Skip to content

Releases: Studio-42/elFinder

Version 2.1.69

Choose a tag to compare

@nao-pon nao-pon released this 07 May 12:56

Version 2.1.69

  • Only fixes a release error; there are no changes to the functionality.

Version 2.1.68

  • Fixing bug where uploading large files sometimes fails (#3761)
  • Fix incorrect URL generation in getContentUrl() (#3759)
  • pressing minimized button ( - ) on the editor while the editor is maximized will close the editor (#3737)
  • Update deprecated php type casts (#3739)
  • fix(mime): normalize MIME mappings and regenerate elFinder.mimetypes.js
  • Update Russian translation and authorship details (#3757)
  • chore(dev): add MIME mapping generator script
  • Use Array.isArray instead of $.isArray (#3771)
  • added "SVG image" & "WEBP image" file type description to "Kind" column when in list view (#3738)
  • Correctly urlencode path in setcookie(); fix #3538 (#3754)
  • Create SECURITY.md
  • fix: Pixo Image Editor JS path
  • update: [css] change font-size of preview
  • fix: improve PHP 8 compatibility in session, cURL, and callback handling (#3780)
  • Prepare elFinder for jQuery 4 sup (#3781)
  • fix: example html, js
  • build: add elfinder-minimal
  • feat(editor): add signed callback state storage for external save handlers
  • fix(connector): add CSRF token validation and refresh flow
  • fix(connector): refine CSRF token refresh timing and protected commands
  • fix(js): guard CSRF reload check when xhr is missing
  • fix(onedrive): prefer cached Graph download URLs for file access
  • Preserve i18n keys in mount errors
  • fix:#3782 avoid E_STRICT on PHP 8.4+
  • Update safe CDN versions for external JS libs
  • Normalize MPD text/xml MIME type
  • [i18n:ja] Update elfinder.ja.js
  • fix(connector): normalize PHP error handling and mount failures
  • chore(js): update default CDN library versions
  • chore: ignore local IDE project files
  • docs: fix correct the incorrect date
  • [security] [VD:MySQL] normalize numeric object ids for SQL usage

Version 2.1.68

Choose a tag to compare

@nao-pon nao-pon released this 07 May 08:35

Changes form previous version

Full Changelog: 2.1.67...2.1.68

  • Fixing bug where uploading large files sometimes fails (#3761)
  • Fix incorrect URL generation in getContentUrl() (#3759)
  • pressing minimized button ( - ) on the editor while the editor is maximized will close the editor (#3737)
  • Update deprecated php type casts (#3739)
  • fix(mime): normalize MIME mappings and regenerate elFinder.mimetypes.js
  • Update Russian translation and authorship details (#3757)
  • chore(dev): add MIME mapping generator script
  • Use Array.isArray instead of $.isArray (#3771)
  • added "SVG image" & "WEBP image" file type description to "Kind" column when in list view (#3738)
  • Correctly urlencode path in setcookie(); fix #3538 (#3754)
  • Create SECURITY.md
  • fix: Pixo Image Editor JS path
  • update: [css] change font-size of preview
  • fix: improve PHP 8 compatibility in session, cURL, and callback handling (#3780)
  • Prepare elFinder for jQuery 4 sup (#3781)
  • fix: example html, js
  • build: add elfinder-minimal
  • feat(editor): add signed callback state storage for external save handlers
  • fix(connector): add CSRF token validation and refresh flow
  • fix(connector): refine CSRF token refresh timing and protected commands
  • fix(js): guard CSRF reload check when xhr is missing
  • fix(onedrive): prefer cached Graph download URLs for file access
  • Preserve i18n keys in mount errors
  • fix:#3782 avoid E_STRICT on PHP 8.4+
  • Update safe CDN versions for external JS libs
  • Normalize MPD text/xml MIME type
  • [i18n:ja] Update elfinder.ja.js
  • fix(connector): normalize PHP error handling and mount failures
  • chore(js): update default CDN library versions
  • chore: ignore local IDE project files
  • docs: fix correct the incorrect date
  • [security] [VD:MySQL] normalize numeric object ids for SQL usage

Version 2.1.67

Choose a tag to compare

@nao-pon nao-pon released this 17 Apr 03:05

Changes form previous version

Full Changelog: 2.1.66...2.1.67

  • [security] fix command injection vulnerability in resize background color handling when using the ImageMagick CLI backend

Version 2.1.66

Choose a tag to compare

@nao-pon nao-pon released this 28 Aug 11:57

Changes form previous version

Full Changelog: 2.1.64...2.1.66

Version 2.1.65

  • [js] update CDNs
  • [php:editors] Zoho API update

Version 2.1.66

  • [PHP 8.4] Fix: Curl CURLOPT_BINARYTRANSFER deprecated
  • Merge pull request #3629 from Ayesh/php84-curl-depr
  • translate to Chinese
  • Update zh_CN.js
  • Update Chinese help
  • fix name
  • Update elfinder.ko.js
  • try copy / deleting folder if moving it doesn't work
  • Merge pull request #3636 from vfishv/master
  • Merge pull request #3647 from allity/patch-1
  • Merge pull request #3653 from terrafrost/branch-1
  • Fix #3637 FILTER_SANITIZE_STRING is deprecated (PHP 8.1)
  • Allow image URL in theme manifest.json to be a relative link as well
  • Update elfinder.ru.js
  • Merge pull request #3677 from blutorange/feat-relative-image-link-in-theme-manifest
  • Merge pull request #3682 from Ruslan-Aleev/patch-1
  • Fixes #3684 (#3685)
  • [OneDrive] fix Content URL
  • Fix #3667 where the Content URL could be invalid
  • [VD:core] Check if copying was successful when moving files in copy + delete mode
  • Fix CVE-2025-0818 (#3723)
  • Fixes #3689, fm.sync removes unavailable volumes. (#3690)
  • [VD:SFTP] Make compatible with phpseclib version 2 or 3 when returned from connectCallback($options) (#3687)
  • Add font mime kinds (WOFF, WOFF2, EOT, SFNT, generic font/*) (#3691)
  • Ignore posted message that are not intended for ElFinder (#3692)
  • Add option to rename command to disable alias rename (#3693)
  • Add option commandsOptions.edit.confirmUnsavedBeforeClose (#3698)
  • Fix build for Windows environment (#3699)
  • Replace usage of deprecated E_STRICT constant (#3705)
  • Add "WEBP" to File mimetype to kind mapping (#3712)
  • fix translation mistakes and unification (#3719)

