1.4.0

What's Changed

• Feature: Allow custom S3 endpoint by @xvilo in #534
• Feature: Synchronise all packages command by @xvilo in #536
• Update symfony from 5.3 to 5.4 by @xvilo in #543
• Make AWS auth credentials optional by @xvilo in #539
• Ugrade phpstan to ^1.3 by @alamirault in #531

New Contributors

• @xvilo made their first contribution in #534
• @alamirault made their first contribution in #531

Full Changelog: 1.3.6...1.4.0

1.3.6

Security

• Fix CVE-2021-41267: Webcache Poisoning via X-Forwarded-Prefix and sub-request symfony/security-bundle (v5.3.4)
• Fix CVE-2021-41268: Remember me cookie persistance after password changes

What's Changed

• Upgrade symfony to 5.3.12 by @akondas in #524
• Upgrade all dependencies by @akondas in #526

Full Changelog: 1.3.5...1.3.6

1.3.5

What's Changed

• Allow to configure proxy secret for origin protection by @akondas in #493
• Upgrade Symfony to 5.3 by @akondas in #483
• Bump phpunit/phpunit from 9.5.4 to 9.5.8 by @dependabot in #497
• Bump fakerphp/faker from 1.14.1 to 1.15.0 by @dependabot in #499
• Bump friendsofphp/php-cs-fixer from 2.19.0 to 2.19.1 by @dependabot in #500
• Bump ramsey/uuid-doctrine from 1.6.0 to 1.7.0 by @dependabot in #501
• Bump phpstan/phpstan-symfony from 0.12.41 to 0.12.42 by @dependabot in #502
• Bump doctrine/orm from 2.9.1 to 2.9.4 by @dependabot in #504
• fix: Explicitly cast to boolean by @eFrane in #503
• Bump ekino/phpstan-banned-code from 0.3.1 to 0.5.0 by @dependabot in #506
• Bump friendsofphp/php-cs-fixer from 2.19.1 to 2.19.2 by @dependabot in #507
• Remove unbound version constraints from composer.json by @akondas in #508
• Bump phpstan/phpstan-phpunit from 0.12.21 to 0.12.22 by @dependabot in #509
• Bump symfony/flex from 1.13.4 to 1.14.4 by @dependabot in #512
• Remove trailing slash in nginx volume name docker-logs-nginx by @ThomasBoom89 in #520
• Bump composer/composer from 1.10.22 to 1.10.23 by @dependabot in #518

New Contributors

• @eFrane made their first contribution in #503
• @ThomasBoom89 made their first contribution in #520

Full Changelog: 1.3.4...1.3.5

1.3.4

Security

• Upgrade flysystem to 1.1.4 - fix CVE-2021-32708

1.3.3

Fixed

• Fix package dependencies duplication (#472)

Changed

• Remove Link entity from package read model (#473)
• Reduce sql query executions for organization token (#474)
• Update dependencies (dependabot updates)

1.3.2

Security

• Update Symfony to 5.2.9 - fix CVE-2021-21424

1.3.1

Security

• Update Symfony to 5.2.8 - fix CVE-2021-21424

Changed

• Update dependencies (#456)

1.3.0

Security

• Update composer - fix GHSA-h5h8-pc6h-jvvx

Added

• Dependency/dependant tracking (#426 thanks @giggsey)

1.2.2

Fixed

• Fix: composer 9999999-dev issue (#422 thanks @slappyslap)
• Make var/cache ephemeral (#420)
• Add async-aws/ses to composer (#418 thanks @nandogameiro)
• Enable http2 for composer v2 (#416)
• Test compatibility issues and small deprecation fix (#414 thanks @pedro-stanaka)
• Remove old metadata files when sync proxy metadata (#412)
• Remove PostgreSQL exposed port from docker-compose.yml (#410)

1.2.1

Fixed

• Remove webhook when package removed (API) and organization removed (UI) (#404)