All notable changes to this project are documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
- Unit tests: 11 new test files covering recent type safety, filter validation, and error handling fixes —
DaoFilteringIdTest(11 tests),PostServiceNewMethodsTest(9 tests),PostModelQueryTest(8 tests),MediaDaoBugFixesTest(6 tests),FormSecurityFunctionsTest(13 tests),FunctionsThemeTest(11 tests),PageControllerTest(7 tests),HumanLoginValidateTest(8 tests),UploadPhotoFunctionTest(7 tests),PostDaoDeleteRecordTest(6 tests),PostControllerConstructorTest(10 tests)
- Dao::filteringId(): Now throws
InvalidArgumentExceptioninstead ofDbException; returnsintfor'sql'type with positive integer validation - PostDao::updatePost(): Added explicit
nullthird parameter todeleteRecord()call - MediaDao::findMediaBlog(): Fixed return type from boolean
truetonullfor empty results - MediaDao::imageUploadHandler(): Added null check on
$data_mediabefore array access - PostModel: Migrated all JOINs from
INNER JOINtoLEFT JOINfortbl_media; moved media filter conditions from WHERE to ON clause; fixedtbl_user→tbl_usersingetPostByAuthor() - PostService::setPostContent(): Added
$skipPurifyparameter to bypass HTMLPurifier for encrypted content - form-security.php::check_form_request(): Added
$alwaysAllowedfields (csrfToken,postFormSubmit,MAX_FILE_SIZE) that skip whitelist validation - human-login.php::validate_login_context(): Expanded whitelist with
csrf,rememberfields - upload-photo.php::upload_photo(): Skip
set_origin_photo()whenfileinfoextension is loaded (file already moved byset_webp_origin) - PostController: Refactored constructor to accept
TopicDaoandMediaDao; delegated image handling toPostService; expanded payload whitelist withpost_password,post_locale,post_tags - PageController: Added
post_modifiedtocheck_form_request()whitelist ininsert()andupdate() - admin/posts.php: Updated
PostControllerinstantiation with 3 constructor arguments - Theme functions: Added
filter_var()validation tolink_tag()andlink_topic(); added ID validation toretrieve_detail_post(); addedget_post_thumbnail()function with fallback image - single.php: Added 404 validation when post not found; added default value initialization for all template variables; restructured protected post content processing with proper
isset()guards
- PostController: Refactored
insert()andupdate()to use injected DAOs instead of creating new instances; removedhandlePostImage(),handleDefaultImage(),handleUploadedImage()(moved to PostService) - PostService: Added
processPostImage(),processDefaultImage(),processUploadedImage()methods orchestrating image handling logic
- Updated translation cache files and exception log
Patch release focused on type safety hardening, input validation, and error handling improvements across DAO, Service, Controller, and Model layers. 11 new test files (94+ tests) added to cover all recent changes. 33 commits since v1.5.0.
Maleo Senkawor – Honoring Macrocephalon maleo, the critically endangered megapode endemic to Sulawesi, Indonesia.
- Previous release: v1.5.0
- Changes since v1.5.0: 33 commits
- IIS web.config generation: New
write-web-config.phputility for Microsoft IISweb.configrewrite rules (NGINX-style) FrontHelperclass: Static delegation layer providing convenient access to FrontService methods (e.g.,FrontHelper::getPosts(),FrontHelper::getPages())- IIS detection: Microsoft IIS server detection added to
detect-web-server.php - Installer IIS note: IIS configuration guidance displayed in the installation wizard (
setup.php,finish.php) - Permalink IIS support: IIS
web.configoption added to the permalink configuration dropdown - Unit tests: 6 new test files —
WebServerDetectionTest(12 tests),NginxConfigWriterTest(20 tests),WebConfigWriterTest(13 tests),ThemeMetaTest,LogErrorTest, and 7 handler test files (Archive/Blog/Category/Home/Page/Privacy/Post/Tag handlers)
- FrontService: Refactored to use standalone database queries instead of delegating to FrontHelper; public interface now accessible via FrontHelper static methods
- DAO layer: SQL injection prevention and return type hints added to
PostDao,PageDao,PageService,PostService - Handler classes: PHPDoc blocks added and return type consistency improved across all front-end request handlers
- LogError: Added return type hint and return value to
setStatusCode() - Installer: Batch insert optimization and debug logging removal in setup wizard
- Translation cache: Updated
en.jsonandes.json
- Development themes: Removed unused theme files
- Duplicate test files: Removed 4 redundant test files —
AdditionalUtilityFunctionsTest.php,UserDaoTest.php,PostDaoMethodIntegrationTest.php,TopicDaoTest.php(1686 lines)
- New test suites: 6 new test files — WebServerDetectionTest (12 tests), NginxConfigWriterTest (20 tests), WebConfigWriterTest (13 tests), ThemeMetaTest, LogErrorTest, handler tests (7 files covering all front-end request handlers)
- FrontServiceTest: Expanded to cover all autonomous method implementations
- Test cleanup: 4 duplicate test files removed; bootstrap updated with
SERVER_NAMEandPHP_SELFconstants for direct_page support
Feature release focused on IIS web server support, FrontService delegation layer, expanded test coverage (45+ new tests), and code quality improvements across DAO and handler layers. Redundant test files consolidated.
