Current File : /home/mmdealscpanel/yummmdeals.com/changelog.txt.tar
var/softaculous/myadmin49/changelog.txt000064400000002570150346676540014232 0ustar00phpMyAdmin - ChangeLog
======================

4.9.11 (2023-02-07)
- issue        [security] Fix an XSS attack through the drag-and-drop upload feature

4.9.10 (2022-02-10)
- issue #17308 Fix broken pagination links in the navigation sidebar

4.9.9 (2022-01-22)
- issue #17305 Fix syntax error for PHP 5
- issue #17307 Fix hide_connection_errors being undefined when a controluser is set

4.9.8 (2022-01-20)
- issue #14321 Display a correct error page when "$cfg['Servers'][$i]['SignonURL']" is empty for auth_type=signon
- issue #14321 [security] Remove leaked HTML on signon page redirect before login for auth_type=signon
- issue        [security] Add configuration directive $cfg['Servers'][$i]['hide_connection_errors'] to allow hiding host names and other error details when login fails
- issue        [security] Add configuration directive $cfg['URLQueryEncryption'] to allow encrypting senstive information in the URL
- issue        [security] Fix a scenario where an authenticated user can disable two factor authentication

4.9.7 (2020-10-15)
- issue #16397 Fix compatibility problems with older PHP versions (also issue #16399)
- issue #16396 Fix broken two-factor authentication

4.9.6 (2020-10-09)
- issue        [security] Fix XSS vulnerability with the transformation feature (PMASA-2020-5)
- issue        [security] Fix SQL injection vulnerability with search feature (PMASA-2020-6)

var/softaculous/feng/changelog.txt000064400000002121150357267300013316 0ustar00Since 3.11.8.0-rc4
-----------------------------------
bugfix: fix link object list elements without filter (#3085)
bugfix: fix sprint backlog report (#3084)
bugfix: qbo sync cron is including invoices that are in the trash (#3083)

Since 3.11.8.0-rc3
-----------------------------------
bugfix: When task is set to billable correctly update the subtasks (#3080)

Since 3.11.8.0-rc2
-----------------------------------
bugfix: qbo sync - don't link time/expenses to invoices if they are not enabled to sync (#3077)
bugfix: fix how to obtain the table where the search has to look (#3076)
bugfix: Add details to logs and fix non static call (#3074)
bugfix: remove double quotes on email addresses (#3069)

Since 3.11.8.0-rc1
-----------------------------------
bugfix: qbo expense sync sometimes not updating status (#3068)
bugfix: tsheets sync was not included correctly in the new sync workflow, it had many bugs (#3066)

Since 3.11.8.0-beta4
-----------------------------------
bugfix: Remove task action "Generate invoice" (#3065)
bugfix: Use correct ID to show start and end date in tasks list (#3062)var/softaculous/conc85/changelog.txt000064400000010624150447157530013510 0ustar008.5.20 Release Notes

New Features

    Significant improvements to content import/export: added support for multilingual page mapping, additional page paths, external links and more (thanks mlocati)
    Disabled searching marketplace since marketplace supports 9+ (thanks mlocati)

Bug Fixes

    Fix exporting area layout column when area is null (thanks mlocati)
    Fixed some small errors when importing stack content (thanks mlocati)
    Fix exporting page fields when page can't be found (thanks mlocati)

Security Updates

    Safer storage of API keys on Windows (not necessary for Concrete CMS v9+, see more information here https://github.com/concretecms/concretecms/pull/11859) (thanks mlocati)
    Fixed unsanitized address custom attribute when rendering addresses unattached to a particular country.

Developer Updates

    Page::getByPath can now except a as well as a site tree and return all pages in all multilingual site trees therein (thanks mlocati)
    When importing pages at paths that don’t exist, we now throw a specific exception that can be handled differently in different cases (thanks mlocati)
	
8.5.19 Release Notes

Security Updates

    Fixed CVE-2024-8291 Stored XSS in Image Editor Background Color by sanitizing output of "Save Background Image Colour" in file thumbnail dashboard single page with commit dbce253166f6b10ff3e0c09e50fd395370b8b065 for version 8 and commit 12183 for version 9. The Concrete CMS Security Team gave this a CVSS v4 score of 2.1 with vector CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N Prior to the fix a rogue admin could add malicious code to the Thumbnails/Add Type. Thanks Alexey Solovyev for reporting HackerOne 921527.

