- Version 1.1.1, 01/07/2026
- Admin email fallback catch blocks log failures with
error_log() instead of swallowing exceptions silently.
security.txt atomic write checks directory writability before file_put_contents() / rename() (no @ suppression).
- Dev-only
test-module.php moved to Test/ and excluded from Forge packaging via .distignore.
- Version 1.1.0, 18/05/2026
- Fix: upgrade no longer fails on PHP 8+ when
cms_utils::get_config() returns cms_config.
- Auto-generated RFC 9116
security.txt at /.well-known/security.txt and optional /security.txt mirror.
- Admin settings: auto-write, manual lock, extra lines, policy/ack paths, hiring/encryption URLs, languages, expires days, preview, regenerate.
- Dynamic fallback via
action.securitytxt and serve-securitytxt.php when static files are absent.
- Vulnerability report rate limit uses saved module preferences instead of hardcoded values.
- Version 1.0.2, 05/05/2026: Added
icon.png and images/banner.png branding assets.
- Version 1.0.1, 05/05/2026:
GetChangeLog() reads CHANGELOG.md for Module Manager About.
- Version 1.0.0, 18/11/2025: Initial release (VDP page, acknowledgments, secure forms, CSRF, rate limiting, logging, admin, donations tab).