Fix .htaccess rewrite rules to not block .well-known URIs (#1490615)
Conflicts:
.htaccess
CHANGELOG
| | |
| | | # security rules: |
| | | # - deny access to files not containing a dot or starting with a dot |
| | | # in all locations except installer directory |
| | | RewriteRule ^(?!installer|[a-f0-9]{16})(\.?[^\.]+)$ - [F] |
| | | RewriteRule ^(?!installer|\.well-known\/|[a-f0-9]{16})(\.?[^\.]+)$ - [F] |
| | | # - deny access to some locations |
| | | RewriteRule ^/?(\.git|\.tx|SQL|bin|config|logs|temp|tests|program\/(include|lib|localization|steps)) - [F] |
| | | # - deny access to some documentation files |
| | |
| | | - Fix so Installer requires PHP5 |
| | | - Make brute force attacks harder by re-generating security token on every failed login (#1490549) |
| | | - Slow down brute-force attacks by waiting for a second after failed login (#1490549) |
| | | - Fix .htaccess rewrite rules to not block .well-known URIs (#1490615) |
| | | - Fix so database_attachments::cleanup() does not remove attachments from other sessions (#1490542) |
| | | - Fix responses list update issue after response name change (#1490555) |
| | | - Fix bug where message preview was unintentionally reset on check-recent action (#1490563) |