Merge branch 'release/1.7.43'

Sogl · Oct 2, 2023 · 1f21d25 · 1f21d25
2 parents fb5dd14 + 21b218e
commit 1f21d25
Show file tree

Hide file tree

Showing 9 changed files with 191 additions and 154 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,15 @@
+# v1.7.43
+## 10/02/2023
+
+1. [](#new)
+   * Add the ability to programtically set a page's `modified` timestamp via a `modified:` frontmatter entry
+2. [](#improved)
+   * Update vendor libraries
+   * Include `phar` in the list of `security.uploads_dangerous_extensions`
+   * When enabled `system.languages.debug` now dumps **Key -> Value** to debugger [#3752](https://github.com/getgrav/grav/issues/3752)
+   * Updated built-in composer to latest `2.6.4` [#3748](https://github.com/getgrav/grav/issues/3748)
+   * Added support for `@import` to ensure paths are rewritten correctly in CSS pipeline [#3750](https://github.com/getgrav/grav/pull/3750)
+
 # v1.7.42.3
 ## 07/18/2023
 

diff --git a/SECURITY.md b/SECURITY.md
@@ -18,4 +18,12 @@ If you cannot update to the latest stable version available because, for example
 
 ## Reporting a Vulnerability
 
-Please contact security@getgrav.org with a detailed explaination of the security issue found and we will work with you to get it resolved as fast as possible.
+Please contact security@getgrav.org with a detailed explanation of the security issue found.  If it appears to be a legitimate issues, please submit an **advisory via GitHub Security**: https://github.com/getgrav/grav/security/advisories
+
+>> NOTE: Please do not use 3rd party security issue reporting services, we like to keep everything in the GitHub ecosystem for easier manageability.
+
+## Bug Bounties
+
+We do greatly appreciate your efforts to improve Grav, but unfortunately because we are a small open source project, we **do not have the resources to offer bounties** for security issues found.  
+
+
diff --git a/bin/composer.phar b/bin/composer.phar