Maleo Senkawor – Honoring Macrocephalon maleo, the critically endangered megapode endemic to Sulawesi, Indonesia.
- Previous release: v1.4.0
- Changes since v1.4.0: 21 commits
ThemeRendererInterface: New interface for theme rendering with constructor dependency injectionThemeResolutionException: New exception class with factory methods for common failure modesIServiceThrowableinterface: Replaces deprecatedIEventThrowable; extendsIThrowablefor consistent service-layer exception handling- Unit tests: 3 new test files (
IServiceThrowableTest,ThemeRendererInterfaceTest,ThemeResolutionExceptionTest) — 4 tests
- ThemeRenderer: Refactored to implement
ThemeRendererInterfacewith constructor injection, documented public API, and improved theme directory resolution - Core library classes: Refactored Bootstrap, Dispatcher, HandleRequest, ApiRouter, Authentication, CSRFGuard, and other core classes with improved type safety, modular private methods, and code quality
- All controllers: Refactored PostController, UserController, MediaController, MenuController, PageController, PluginController, ThemeController, ReplyController, DownloadAdminController, and all API controllers with improved type safety
- DAO layer: Updated PostDao, PageDao, PluginDao, UserTokenDao, TopicDao, ThemeDao, MenuDao, PostTopicDao with improved type safety
- Service layer: Updated PostService, PageService, UserService, MigrationService, MediaService, PluginService, TranslationService, and other services
- Theme templates: Updated header, footer, download, and functions templates with deferred CSS loading for performance
- Admin UI templates: Updated all admin templates with security improvements
- Installation wizard: Updated
setup-db.phpandfinish.phpwith improved setup logic - Autoloader: Updated with new class mappings for new interfaces and classes
- Utility files: Updated with improved security and type safety
- Dependencies: Updated
composer.json(added explicit PHP extension requirements:ext-json,ext-mbstring,ext-pdo,ext-fileinfo,ext-openssl,ext-gd; removedguzzlehttp/psr7); updatedcomposer.lock
- Test fixes: Fixed failing tests for Bootstrap property rename, NumberCpus code changes, PerformanceOptimization CSS deferral, and ThemeRenderer refactor
IEventThrowable: Deprecated interface removed, replaced byIServiceThrowable- Avatar images: Removed unused avatar images from admin assets (
avatar.png,avatar04.png,avatar2.png,avatar3.png,avatar5.png,boxed-bg.png,default-150x150.png,default-50x50.gif,icons.png) $configglobal: Removed unused$config = array()fromcommon.phpstart-session-on-site.php: Removed unused utility
- Code formatting: Array bracket alignment fix in
utility-loader.php
src/readme.html: Synced with README.md (reduced from 285 lines)
- Utility files: Updated with improved security and type safety across utility functions
- New test suites: 3 new test files for
IServiceThrowable,ThemeRendererInterface,ThemeResolutionException - Test fixes: Updated BootstrapTest, NumberCpusTest, PerformanceOptimizationTest, ThemeRendererTest for compatibility with refactored code
Maintenance release focused on code quality improvements across the entire codebase — refactoring core library classes with new interfaces, improved type safety, deferred CSS loading for performance, updated dependencies, and expanded test coverage. All unit tests passing.
