In Jammy a fatal bug, that only affects servers where ini_set is disabled in PHP, is fixed by 3 commits. Approximate translation of the changes in CHANGELOG.TXT (added in the Jammy debdiff): 4.0.6 -> 4.0.7 3263834e6 (5) Coding standard 24e66e71e (3) Do not break a serialized meta when a user enters an emoji in a configuration form ea0820f20 (3) Avoid generating too large icons in the list of syndicated articles a5e7bf2b3 (3) Allow to debug errors on ajax links: the fallback redirects to the URL, but suddenly we can no longer see the problem in the js console. Just raise the flag jQuery.spip.debug to disable fallback automatic redirection 1c2c59065 (3) shell on the option, which is well expires with an s like the http header that we send 1f3a1ad01 (3) Avoid warnings about exec=info in PHP 8 d39740cec (1) Suppress the argument `formulaire_action_sign` in the ACTION url eb4170130 (2) Increment spip_version_code to recompile the templates 1e16d6a72 (1) Secure the return value of nettoyer_titre_email when it is used from a template bf099935b (1) Also hide sensitive cookies from $_SERVER['HTTP_COOKIE'] and $_ENV['HTTP_COOKIE'] ae3d98849 (1) Escape sel_db before reinserting it in a hidden (but it is quite theoretical because if we arrive at it is because we have managed to connect it, so the name could not have special characters) 2629de6f0 (1) Secure HTTP_HOST and REQUEST_URI in url_de_base() 52d18a543 (1) Recognize secure cookies *even* if you use a cookie_prefix + allow to extend the list by default through the constant _COOKIE_SECURE_LIST 410a57406 (1) Use \b instead of \s for being more robust in the regex of _PROTEGE_BLOCS 843ed3a52 (1) Secure construction of the regex in parametre_url 91b9a9f5e (1) Secure the error display when it comes from the url 7108815fb (1) Secure the use of var_mode_xx in the debugger 707669e9d (1) spip_htmlspecialchars() over all variable displays in the html + filter $adresse_ldap 9828ab4ba (1) Do not accept a test_dir with .. inside the test for writing directories Images/0c33dae* (3) Fix a warning in image_aplatir. Test the return value of the function after using it. MediaBox/29762b9* (3) support for the overlayClose option that had not been implemented when switching to lity Mots/a04faa9* (3) repair the update from an old SPIP to version 4 SVP/6752c89* (1) Escape the url in the displayed html 4.0.5 -> 4.0.6 12d62612e (3) prevent paginations from spilling over into the small screen 599a27b2e (3) Fix the buggy function in not using in not using the unreliable shortcut keys, but the other (reliable) keys, depending on the requested source (link or not) 688c1ec1b (3) A little JS to avoid double clicks on an action button that launches a long action: when a form.bouton_action_post is submit on disabled all its buttons, and we add a processing-submitted-form class on the form, for any useful purpose 0c00bd3f3 (3) this piece of code always returned false strangely in PHP <= 7.4 because the in_array() on ob_get_status() did not work (PHP seems to have fixed this in php 8+). As a result, we can consider that this code is dead, probably a relic of gz output by SPIP at a time, which is no longer done today. ac226860e (5) Avoid at an sign 935cab989 (3) Avoid an at sign that hid a warning that we can do without: no function decompiler_xx expects 4 parameters! dd82d246d (3) Phpdoc of return types in this function public_debusquer_dist() which makes a little... all... e34def7f1 (3) Less php notice 8a9b5b134 (3) Repair the compteur_articles_filtres criterion & its #COMPTEUR_ARTICLE tag 3b43cb577 (3) Repair the Show All link in subtopic box paginations 4c6577cb1 (3) display author and visitor logos in the same way 95d903ac6 (3) bugfix pagination of boxes that list subheadings forum/a1660e4* () The #NOTES must also go through texte_backend and liens_absolus squelettes-dist/790c850* (3) prevent paginations from spilling over into the small screen 4.0.4 -> 4.0.5 f2b7ed208 (3) A missing return and not much seemed depopulated for ages... fd89189c0 (3) Avoid a warning by adding a missing include dab74847d (3) Shell in 9f830f05724 (g0uZ). Carry forward of 3bf1a5daf 23a6c14c0 (3**) ini_set can be disabled on web hosting. cdad6a93d (1,3) - better cut the chains including in the case of simple quotes escapes by sqlite - escape the % in the chain to avoid sprintf confusion - replace the strings 1 by 1 via substr_replace() starting with the end - do not call sprintf() when the replacement array is empty compresseur/bbb1e25 (3) Missing include in minifier() dump/ebd158c* (3**) verify the presence of ini_set for PHP 8 medias/f1b85e3* (1,3) Deprecate and secure the insertion of a gallery in the add document forms. This mode is not used in SPIP since 3.0. mots/c793d38* (3) A question mark for id_groupe that allows the display of the groups you want in a public keyword association form svp/0060015* (3**) verify the presence of ini_set for PHP 8 squelettes-dist/9967ec1* (3) Report of 8505e7c0ed9118ee31 which was in the dist, and not reported from the neodist template Legend: * in SPIP-plugins-dist ** fatal bug (renders SPIP nonfunctional) on certain servers (1) Security vulnerability fix (2) Necessary change (3) https://wiki.ubuntu.com/StableReleaseUpdates#Other_safe_cases, point 1 (4) https://wiki.ubuntu.com/StableReleaseUpdates#Other_safe_cases, point 3 (5) Code readability improvements