X7ROOT File Manager
Current Path:
/var/softaculous/lychee
var
/
softaculous
/
lychee
/
??
..
??
.env
(11.63 KB)
??
.htaccess
(313 B)
??
_clone.php
(2.9 KB)
??
_edit.php
(4.53 KB)
??
_edit.xml
(433 B)
??
changelog.txt
(10.47 KB)
??
extend.php
(9.9 KB)
??
fileindex.php
(226 B)
??
images
??
import.php
(4.04 KB)
??
info.xml
(4.65 KB)
??
install.js
(924 B)
??
install.php
(5.55 KB)
??
install.xml
(448 B)
??
lychee.sql
(139.7 KB)
??
lychee.zip
(40.29 MB)
??
md5
(3.52 KB)
??
notes.txt
(1.96 KB)
??
php53
??
php56
??
php71
??
php81
??
php82
??
update_pass.php
(612 B)
??
upgrade.php
(3.58 KB)
??
upgrade.xml
(574 B)
Editing: changelog.txt
v7.6.0 Latest What's Changed 🏕 Features Async reverse-geocoding, configurable rate limit, remove Wikimedia map provider by @ildyria in #4275 Fixes the wrong name of aspect_ratio 16by9 to 1byx9 in all translations. by @mhepp63 in #4279 Avoid spamming the server for auditories when we don't have the rights by @ildyria in #4283 Add admin check for uploads by @ildyria in #4282 Remove user constraint on decoding Limiter by @ildyria in #4292 feat(036): fix direct photo links in large paginated albums via ?page=N by @ildyria in #4294 fix: show Back Home button on tablets and phones by @ildyria in #4295 ldap is no longer required by @ildyria in #4297 Fixes the Czech translation, part II by @mhepp63 in #4303 feat(35) Chunked Archive Download by @ildyria in #4300 feat(34): add bulk album edit by @ildyria in #4296 feat: search other pages when photo not found in suggested page by @ildyria in #4311 feat: Add setting to disable embed endpoints and UI. by @ildyria in #4316 fix: Improved support for group authorization for Album delete & edit by @ildyria in #4317 feat(37): improved admin panel by @ildyria in #4312 fix: deduplicate photos in tag album listings by @ildyria in #4328 fix: optimistic UI update for album pin/unpin by @ildyria in #4329 feat(white-label): hide Lychee SE / version branding on login form and all public surfaces by @ildyria in #4335 fix: use file path instead of stream for PDF thumbnail generation by @mitpjones in #4334 Fix SSRF on TOCTOU by @ildyria in #4344 Bump frankenphp + fix flacky test by @ildyria in #4354 Fixes the Czech translation, part III by @mhepp63 in #4353 Disable response caching functionality by @ildyria in #4362 Fix not loading settings first page anymore by @ildyria in #4365 Update Markdown configuration to a more secure practice by @ildyria in #4377 Remove vulnerabilities by dropping some dependencies. by @ildyria in #4378 Add option to have timeline only at root level by @ildyria in #4383 Only call advisory after being logged in by @ildyria in #4384 Fix hidden albums leaking via "present in albums" list by @ildyria in #4387 Display Camera Make in PhotoDetails Exif Data by @rschumm in #4389 Feature 041: supply title/description at upload time; return expected_id in response by @ildyria in #4385 feat(webshop): add print & pixel size support (feature 043) by @ildyria in #4388 Add option to disable the switch photo effect by @ildyria in #4406 Add Feature 042 webshop order item display by @ildyria in #4411 Add option to disable the switch photo effect by @ildyria in #4410 Add better feedback on upload failures by @ildyria in #4412 Fix mb strings for our chinese users by @ildyria in #4415 Pin -rc releases by @ildyria in #4413 Add support for toggle select on mobile view by @ildyria in #4416 Add support for uploading folders by drag&drop by @ildyria in #4417 Avoid further complaint on api/v2/diagnostics endpoint by @ildyria in #4419 Do not re-run full CI if not necessary on PR by @ildyria in #4426 Add middleware to