- via the pages controller, directory traversal was possible
- still restricted to .ctp files, making this not feasible for all intents and purposes
- as reported by Dawid Czarnecki of Zigrin Security on behalf of the Luxembourg Army
- removed incorrect, useless boiler plate comments
- kept useful comments intact
- added some missing line breaks to make the codebase a bit more uniform
- removed some obviously obsolete TODO comments
- datepicker seems to bug out as of recently
- misplaced popup that overlaps with the top bar
- fixed by updating to a newer version of datepicker
- added a new view that generates a markdown version of the categories and types view, for easier gitbook generation
- contact reporter first tries to contact orgc users on the instance, if they don't exist, it will contact the owner (instead of going straight to the owner)
- hostname / domain name validation change broke validation of hostnames/domain names / email addresses with a "-"
- Some documentation changes for the REST API (more coming)
- some tuning of the freetext import
iglocska