Skip to content

v1.6.0
Compare
Choose a tag to compare
@Alanaktion Alanaktion released this 29 Aug 05:29
· 230 commits to master since this release
v1.6.0
This tag was signed with the committer’s verified signature.
Alanaktion Alan Hardman
GPG key ID: 27A79A65774B4AF0
Learn about vigilant mode.
6fb7b2c
This commit was signed with the committer’s verified signature.
Alanaktion Alan Hardman
GPG key ID: 27A79A65774B4AF0
Learn about vigilant mode.

Phproject version 1.6 includes significant architectural changes and several minor feature changes, bug fixes, and security enhancements.

Note that the v1.6 upgrade can take several minutes on a large site with many issues due to the table structure changes required. A brief planned downtime is recommended for sites with more than 100,000 issues.

Architecture

  • Third-party PHP libraries are now included via Composer. This allows us to keep our repository leaner and makes updating to new versions of libraries simpler.
  • We've reformatted all PHP files to follow PSR-2 standards, and HTML files now use 4 spaces for indentation for consistency.
  • Travis CI test builds have been updated to use the new Trusty platform, and will be updated to include more PHP versions and additional test cases in the future.
  • The ping system used to keep sessions alive as a workaround for an old session bug has been completely removed. This results in significantly lower resource usage on sites with many users.
  • The unused attribute tables from a long time ago are removed.

Features

  • Emoticons previously converted to Icomoon glpyhs are now displayed as native Emoji! 😃
  • Textile parsing shows a deprecation warning, to prepare for future removal.
  • The Administration page now shows when new releases are available, and the details about the release.
  • Basic site statistics are reported to Phproject developers to help us know which things to focus on building in the future. Users can opt out of this stat reporting if desired.

Bug fixes

  • Users with an avatar uploaded will no longer see links to Gravatar when editing their profile.
  • Native PHP functions are used to write configuration files, which fixes issues with special characters in configuration values.

Security enhancements

  • The old config.ini file is no longer used, and will be migrated to a config.php file, that won't require special server configuration to hide. This helps prevent malicious users from finding your database connection information.
  • Some previously unvalidated issue values now have validation and foreign key constraints, preventing possible XSS vulnerabilities and malicious functionality breakage.
  • A XSS vulnerability on the Browse pages was fixed.
  • Non-image files are no longer allowed to be uploaded for user avatars.
  • Image thumbnail generation dimensions are now limited to prevent a denial of service attack.
Assets 3
Loading