-
-
Notifications
You must be signed in to change notification settings - Fork 9
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Improve the structure of the changelog file.
- Loading branch information
Showing
1 changed file
with
82 additions
and
98 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,167 +1,151 @@ | ||
| ### v3.0.0 | ||
|
|
||
| [2020.07.20; Maikuolan] First stable release for the phpMussel v3 Core. | ||
| - [2020.07.20] First stable release for the phpMussel v3 Core. | ||
|
|
||
| __*Why "v3.0.0" instead of "v1.0.0?"*__ Prior to phpMussel v3, the "phpMussel Core", "phpMussel CLI-mode", "phpMussel Front-End", and "phpMussel Uploads Handler" ("phpMussel Web") were all bundled together as a single repository (phpMussel/phpMussel). Since phpMussel v3, these each all have their own, separate repositories. I've opted to start releases at this repository (phpMussel/Core) at *v3.0.0*, in order to avoid confusion with previous versions of the "phpMussel Core" which exist outside this repository. | ||
|
|
||
| ### v3.0.1 | ||
|
|
||
| [2020.07.31; Maikuolan]: Improved the way that the (generated by ...) notice, displayed at the footer of HTML pages, is rendered. | ||
| #### Bugs fixed. | ||
| - [2020.10.01]: Discovered that the image chameleon attack detection could generate false positives against Mac OS X thumbnails; Fixed. *Refer [#223](https://github.com/phpMussel/phpMussel/issues/223).* | ||
|
|
||
| [2020.08.05; Maikuolan]: Addressed a potential compatibility problem with some specific kinds of symlinked installations. | ||
|
|
||
| [2020.10.01; Bug-fix; Maikuolan]: Discovered that the image chameleon attack detection could generate false positives against Mac OS X thumbnails; Fixed. *Refer [#223](https://github.com/phpMussel/phpMussel/issues/223).* | ||
| #### Other changes. | ||
| - [2020.07.31]: Improved the way that the (generated by ...) notice, displayed at the footer of HTML pages, is rendered. | ||
| - [2020.08.05]: Addressed a potential compatibility problem with some specific kinds of symlinked installations. | ||
|
|
||
| ### v3.0.2 | ||
|
|
||
| [2020.10.01; Bug-fix; v10mthibault]: Typo in Loader.php; Trying to call function sprint instead of sprintf which leads to an error; Fixed. | ||
|
|
||
| [2020.10.15; Bug-fix; Maikuolan]: Wrong number of files reported when recursively scanning through directories; Fixed. *Refer [#225](https://github.com/phpMussel/phpMussel/issues/225).* | ||
| #### Bugs fixed. | ||
| - [2020.10.01; Bug-fix; v10mthibault]: Typo in Loader.php; Trying to call function sprint instead of sprintf which leads to an error; Fixed. | ||
| - [2020.10.15]: Wrong number of files reported when recursively scanning through directories; Fixed. *Refer [#225](https://github.com/phpMussel/phpMussel/issues/225).* | ||
|
|
||
| ### v3.0.3 | ||
|
|
||
| [2020.10.18; Bug-fix; Maikuolan]: A small, minor scan optimisation mechanism found to be faulty, causing signatures to sometimes be skipped when not intended; Removed it. *Refer [#224](https://github.com/phpMussel/phpMussel/issues/224).* | ||
| #### Bugs fixed. | ||
| - [2020.10.18]: A small, minor scan optimisation mechanism found to be faulty, causing signatures to sometimes be skipped when not intended; Removed it. *Refer [#224](https://github.com/phpMussel/phpMussel/issues/224).* | ||
|
|
||
| ### v3.1.0 | ||
|
|
||
| [2020.11.20; Maikuolan]: Added partial support for detecting objects and files embedded within pdf files (due to the nature of how this has been implemented, for the purpose of scanning these embedded objects and files, phpMussel will regard pdf as an archive format; this is intentional). | ||
|
|
||
| [2020.11.26; Maikuolan]: Ditched external test frameworks in favour of GitHub Actions. Replaced existing tests. (More work needs to eventually be done towards tests. This will eventually happen at some point). | ||
|
|
||
