Releases: smarty-php/smarty
Releases · smarty-php/smarty
v4.2.0
What's Changed
- add local testrunners for all supported PHP versions using docker. by @wisskid in #770
- Fix PHP 8.1 htmlspecialchars deprecation by @gkreitz in #766
- Do not use obsolete smarty properties '_dir_perms', '_file_perms', 'p… by @wisskid in #772
- Update to HTML5-syntax in debug template by @JonisoftGermany in #599
- Merge branch 'fix-issue-549-v3' of github.com:AnrDaemon/smarty into A… by @wisskid in #771
- Fixed second param of unescape modifier by @wisskid in #778
New Contributors
- @gkreitz made their first contribution in #766
- @JonisoftGermany made their first contribution in #599
Full Changelog: v4.1.1...v4.2.0
v3.1.46
What's Changed
- Fixed replace modifier by converting encoding if needed by @AnrDaemon in #740
- Fixed second param of unescape modifier by @wisskid in #779
Full Changelog: v3.1.45...v3.1.46
v4.1.1
Security
- Prevent PHP injection through malicious block name or include file name. This addresses CVE-2022-29221
Fixed
- Exclude docs and demo from export and composer #751
- PHP 8.1 deprecation notices in demo/plugins/cacheresource.pdo.php #706
- PHP 8.1 deprecation notices in truncate modifier #699
- Math equation
max(x, y)
didn't work anymore #721 - Fix PHP 8.1 deprecated warning when calling rtrim #743
- PHP 8.1: fix deprecation in escape modifier #727
v3.1.45
v4.1.0
v4.0.4
v3.1.44
v4.0.3
What's Changed
- Prevent evasion of the
static_classes
security policy. This addresses CVE-2021-21408
Full Changelog: v4.0.2...v4.0.3
v3.1.43
Prevent evasion of the static_classes
security policy. This addresses CVE-2021-21408
Full Changelog: v3.1.42...v3.1.43
v4.0.2
Prevent arbitrary PHP code execution through maliciously crafted expression for the math function. This addresses CVE-2021-29454
Full Changelog: v4.0.1...v4.0.2