Maleo Senkawor – Honoring Macrocephalon maleo, the critically endangered megapode endemic to Sulawesi, Indonesia.
- Previous release: v1.3.1
- Changes since v1.3.1: 12 commits
I18nManagermagic methods: Added__unserialize()method toI18nManagersingleton to align with PHP 8.5 deprecation of__wakeupand prevent serialization bypasses.
Patch release addressing PHP 8.5 magic method deprecation and hardening singleton serialization.
Maleo Senkawor – Honoring Macrocephalon maleo, the critically endangered megapode endemic to Sulawesi, Indonesia.
- Previous release: v1.3.0
- Changes since v1.3.0: 8 commits
referrer_policy()function: New security header function for Referrer-Policy configurationpermissions_policy()function: New security header function for Permissions-Policy configuration- Security headers to API entry point: X-Frame-Options, X-Content-Type-Options, X-XSS-Protection, Referrer-Policy, and Permissions-Policy headers integrated into
api/index.php - Bootstrap security header integration:
referrer_policyandpermissions_policywired intoBootstrap::applySecurity() - CSRF protection for API write endpoints:
validateCsrfForWrite()andgenerateCsrfToken()methods inApiAuth - CSRF validation in API controllers: Integrated CSRF validation into MediaApiController and other API controllers
create_encoded_key()hardening: Defuse cipher key derivation with_try_decrypt()helper for multi-path backward-compatible decryption- Controller test suite: 5 new test files (PostController, UserController, CommentController, MediaController, TopicController) — 34 tests
- Core class test suite: 6 new test files (SessionMaker, Paginator, Sanitize, DbFactory, Dispatcher, View) — 65 tests
- phpunit.xml suite directories: Added Controller Tests and Core Tests directories to the PHPUnit configuration
- Password hashing: Upgraded from md5 to sha256 in
protect_post()andsetPassPhrase()for stronger hashing - CSP hardening: Removed
unsafe-evalfrom Content-Security-Policy; added Report-Only header for migration monitoring - Dynamic tests badge: Replaced static badge with dynamic GitHub Actions badge in README
- Test infrastructure:
Registry::set('dbc')added for Dao, MediaDao, Authentication constructors in integration tests - Locale column length: Shortened
lang_codefrom VARCHAR(20) to VARCHAR(10) to match schema - Unique locale collision: Fixed via counter in test data setup
is_htmlcast: Cast to integer 0 instead of boolean false in translation tests- DownloadUtilityTest race condition: Resolved
time() + 1race condition in data provider - DownloadCreateLinkTest paths: Corrected file paths for
src/directory structure - Theme auto-activate test: Deactivate all themes first to ensure clean state
- Removed stale tests: Removed tests for non-existent
setCredential()method andcrendentialproperty - Translation insert transaction: Wrapped translation insert in transaction in setup-db; added hard lock detection for fully installed databases
generate_request()null safety: Removed redundantisset($data) &&beforearray_key_exists()calls
- Code formatting: Cleanup across service layer, utility loader, core classes, admin utilities, import files, and PostController
- Utility loader: Fixed blank line after opening PHP tag and array bracket alignment
- README: Updated Tests badge to reflect 1240 passed; documentation updates
- DEVELOPER_GUIDE.md: Updated version to v1.2.3; documentation updates
- TESTING_GUIDE.md: Updated to v1.2.0 with 1240 tests, 2584 assertions, database setup fixes
- Security headers: Tests for
referrer_policy(),permissions_policy(), secure HTTP headers (CSP, Report-Only) - API auth CSRF: Unit tests for
validateCsrfForWrite(),hasApiOrBearerAuth(),generateCsrfToken()— additional test cases - Encrypt-decrypt: Tests for
create_encoded_key(),_try_decrypt(), multi-path backward-compatible decryption - Password hashing: Verification that
PostService::setPassPhrase()uses sha256 instead of md5 - Controller tests: 8 PostController, 8 UserController, 6 CommentController, 6 MediaController, 6 TopicController tests
- Core class tests: 8 SessionMaker, 8 Paginator, 15 Sanitize, 4 DbFactory, 6 Dispatcher, 6 View tests
- HTTP headers test: Rewritten using subprocess instead of
runInSeparateProcess
- Password hashing: Upgraded from md5 to sha256 for protected post passwords
- CSP hardening: Removed
unsafe-evalfrom Content-Security-Policy - Security headers: X-Frame-Options, X-Content-Type-Options, X-XSS-Protection, Referrer-Policy, Permissions-Policy added to API
- API CSRF protection: CSRF validation for API write endpoints
Feature release with security hardening (CSRF API protection, CSP hardening, password hashing upgrade, security headers), expanded test suite (+99 tests across controllers and core classes), and code quality improvements. All unit tests passing (950 tests, 2031 assertions).
