606176585c
Security fixes: - Fix XSS in JSON-LD output via JSON_HEX_TAG (Seo module) - Fix SQL injection via LIKE wildcards (Config module) - Fix regex injection in env updates (Console module) - Fix weak token hashing with HMAC-SHA256 (CDN module) - Mask database credentials in install output (Console module) New features: - Add MakeModCommand, MakePlugCommand, MakeWebsiteCommand scaffolds - Add event prioritization via array syntax in $listens - Add EventAuditLog for tracking handler execution and failures - Add ServiceVersion with semver and deprecation support - Add HealthCheckable interface with HealthCheckResult - Add ServiceStatus enum for service health states - Add DynamicMenuProvider for uncached menu items - Add LangServiceProvider with auto-discovery and fallback chains Improvements: - Add retry logic with exponential backoff (CDN uploads) - Add file size validation before uploads (100MB default) - Add key rotation mechanism for LthnHash - Add Unicode NFC normalization to Sanitiser - Add configurable filter rules per field (Input) - Add menu caching with configurable TTL (Admin) - Add Redis fallback alerting via events (Storage) - Add Predis support alongside phpredis (Storage) - Add memory safety checks for image processing (Media) - Add SchemaValidator for schema.org validation (SEO) - Add translation key validation in dev environments Bug fixes: - Fix nested array filtering returning null (Sanitiser) - Fix race condition in EmailShieldStat increment - Fix stack overflow on deep JSON nesting (ConfigResolver) - Fix missing table existence check (BlocklistService) - Fix missing class_exists guards (Search, Media) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| config | ||
| src | ||
| stubs | ||
| tests | ||
| composer.json | ||
| phpunit.xml | ||