From 90e6987cc9e6059a95e01f37afa11ae832947164 Mon Sep 17 00:00:00 2001
From: ildyria <benoit@viguier.nl>
Date: Thu, 15 May 2025 16:01:03 +0200
Subject: [PATCH 1/4] version 6.6.2

---
 docs/releases.md                          | 23 +++++++++++++++++++++++
 src/components/widgets/Announcement.astro |  4 ++--
 2 files changed, 25 insertions(+), 2 deletions(-)

diff --git a/docs/releases.md b/docs/releases.md
index 4c89f93d..a75b377f 100644
--- a/docs/releases.md
+++ b/docs/releases.md
@@ -30,6 +30,29 @@
 
 ## Version 6
 
+### v6.6.2
+
+Released on May 15, 2025
+
+#### iFrame integration support and auto open upload popup
+
+One of our user noticed that version 6 was not working within iFrames. This is because we have secure headers
+to avoid clickjacking. We added one `.env` variable `SECURITY_HEADER_CSP_FRAME_ANCESTORS` (empty by default)
+which allows to add the domains that are allowed to load Lychee in an iFrame. Note that this kind of integration
+of Lychee is is not recommended as the cookies will also be set with the policy `SameSite=None`.
+If you wish to use iFrames, to make sure that the configuration remains secure,
+you will also have to set the `SESSION_SECURE_COOKIE` to `true` in your `.env` file.
+
+The second change is a small one, but it is a nice addition: by adding `#upload` to a Lychee album url,
+the upload popup will be automatically opened. This is aimed as users who which to give an upload link to their friends.
+Note that this will require you to have guest upload enabled in the album settings.
+
+* `new` #3343 : Add insecure options (with secure defaults) to use Lyche in iFrames by @ildyria.
+  > This setting needs to be enabled via `.env` configuration and is disabled by default.
+* `new` #3340 : Add `#upload` to trigger upload modal from url in an album by @ildyria.
+  > For this to works, guest upload must be enabled in the album settings.
+
+
 ### v6.6.1
 
 Released on May 12, 2025
diff --git a/src/components/widgets/Announcement.astro b/src/components/widgets/Announcement.astro
index 2719fae6..fb458e67 100644
--- a/src/components/widgets/Announcement.astro
+++ b/src/components/widgets/Announcement.astro
@@ -10,8 +10,8 @@
     >NEW</span
   >
   <a
-    href="https://github.com/LycheeOrg/Lychee/releases/tag/v6.6.1"
-    class="text-slate-200 hover:underline dark:text-slate-200 font-medium">Lychee 6.6.1 is now available! »</a
+    href="https://github.com/LycheeOrg/Lychee/releases/tag/v6.6.2"
+    class="text-slate-200 hover:underline dark:text-slate-200 font-medium">Lychee 6.6.2 is now available! »</a
   >
   <a
     target="_blank"

From 1a519107c3fd2c0b9eb05ef737c26d258f6bb670 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Beno=C3=AEt=20Viguier?= <ildyria@users.noreply.github.com>
Date: Thu, 15 May 2025 16:04:23 +0200
Subject: [PATCH 2/4] Apply suggestions from code review

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
---
 docs/releases.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/docs/releases.md b/docs/releases.md
index a75b377f..2642ff55 100644
--- a/docs/releases.md
+++ b/docs/releases.md
@@ -36,10 +36,10 @@ Released on May 15, 2025
 
 #### iFrame integration support and auto open upload popup
 
-One of our user noticed that version 6 was not working within iFrames. This is because we have secure headers
+One of our users noticed that version 6 was not working within iFrames. This is because we have secure headers
 to avoid clickjacking. We added one `.env` variable `SECURITY_HEADER_CSP_FRAME_ANCESTORS` (empty by default)
 which allows to add the domains that are allowed to load Lychee in an iFrame. Note that this kind of integration
-of Lychee is is not recommended as the cookies will also be set with the policy `SameSite=None`.
+of Lychee is not recommended as the cookies will also be set with the policy `SameSite=None`.
 If you wish to use iFrames, to make sure that the configuration remains secure,
 you will also have to set the `SESSION_SECURE_COOKIE` to `true` in your `.env` file.
 