Maleo Senkawor – Honoring Macrocephalon maleo, the critically endangered megapode endemic to Sulawesi, Indonesia.
- Previous release: v1.2.3
- Changes since v1.2.3: 50 commits
check_session_dir()function: New installer requirements check for sessions directory writability- Sessions directory check: Added to installer requirements UI for user visibility during setup
.gitkeepandindex.html: Protectpublic/files/cache/sessions/directory from directory listing
resolve_session_save_path(): Added chmod fallback logic to attempt permission recovery when sessions directory exists but is not writable, with fallback tosys_get_temp_dir()
- Session initialization: Used
resolve_session_save_path()in both Bootstrap and API session init to ensure consistent session storage location - PHP 7.4 backwards compatibility: Removed mixed return type declarations that caused fatal errors on PHP 7.4
number_cpus()mac branch: Removed redundantis_resourceguard and replacedfalsecomparison withis_resourceforpopen()in all branches
- Sessions directory protection: Added
index.htmlto prevent directory listing of session files
- Bootstrap tests: Added tests for
\Throwablecatch andinstanceof PDOguard in theme renderer number_cpus()tests: Comprehensive unit tests covering Linux, Windows, and Mac branchesgenerate_requestandsanitize_urlstests: Full coverage for request generation and URL sanitizationdb-mysqlifunction tests: Unit tests withis_table_existsguard coverage
- Stale translation caches: Cleared stale
en.jsonandes.jsonfor clean regeneration
Maintenance release focused on session path reliability, PHP 7.4 compatibility, expanded test coverage, and installer hardening. All unit tests passing (829 tests, 1854 assertions).
Maleo Senkawor – Honoring Macrocephalon maleo, the critically endangered megapode endemic to Sulawesi, Indonesia.
- Previous release: v1.2.2
- Changes since v1.2.2: 24 commits
- Local placeholder SVG image: Replaced external placeholder URLs with a local
placeholder.svgasset across all blog templates (archive, category, tag, blog, single, page, home) - THEME_DEVELOPER_GUIDE.md: Comprehensive standalone theme reference documentation
- Language indicator widget: i18n sidebar locale bootstrap with ARIA attributes for accessibility
- Extended locale support:
lang_availablenow includes Arabic, Chinese, French, Russian, Spanish, and Indonesian during installation - SidebarNavigationTest: Unit tests for admin sidebar navigation
- MIT license file: Added
LICENSEfile to the blog theme
- Utility loader ordering:
sanitize-urls.phpnow loads beforegenerate-request.phpproject-wide to resolve dependency ordering across multiple load paths - Translation caches: English, Spanish, and Indonesian translation caches restructured, expanded, and streamlined with full key-value pairs
- RELEASE_GUIDE.md: Overhauled with Packagist version immutability guidance
- Theme cookie expiry: Reduced from 365 to 30 days
- ThemeRenderer DB guard: Multiple hardening passes — replaced empty/null checks with
instanceof \PDOtype check, caught\Throwableinstead ofException, removed redundant guard conditions is_table_existsredeclaration: Wrapped infunction_exists()guard to prevent fatal errors when the function is loaded multiple timesgenerate-request.phprequire ordering: Movedrequire_oncebefore function declaration to comply with PHP best practices- Session initialization: Reordered session start before authenticator include to prevent
headers_senterrors - Front controller: Added
ob_start()for proper output buffering - Theme fallback: Added directory fallback when
header.phpnot found in active theme - Comment endpoint: Fixed
fetch-comments.phpto use dynamicsite_url - Copyright year: Corrected start year from 2021 to 2018
- Void return types: Removed incorrect
