This release includes 1 security fix for security teams reviewing exposed deployments.
Published 1mo
Productivity & Wikis
✓ No known CVEs patched
This release patches 1 known CVE
Topics
gardening
home-plants
horticulture
hortusfox
houseplants
plant-care
+11 more
plant-collection
plant-growth
plant-journal
plant-manager
plant-monitoring
plant-parent
plant-tracking
plants
plants-grow
self-hosted
selfhosting
Summary
AI summaryPrevent execution of arbitrary script files in the /public directory.
Full changelog
Version 5.8 of HortusFox
Changelog
- Added tech stack section in README to give credits to used packages (#455)
- Added markdown for plant details notes (#497)
- Fixed that custom plant attributes weren't taken into account when cloning plants (#503)
- Fixed that an initially generated cronjob password contained invalid characters (#510)
- Fixed that exporting a backup failed in case any of the locations weren't assigned a preview image (#513)
- Added a list of console commands to project README (#517)
- Changed allowed request methods for cronjobs (#518)
- Removed associations with any big tech corporations (#519)
- Ecosia image search for returned plant names using the plant recognition feature (#520)
- Improve generating hyperlinks for Ecosia image search (#523)
- Prevent execution of arbitrary script files in the /public directory (#524)
- Increment version number across various files (#525)
Security Fixes
- Prevent execution of arbitrary script files in the /public directory — blocks potential remote code execution via uploaded scripts
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About hortusfox-web
Self-hosted collaborative plant management and tracking system for plant enthusiasts
Beta — feedback welcome: [email protected]