@@ -47,10 +47,10 @@ The second change is a small one, but it is a nice addition: by adding `#upload`
 the upload popup will be automatically opened. This is aimed as users who which to give an upload link to their friends.
 Note that this will require you to have guest upload enabled in the album settings.
 
-* `new` #3343 : Add insecure options (with secure defaults) to use Lyche in iFrames by @ildyria.
+* `new` #3343 : Add insecure options (with secure defaults) to use Lychee in iFrames by @ildyria.
   > This setting needs to be enabled via `.env` configuration and is disabled by default.
 * `new` #3340 : Add `#upload` to trigger upload modal from url in an album by @ildyria.
-  > For this to works, guest upload must be enabled in the album settings.
+  > For this to work, guest upload must be enabled in the album settings.
 
 
 ### v6.6.1

From f9eb6e82caa0644ddcb5b237754f5a4fa8382053 Mon Sep 17 00:00:00 2001
From: ildyria <benoit@viguier.nl>
Date: Sat, 17 May 2025 09:29:38 +0200
Subject: [PATCH 3/4] well... 6.6.3

---
 docs/releases.md                          | 12 ++++++++++++
 src/components/widgets/Announcement.astro |  4 ++--
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/docs/releases.md b/docs/releases.md
index 2642ff55..84066ab0 100644
--- a/docs/releases.md
+++ b/docs/releases.md
@@ -30,6 +30,18 @@
 
 ## Version 6
 
+### v6.6.3
+
+Released on May 17, 2025
+
+#### Fix broken hotlinking prevention
+
+This version fixes the hotlinking prevention that was broken since version 6.6.0.
+We also added a few tests to make sure that this bug does not happen again.
+
+* `fix` #3348 : Fix secure link missing route by @ildyria.
+
+
 ### v6.6.2
 
 Released on May 15, 2025
diff --git a/src/components/widgets/Announcement.astro b/src/components/widgets/Announcement.astro
index fb458e67..776b3567 100644
--- a/src/components/widgets/Announcement.astro
+++ b/src/components/widgets/Announcement.astro
@@ -10,8 +10,8 @@
     >NEW</span
   >
   <a
-    href="https://github.com/LycheeOrg/Lychee/releases/tag/v6.6.2"
-    class="text-slate-200 hover:underline dark:text-slate-200 font-medium">Lychee 6.6.2 is now available! »</a
+    href="https://github.com/LycheeOrg/Lychee/releases/tag/v6.6.3"
+    class="text-slate-200 hover:underline dark:text-slate-200 font-medium">Lychee 6.6.3 is now available! »</a
   >
   <a
     target="_blank"

From 615fc26712fa411269169584e687b55be2feedb0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Beno=C3=AEt=20Viguier?= <ildyria@users.noreply.github.com>
Date: Sat, 17 May 2025 10:14:06 +0200
Subject: [PATCH 4/4] Update docs/releases.md

Co-authored-by: Martin Stone <1611702+d7415@users.noreply.github.com>
---
 docs/releases.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/releases.md b/docs/releases.md
index 84066ab0..ab25c74e 100644
--- a/docs/releases.md
+++ b/docs/releases.md
@@ -56,7 +56,7 @@ If you wish to use iFrames, to make sure that the configuration remains secure,
 you will also have to set the `SESSION_SECURE_COOKIE` to `true` in your `.env` file.
 
 The second change is a small one, but it is a nice addition: by adding `#upload` to a Lychee album url,
-the upload popup will be automatically opened. This is aimed as users who which to give an upload link to their friends.
+the upload popup will be automatically opened. This is aimed as users who wish to give an upload link to their friends.
 Note that this will require you to have guest upload enabled in the album settings.
 
 * `new` #3343 : Add insecure options (with secure defaults) to use Lychee in iFrames by @ildyria.