Version 2.1.64

Choose a tag to compare

@nao-pon nao-pon released this 20 Dec 07:46

Changes form previous version

All previous changes is here.

Version 2.1.64

  • [css] re-fix #3584 css error and CI

Version 2.1.63

  • [php:core] fix download a file via context menu the windows download popup don't close (#3619)
  • [VD:MySQL] Use prepared statements instead of escaping when saving file (#3604)
  • [VD:core] fix #3617 Filename Restriction Bypass Leading To Persistent Cross-site Scripting
  • [js] fix #3614 $.isFunction() is deprecated in jQuery
  • [js] Update to jQuery 3.7.1 and Jquery UI 1.13.2
  • [VD:LocalFileSystem] fix #3615 Using .php8 in PHP handler leading to RCE
  • [cmd:upload] fix #3575 Drag&Drop Upload Issue with Firefox

Version 2.1.62

Choose a tag to compare

@nao-pon nao-pon released this 13 Jun 16:42

Changes form previous version

All previous changes is here.

  • [php:core] prevent garbled file name when URL upload
  • [js:core,upload] fixed DnD in-browser image upload in Chrome
  • [js:options] update CDNs
  • [js:core,upload] fixed DnD in-browser image upload in Chrome
  • [php] Update elFinderVolumeSFTPphpseclib.class.php (#3483)
  • [mime.types] Update mime.types to allow MS outlook message files (#3499)
  • [js:cmd:resize] fix #3513 rotate bug on Chrome
  • [VD:LocalFileSystem] Security fixes, directory traversal vulnerability fixes
    • Awaiting CVE ID.
    • This issue was found by Michał Majchrowicz & Livio Victoriano AFINE Team.
  • Correctly urlencode path in setcookie(); fix #3538 (#3561)
  • [js:core] fix #3572 Useless backend request during elFinder.sync()
  • [VD:LocalFileSystem] fix #3543 Can't download folder in PHP 8.1
  • [php:core] fix #3546 Use elFinder::getCmdOfBind instead of self::getCmdOfBind which is deprecated in PHP v8.2
  • [VD:SFTP] fix SFTP driver fatal error, cleanup (#3574)
  • And some minor bug fixes

Version 2.1.61

Choose a tag to compare

@nao-pon nao-pon released this 14 Mar 12:31

Changes form previous version

All previous changes is here.

  • [security] Fixed #3458 filename bypass leading to RCE on Windows server
  • [security:CVE-2022-26960] Fixed a path traversal issue
  • [i18n] Updated ru and fr
  • [js] Updated CDNs of external libs
  • And some minor bug fixes

Version 2.1.60

Choose a tag to compare

@nao-pon nao-pon released this 14 Mar 12:30

Changes form previous version

All previous changes is here.

  • [VD:OneDrive] show error on _od_obtainAccessToken()
  • [ui:cwd] make easily able to mapping mimetype to the kind (#3375)
  • [cmd:rm] Fixed an issue that sometime ignore the delete button and into the trash
  • [VD:LocalFileSystem] Fixed #3429 RCE on Windows server
  • [js:core,options] Fixed #3401 add an option workerBaseUrl

Version 2.1.59

Choose a tag to compare

@nao-pon nao-pon released this 13 Jun 15:07

Changes form previous version

All previous changes is here.

  • [Security:php] Fixed multiple vulnerabilities leading to RCE
  • [php:session] Fixed #3278 wrong code of typo
  • [js:core] #3351 allow columnsCustomName[x] to be a function
  • [css:quicklook] Fixed #3240 remove unnecessary color specifications
  • [cmd:extract] Fixed #3252 for checking the existence of existing files
  • [js:core] Fixed #3359 add an option "noResizeBySelf"
  • [VD:abstract] Fixed #3216 missing url option on upload into root
  • And some minor bug fixes

Version 2.1.58

Choose a tag to compare

@nao-pon nao-pon released this 09 Jun 08:28

Changes form previous version

All previous changes is here.

  • [VD:abstract] Fixed #3151 support RAR5 lib
  • [cmd:fullscreen] Fixed #3177 wrong fullscreen button caption
  • [js:core] Supports cookie samesite attribute
  • [VD:SFTP] Add new SFTP driver, via phpseclib library
  • [js:core] Fixed #3193 auto-detection of baseUrl
  • [js:upload] Fixed upload bug (#3264)
  • [VD:abstract,php] make the thumbnail support webp (#3265)
  • [php:core] Fixed #3250 error only variables can be passed by reference
  • [VD:abstract] add 'phar:*' => 'text/x-php' into 'staticMineMap'
  • [VD:abstract] Fixed #3181 add an option uploadMaxMkdirs
  • [php:core] Add cwd param to proc_open (#3281)
  • [VD:abstract] Bugfix of an option mimeDetect (#3291)
  • [UI] Fixed #3302 problem of d&d when copy of UI command is disabled
  • And some minor bug fixes