    Fixed CVE-2024-7398 Stored XSS Vulnerability in Calendar Event Addition Feature with commit 7c8ed0d1d9db0d7f6df7fa066e0858ea618451a5 for version 8 and commits 12183 and 12184 for version 9. The Concrete CMS Security Team gave this vulnerability a CVSS v4 score of 1.8 with vector VSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N Prior to the fix, the calendar event name was not sanitized on output. Users or groups with permission to create event calendars could embed scripts and users or groups with permission to modify event calendars could execute scripts. Thank you Yusuke Uchida for reporting HackerOne 2400810.

    Fixed CVE-2024-8661 Stored XSS in the "Next&Previous Nav" block with commit 12204 for version 9 and with commit ce5ee2ab83fe8de6fa012dd51c5a1dde05cb0dc4 for version 8. The Concrete CMS Security Team gave this vulnerability a CVSS v4 score of 4.6 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Prior to the fix, a rogue admin could add a malicious payload. Since the "Next&Previous Nav" block output was not sufficiently sanitized, the malicious payload could be executed in the browsers of targeted users. Thanks Chu Quoc Khanh for reporting HackerOne 2610205
	
8.5.18 Release Notes

Bug Fixes

    Fixed bug where boolean page attributes that are checked by default show up as checked even if they have previously been saved unchecked (thanks hissy)
    Fixed some issues when attempting to use Redis to store session under certain conditions (thanks mlocati)

Security Updates

    Fixed CVE-2024-4350 Stored XSS in RSS Displayer with commit 12166 for version 9 and with commit c08d9671cec4e7afdabb547339c4bc0bed8eab06 for version 8. Prior to the fix a rogue administrator could inject malicious code into fields due to insufficient input validation. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.0 with a vector of AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N and a CVSS v4 score of 2.1 with vector CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N Thanks m3dium for reporting HackerOne 2479824

    Fixed CVE-2024-7394 Stored XSS in getAttributeSetName() by sanitizing Board instance names on output with commit 12166 for version 9 and commit c08d9671cec4e7afdabb547339c4bc0bed8eab06 for version 8. Prior to the fix, a rogue administrator could inject malicious code. The Concrete CMS team ranked this a CVSS v3.1 rank of 2 with vector AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N and a CVSS v4.0 rank of 1.8 with vector CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks m3dium for reporting HackerOne 2463288

    Show a more generic error message in RSS Displayer block if curl is unable to load posts. Thanks m3dium for recommending this in HackerOne 2479824var/softaculous/elgg33/changelog.txt000064400000001110150451012260013444 0ustar003.3.25 (2022-10-07)
Contributors

    Jerôme Bakker (2)

3.3.24 (2021-12-23)
Contributors

    Jerôme Bakker (1)

Bug Fixes

    reported_content: sanitize report URLs (c30b17bf)

3.3.23 (2021-12-03)
Contributors

    Jerôme Bakker (1)

Bug Fixes

    ajax: forms in the admin namespace are protected (572d210e)

3.3.22 (2021-11-19)
Contributors

    Jerôme Bakker (3)

Bug Fixes

    groups: prevent misuse of group membership actions (d9fcad76)

3.3.21 (2021-08-03)
Contributors

    Jeroen Dalsem (1)

Bug Fixes

    http: always disable cache if cookie is being set (30c17f06)var/softaculous/s9y/changelog.txt000064400000012510150453510460013121 0ustar00Version 2.5.0 (13.02.2024)
------------------------------------------------------------------------

   * Restore compatibility with PHP 7.4

   * Remove bundled composer.phar (thanks to hboeck)