voidreturn type frominstall_i18n_dataandconvert_memory_used - Error suppression: Suppressed
file_put_contents/file_get_contentswarnings with@operator - ScriptlogCryptonizeException: Skip error logging for expected encryption exceptions in decrypt method
- Dependabot config: Corrected target-branch and directory; updated CodeQL action versions
- Autoloader path: Fixed composer autoload and PHPUnit paths for
lib/vendorstructure - Bootstrap error handling: Improved exception handling and SQL query logging in core Bootstrap
- Install system: Improved error handling, DB connection validation, and security hardening in installation wizard
- SRI integrity hashes: Added Subresource Integrity hashes to all CSS and JavaScript assets; removed legacy IE tweaks
- Frontend JS hardening: Validated cookie values and anchor targets in
front.js - XSS prevention: Sanitized Summernote databasic and specialchars plugins
- Download identifier sanitization: Sanitized download identifiers with
preg_replaceto prevent injection attacks - Prepared statements: Migrated previous/next post queries to prepared statements; escaped permalink in
format_topics - CVE-2026-55766: Updated
guzzlehttp/psr7to 2.12.1 to fix CRLF injection vulnerability - Colour select sanitization: Sanitized colour select input in admin
front.js - CodeQL scanning: Added PHP to CodeQL analysis targets
restoblogandtastybitesthemes: Removed from repository (not yet production-ready)- Redundant
echo: Removed extraneousechobeforesidebar_navigation()call - Stale translation caches: Cleared stale
en.jsonandes.jsoncaches for clean regeneration
- External dependency removal: Replaced all external placeholder image URLs with local
placeholder.svgacross archive, category, tag, blog, single, page, and home templates - AJAX error handling: Simplified error handling in comment submission and search functionality
- Install wizard responsiveness: Added mobile breakpoint styles to install wizard CSS
Security-focused release with 10+ vulnerability fixes, comprehensive utility loader stabilization, i18n expansion, and removal of external image dependencies. All unit tests passing (764 tests, 1753 assertions).
Maleo Senkawor – Honoring Macrocephalon maleo, the critically endangered megapode endemic to Sulawesi, Indonesia.
- Previous release: v1.2.1
- Changes since v1.2.1: 79 commits
- CSS design tokens: Custom properties for colors, spacing, and typography in the blog theme
- Dark mode support: Full theme support via
prefers-color-scheme: darkmedia query - Responsive improvements: Enhanced layout adaptability for mobile, tablet, and desktop viewports
- Blog theme templates: replaced
<main>with<div>for semantic consistency across 8 templates (archive, archives, blog, category, page, single, tag, homepage) - Improved header navigation with better layout and accessibility
- Enhanced footer template layout
- Updated homepage template
- Minified
style.sea.cssasset - Updated test bootstrap and file paths to match project structure
- PHPUnit binary path corrected from
vendor/bin/phpunittolib/vendor/bin/phpunitin CI workflow - Added
workflow_dispatchtrigger to CI workflow for manual test runs - Fixed stale tastybites theme test files (theme was previously removed)
- Corrected test file paths from
../../lib/to../../src/lib/project-wide
- Stale test files for deleted
tastybitestheme (4 files)
Minor release focused on theme modernization with CSS design tokens, dark mode support, responsive improvements, and CI/test infrastructure cleanup. This version re-releases the same content as v1.2.0 under a new tag to avoid the upstream tag mutation lock on Packagist.
Maleo Senkawor – Honoring Macrocephalon maleo, the critically endangered megapode endemic to Sulawesi, Indonesia.