| [2020.11.27; Maikuolan]: Some minor code-style cleanup. | ||
|
|
||
| [2020.12.04; Maikuolan]: Maintenance release (dependencies update, repository cleanup, etc). | ||
| - [2020.11.20]: Added partial support for detecting objects and files embedded within pdf files (due to the nature of how this has been implemented, for the purpose of scanning these embedded objects and files, phpMussel will regard pdf as an archive format; this is intentional). | ||
| - [2020.11.26]: Ditched external test frameworks in favour of GitHub Actions. Replaced existing tests. (More work needs to eventually be done towards tests. This will eventually happen at some point). | ||
| - [2020.11.27]: Some minor code-style cleanup. | ||
| - [2020.12.04]: Maintenance release (dependencies update, repository cleanup, etc). | ||
|
|
||
| ### v3.2.0 | ||
|
|
||
| [2021.01.10; Maikuolan]: Separated the code for performing outbound requests through cURL out to its own independent class. | ||
|
|
||
| [2021.02.05; Maikuolan]: The default timeout for external requests is now configurable. | ||
|
|
||
| [2021.02.07; Maikuolan]: Added the ability to hide the phpMussel version used. | ||
| - [2021.01.10]: Separated the code for performing outbound requests through cURL out to its own independent class. | ||
| - [2021.02.05]: The default timeout for external requests is now configurable. | ||
| - [2021.02.07]: Added the ability to hide the phpMussel version used. | ||
|
|
||
| ### v3.2.1 | ||
|
|
||
| [2021.03.11; Maikuolan]: Added some missing return type declarations. | ||
|
|
||
| [2021.04.19; Bug-fix; Maikuolan]: BuildPath could potentially trigger warnings when open_basedir is defined, causing logging, among various other internal file operations, to fail (related to PHP bug 69240); Fixed. | ||
|
|
||
| [2021.05.01; Bug-fix; Maikuolan]: Log truncation not being calculated properly; Fixed. | ||
| - [2021.03.11]: Added some missing return type declarations. | ||
|
|
||
| [2021.05.28; Maikuolan]: Performed some minor refactoring. | ||
| #### Bugs fixed. | ||
| - [2021.04.19]: BuildPath could potentially trigger warnings when open_basedir is defined, causing logging, among various other internal file operations, to fail (related to PHP bug 69240); Fixed. | ||
| - [2021.05.01]: Log truncation not being calculated properly; Fixed. | ||
| - [2021.05.28]: Wrong casing used for some variables would cause undefined variable errors to occur; Fixed (#3). | ||
|
|
||
| [2021.05.28; Bug-fix; Maikuolan]: Wrong casing used for some variables would cause undefined variable errors to occur; Fixed (#3). | ||
| #### Other changes. | ||
| - [2021.05.28]: Performed some minor refactoring. | ||
|
|
||
| ### v3.3.0 | ||
|
|
||
| [2021.06.10; Maikuolan]: Added a flag for successful hits against blacklisted filetypes (needed by the upload handler for a newly added configuration directive). Also did some very minor refactoring. | ||
|
|
||
| [2021.09.05; Maikuolan]: Precaution against potential future undefined index added to fallback method. | ||
|
|
||
| [2021.10.30; Maikuolan]: Code-style cleanup: Public before private properties, magic before public before private methods. | ||
|
|
||
| [2021.10.31; New Feature; Maikuolan]: Added the ability to segregate cache data on the basis of prefixes specified by the instance. This could be useful for when different installations are utilising the same caching mechanisms at the same server. | ||
| - [2021.06.10]: Added a flag for successful hits against blacklisted filetypes (needed by the upload handler for a newly added configuration directive). Also did some very minor refactoring. | ||
| - [2021.09.05]: Precaution against potential future undefined index added to fallback method. | ||
| - [2021.10.30]: Code-style cleanup: Public before private properties, magic before public before private methods. | ||
