• Version 1.1.1, 01/07/2026

    • Admin email fallback catch blocks log failures with error_log() instead of swallowing exceptions silently.

    • security.txt atomic write checks directory writability before file_put_contents() / rename() (no @ suppression).

    • Dev-only test-module.php moved to Test/ and excluded from Forge packaging via .distignore.



  • Version 1.1.0, 18/05/2026

    • Fix: upgrade no longer fails on PHP 8+ when cms_utils::get_config() returns cms_config.

    • Auto-generated RFC 9116 security.txt at /.well-known/security.txt and optional /security.txt mirror.

    • Admin settings: auto-write, manual lock, extra lines, policy/ack paths, hiring/encryption URLs, languages, expires days, preview, regenerate.

    • Dynamic fallback via action.securitytxt and serve-securitytxt.php when static files are absent.

    • Vulnerability report rate limit uses saved module preferences instead of hardcoded values.



  • Version 1.0.2, 05/05/2026: Added icon.png and images/banner.png branding assets.

  • Version 1.0.1, 05/05/2026: GetChangeLog() reads CHANGELOG.md for Module Manager About.

  • Version 1.0.0, 18/11/2025: Initial release (VDP page, acknowledgments, secure forms, CSRF, rate limiting, logging, admin, donations tab).