- Previous release: v1.1.0
- Changes since v1.1.0: 18 commits
- Handler system: New front-end request handling pipeline with dedicated handlers for each content type (
ArchiveHandler,BlogHandler,CategoryHandler,DownloadHandler,FrontRequestHandler,HomeHandler,PageHandler,PostHandler,PrivacyHandler,TagHandler) and a centralHandlerRegistry - FrontService: New service layer for front-end content retrieval and rendering
- ThemeRenderer: New core class for theme rendering
- CSRF/XSS protection: Comprehensive protection added across all admin UI templates (comments, downloads, export, import, media library, pages, plugins, posts, privacy, settings, users)
- Blog theme improvements: Enhanced header navigation, footer layout, single post view, download handling, sidebar, and 404 page
- Bootstrap hardening: Improved error handling, null safety, and graceful failure when database credentials are missing
- Session management: Enhanced
SessionMakerwith improved session handling and security - Dispatcher refactoring: URL routing and content validation improvements with canonical URL enforcement
- FrontHelper enhancements: Improved front-end content retrieval methods
- HandleRequest upgrades: Comprehensive query string handling and 404 management
- Test suite expansion: 25+ new test files covering handlers, services, download features, integration tests, and smoke tests
- Test infrastructure: New
tests/core/,tests/smoke/, andtests/unit/handlers/test directories - Psalm static analysis: Configuration files (
psalm.xml,psalm-baseline.xml,psalm-autoload.php) for improved code quality enforcement
- Updated
composer.jsonandcomposer.lockdependencies - Revamped blog theme files (
404.php,footer.php,functions.php,header.php,home.php,sidebar.php,download_file.php,load-comment.min.js) - Updated all admin UI templates with modernized markup and security hardening
- Updated all controllers, DAOs, services, and utility functions for PHP 8.x compatibility
- Updated
Bootstrap.php,Dispatcher.php,HandleRequest.php,FrontHelper.php,SessionMaker.phpwith significant improvements - Enhanced
DbMySQLi.phpfor PDO/mysqli compatibility - Updated documentation files
- Resolved PHP 8.x compatibility issues across the codebase
- Fixed null safety in utility functions and controllers
- Fixed PDO/mysqli compatibility in database access layer
- Corrected argument order in configuration write function
- Fixed table prefix handling in Medoo integration
- Resolved various edge cases in post editing and protected post handling
- Fixed
total_comment()null safety insingle.phpto prevent array access on falsy return - Removed empty
load_more_comments()function stub from blog themefunctions.php - Test infrastructure: Corrected 30+ test file paths from
../../lib/to../../src/lib/to match project structure - CI workflow: Fixed
phpunitbinary path fromvendor/bin/phpunittolib/vendor/bin/phpunitand addedworkflow_dispatchtrigger - Removed stale tastybites theme test files (theme was previously removed)
- Fixed
InstallationTest.php,DownloadHandlerTest.php,ConfigFileGenerationTest.php,OpenApiSpecVerificationTest.phptest logic - Updated
.gitignoreto excludelib/vendor/directory
- Unused CSS from blog theme (
custom.csstrimmed by 269 lines) - Deprecated code and unused utility files
- Stale test files for deleted
tastybitestheme (4 files)
Minor release introducing a new handler-based front-end architecture, comprehensive CSRF/XSS protection, significant test suite expansion, theme improvements, test infrastructure fixes, and numerous stability improvements across the entire codebase.
Maleo Senkawor – Honoring Macrocephalon maleo, the critically endangered megapode endemic to Sulawesi, Indonesia. This remarkable bird, known for its distinctive bony casque and unique reproductive strategy, is one of the world's most fascinating creatures. Maleos are monogamous pairs that dig deep pits in which a single egg is laid—incubated by geothermal heat at inland forested sites or by the sun at beach nesting grounds. The chicks hatch fully feathered and immediately fly into the forest, independent from birth. With population declined by over 90% since the 1950s and fewer than 10,000 individuals remaining, the maleo is listed as Critically Endangered on the IUCN Red List and protected under CITES Appendix I. Major threats include over-harvesting of eggs, habitat destruction, and predation by introduced species. Conservation efforts by the Wildlife Conservation Society (WCS) Indonesia and the Alliance for Tompotika Conservation have released over 10,000 chicks into the wild since 2001, working to protect nesting grounds and establish semi-natural hatcheries.
- Previous release: v1.0.8
- Changes since v1.0.8: 300 commits
- Fixed terms-of-use link path in signup form (
src/admin/signup.php) - Changed recommended permissions from
777to755forpublic/cache/andpublic/log/directories (README.md,src/docs/DEVELOPER_GUIDE.md)
Patch release fixing the terms-of-use link URL and hardening directory permissions.