   * Update composer dependencies (mostly for PHP 8.3 compatibility):
      katzgrau/klogger (1.0.0 => 1.2.2)
      pear/http_request2 (v2.5.1 => v2.6.0)
      pear/net_dns2 (v1.5.3 => v1.5.4)
      psr/log (1.0.0 => 1.1.4)
      smarty/smarty (v4.3.2 => v4.3.5)

   * Fix a PHP notice in User management ("isEditable") (garvinhicking)

   * Fix a bug when the p parameter given was set to 0 (@hannob)

   * Fix an incompatibility with MySQL 5.7 or later (@mariohommel)
   
Version 2.4.0 (November 20th, 2022)
------------------------------------------------------------------------

   * Fix: Avoid bad number of arguments to sprintf and fix logic error
     in spamblock plugin.     

   * Improve w3c compatibility be encode square brackets of comment
     mode links (thanks @hannob)

   * Fix: Previewing comments warning threw a warning on PHP 8, when
          debug mode on (thanks @hannob)

   * Fix: Editor autosave cached was not deleted when saving entry

   * Fix: Editor autosave was not on by default, despite the setting
          being active by default

   * Fix: admin/entries.tpl: fix undefined variable iso2br

   * Fix: The calendar plugin threw a warning about $cond['join'] not
          existing in some setups

   * Fix: Avoid one more situation where responsive image upscaled
          a small thumbnail

   * Bugfix: Entryproperites plugin no longer insert empty records
     for multiple authors (garvinhicking)

   * Improve permalink generation performance and enable more unicode
     replacements (thanks to mbirth!)
	 
Version 2.3.5 (April 25th, 2020)
------------------------------------------------------------------------

   * Fix: CSS: Restrict block display of summary to trackbacks. (#703)

   * Fix: Don't strip HTML from comments body in serendipity_plugin_comments
          before serendipity_event_unstrip_tags can convert the HTML tags
          (being called via frontend_display hook). (#702)

   * Fix: [CKE] Don't remove <details> and <summary> elements from
          WYSIWYG editor.

   * Fix: Don't delete extend properties from the entryproperties
          plugin when publishing from dashboard (or sending
          delayed trackbacks). (#695)

   * Fix: SQL error in serendipity_plugin_history present since we
          "don't allow requesting an archive page that doesn't exist"
          (2.3.3). (#694)

   * Fix: Entry title in backend list of entries was double escaped.

   * Fix: Don't drop upgraded_version from local plugin cache.

   * Fix: Regular expression in functions_routing.inc.php

   * Fix: Truncate extension of media items to 5 chars (which ist the
          max length of the corresponding database field). (#609)
          Thanks to @mmitch!
		  
Version 2.3.4-beta1 (March 25th, 2020)
------------------------------------------------------------------------

   * Security: Fix RCE on Windows.
     Thanks to Junyu Zhang <rgdz.eye@gmail.com>!

   * Fix: ML: Fixed filename generation when renaming and added
          some error messages on rename failures.

   * Display source of plugins (Spartacus, bundled or locally installed).
   
Version 2.3.3 (March 22nd, 2020)
------------------------------------------------------------------------

   * #651: When using checkboxes to insert multiple media files, if only
     one asset has been selected, do not use the gallery mode,
     but instead single-asset view. Also improves to click the title
     of an asset to select its checkbox, and hides the 'Insert all'
     button when no assets are selected. (garvinhicking)

   * Use the video tag for videos in the Medialibrary, also when
     inserting such a video into an entry

   * media_choose.tpl: Fixes bad usage of
     {serendipity_hookPlugin eventData=...} to {serendipity_hookPlugin eventData=}
     and allow plugins to skip HTML block insertion to use their own
     markup

   * Updates mailer event plugin to support force sending mails on
     published blog entries and ability to prepend a mail body. 
     Also fixes missing "keep strip tags" configuration option

   * Fix serendipity_killPath().
     Thanks to @surrim!

   * Don't allow requesting an archive page that doesn't exist.
     Thanks to @lotharsm!

   * Fix: Set action to empty in functions_routing.php when serving JS;
     otherisw the default page has been generated at every call.

   * Fix: Add valid HTTP referrer when trying to delete a
     trackback from the frontend.