| - [2021.10.31]: Added the ability to segregate cache data on the basis of prefixes specified by the instance. This could be useful for when different installations are utilising the same caching mechanisms at the same server. | ||
|
|
||
| ### v3.3.1 | ||
|
|
||
| [2021.11.27; Maikuolan]: At the front-end configuration page, configuration directives relying on specific extensions (specifically, at this time, the supplementary cache options) will now include a notice as to whether the extensions relied upon are available. | ||
|
|
||
| [2022.02.01; Bug-fix; Maikuolan]: Failed to correctly determine the client's IP address under certain circumstances (e.g., multiple choices available via HTTP_X_FORWARDED_FOR); Fixed. | ||
| - [2021.11.27]: At the front-end configuration page, configuration directives relying on specific extensions (specifically, at this time, the supplementary cache options) will now include a notice as to whether the extensions relied upon are available. | ||
|
|
||
| [2022.02.14; Maikuolan]: Maintenance release. | ||
| #### Bugs fixed. | ||
| - [2022.02.01]: Failed to correctly determine the client's IP address under certain circumstances (e.g., multiple choices available via HTTP_X_FORWARDED_FOR); Fixed. | ||
|
|
||
| ### v3.3.2 | ||
|
|
||
| [2022.02.21; Maikuolan]: Improved IP address resolution strategy. | ||
| - [2022.02.21]: Improved IP address resolution strategy. | ||
| - [2022.02.21]: Added a default caching prefix. | ||
|
|
||
| [2022.02.21; Maikuolan]: Added a default caching prefix. | ||
|
|
||
| [2022.03.11; Bug-fix; Maikuolan]: Shorthand data was quoted, but needed to be defined as literals in order to avoid being unentitised prior to being parsed as regular expression partials, in order to avoid breaking those expressions and potentially triggering fatal errors; Fixed. | ||
|
|
||
| [2022.03.24; Bug-fix; Maikuolan]: Fixed a bottleneck in the scan process caused by the readFileBlocks method (phpMussel/phpMussel#231). | ||
| #### Bugs fixed. | ||
| - [2022.03.11]: Shorthand data was quoted, but needed to be defined as literals in order to avoid being unentitised prior to being parsed as regular expression partials, in order to avoid breaking those expressions and potentially triggering fatal errors; Fixed. | ||
| - [2022.03.24]: Fixed a bottleneck in the scan process caused by the readFileBlocks method (phpMussel/phpMussel#231). | ||
|
|
||
| ### v3.3.3 | ||
|
|
||
| [2022.06.16; Bug-fix; Maikuolan]: Warning generated since PHP 8.1 for parse functionality; Fixed. | ||
|
|
||
| [2022.08.18; Maikuolan]: Added L10N for Persian/Farsi, Hebrew, Malay, and Ukrainian. | ||
|
|
||
| [2022.09.26; Maikuolan]: Configuration multiline support added (necessary in order to properly facilitate the custom headers/footers feature introduced earlier today). | ||
| #### Bugs fixed. | ||
| - [2022.06.16]: Warning generated since PHP 8.1 for parse functionality; Fixed. | ||
|
|
||
| [2022.10.12; BaseMax]: Improved L10N for Persian/Farsi. | ||
|
|
||
| [2022.10.25; Maikuolan]: Hardened some configuration constraints. | ||
|
|
||
| [2022.10.28; Maikuolan]: Reworked how the configuration page deals with volume-based configuration. | ||
|
|
||
| [2022.11.20; Maikuolan]: Avoid packaging unnecessary files into dist. | ||
| #### Other changes. | ||
| - [2022.08.18]: Added L10N for Persian/Farsi, Hebrew, Malay, and Ukrainian. | ||
| - [2022.09.26]: Configuration multiline support added (necessary in order to properly facilitate the custom headers/footers feature introduced earlier today). | ||
| - [2022.10.12; BaseMax]: Improved L10N for Persian/Farsi. | ||
| - [2022.10.25]: Hardened some configuration constraints. | ||
| - [2022.10.28]: Reworked how the configuration page deals with volume-based configuration. | ||
| - [2022.11.20]: Avoid packaging unnecessary files into dist. | ||
|
|
||
| ### v3.3.4 | ||
|
|
||
| [2022.11.30; Maikuolan]: Adjusted minimum value for some port directives from 1 to 0. | ||
