG.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'CHANGELOG.md') diff --git a/CHANGELOG.md b/CHANGELOG.md index fe775b3e..d3ecc1e6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,14 +7,17 @@ and this project adheres to [Semantic Versioning](http://semver.org/). ## [v0.9.0](https://github.com/shaarli/Shaarli/releases/tag/v0.9.0) - UNPUBLISHED -**WARNING**: Shaarli now requires PHP 5.5+. +**WARNING**: Shaarli now requires PHP 5.5+. ### Added - REST API: see [Shaarli API documentation](http://shaarli.github.io/api-documentation/) +- The theme can now be selected in the administration page. ### Changed +- Default template files are moved to a subfolder (`default`). + ### Fixed -- cgit v1.2.3 From 36dcf997e404e2cd4bc31d132875484d6cf4e667 Mon Sep 17 00:00:00 2001 From: VirtualTam Date: Sun, 15 Jan 2017 19:24:17 +0100 Subject: Update Changelog Signed-off-by: VirtualTam --- CHANGELOG.md | 40 ++++++++++++++++++++++++++++++++++++---- 1 file changed, 36 insertions(+), 4 deletions(-) (limited to 'CHANGELOG.md') diff --git a/CHANGELOG.md b/CHANGELOG.md index d3ecc1e6..d2d63166 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,18 +7,50 @@ and this project adheres to [Semantic Versioning](http://semver.org/). ## [v0.9.0](https://github.com/shaarli/Shaarli/releases/tag/v0.9.0) - UNPUBLISHED +This release introduces the REST API, and requires updating HTTP server +configuration to enable URL rewriting, see: +- https://shaarli.github.io/api-documentation/ +- https://github.com/shaarli/Shaarli/wiki/Server-configuration + **WARNING**: Shaarli now requires PHP 5.5+. ### Added - -- REST API: see [Shaarli API documentation](http://shaarli.github.io/api-documentation/) -- The theme can now be selected in the administration page. +- REST API v1 + - [Slim](https://www.slimframework.com/) framework + - [JSON Web Token](https://jwt.io/introduction/) (JWT) authentication + - versioned API endpoints: + - `/api/v1/info`: get general information on the Shaarli instance + - `/api/v1/links`: get a list of shaared links +- Allow selecting themes/templates from the configuration page +- Add plugin placeholders to Atom/RSS feed templates +- Add OpenSearch to feed templates +- Add `campaign_` to the URL cleanup pattern list +- Add an AUTHORS file and Makefile target to list authors from Git commit data ### Changed +- Docker: enable nginx URL rewriting for the REST API +- Move `user.css` to the `data` folder +- Move default template files to a subfolder (`default`) +- Move PubSubHub to a dedicated plugin +- Coding style: + - explicit method visibility + - safe boolean comparisons + - remove unused variables +- The updater now keeps custom theme preferences +- Simplify the COPYING information -- Default template files are moved to a subfolder (`default`). + +### Removed +- PHP < 5.5 compatibility ### Fixed +- Ignore generated release tarballs +- Hide default port when behind a reverse proxy +- Fix a typo in the Markdown plugin description +- Fix the presence of empty tags for private tags and in search results +- Fix a fatal error during the install +- Fix permalink image alignment in daily page +- Fix the delete button in `editlink` ## [v0.8.1](https://github.com/shaarli/Shaarli/releases/tag/v0.8.1) - 2016-12-12 -- cgit v1.2.3 From fcb0d86b9021c7310fc46a6720504d28c668afd4 Mon Sep 17 00:00:00 2001 From: ArthurHoaro Date: Thu, 15 Dec 2016 11:49:41 +0100 Subject: v0.8.2 Changelog --- CHANGELOG.md | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'CHANGELOG.md') diff --git a/CHANGELOG.md b/CHANGELOG.md index d2d63166..04aacad6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -52,6 +52,11 @@ configuration to enable URL rewriting, see: - Fix permalink image alignment in daily page - Fix the delete button in `editlink` +## [v0.8.2](https://github.com/shaarli/Shaarli/releases/tag/v0.8.2) - 2016-12-15 + +### Fixed + +- Editing a link created before the new ID system would change its permalink. ## [v0.8.1](https://github.com/shaarli/Shaarli/releases/tag/v0.8.1) - 2016-12-12 -- cgit v1.2.3 From 90d4ed9850fa1d26412052c7b4c9b9b984c21e26 Mon Sep 17 00:00:00 2001 From: ArthurHoaro Date: Fri, 20 Jan 2017 16:44:52 +0100 Subject: Changelog v0.8.3 --- CHANGELOG.md | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'CHANGELOG.md') diff --git a/CHANGELOG.md b/CHANGELOG.md index 04aacad6..7e98a5ad 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -52,6 +52,12 @@ configuration to enable URL rewriting, see: - Fix permalink image alignment in daily page - Fix the delete button in `editlink` +## [v0.8.3](https://github.com/shaarli/Shaarli/releases/tag/v0.8.3) - 2017-01-20 + +### Fixed + +- PHP 7.1 compatibility: add ConfigManager parameter to anti-bruteforce function call in login template. + ## [v0.8.2](https://github.com/shaarli/Shaarli/releases/tag/v0.8.2) - 2016-12-15 ### Fixed -- cgit v1.2.3 From 94cddf7be4a168b923c254d20e02891dcb702b17 Mon Sep 17 00:00:00 2001 From: VirtualTam Date: Sat, 4 Mar 2017 11:06:16 +0100 Subject: Update CHANGELOG.md Signed-off-by: VirtualTam --- CHANGELOG.md | 25 ++++++++++++++++++------- 1 file changed, 18 insertions(+), 7 deletions(-) (limited to 'CHANGELOG.md') diff --git a/CHANGELOG.md b/CHANGELOG.md index 7e98a5ad..466c9107 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -21,7 +21,9 @@ configuration to enable URL rewriting, see: - versioned API endpoints: - `/api/v1/info`: get general information on the Shaarli instance - `/api/v1/links`: get a list of shaared links -- Allow selecting themes/templates from the configuration page +Theming: + - Introduce a new theme + - Allow selecting themes/templates from the configuration page - Add plugin placeholders to Atom/RSS feed templates - Add OpenSearch to feed templates - Add `campaign_` to the URL cleanup pattern list @@ -29,8 +31,10 @@ configuration to enable URL rewriting, see: ### Changed - Docker: enable nginx URL rewriting for the REST API -- Move `user.css` to the `data` folder -- Move default template files to a subfolder (`default`) +- Theming: + - Move `user.css` to the `data` folder + - Move default template files to a subfolder (`default`) + - Rename the legacy theme to `vintage` - Move PubSubHub to a dedicated plugin - Coding style: - explicit method visibility @@ -39,7 +43,6 @@ configuration to enable URL rewriting, see: - The updater now keeps custom theme preferences - Simplify the COPYING information - ### Removed - PHP < 5.5 compatibility @@ -51,15 +54,23 @@ configuration to enable URL rewriting, see: - Fix a fatal error during the install - Fix permalink image alignment in daily page - Fix the delete button in `editlink` +- Fix redirection after link deletion +- Do not access LinkDB links by ID before the Updater applies migrations +- Remove extra spaces in the bookmarklet's name -## [v0.8.3](https://github.com/shaarli/Shaarli/releases/tag/v0.8.3) - 2017-01-20 +### Security +- Markdown plugin: escape HTML entities by default -### Fixed +## [v0.8.4](https://github.com/shaarli/Shaarli/releases/tag/v0.8.4) - 2017-03-04 +### Security +- Markdown plugin: escape HTML entities by default + +## [v0.8.3](https://github.com/shaarli/Shaarli/releases/tag/v0.8.3) - 2017-01-20 +### Fixed - PHP 7.1 compatibility: add ConfigManager parameter to anti-bruteforce function call in login template. ## [v0.8.2](https://github.com/shaarli/Shaarli/releases/tag/v0.8.2) - 2016-12-15 - ### Fixed - Editing a link created before the new ID system would change its permalink. -- cgit v1.2.3 From 5b750090c76ab0addd8041eb3a055f3270d78133 Mon Sep 17 00:00:00 2001 From: VirtualTam Date: Wed, 8 Mar 2017 22:58:44 +0100 Subject: Add v0.7.1 to CHANGELOG.md Signed-off-by: VirtualTam --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'CHANGELOG.md') diff --git a/CHANGELOG.md b/CHANGELOG.md index 466c9107..1a87a8ca 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -160,6 +160,10 @@ Please use our release archives, or follow the - XSRF token now generated each time a page is rendered +## [v0.7.1](https://github.com/shaarli/Shaarli/releases/tag/v0.7.1) - 2017-03-08 +### Security +- Markdown plugin: escape HTML entities by default + ## [v0.7.0](https://github.com/shaarli/Shaarli/releases/tag/v0.7.0) - 2016-05-14 ### Added - Adds an option to encode redirector URL parameter -- cgit v1.2.3 From 48417aed1d83f1566c039529faf0354ec3b42e4b Mon Sep 17 00:00:00 2001 From: ArthurHoaro Date: Thu, 9 Feb 