Comment 6 for bug 1978555

In Jammy a fatal bug, that only affects servers where ini_set is disabled in PHP, is fixed by 3 commits.

Approximate translation of the changes in CHANGELOG.TXT (added in the Jammy debdiff):
4.0.6 -> 4.0.7
3263834e6 (5) Coding standard
24e66e71e (3) Do not break a serialized meta when a user enters an emoji in a configuration form
ea0820f20 (3) Avoid generating too large icons in the list of syndicated articles
a5e7bf2b3 (3) Allow to debug errors on ajax links: the fallback redirects to the URL, but suddenly we can no longer see the problem in the js console. Just raise the flag jQuery.spip.debug to disable fallback automatic redirection
1c2c59065 (3) shell on the option, which is well expires with an s like the http header that we send
1f3a1ad01 (3) Avoid warnings about exec=info in PHP 8
d39740cec (1) Suppress the argument `formulaire_action_sign` in the ACTION url
eb4170130 (2) Increment spip_version_code to recompile the templates
1e16d6a72 (1) Secure the return value of nettoyer_titre_email when it is used from a template
bf099935b (1) Also hide sensitive cookies from $_SERVER['HTTP_COOKIE'] and $_ENV['HTTP_COOKIE']
ae3d98849 (1) Escape sel_db before reinserting it in a hidden (but it is quite theoretical because if we arrive at it is because we have managed to connect it, so the name could not have special characters)
2629de6f0 (1) Secure HTTP_HOST and REQUEST_URI in url_de_base()
52d18a543 (1) Recognize secure cookies *even* if you use a cookie_prefix + allow to extend the list by default through the constant _COOKIE_SECURE_LIST
410a57406 (1) Use \b instead of \s for being more robust in the regex of _PROTEGE_BLOCS
843ed3a52 (1) Secure construction of the regex in parametre_url
91b9a9f5e (1) Secure the error display when it comes from the url
7108815fb (1) Secure the use of var_mode_xx in the debugger
707669e9d (1) spip_htmlspecialchars() over all variable displays in the html + filter $adresse_ldap
9828ab4ba (1) Do not accept a test_dir with .. inside the test for writing directories
Images/0c33dae* (3) Fix a warning in image_aplatir. Test the return value of the function after using it.
MediaBox/29762b9* (3) support for the overlayClose option that had not been implemented when switching to lity
Mots/a04faa9* (3) repair the update from an old SPIP to version 4
SVP/6752c89* (1) Escape the url in the displayed html

4.0.5 -> 4.0.6
12d62612e (3) prevent paginations from spilling over into the small screen
599a27b2e (3) Fix the buggy function in not using in not using the unreliable shortcut keys, but the other (reliable) keys, depending on the requested source (link or not)
688c1ec1b (3) A little JS to avoid double clicks on an action button that launches a long action: when a form.bouton_action_post is submit on disabled all its buttons, and we add a processing-submitted-form class on the form, for any useful purpose
0c00bd3f3 (3) this piece of code always returned false strangely in PHP <= 7.4 because the in_array() on ob_get_status() did not work (PHP seems to have fixed this in php 8+). As a result, we can consider that this code is dead, probably a relic of gz output by SPIP at a time, which is no longer done today.
ac226860e (5) Avoid at an sign
935cab989 (3) Avoid an at sign that hid a warning that we can do without: no function decompiler_xx expects 4 parameters!
dd82d246d (3) Phpdoc of return types in this function public_debusquer_dist() which makes a little... all...
e34def7f1 (3) Less php notice
8a9b5b134 (3) Repair the compteur_articles_filtres criterion & its #COMPTEUR_ARTICLE tag
3b43cb577 (3) Repair the Show All link in subtopic box paginations
4c6577cb1 (3) display author and visitor logos in the same way
95d903ac6 (3) bugfix pagination of boxes that list subheadings
forum/a1660e4* () The #NOTES must also go through texte_backend and liens_absolus
squelettes-dist/790c850* (3) prevent paginations from spilling over into the small screen

4.0.4 -> 4.0.5
f2b7ed208 (3) A missing return and not much seemed depopulated for ages...
fd89189c0 (3) Avoid a warning by adding a missing include
dab74847d (3) Shell in 9f830f05724 (g0uZ). Carry forward of 3bf1a5daf
23a6c14c0 (3**) ini_set can be disabled on web hosting.
cdad6a93d (1,3)
    - better cut the chains including in the case of simple quotes escapes by sqlite
    - escape the % in the chain to avoid sprintf confusion
    - replace the strings 1 by 1 via substr_replace() starting with the end
    - do not call sprintf() when the replacement array is empty
compresseur/bbb1e25 (3) Missing include in minifier()
dump/ebd158c* (3**) verify the presence of ini_set for PHP 8
medias/f1b85e3* (1,3) Deprecate and secure the insertion of a gallery in the add document forms. This mode is not used in SPIP since 3.0.
mots/c793d38* (3) A question mark for id_groupe that allows the display of the groups you want in a public keyword association form
svp/0060015* (3**) verify the presence of ini_set for PHP 8
squelettes-dist/9967ec1* (3) Report of 8505e7c0ed9118ee31 which was in the dist, and not reported from the neodist template

Legend:
* in SPIP-plugins-dist
** fatal bug (renders SPIP nonfunctional) on certain servers
(1) Security vulnerability fix
(2) Necessary change
(3) https://wiki.ubuntu.com/StableReleaseUpdates#Other_safe_cases, point 1
(4) https://wiki.ubuntu.com/StableReleaseUpdates#Other_safe_cases, point 3
(5) Code readability improvements