| #### Bugs fixed. | ||
| - [2022.12.26]: PDF files were sometimes being flagged as images; Fixed. | ||
|
|
||
| [2022.12.26; Bug-fix; Maikuolan]: PDF files were sometimes being flagged as images; Fixed. | ||
| #### Other changes. | ||
| - [2022.11.30]: Adjusted minimum value for some port directives from 1 to 0. | ||
|
|
||
| ### v3.3.5 | ||
|
|
||
| [2023.01.21; Maikuolan]: Better value definitions for `vt_suspicion_level`. | ||
|
|
||
| [2023.02.14; Maikuolan]: Slightly improved client-specified language overrides. | ||
| - [2023.01.21]: Better value definitions for `vt_suspicion_level`. | ||
| - [2023.02.14]: Slightly improved client-specified language overrides. | ||
|
|
||
| ### v3.4.0 | ||
|
|
||
| [2023.03.24; Bug-fix; Maikuolan]: Typo in the readFileContent call for the channels data; Fixed. | ||
|
|
||
| [2023.03.24; New Feature; Maikuolan]: Added the ability to log outbound requests. | ||
|
|
||
| [2023.03.31; Maikuolan]: Eliminated a low-risk potential performance bottleneck at the loadL10N method. | ||
|
|
||
| [2023.04.01; Maikuolan]: Reworked the loadL10N method, how it handles HTTP_ACCEPT_LANGUAGE, improved rule assignment, added some assumptions for supported L10N, and added the ability to defer non-supported L10N to supported L10N where sufficiently similar to be acceptable. | ||
|
|
||
| [2023.04.25; Bug-fix; Maikuolan]: Explicitly defining the region for the configured L10N where deferment may be available but the region for the corresponding listed configuration choice not included could've caused the L10N loader to simply use fallbacks instead; Fixed. | ||
|
|
||
| [2023.04.25; Maikuolan]: Split the existing L10N for Portuguese into two variants, Brazilian and European. | ||
| #### Bugs fixed. | ||
| - [2023.03.24]: Typo in the readFileContent call for the channels data; Fixed. | ||
| - [2023.04.25]: Explicitly defining the region for the configured L10N where deferment may be available but the region for the corresponding listed configuration choice not included could've caused the L10N loader to simply use fallbacks instead; Fixed. | ||
|
|
||
| [2023.05.01~03; Maikuolan]: Added L10N for Bulgarian, Czech, and Punjabi. | ||
| #### Other changes. | ||
| - [2023.03.24]: Added the ability to log outbound requests. | ||
| - [2023.03.31]: Eliminated a low-risk potential performance bottleneck at the loadL10N method. | ||
| - [2023.04.01]: Reworked the loadL10N method, how it handles HTTP_ACCEPT_LANGUAGE, improved rule assignment, added some assumptions for supported L10N, and added the ability to defer non-supported L10N to supported L10N where sufficiently similar to be acceptable. | ||
| - [2023.04.25]: Split the existing L10N for Portuguese into two variants, Brazilian and European. | ||
| - [2023.05.01~03]: Added L10N for Bulgarian, Czech, and Punjabi. | ||
|
|
||
| ### v3.4.1 | ||
|
|
||
| [2023.09.03; Maikuolan]: Added L10N for Afrikaans and Romanian. | ||
|
|
||
| [2023.09.04; Maikuolan]: Added colouration to phpMussel's CLI mode (some code has been added to the core to facilitate this). The atHit method has been migrated from the Loader class to the Scanner class. | ||
|
|
||
| [2023.09.16~18; Maikuolan]: Significantly refactored all L10N data. | ||
|
|
||
| [2023.09.18; Maikuolan]: Better resource guarding. | ||
|
|
||
| [2023.09.25; Maikuolan]: Unified the methods for reading files to a singular method. | ||
| - [2023.09.03]: Added L10N for Afrikaans and Romanian. | ||
| - [2023.09.04]: Added colouration to phpMussel's CLI mode (some code has been added to the core to facilitate this). The atHit method has been migrated from the Loader class to the Scanner class. | ||
| - [2023.09.16~18]: Significantly refactored all L10N data. | ||
| - [2023.09.18]: Better resource guarding. | ||
| - [2023.09.25]: Unified the methods for reading files to a singular method. | ||
|
|
||
| ### 3.4.2 | ||
|
|
||