2017 20:54:56 +0100 Subject: Link imports are now logged in `data/` folder, and can be debug using `dev.debug=true` setting related to #741 and #681 --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) (limited to 'CHANGELOG.md') diff --git a/CHANGELOG.md b/CHANGELOG.md index 1a87a8ca..44ac06ff 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -28,6 +28,7 @@ Theming: - Add OpenSearch to feed templates - Add `campaign_` to the URL cleanup pattern list - Add an AUTHORS file and Makefile target to list authors from Git commit data +- Link imports are now logged in `data/` folder, and can be debug using `dev.debug=true` setting. ### Changed - Docker: enable nginx URL rewriting for the REST API -- cgit v1.2.3 From 89284d554ddb55892a138d046fee2ffd8bf30855 Mon Sep 17 00:00:00 2001 From: ArthurHoaro Date: Sun, 12 Mar 2017 14:03:19 +0100 Subject: Update changelog --- CHANGELOG.md | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'CHANGELOG.md') diff --git a/CHANGELOG.md b/CHANGELOG.md index 44ac06ff..d9f2f4f3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -24,6 +24,7 @@ configuration to enable URL rewriting, see: Theming: - Introduce a new theme - Allow selecting themes/templates from the configuration page + - New/Edit link form can be submitted using CTRL+Enter in the textarea - Add plugin placeholders to Atom/RSS feed templates - Add OpenSearch to feed templates - Add `campaign_` to the URL cleanup pattern list @@ -36,6 +37,8 @@ Theming: - Move `user.css` to the `data` folder - Move default template files to a subfolder (`default`) - Rename the legacy theme to `vintage` + - Private only filter is now displayed as a search parameter + - Autocomplete: pre-select the first element - Move PubSubHub to a dedicated plugin - Coding style: - explicit method visibility @@ -43,6 +46,9 @@ Theming: - remove unused variables - The updater now keeps custom theme preferences - Simplify the COPYING information +- Improved client locale detection +- Improved date time display depending on the locale +- Partial namespace support for Shaarli classes ### Removed - PHP < 5.5 compatibility @@ -58,6 +64,8 @@ Theming: - Fix redirection after link deletion - Do not access LinkDB links by ID before the Updater applies migrations - Remove extra spaces in the bookmarklet's name +- Piwik plugin: Piwik URL protocol can now be set (http or https) +- All inline JS has been moved to dedicated JS files ### Security - Markdown plugin: escape HTML entities by default -- cgit v1.2.3 From 829419567781df1f64fb682aecceaf40a3f9f902 Mon Sep 17 00:00:00 2001 From: ArthurHoaro Date: Sun, 12 Mar 2017 14:52:44 +0100 Subject: Theme: display shaarli version in the footer when logged in Fixes #778 --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) (limited to 'CHANGELOG.md') diff --git a/CHANGELOG.md b/CHANGELOG.md index d9f2f4f3..f0813b97 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -25,6 +25,7 @@ Theming: - Introduce a new theme - Allow selecting themes/templates from the configuration page - New/Edit link form can be submitted using CTRL+Enter in the textarea + - Shaarli version is displayed in the footer when logged in - Add plugin placeholders to Atom/RSS feed templates - Add OpenSearch to feed templates - Add `campaign_` to the URL cleanup pattern list -- cgit v1.2.3 From 22ff7414e9f4e0ae2f71fa753df0a1499f598012 Mon Sep 17 00:00:00 2001 From: ArthurHoaro Date: Sun, 7 May 2017 17:23:36 +0200 Subject: Changelog update --- CHANGELOG.md | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) (limited to 'CHANGELOG.md') diff --git a/CHANGELOG.md b/CHANGELOG.md index f0813b97..c63337ff 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,7 +5,7 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/) and this project adheres to [Semantic Versioning](http://semver.org/). -## [v0.9.0](https://github.com/shaarli/Shaarli/releases/tag/v0.9.0) - UNPUBLISHED +## [v0.9.0](https://github.com/shaarli/Shaarli/releases/tag/v0.9.0) - 2017-05-07 This release introduces the REST API, and requires updating HTTP server configuration to enable URL rewriting, see: @@ -21,6 +21,7 @@ configuration to enable URL rewriting, see: - versioned API endpoints: - `/api/v1/info`: get general information on the Shaarli instance - `/api/v1/links`: get a list of shaared links + - `/api/v1/history`: get a list of latest actions Theming: - Introduce a new theme - Allow selecting themes/templates from the configuration page @@ -31,6 +32,8 @@ Theming: - Add `campaign_` to the URL cleanup pattern list - Add an AUTHORS file and Makefile target to list authors from Git commit data - Link imports are now logged in `data/` folder, and can be debug using `dev.debug=true` setting. +- `composer.lock` is now included in git file to allow proper `composer install` +- History mechanism which logs link addition/modification/deletion ### Changed - Docker: enable nginx URL rewriting for the REST API @@ -40,6 +43,8 @@ Theming: - Rename the legacy theme to `vintage` - Private only filter is now displayed as a search parameter - Autocomplete: pre-select the first element + - Display daily date in the page title (browser title) + - Timezone lists are now passed as an array instead of raw HTML - Move PubSubHub to a dedicated plugin - Coding style: - explicit method visibility @@ -50,9 +55,13 @@ Theming: - Improved client locale detection - Improved date time display depending on the locale - Partial namespace support for Shaarli classes +- Shaarli version is now only present in `shaarli_version.php` +- Human readable maximum file size upload + ### Removed - PHP < 5.5 compatibility +- ReadItYourself plugin ### Fixed - Ignore generated release tarballs @@ -67,6 +76,7 @@ Theming: - Remove extra spaces in the bookmarklet's name - Piwik plugin: Piwik URL protocol can now be set (http or https) - All inline JS has been moved to dedicated JS files +- Keep tags after login redirection ### Security - Markdown plugin: escape HTML entities by default -- cgit v1.2.3 From d600040ebcbceb301085600b962a670e04aa9f51 Mon Sep 17 00:00:00 2001 From: VirtualTam Date: Wed, 23 Aug 2017 01:01:58 +0200 Subject: Update CHANGELOG.md for 0.9.1 Signed-off-by: VirtualTam --- CHANGELOG.md | 51 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) (limited to 'CHANGELOG.md') diff --git a/CHANGELOG.md b/CHANGELOG.md index c63337ff..4b018cb4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,57 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/) and this project adheres to [Semantic Versioning](http://semver.org/). +## [v0.9.1](https://github.com/shaarli/Shaarli/releases/tag/v0.9.1) - 2017-08-23 + +The documentation has been migrated to ReadTheDocs: +- https://shaarli.readthedocs.io/ +- edits are submitted as pull requests + +### Added +- Allow bulk link deletion +- Display subtags in the tag cloud +- Add an endpoint to refresh the token +- Add a token on every page +- Add a tag list view for management +- Add Note bookmarklet +- Add creation date when editing a link + +### Changed +- Documentation: + - Generate static HTML documentation with [mkdocs](http://www.mkdocs.org/) + - Host documentation on [ReadTheDocs](http://www.mkdocs.org/) + - Update documentation structure + - Update Makefile targets to: + - Build the docs locally + - Include the generated docs in the release archives +- Theme: + - Use the new theme as the default + - Rename the tag cloud template to `tag.cloud.html` + - Display visited links in grey + - Use only one search form in `linklist.html` + - Hide the "search links with these tags" option when an empty `searchtags` is passed to `tag.list.html` +- Improve HTTP header handling when hosting Shaarli with Docker behind a reverse proxy +- Searching for tags with an empty value returns untagged links only +- Set Travis environment to `precise` until the new `trusty` environment is ready + +### Removed +- Remove dead Pubsubhubbub code +- Disable the GitHub wiki (see changed/documentation) +- Remove Docker `dev` image and resources +- Theme: + - Remove the bottom "Sort by" menu in `tag.list.html` + +### Fixed +- Fix file existence check for `user.css` +- Limit selection to 2k characters when using the bookmarklet +- Fix JS error `uncaught type error` +- Fix Firefox Social button +- Use pinned PHP dependencies when generating release archives +- Make sure that the tag exists before altering/removing it + +### Security +- Add a whitelist for protocols for URLs + ## [v0.9.0](https://github.com/shaarli/Shaarli/releases/tag/v0.9.0) - 2017-05-07 -- cgit v1.2.3 From cc8f572bc063aa1e9d0368c8a8361f15efe04c9b Mon Sep 17 00:00:00 2001 From: Willi Eggeling Date: Sat, 26 Aug 2017 09:40:57 +0200 Subject: migrated Github wiki links to readthedocs --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'CHANGELOG.md') diff --git a/CHANGELOG.md b/CHANGELOG.md index 4b018cb4..60262d56 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -61,7 +61,7 @@ The documentation has been migrated to ReadTheDocs: This release introduces the REST API, and requires updating HTTP server configuration to enable URL rewriting, see: - https://shaarli.github.io/api-documentation/ -- https://github.com/shaarli/Shaarli/wiki/Server-configuration +- https://shaarli.readthedocs.io/en/master/Server-configuration/ **WARNING**: Shaarli now requires PHP 5.5+. -- cgit v1.2.3 From 6f2c02a0ce6ebcce8db2414380bc4aa31f92f6f5 Mon Sep 17 00:00:00 2001 From: ArthurHoaro Date: Sat, 7 Oct 2017 12:05:07 +0200 Subject: Changelog v0.9.2 --- CHANGELOG.md | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) (limited to 'CHANGELOG.md') diff --git a/CHANGELOG.md b/CHANGELOG.md index 60262d56..120c5d22 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,44 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/) and this project adheres to [Semantic Versioning](http://semver.org/). +## [v0.9.2](https://github.com/shaarli/Shaarli/releases/tag/v0.9.2) - 2017-10-07 + +**Major security issue fixed. Please update.** + +### Added +- Tag search now supports wildcards `*` +- New setting `privacy.force_login` which can be used with `privacy.hide_public_links` to redirect anonymous users to the login page. +- New setting `general.default_note_title` used to override default `Note:` title prefix for notes. +- Add a version hash for asset loading to prevent browser's cache issue + +### Changed +- The "Remember me" checkbox is unchecked by default +- The default value of the "Remember me" checkbox can be configured under `data/config.json.php` + +### Removed +- Remove obsolete PHP magic quote support + +### Fixed +- Generates a permalink URL if the URL is set to blank +- Replace links to the old GitHub wiki with ReadTheDocs URIs +- Use single quotes in the note bookmarklet +- Daily page if there is no link +- Bulk link deletion with a single link +- HTTPS detection behind a reverse proxy +- Travis tests environment and localization +- Improve template paths robustness (trailing slash) +- Robustness: safer gzinflate/zlib usage +- Description links parsing with parenthesis (without Markdown) +- Templates: + - Sort the tag cloud alphabetically + - Firefox social title + - Improved visited link color + - Fix jumpy textarea with long content in post edit + +### Security + +- Vulnerability introduced in v0.9.1 fixed. + ## [v0.9.1](https://github.com/shaarli/Shaarli/releases/tag/v0.9.1) - 2017-08-23 The documentation has been migrated to ReadTheDocs: -- cgit v1.2.3 From fc2beb8c6aa4d423b55ba95809941f2eba6fea2a Mon Sep 17 00:00:00 2001 From: nodiscc Date: Mon, 23 Oct 2017 01:06:11 +0200 Subject: Changelog: link to CVE-2017-15215, give attribution --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'CHANGELOG.md') diff --git a/CHANGELOG.md b/CHANGELOG.md index 120c5d22..33feac20 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -40,7 +40,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/). ### Security -- Vulnerability introduced in v0.9.1 fixed. +- Fixed reflected XSS vulnerability introduced in v0.9.1, discovered by @chb9 ([CVE-2017-15215](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15215)). ## [v0.9.1](https://github.com/shaarli/Shaarli/releases/tag/v0.9.1) - 2017-08-23 -- cgit v1.2.3 From f452d3c4dff32003e7be10b3704bd4b1e23d7ad4 Mon Sep 17 00:00:00 2001 From: VirtualTam Date: Thu, 4 Jan 2018 18:49:05 +0100 Subject: Update CHANGELOG, README badges and installation instructions Signed-off-by: VirtualTam --- CHANGELOG.md | 32 +++++++++++++++++++++++--------- 1 file changed, 23 insertions(+), 9 deletions(-) (limited to 'CHANGELOG.md') diff --git a/CHANGELOG.md b/CHANGELOG.md index 33feac20..b823ba70 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,13 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/) and this project adheres to [Semantic Versioning](http://semver.org/). +## [v0.9.3](https://github.com/shaarli/Shaarli/releases/tag/v0.9.3) - 2018-01-04 +**XSS vulnerability fixed. Please update.