check if feature is enabled by @ildyria in #4428 Version 7.6.0 by @ildyria in #4429 👒 Dependencies chore(deps): bump axios from 1.14.0 to 1.15.0 by @dependabot[bot] in #4277 chore(deps): bump phpseclib/phpseclib from 3.0.50 to 3.0.51 by @dependabot[bot] in #4281 chore(deps): bump the actions-deps group with 4 updates by @dependabot[bot] in #4291 chore(deps): bump the production-dependencies group with 6 updates by @dependabot[bot] in #4287 chore(deps): bump follow-redirects from 1.15.11 to 1.16.0 by @dependabot[bot] in #4293 chore(deps-dev): bump the development-dependencies group with 6 updates by @dependabot[bot] in #4290 chore(deps): bump the production-dependencies group with 3 updates by @dependabot[bot] in #4289 chore(deps-dev): bump composer/composer from 2.9.5 to 2.9.7 by @dependabot[bot] in #4298 chore(deps): bump the actions-deps group with 3 updates by @dependabot[bot] in #4310 chore(deps): bump the production-dependencies group with 6 updates by @dependabot[bot] in #4306 chore(deps-dev): bump the development-dependencies group with 4 updates by @dependabot[bot] in #4309 chore(deps): bump the production-dependencies group with 3 updates by @dependabot[bot] in #4308 chore(deps): bump the production-dependencies group with 11 updates by @dependabot[bot] in #4322 chore(deps): bump aquasecurity/trivy-action from 0.35.0 to 0.36.0 in the actions-deps group by @dependabot[bot] in #4326 chore(deps-dev): bump the development-dependencies group with 3 updates by @dependabot[bot] in #4325 chore(deps): bump the production-dependencies group across 1 directory with 7 updates by @dependabot[bot] in #4327 chore(deps-dev): bump the development-dependencies group across 1 directory with 11 updates by @dependabot[bot] in #4323 chore(deps): bump the production-dependencies group with 3 updates by @dependabot[bot] in #4338 chore(deps-dev): bump the development-dependencies group with 4 updates by @dependabot[bot] in #4337 chore(deps-dev): bump phpstan/phpstan from 2.1.51 to 2.1.54 in the development-dependencies group by @dependabot[bot] in #4339 chore(deps): bump step-security/harden-runner from 2.19.0 to 2.19.1 in the actions-deps group by @dependabot[bot] in #4340 chore(deps): bump axios from 1.15.2 to 1.16.0 in the production-dependencies group by @dependabot[bot] in #4336 chore(deps): bump the actions-deps group with 2 updates by @dependabot[bot] in #4348 chore(deps-dev): bump the development-dependencies group with 5 updates by @dependabot[bot] in #4347 chore(deps): bump the production-dependencies group across 1 directory with 10 updates by @dependabot[bot] in #4352 chore(deps): bump the production-dependencies group across 1 directory with 5 updates by @dependabot[bot] in #4356 chore(deps): bump the production-dependencies group with 4 updates by @dependabot[bot] in #4358 chore(deps-dev): bump the development-dependencies group with 3 updates by @dependabot[bot] in #4360 chore(deps): bump the actions-deps group with 3 updates by @dependabot[bot] in #4361 chore(deps-dev): bump the development-dependencies group with 5 updates by @dependabot[bot] in #4359 chore(deps-dev): bump composer/composer from 2.9.7 to 2.9.8 by @dependabot[bot] in #4363 chore(deps): bump js-cookie from 3.0.5 to 3.0.7 by @dependabot[bot] in #4366 chore(deps-dev): bump qs from 6.15.1 to 6.15.2 by @dependabot[bot] in #4367 chore(deps): bump the actions-deps group with 5 updates by @dependabot[bot] in #4374 chore(deps): bump vite from 8.0.13 to 8.0.14 in the production-dependencies group by @dependabot[bot] in #4370 chore(deps-dev): bump the development-dependencies group with 5 updates by @dependabot[bot] in #4371 chore(deps-dev): bump rector/rector from 2.4.3 to 2.4.4 in the development-dependencies group by @dependabot[bot] in #4373 chore(deps): bump the production-dependencies group with 5 updates by @dependabot[bot] in #4372 chore(deps-dev): bump symfony/dom-crawler from 8.0.8 to 8.0.12 by @dependabot[bot] in #4379 chore(deps): bump symfony/polyfill-intl-idn from 1.37.0 to 1.38.1 by @dependabot[bot] in #4381 chore(deps): bump the production-dependencies group with 5 updates by @dependabot[bot] in #4391 chore(deps-dev): bump the development-dependencies group with 4 updates by @dependabot[bot] in #4393 chore(deps): bump the actions-deps group with 2 updates by @dependabot[bot] in #4395 chore(deps): bump the production-dependencies group with 2 updates by @dependabot[bot] in #4392 chore(deps-dev): bump the development-dependencies group with 5 updates by @dependabot[bot] in #4394 chore(deps): bump the actions-deps group across 1 directory with 3 updates by @dependabot[bot] in #4405 chore(deps): bump the production-dependencies group across 1 directory with 4 updates by @dependabot[bot] in #4409 chore(deps-dev): bump the development-dependencies group across 1 directory with 4 updates by @dependabot[bot] in #4404 chore(deps-dev): bump friendsofphp/php-cs-fixer from 3.95.5 to 3.95.7 by @dependabot[bot] in #4423 chore(deps): bump form-data from 4.0.5 to 4.0.6 by @dependabot[bot] in #4424 chore(deps-dev): bump the development-dependencies group across 1 directory with 10 updates by @dependabot[bot] in #4420 chore(deps): bump the production-dependencies group across 1 directory with 10 updates by @dependabot[bot] in #4421 chore(deps): bump the production-dependencies group with 3 updates by @dependabot[bot] in #4422 v7.5.3 Released on Mar 23rd, 2026 Fix XSS in RSS feed Another day, another patch. A bit depressing... but so is the life of a maintainer. This patch fixes a potential XSS vulnerability in the RSS feed. The issue was that the description of the photos was not properly escaped, allowing for potential XSS attacks if they contained malicious code. fix ♯4218 : Fix XSS in /feed by @ildyria. new ♯4217 : Added and improved German translations by @hyazinthh. Once again, thanks to @morimori-dev for reporting the XSS issue. New Contributors @hyazinthh made their first contribution in https://github.com/LycheeOrg/Lychee/pull/4217 v7.5.2 Released on Mar 22nd, 2026 Support camera capture and hotfix In addition to loading pictures from memory, we now also support camera capture in the front-end. This allows users to take pictures directly and instantly upload them to Lychee, a feature that will be welcomed by our mobile users. new ♯4213 : feat: add Camera Capture feature (Feature 029) by @mitpjones. fix ♯4214 : Fix DNS resolving to local IP by @ildyria. Fixes SSRF bypass via DNS rebinding. Read more here Thanks to @morimori-dev for reporting the SSRF issue. New Contributors @mitpjones made their first contribution in https://github.com/LycheeOrg/Lychee/pull/4209 v7.5.1 Released on Mar 21st, 2026 Hotfixes fix ♯4208 : Make LDAP optional by @ildyria. Due to popular demand, we made the LDAP extension optional. If you do not have it installed, the LDAP features will be disabled, but the rest of the app will work as expected. This is especially useful for users who do not need LDAP support and want to avoid installing the extension. fix ♯4207 : Fix tag album ordering by @ildyria. Photos in Tag albums were not ordered. Fixed. fix ♯4205 : Fix SSRF loopback edge case by @ildyria. Read more here Thanks to @offensiveee for reporting the SSRF issue.
Upload File
Create Folder