Maleo Senkawor – Honoring Macrocephalon maleo, the critically endangered megapode endemic to Sulawesi, Indonesia.
- Previous release: v1.0.7
- Changes since v1.0.7: 4 commits
- Revamped
src/public/themes/blog/single.php - Revamped
src/public/themes/blog/footer.php - Revamped
src/public/themes/blog/assets/js/load-comment.jsand minified version - Updated
src/docs/DEVELOPER_GUIDE.md
- Fixed
src/lib/model/TopicModel.phpto handle updated categories in both protected and public posts - Fixed
src/lib/dao/PostDao.phpto accommodate unchanged password in a protected post when edited - Fixed bug in update method when a protected post was edited without changing the password
- Updated PHP docs in
src/lib/utility/generate-filename.php
- Removed unused
src/api/media-upload.php
Patch release addressing blog theme improvements, post editing bug fixes, and documentation updates.
Maleo Senkawor – Honoring Macrocephalon maleo, the critically endangered megapode endemic to Sulawesi, Indonesia.
- Previous release: v1.0.6
- Changes since v1.0.6: 10 commits
- Revamped blog theme files (
functions.php,download.php,download_file.php) - Revamped
src/lib/utility/import-wordpress.php - Revamped
src/lib/utility/download-settings.php - Revamped
src/lib/utility/admin-tag-title.php - Updated blog theme CSS assets (
custom.css,custom.min.css) - Updated
src/lib/utility-loader.php
- Updated Laminas Crypt API usage in ScriptlogCryptonize (BlockCipher factory pattern)
- Added missing
$strongvariable in random_bytes fallback - Resolved PHP 8.x compatibility issues in import-wordpress and app-info
- Cleaned up deprecated
libxml_disable_entity_loaderreferences - Cleaned up
.gitignoreby removing.planentry
Maintenance release focusing on PHP 8.x compatibility fixes, code cleanup, and blog theme improvements.
Maleo Senkawor – Honoring Macrocephalon maleo, the critically endangered megapode endemic to Sulawesi, Indonesia.
- Previous release: v1.0.5
- Changes since v1.0.5: 21 commits
- Menu and template management features with HATEOAS API support
- Revamped
src/lib/utility/upload-theme.php - Revamped
src/lib/utility/permalinks.php - Updated libxml entity loading for PHP 8.1+ compatibility
- Added tmp/minify.php configuration
- Updated
tests/unit/ThemeUploadTest.php
- Corrected test paths from lib/utility to src/lib/utility
- Set APP_URL environment variable for CI tests
- Create config.php for CI before running tests
- Suppress deprecated libxml warnings in PHP 8.1+
- Resolved deprecated libxml_disable_entity_loader issue
- Unused
comment.phpfrom blog theme - Unused pictures from codebase
Patch release addressing PHP 8.1+ compatibility, CI workflow improvements, and new menu/template management features.
Maleo Senkawor – Honoring Macrocephalon maleo, the critically endangered megapode endemic to Sulawesi, Indonesia.
- Previous release: v1.0.4
- Changes since v1.0.4: 13 commits
- OpenAPI specification verification tests (34 new tests)
- LanguageSwitcherTest for i18n functionality
- NavigationI18nTest for permalink URL generation
- Extended API HATEOAS with new endpoints (GDPR, languages, translations, media)
- Updated OpenAPI specs (src/docs/)
- 530 unit tests now passing
- Test path corrections (lib -> src/lib structure)
- ApiHateoas config path to src/config.php
- ImageDisplayTest utility-loader path
- TranslationLoaderTest cache expiry flaky test
- storage/keys from repo tracking
- tests/COVERAGE.md artifact
Hotfix release focusing on test infrastructure improvements and path corrections.
Maleo Senkawor – Honoring Macrocephalon maleo, the critically endangered megapode endemic to Sulawesi, Indonesia.