** + +## Security +- Fix an XSS (cross-site-scripting) vulnerability in `index.php` + + ## [v0.9.2](https://github.com/shaarli/Shaarli/releases/tag/v0.9.2) - 2017-10-07 **Major security issue fixed. Please update.** @@ -42,6 +49,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/). - Fixed reflected XSS vulnerability introduced in v0.9.1, discovered by @chb9 ([CVE-2017-15215](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15215)). + ## [v0.9.1](https://github.com/shaarli/Shaarli/releases/tag/v0.9.1) - 2017-08-23 The documentation has been migrated to ReadTheDocs: @@ -115,7 +123,7 @@ Theming: - Introduce a new theme - Allow selecting themes/templates from the configuration page - New/Edit link form can be submitted using CTRL+Enter in the textarea - - Shaarli version is displayed in the footer when logged in + - Shaarli version is displayed in the footer when logged in - Add plugin placeholders to Atom/RSS feed templates - Add OpenSearch to feed templates - Add `campaign_` to the URL cleanup pattern list @@ -145,7 +153,7 @@ Theming: - Improved date time display depending on the locale - Partial namespace support for Shaarli classes - Shaarli version is now only present in `shaarli_version.php` -- Human readable maximum file size upload +- Human readable maximum file size upload ### Removed @@ -171,6 +179,12 @@ Theming: - Markdown plugin: escape HTML entities by default +## [v0.8.5](https://github.com/shaarli/Shaarli/releases/tag/v0.8.5) - 2018-01-04 +**XSS vulnerability fixed. Please update.** + +## Security +- Fix an XSS (cross-site-scripting) vulnerability in `index.php` + ## [v0.8.4](https://github.com/shaarli/Shaarli/releases/tag/v0.8.4) - 2017-03-04 ### Security - Markdown plugin: escape HTML entities by default @@ -186,7 +200,7 @@ Theming: ## [v0.8.1](https://github.com/shaarli/Shaarli/releases/tag/v0.8.1) - 2016-12-12 -> Note: this version will create an automatic backup of your database if anything goes wrong. +> Note: this version will create an automatic backup of your database if anything goes wrong. ### Added - Add CHANGELOG.md to track the whole project's history @@ -203,7 +217,7 @@ Theming: - Link ID complete refactoring: - Links now have a numeric ID instead of dates - Short URLs are now created once and can't change over time (previous URL are kept) -- Templates: +- Templates: - Changed placeholder behaviour for: `buttons_toolbar`, `fields_toolbar` and `action_plugin` - Cleanup `{loop}` declarations in templates - Tools: hide Firefox Social button when not in HTTPS @@ -221,7 +235,7 @@ Theming: - Plugins: - Tools: only display parameter description when it exists - archive.org: do not propose archival of private notes - - Markdown: + - Markdown: - render links properly in code blocks - bug regarding the `nomarkdown` tag - W3C compliance @@ -360,7 +374,7 @@ Please use our release archives, or follow the ### Fixed - Fix a bug where renaming a tag was causing a 404 - Fix a bug allowing to search blank terms -- Fix a bug preventing to remove a tag with special chars when searching +- Fix a bug preventing to remove a tag with special chars when searching ## [v0.6.2](https://github.com/shaarli/Shaarli/releases/tag/v0.6.2) - 2015-12-23 @@ -666,7 +680,7 @@ Initial release on GitHub. - When you click the key to see only private links, it turns yellow ### Changed -- The "Daily" page now automatically skips empty days. +- The "Daily" page now automatically skips empty days. ### Fixed - Corrected the tag encoding (there was a bug when selecting a second tag which contains accented characters) @@ -964,7 +978,7 @@ Initial release on GitHub. - Nicer timezone selection patch by killruana ### Fixed -- New lines now appear correctly in the RSS feed descriptions. +- New lines now appear correctly in the RSS feed descriptions. ## [v0.0.17beta](http://sebsauvage.net/wiki/doku.php?id=php:shaarli:history) @@ -1018,7 +1032,7 @@ Initial release on GitHub. ## [v0.0.14beta](http://sebsauvage.net/wiki/doku.php?id=php:shaarli:history) ### Added - You no longer need to disable `magic_quotes` on your host. - Shaarli will cope with this option beeing activated. + Shaarli will cope with this option beeing activated. ## [v0.0.13beta](http://sebsauvage.net/wiki/doku.php?id=php:shaarli:history) -- cgit v1.2.3 From 8d9d4cc1ee1a30fac8fad3c3032ffff6c1eb80e2 Mon Sep 17 00:00:00 2001 From: VirtualTam Date: Sat, 6 Jan 2018 15:31:25 +0100 Subject: Reference CVE-2018-5249 in CHANGELOG Relates to https://github.com/shaarli/Shaarli/pull/1046 Signed-off-by: VirtualTam --- CHANGELOG.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'CHANGELOG.md') diff --git a/CHANGELOG.md b/CHANGELOG.md index b823ba70..6947427b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,7 +8,8 @@ and this project adheres to [Semantic Versioning](http://semver.org/). **XSS vulnerability fixed. Please update.** ## Security -- Fix an XSS (cross-site-scripting) vulnerability in `index.php` +- Fix an XSS (cross-site-scripting) vulnerability in `index.php` - + [CVE-2018-5249](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5249) ## [v0.9.2](https://github.com/shaarli/Shaarli/releases/tag/v0.9.2) - 2017-10-07 @@ -183,7 +184,8 @@ Theming: **XSS vulnerability fixed. Please update.** ## Security -- Fix an XSS (cross-site-scripting) vulnerability in `index.php` +- Fix an XSS (cross-site-scripting) vulnerability in `index.php` - + [CVE-2018-5249](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5249) ## [v0.8.4](https://github.com/shaarli/Shaarli/releases/tag/v0.8.4) - 2017-03-04 ### Security -- cgit v1.2.3 From 9b6df5c91c61eab73bebc37a9d42757b97224e4e Mon Sep 17 00:00:00 2001 From: VirtualTam Date: Wed, 10 Jan 2018 20:42:05 +0100 Subject: Update CHANGELOG for the next v0.9.x Signed-off-by: VirtualTam --- CHANGELOG.md | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) (limited to 'CHANGELOG.md') diff --git a/CHANGELOG.md b/CHANGELOG.md index 6947427b..47a902f0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,33 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/) and this project adheres to [Semantic Versioning](http://semver.org/). +## [v0.9.4](https://github.com/shaarli/Shaarli/releases/tag/v0.9.4) - UNPUBLISHED +### Added +- Enable translations: Shaarli is now also available in French. Other language translations are welcome! +- Add EditorConfig configuration +- Add favicons for mobile devices +- Add Alpine Linux arm32v7 Dockerfiles (master, latest) + +### Changed +- Do not write bookmark edition history during file imports (performance) +- Migrate Docker images (master, latest) to Alpine Linux +- Improve unitary tests and code coverage +- Improve thumbnail display +- Improve theme ergonomics +- Improve messages if there is no plugin or parameter available in the admin page +- Increase buffer size for cURL download +- Force HTTPS if the original port is 443 behind a reverse proxy (workaround) + +### Removed +- Remove redirector setting from Configure page + +### Fixed +- Fix broken links in the documentation +- Enable access to `data/user.css` (Apache 2.2 & 2.4) +- Don't URL encode description links if parameter `redirector.encode_url` is set to false +- Fix an issue preventing the Save button to appear for plugin parameters + + ## [v0.9.3](https://github.com/shaarli/Shaarli/releases/tag/v0.9.3) - 2018-01-04 **XSS vulnerability fixed. Please update.** -- cgit v1.2.3 From f211618f201a8af3f7a52c3995747dcfc34b8f3f Mon Sep 17 00:00:00 2001 From: ArthurHoaro Date: Tue, 30 Jan 2018 18:49:22 +0100 Subject: Update CHANGELOG --- CHANGELOG.