Skip to content

Publify 9.2.5
Compare
Choose a tag to compare
@mvz mvz released this 11 Oct 06:01
· 504 commits to master since this release
v9.2.5
aa39c56

This release fixes several security issues. Please upgrade as soon as possible

  • Force session cookie to be secure in production
  • Block ability to switch themes using a GET request; use a POST instead
  • Disallow user self-registration rather than hiding it
  • Let the browser not cache admin pages
  • Limit the set of allowed mime types for uploaded media
  • Limit allowed HTML in articles, pages and notes

Additionally, it includes the following changes:

  • Fix resource size display in admin resource list
  • Trigger download of media in the Media Library in admin instead of displaying them directly
Assets 2