   * Fix: Wordwrap at word boundaries only in bundled plugin
          serendipity_plugin_comments.

   * Fix: Force empty limit to "" in serendipity_fetchEntries().

   * Fix: Escape version string in update notifier to avoid XSS.

   * Fix: Prevent renaming a ML object into an existing file,
          resulting in deletion of both from disk and database.

   * Fix: Items in Medialibrary that are not images now get
          the correct link

   * Fix: Remember where you stored images last (#652)

   * Fix: [bbcode] Get roman numerals working in bbcode plugin.
          Thanks to Fabien Chabreuil!

   * Fix: Force positive limits for number of entries shown on
          title page and in RSS feed. s9y doesn't work with 0 or
          negative numbers, so force our default (15) in this case,var/softaculous/presta178/changelog.txt000064400000015032150454641140014136 0ustar00####################################
#   v1.7.8.11 - (2023-12-13)
####################################
- Core:
  - Improvement:
    - #34820: Update prestashop modules for 1.7.8.11 (by @tleon)
  - Bug fix:
    - GHSA-XGPM-Q3MQ-46RQ: Some attribute not escaped in Validate::isCleanHTML method (by @matthieu-rolland)
- Tests:
  - Refactoring:
    - #33988: Functional tests - Fix random error in 'FO > Quick view product' (by @nesrineabdmouleh)
	
####################################
#   v1.7.8.10 - (2023-07-19)
####################################
- Core:
  - Improvement:
    - GHSA-xw2r-f8xv-c8xp add missing html attributes (by @matthieu-rolland)
  - Bug fix:
    - #33028: Bump to mysql 8 in CI (by @lartist)
- Back Office:
  - Improvement:
    - GHSA-gf46-prm4-56pc protect from writing files on server through SQL form (by @matthieu-rolland)
- Tests:
  - Improvement:
    - #32893: Nightly : 1.7.8.x - Move to Github Actions (by @Progi1984)
  - Bug fix:
    - #33013: Nightly : Fixed mocha loader (1.7.8.x) (by @Progi1984)
    - #32896: Fix github action runs on 1.7.8.x (by @boubkerbribri)
  - Refactoring:
    - #33231: Nightly : 1.7.8.x - Skip test for the issue 32914 (by @Progi1984)
    - #32995: Functional tests - Fix random errors in the nightly 1.7.8.x (by @nesrineabdmouleh)

####################################

####################################
#   v1.7.8.9 - (2023-04-25)
####################################
- Back Office:
  - Improvement:
    - #32140: Fix CVE 2023-25170 on 1.7.8.x (by @mflasquin)
    - #32105: Release/manual verifications 1789 (by @mflasquin)
  - Bug fix:
    - #GHSA-8r4m-5p6p-52rp Fix arbitrary file ready through sql manager (found by truff@projet7.org / Sébastien Cantos)
- Core:
  - Improvement:
    - #GHSA-fh7r-996q-gvcp: Possible XSS injection through Validate::isCleanHTML method (by @	matthieu-rolland)
    - #GHSA-p379-cxqh-q822 Fix executeS method making sure it does selection only (found by truff@projet7.org / Sébastien Cantos)
- Tests:
  - Improvement:
    - #32144: Nightly : Migrate from nightly.prestashop.com to nightly.prestashop-project.org (by @Progi1984)
	
