## [5.4.1] - 2024-08-29 - Enable (and fix) unit tests for Windows [#1046](https://github.com/smarty-php/smarty/pull/1046) - Fix the use of "extends:" to define the inheritance tree on Windows [#1018](https://github.com/smarty-php/smarty/issues/1018) ## [5.4.0] - 2024-08-14 - Fixing forced OpCache invalidation on every template include, which is resulting in fast raising wasted OpCache memory [#1007](https://github.com/smarty-php/smarty/issues/1007) - Improvement of auto-escaping [#1030](https://github.com/smarty-php/smarty/pull/1030) ## [5.3.1] - 2024-06-16 - Fixed error when using section with nocache [#1034](https://github.com/smarty-php/smarty/issues/1034) ## [5.3.0] - 2024-05-30 - Fix warning when calling hasVariable for an undefined variable [#977](https://github.com/smarty-php/smarty/issues/977) - Added `$smarty->prependTemplateDir()` method [#1022](https://github.com/smarty-php/smarty/issues/1022) ## [4.5.3] - 2024-05-28 - Fixed a code injection vulnerability in extends-tag. This addresses CVE-2024-35226. ## [4.5.2] - 2024-04-06 - Fixed argument must be passed by reference error introduced in v4.5.1 [#964](https://github.com/smarty-php/smarty/issues/964) ## [4.5.1] - 2024-03-18 - Using unregistered static class methods in expressions now also triggers a deprecation notice because we will drop support for this in the next major release [#813](https://github.com/smarty-php/smarty/issues/813) ## [4.5.0] - 2024-03-18 - (this release accidentally didn't contain any changes, fixed in 4.5.1) ## [4.4.1] - 2024-02-26 - Fixed internal release-tooling ## [4.4.0] - 2024-02-26 ### Changed - Using the `|implode`, `|json_encode` and `|substr` modifiers does not generate a deprecation warning anymore as they will continue to be supported in v5 [#939](https://github.com/smarty-php/smarty/issues/939) ### Added - PHP8.3 support [#925](https://github.com/smarty-php/smarty/issues/925) ### Fixed - Incorrect compilation of expressions when escape_html=true [#930](https://github.com/smarty-php/smarty/pull/930) ## [4.3.4] - 2023-09-14 ## [4.3.3] - 2023-09-14 ### Fixed - `|strip_tags` does not work if the input is 0 [#890](https://github.com/smarty-php/smarty/issues/890) - Use of negative numbers in {math} equations [#895](https://github.com/smarty-php/smarty/issues/895) ## [4.3.2] - 2023-07-19 ### Fixed - `$smarty->muteUndefinedOrNullWarnings()` now also mutes PHP8 warnings for undefined properties ## [4.3.1] - 2023-03-28 ### Security - Fixed Cross site scripting vulnerability in Javascript escaping. This addresses CVE-2023-28447. ### Fixed - `$smarty->muteUndefinedOrNullWarnings()` now also mutes PHP7 notices for undefined array indexes [#736](https://github.com/smarty-php/smarty/issues/736) - `$smarty->muteUndefinedOrNullWarnings()` now treats undefined vars and array access of a null or false variables equivalent across all supported PHP versions - `$smarty->muteUndefinedOrNullWarnings()` now allows dereferencing of non-objects across all supported PHP versions [#831](https://github.com/smarty-php/smarty/issues/831) - PHP 8.1 deprecation warnings on null strings in modifiers [#834](https://github.com/smarty-php/smarty/pull/834) ## [4.3.0] - 2022-11-22 ### Added - PHP8.2 compatibility [#775](https://github.com/smarty-php/smarty/pull/775) ### Changed - Include docs and demo in the releases [#799](https://github.com/smarty-php/smarty/issues/799) - Using PHP functions as modifiers now triggers a deprecation notice because we will drop support for this in the next major release [#813](https://github.com/smarty-php/smarty/issues/813) - Dropped remaining references to removed PHP-support in Smarty 4 from docs, lexer and security class. [#816](https://github.com/smarty-php/smarty/issues/816) - Support umask when writing (template) files and set dir permissions to 777 [#548](https://github.com/smarty-php/smarty/issues/548) [#819](https://github.com/smarty-php/smarty/issues/819) ### Fixed - Output buffer is now cleaned for internal PHP errors as well, not just for Exceptions [#514](https://github.com/smarty-php/smarty/issues/514) - Fixed recursion and out of memory errors when caching in complicated template set-ups using inheritance and includes [#801](https://github.com/smarty-php/smarty/pull/801) - Fixed PHP8.1 deprecation errors in strip_tags - Fix Variable Usage in Exception message when unable to load subtemplate [#808](https://github.com/smarty-php/smarty/pull/808) - Fixed PHP8.1 deprecation notices for strftime [#672](https://github.com/smarty-php/smarty/issues/672) - Fixed PHP8.1 deprecation errors passing null to parameter in trim [#807](https://github.com/smarty-php/smarty/pull/807) - Adapt Smarty upper/lower functions to be codesafe (e.g. for Turkish locale) [#586](https://github.com/smarty-php/smarty/pull/586) - Bug fix for underscore and limited length in template name in custom resources [#581](https://github.com/smarty-php/smarty/pull/581) ## [4.2.1] - 2022-09-14 ### Security - Applied appropriate javascript and html escaping in mailto plugin to counter injection attacks [#454](https://github.com/smarty-php/smarty/issues/454) ### Fixed - Fixed PHP8.1 deprecation errors in modifiers (upper, explode, number_format and replace) [#755](https://github.com/smarty-php/smarty/pull/755) and [#788](https://github.com/smarty-php/smarty/pull/788) - Fixed PHP8.1 deprecation errors in capitalize modifier [#789](https://github.com/smarty-php/smarty/issues/789) - Fixed use of `rand()` without a parameter in math function [#794](https://github.com/smarty-php/smarty/issues/794) - Fixed unselected year/month/day not working in html_select_date [#395](https://github.com/smarty-php/smarty/issues/395) [4.1.0] - 2022-02-06 Added PHP8.1 compatibility #713 [4.0.4] - 2022-01-18 Fixed Fixed illegal characters bug in math function security check #702 [4.0.3] - 2022-01-10 Security Prevent evasion of the static_classes security policy. This addresses CVE-2021-21408 [4.0.2] - 2022-01-10 Security Prevent arbitrary PHP code execution through maliciously crafted expression for the math function. This addresses CVE-2021-29454 [4.0.1] - 2022-01-09 Security Rewrote the mailto function to not use eval when encoding with javascript