| [2022.11.22; Maikuolan]: Maintenance release. | ||
| - [2022.11.22]: Maintenance release. | ||
|
|
||
| ### v3.5.0 | ||
|
|
||
| [2023.12.01; Maikuolan]: Improved escaping. Added support for specifying a Redis database number to the supplementary cache options. | ||
| #### Security. | ||
| - [2023.12.12]: Added a method to check whether a name is reserved, and applied it as a guard at the point where signature files are read in. Attempting to perform file operations on reserved names under Windows and some other operating systems could cause the underlying file system to attempt to communicate with a serial port instead of the intended file. PHP is likely to then wait indefinitely for a response it's unlikely to ever receive, thus locking up the process and preventing further requests unless the process is restarted. Although it's infinitesimally unlikely that a user would actually want to use a reserved name for one of their signature files, as the solution is exceedingly simple, with no particular performance impact, I've implemented it accordingly. | ||
|
|
||
| [2023.12.12; Security; Maikuolan]: Added a method to check whether a name is reserved, and applied it as a guard at the point where signature files are read in. Attempting to perform file operations on reserved names under Windows and some other operating systems could cause the underlying file system to attempt to communicate with a serial port instead of the intended file. PHP is likely to then wait indefinitely for a response it's unlikely to ever receive, thus locking up the process and preventing further requests unless the process is restarted. Although it's infinitesimally unlikely that a user would actually want to use a reserved name for one of their signature files, as the solution is exceedingly simple, with no particular performance impact, I've implemented it accordingly. | ||
|
|
||
| [2024.03.11; Maikuolan]: Added L10N for Bosnian, Catalan, Galician, Gujarati, Croatian, and Serbian. | ||
| #### Other changes. | ||
| - [2023.12.01]: Improved escaping. Added support for specifying a Redis database number to the supplementary cache options. | ||
| - [2024.03.11]: Added L10N for Bosnian, Catalan, Galician, Gujarati, Croatian, and Serbian. | ||
|
|
||
| ### v3.5.1 | ||
|
|
||
| [2024.03.21; Bug-fix; jedso]: Changed `$this->IPAddr` to `$this->Loader->IPAddr` in `Scanner.php`. | ||
| #### Bugs fixed. | ||
| - [2024.03.21; Bug-fix; jedso]: Changed `$this->IPAddr` to `$this->Loader->IPAddr` in `Scanner.php`. | ||
|
|
||
| ### v3.5.2 | ||
|
|
||
| [2024.07.02; Maikuolan]: Refactored the `loadL10N` method. Merged zh and zh-TW L10N, and dropped region designations (e.g., CN, TW) in favour of script designations (e.g., Hans, Hant). | ||
|
|
||
| [2024.07.13; Bug-fix; Maikuolan]: If the client-specified language was the same as the configured language, the client-specified preferred variant would be ignored, even if it wasn't the same as the configured preferred variant; Fixed. | ||
|
|
||
| [2024.08.06; Maikuolan]: Updated the default filetype blacklist (#7). | ||
|
|
||
| [2024.09.02; Maikuolan]: Code-style patch. | ||
| - [2024.07.02]: Refactored the `loadL10N` method. Merged zh and zh-TW L10N, and dropped region designations (e.g., CN, TW) in favour of script designations (e.g., Hans, Hant). | ||
|
|
||
| [2024.09.10; Maikuolan]: Added L10N for Marathi. | ||
| #### Bugs fixed. | ||
| - [2024.07.13]: If the client-specified language was the same as the configured language, the client-specified preferred variant would be ignored, even if it wasn't the same as the configured preferred variant; Fixed. | ||
|
|
||
| [2024.09.13; Maikuolan]: Added L10N for Malayalam. | ||
| #### Other changes. | ||
| - [2024.08.06]: Updated the default filetype blacklist (#7). | ||
| - [2024.09.02]: Code-style patch. | ||
| - [2024.09.10]: Added L10N for Marathi. | ||
| - [2024.09.13]: Added L10N for Malayalam. |