####################################
#   v1.7.8.8 - (2022-12-07)
####################################
- Back Office:
  - Bug fix:
    - #29693: Update material icons lib to fix the slow npm installation (by @NeOMakinG)
    - #29465: Add available_now & available_later labels constraints (by @zuk3975)
    - #29587: Replace exception message by custom error message when uploading avatar with 
invalid extension (by @lartist)
    - #29554: Replace exception message by custom message on invalid avatar on employee page 
(by @lartist)
    - #29224: Fix subcategories for multishop (by @MeKeyCool)
    - #29553: Add min height on alert to center icons vertically (by @lartist)
    - #29635: Do not reset customization in FO when changing combination (178x) (by @zuk3975)
    - #29392: Fix menu items not showing on mobile (by @NeOMakinG)
    - #29551: Text troncated on combine several attribute input (by @lartist)
    - #29549: Fix validateSql method not accepting EXISTS after WHERE (by @atomiix)
    - #29246: Fix Stock page style with RTL (by @MeKeyCool)
    - #29307: Remove module_card.js from the product page v1 (by @NeOMakinG)
    - #29214: Fix logo on pdf for RTL (by @MeKeyCool)
    - #29096: BO - Bad display on Your Profile button on all of pages when hover and click on 
it (by @okom3pom)
    - #28706: Fix orders export limit (by @Seb33300)
    - #28829: Fix performances links spaces and URLs (by @NeOMakinG)
    - #28392: Fix back-office translations when multishop and multiple languages (by 
@MeKeyCool)
    - #28821: Handle fallback when currency has empty display names (by @jolelievre)
- Front Office:
  - Improvement:
    - #28232: Optimizing queries for checking address existence (by @Progi1984)
  - Bug fix:
    - #28838: Update AbstractForm.php for Multilanguage fields (by @panariga)
    - #29715: Fix discount detail in cart when a product has en ecotax with applied tax (by 
@mflasquin)
    - #29910: Fix image size when zooming on tablet (by @NeOMakinG)
    - #29665: Fix bad selector to fix checkbox issues on RMA (by @mflasquin)
    - #29632: Select new invoice address automatically (by @lartist)
    - #29471: Fix ps_facetedsearch - bad display after clearing a filter of no result (by 
@leemyongpakvn)
    - #29413: Fix displayPackPrice compare price value instead of formatted price (by 
@jolelievre)
    - #29373: Fix checkout when one module and no cgv validation (by @okom3pom)
    - #29055: Fix anchor links in product list (by @jolelievre)
    - #28904: Fix responsive for product quick view. (by @MeKeyCool)
    - #27841: Multistore - Product on category page display out of stock flag instead of 
availlable on order (by @Rizzen59)
    - #28426: Fix product images size consistency (by @MeKeyCool)
    - #27738: FO : Fix offset for "NEW" products listing (by @idnovate)
- Core:
  - Improvement:
    - #30454: Update composer dependencies (by @mflasquin)
    - #29586: [BC Break] Disable execution of multiple statements in a single SQL query (by 
@atomiix)
    - #29636: Upgrade Smarty to 3.1.47 (by @mflasquin)
    - #29235: Update prestashop 1.7.8.x composer dependencies (by @matks)
    - #29172: Save Smarty caching type setting in file instead of DB (by @atomiix)
    - #29227: Bump wishlist to 2.1.2 (by @NeOMakinG)
  - Bug fix:
    - #30114: Do not build a domain from the module name (Cherry pick of #30080) (by @atomiix)
    - #29504: Cherry-pick #29502 (by @atomiix)
    - #27422: [BC Break] Use core translations sources for themes in addition to the 
translations of the theme itself (by @atomiix)
    - #28780: Add cache to AddressFactory::addressExists() (by @eternoendless)
    - #28608: Set $registeredHookName as renderWidget when no hook given (by 
@PrestaEdit)Contributors
    - #GHSA-9qgp-9wwc-v29r: User needs to have rights to see /uploads/* content (by @atomiix)
- Installer:
  - Bug fix:
    - #30099: Fix issue on fresh installation with docker in branch 1.7.8.x (by @sefirosweb)
    - #29420: Clear translations cache before translating fixtures (by @atomiix)
    - #28845: Update to latest blockwishlist module version 2.1.1 (by @jolelievre)
- Tests:
  - Bug fix:
    - #29698: Disable apache mpm_event module in the CI (cherry-pick) (by @atomiix)
  - Refactoring:
    - #28682: Functional tests - Fix some random errors on nightly 178x (by @nesrineabdmouleh)
	
####################################
#   v1.7.8.7 - (2022-07-20)
####################################
- Core:
  - Bug fix:
    - #GHSA-hrgx-p36p-89q4: Chain: SQL Injection (CWE-89) and Eval Injection (CWE-95) (by @atomiix)