Changes 12/19/2025 (v2.10.2 & v2.10.3 & v2.10.4)
release(v2.10.4): restrict profile picture uploads to safe image MIME types
- Validate selected profile pictures are only JPEG/PNG/GIF before preview/upload.
- Show a friendly error toast and abort on unsupported file types.
release(v2.10.3): harden profile picture preview (blob URL validation + cleanup)
- Validate the generated ObjectURL is a
blob:URL before assigning to the preview image. - Revoke the ObjectURL after the image loads to prevent memory leaks.
- Keep the same user-facing behavior while tightening security hygiene and robustness.
release(v2.10.2): harden auth + remember-me rotation, user panel, and case-insensitive users
- Store remember-me tokens hashed (HMAC) and rotate on use; centralize issue/consume/revoke in AuthModel and clear invalid cookies.
- Add auth security regression tests (auto-login, token rotation, expiry) + test-only env overrides for USERS/UPLOAD/META dirs; ignore tests in Docker builds.
- Make username handling case-insensitive and run a one-time users/permissions “canonical case” migration with atomic writes.
- Refactor AuthController login flow (JSON parsing, TOTP step, OIDC flow + group extraction / Pro mapping) for clarity and safer handling.
- Extract the User Panel into its own module (fixed-height modal), add “show hover preview” i18n, and reuse the toggle switch styling.
v2.10.4
Full Changelog
SHA-256 (zip)
975e6b8f117a59103e06a47fd690aac0a31fcbf6b457c43b2819bc100bb7a36b FileRise-v2.10.4.zip