HEX
Server: LiteSpeed
System: Linux premium71.web-hosting.com 4.18.0-553.44.1.lve.el8.x86_64 #1 SMP Thu Mar 13 14:29:12 UTC 2025 x86_64
User: consovgw (933)
PHP: 8.1.34
Disabled: NONE
$ pwd: /proc/thread-self/root/var/softaculous/lychee/
Upload Files
File: //proc/thread-self/root/var/softaculous/lychee/changelog.txt
v7.5.3

Released on Mar 23rd, 2026
Fix XSS in RSS feed

Another day, another patch. A bit depressing... but so is the life of a maintainer. This patch fixes a potential XSS vulnerability in the RSS feed. The issue was that the description of the photos was not properly escaped, allowing for potential XSS attacks if they contained malicious code.

    fix ♯4218 : Fix XSS in /feed by @ildyria.
    new ♯4217 : Added and improved German translations by @hyazinthh.

Once again, thanks to @morimori-dev for reporting the XSS issue.
New Contributors

@hyazinthh made their first contribution in https://github.com/LycheeOrg/Lychee/pull/4217

v7.5.2

Released on Mar 22nd, 2026
Support camera capture and hotfix

In addition to loading pictures from memory, we now also support camera capture in the front-end. This allows users to take pictures directly and instantly upload them to Lychee, a feature that will be welcomed by our mobile users.

    new ♯4213 : feat: add Camera Capture feature (Feature 029) by @mitpjones.
    fix ♯4214 : Fix DNS resolving to local IP by @ildyria.

        Fixes SSRF bypass via DNS rebinding. Read more here

Thanks to @morimori-dev for reporting the SSRF issue.
New Contributors

@mitpjones made their first contribution in https://github.com/LycheeOrg/Lychee/pull/4209

v7.5.1

Released on Mar 21st, 2026
Hotfixes

    fix ♯4208 : Make LDAP optional by @ildyria.

        Due to popular demand, we made the LDAP extension optional. If you do not have it installed, the LDAP features will be disabled, but the rest of the app will work as expected. This is especially useful for users who do not need LDAP support and want to avoid installing the extension.

    fix ♯4207 : Fix tag album ordering by @ildyria.

        Photos in Tag albums were not ordered. Fixed.

    fix ♯4205 : Fix SSRF loopback edge case by @ildyria.

        Read more here

Thanks to @offensiveee for reporting the SSRF issue.
v7.5.0
🏕 Features

    Prevent copy in non secure context by @ildyria in #4180
    Refactor search by @ildyria in #4179
    Album filter by @ildyria in #4163
    Fix Masonry (and other layout not being respected) by @ildyria in #4184
    Fix missing migration is_starred -> is_highligted by @ildyria in #4188
    Unfortunately, we have to enable unsafe-inline if we are using Paypal by @ildyria in #4189
    Fix loading photos on paginated by @ildyria in #4190
    Version 7.5.0 by @ildyria in #4191

👒 Dependencies

    chore(deps-dev): bump undici from 7.22.0 to 7.24.1 by @dependabot[bot] in #4181
@ Telegram