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'CHANGELOG.md') diff --git a/CHANGELOG.md b/CHANGELOG.md index 47a902f0..aef32fcf 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,9 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/) and this project adheres to [Semantic Versioning](http://semver.org/). -## [v0.9.4](https://github.com/shaarli/Shaarli/releases/tag/v0.9.4) - UNPUBLISHED +## [v0.10.0](https://github.com/shaarli/Shaarli/releases/tag/v0.10.0) - UNPUBLISHED + +## [v0.9.4](https://github.com/shaarli/Shaarli/releases/tag/v0.9.4) - 2018-01-30 ### Added - Enable translations: Shaarli is now also available in French. Other language translations are welcome! - Add EditorConfig configuration @@ -20,6 +22,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/). - Improve messages if there is no plugin or parameter available in the admin page - Increase buffer size for cURL download - Force HTTPS if the original port is 443 behind a reverse proxy (workaround) +- Improve page title retrieval performances ### Removed - Remove redirector setting from Configure page -- cgit v1.2.3 From 715ad9bd6b379cbb2c763ae0eaa3a7fe526c35b1 Mon Sep 17 00:00:00 2001 From: ArthurHoaro Date: Fri, 2 Feb 2018 18:59:31 +0100 Subject: CHANGELOG + AUTHORS --- CHANGELOG.md | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'CHANGELOG.md') diff --git a/CHANGELOG.md b/CHANGELOG.md index aef32fcf..0e737d8c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,11 @@ and this project adheres to [Semantic Versioning](http://semver.org/). ## [v0.10.0](https://github.com/shaarli/Shaarli/releases/tag/v0.10.0) - UNPUBLISHED +## [v0.9.5](https://github.com/shaarli/Shaarli/releases/tag/v0.9.5) - 2018-02-02 +### Fixed +- Fix a warning happening when `php-intl` is not installed on the system +- Fix warnings happening when updating from legacy SebSauvage version + ## [v0.9.4](https://github.com/shaarli/Shaarli/releases/tag/v0.9.4) - 2018-01-30 ### Added - Enable translations: Shaarli is now also available in French. Other language translations are welcome! -- cgit v1.2.3 From e36479d9ffd71b504bc99501ea1fef2579ff46b6 Mon Sep 17 00:00:00 2001 From: VirtualTam Date: Sun, 25 Mar 2018 20:00:26 +0200 Subject: Bump Shaarli version to v0.9.6 Signed-off-by: VirtualTam --- CHANGELOG.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'CHANGELOG.md') diff --git a/CHANGELOG.md b/CHANGELOG.md index 0e737d8c..14a4f143 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,11 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/) and this project adheres to [Semantic Versioning](http://semver.org/). -## [v0.10.0](https://github.com/shaarli/Shaarli/releases/tag/v0.10.0) - UNPUBLISHED +## [v0.9.6](https://github.com/shaarli/Shaarli/releases/tag/v0.9.6) - 2018-03-25 +## Changed +- htaccess: prevent accessing resources not managed by SCM +- htaccess: always forward the 'Authorization' HTTP header + ## [v0.9.5](https://github.com/shaarli/Shaarli/releases/tag/v0.9.5) - 2018-02-02 ### Fixed -- cgit v1.2.3 From decae8c119e0f4750d10909abc47d8afb89af362 Mon Sep 17 00:00:00 2001 From: VirtualTam Date: Sat, 16 Jun 2018 23:46:33 +0200 Subject: docker: build the images from the local sources Relates to https://github.com/shaarli/Shaarli/issues/1153 Signed-off-by: VirtualTam --- CHANGELOG.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'CHANGELOG.md') diff --git a/CHANGELOG.md b/CHANGELOG.md index 14a4f143..4f72436b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,8 +4,13 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/) and this project adheres to [Semantic Versioning](http://semver.org/). +## [v0.9.7](https://github.com/shaarli/Shaarli/releases/tag/v0.9.7) - UNPUBLISHED +### Changed +- Build the Docker images from the local Git sources + + ## [v0.9.6](https://github.com/shaarli/Shaarli/releases/tag/v0.9.6) - 2018-03-25 -## Changed +### Changed - htaccess: prevent accessing resources not managed by SCM - htaccess: always forward the 'Authorization' HTTP header -- cgit v1.2.3 From 658988f3aeba7a5a938783249ccf2765251e5597 Mon Sep 17 00:00:00 2001 From: VirtualTam Date: Wed, 20 Jun 2018 16:40:50 +0200 Subject: Bump Shaarli version to v0.9.7 Signed-off-by: VirtualTam --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'CHANGELOG.md') diff --git a/CHANGELOG.md b/CHANGELOG.md index 4f72436b..652fb63d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/) and this project adheres to [Semantic Versioning](http://semver.org/). -## [v0.9.7](https://github.com/shaarli/Shaarli/releases/tag/v0.9.7) - UNPUBLISHED +## [v0.9.7](https://github.com/shaarli/Shaarli/releases/tag/v0.9.7) - 2018-06-20 ### Changed - Build the Docker images from the local Git sources -- cgit v1.2.3