- Previous release: v1.0.3
- Changes since v1.0.3: 23 commits
- 40 unit tests for UtilityLoader class
- OpenAPI specification files for Blogware RESTful API
- Enhanced i18n implementation for admin panel
- Enhanced i18N implementation for admin panel
- Updated documentation
- Security: Fixed CSP blocking legitimate resources
- Encryption: Fixed "Invalid ciphertext: HMAC verification failed" error
- i18n: Fixed language switcher not working
- i18n: Fixed sidebar menu not reflecting language changes
- Admin: Fixed link to privacy-policy page
- Bug: Fixed i18N feature bug
- Bug: Fixed undefined
load_core_utilitieserror - Bug: Fixed undefined
get_table_prefixerror
.ltsdirectory containing sensitive keys- PHPUnit result cache from git tracking
This patch release addresses bug fixes and reliability improvements across the framework.
Maleo Senkawor - Honoring Macrocephalon maleo, the critically endangered megapode endemic to Sulawesi and Buton Island, Indonesia. This remarkable bird, known for its distinctive bony casque and unique reproductive strategy, is one of the world's most fascinating creatures. Maleos are monogamous pairs that dig deep pits in which a single egg is laid—incubated by geothermal heat at inland forested sites or by the sun at beach nesting grounds. The chicks hatch fully feathered and immediately fly into the forest, independent from birth. With population declined by over 90% since the 1950s and fewer than 10,000 individuals remaining, the maleo is listed as Critically Endangered on the IUCN Red List and protected under CITES Appendix I. Major threats include over-harvesting of eggs, habitat destruction, and predation by introduced species. Conservation efforts by the Wildlife Conservation Society (WCS) Indonesia and the Alliance for Tompotika Conservation have released over 10,000 chicks into the wild since 2001, working to protect nesting grounds and establish semi-natural hatcheries.
- Previous release: v1.0.2
- Changes since v1.0.2: 21 commits
- Updated utility loader generator to prevent function redeclaration errors
- Improved Bootstrap reliability
- Bootstrap: Database connection fails gracefully when credentials are missing or invalid
- Bootstrap: DAOs and services only instantiate when a valid database connection exists
- Bootstrap: Added null coalescing operators for array keys that may not exist
- Bootstrap: Added guards to prevent session operations in CLI/header-sent scenarios
- Bootstrap: Made
applySecurity()resilient to utility function errors - Utility Loader: Fixed duplicate function declaration error for
load_core_utilities()
- 43 unit tests for Bootstrap class (89 assertions)
- Updated test bootstrap to properly load critical utility functions
This patch release addresses several reliability and robustness issues in the Bootstrap process and utility loader.
Maleo Senkawor – Honoring Macrocephalon maleo, the critically endangered megapode endemic to Sulawesi, Indonesia.
- Previous release: v1.0.1
- Changes since v1.0.1: 13 commits
- Standard visual identity (scriptlog mascot assets)
- Updated DEVELOPER GUIDE documentation
- Updated general documentation
- Security: Resolved all Dependabot-detected vulnerabilities
- Quality: Removed unnecessary files from the codebase
This patch addresses security vulnerabilities detected by Dependabot and removes unnecessary files to improve codebase quality. It also includes documentation updates and adds standard visual identity assets.
- Previous release: v1.0.0
- Changes since v1.0.0: 4 commits
- Initial stable release of Scriptlog
- Complete PHP library with modern architecture
- Support for MVC, database, validation, encryption, and more
| Version | Date | Status |
|---|---|---|
| 1.5.1 | 2026-07-10 | Stable |
| 1.5.0 | 2026-07-09 | Stable |
| 1.4.0 | 2026-07-06 | Stable |
| 1.3.1 | 2026-07-02 | Stable |
| 1.3.0 | 2026-07-01 | Stable |
| 1.2.3 | 2026-06-26 | Stable |
| 1.2.2 | 2026-06-25 | Stable |
| 1.2.1 | 2026-06-16 | Stable |
| 1.1.0 | 2026-06-13 | Stable |
| 1.0.8 | 2026-05-14 | Stable |
| 1.0.7 | 2026-05-02 | Stable |
| 1.0.6 | 2026-05-01 | Stable |
| 1.0.5 | 2026-04-28 | Stable |
| 1.0.4 | 2026-04-22 | Stable |
| 1.0.3 | 2026-04-13 | Stable |
| 1.0.2 | 2026-04-10 | Stable |
| 1.0.1 | 2026-04-09 | Stable |
| 1.0.0 | 2026-04-09 | Initial Release |