Publify 9.2.5
This release fixes several security issues. Please upgrade as soon as possible
- Force session cookie to be secure in production
- Block ability to switch themes using a GET request; use a POST instead
- Disallow user self-registration rather than hiding it
- Let the browser not cache admin pages
- Limit the set of allowed mime types for uploaded media
- Limit allowed HTML in articles, pages and notes
Additionally, it includes the following changes:
- Fix resource size display in admin resource list
- Trigger download of media in the Media Library in admin instead of displaying them directly