Vous utilisez un navigateur obsolète. Il se peut qu'il n'affiche pas correctement ce site web ou d'autres. Nous vous recommandons de le mettre à jour ou d'utiliser un autre navigateur.
Fixed: Public compliance export endpoint was accessible without authentication. The CSV export is now only available to admins with the debConsentAdmin permission.
Fixed: CSRF protection is now enforced on the consent update endpoint. Previously disabled for all public POST actions, CSRF is now only skipped for fire-and-forget counters (impressions, adblock).
Fixed: All public POST endpoints (consent update, impression, adblock) now require XMLHttpRequest headers, blocking direct form-based attacks.
Fixed: XSS vulnerability in admin consent logs where the TC String was interpolated directly into a JavaScript onclick handler. Now uses a data attribute for safe clipboard copy.
Fixed: OAuth2 authorization flow missing state parameter for CSRF protection (planned for next release).
Fixed: Three admin JSON endpoints (validator, cookie scanner, cookie lookup) now use XenForo's response system instead of raw header/echo/exit, ensuring proper middleware and error handling.
Bug Fixes
Fixed: Revenue forecast was completely non-functional due to wrong data keys (acceptRate vs accept_rate, revenue_30d vs monthly.earnings). The forecast section now renders correctly when Google API data is available.
Fixed: Ad Blocker Rate displayed 898% because detections were counted on every pageview instead of once per session. Now uses a session cookie to count each visitor only once.
Fixed: Ad Blocker Rate could exceed 100% in edge cases. Now capped at 100%.
Fixed: IPv6 address anonymization was broken due to incorrect string manipulation. Now uses proper inet_pton/inet_ntop for reliable anonymization of both IPv4 and IPv6 addresses.
Fixed: inet_pton() ValueError crash when receiving IPv6 addresses containing null bytes from proxies or CDNs. All IP parsing is now wrapped in try/catch with graceful fallback.
Fixed: Referrer sorting used arsort() on nested arrays which produced incorrect results. Now uses uasort() with proper total-based comparison.
Fixed: Re-consent reset did not store the last_reset timestamp, causing the automatic re-consent cron to trigger again immediately after a manual reset.
IP Anonymization — New setting to control how visitor IP addresses are stored in consent logs. Options: Anonymized (last octet removed, default), Hashed (SHA-256, irreversible), Do not store, or Full IP. Recommended setting for GDPR compliance: Anonymized.
Privacy Notice on /consent page — Automatic privacy notice explaining what data is collected, how the IP is handled (adapts to the selected setting), and how long data is retained. References GDPR Art. 7(1).
Setup Guide — New admin page with step-by-step instructions for setting up Google Funding Choices via AdSense or Ad Manager, and configuring the Revenue Dashboard via OAuth2. Includes direct links to Google Cloud Console, API Library and OAuth credential pages. Shows your dynamic callback URI with a copy button. Available in 8 languages (EN, DE, ES, FR, IT, NL, PL, PT).
Publishing status reminder — Setup guide now includes a step to change the OAuth consent screen from testing to production, preventing token expiration after 7 days.
Bug Fixes
Fixed: Database migration now ensures all required columns exist regardless of which version you upgrade from (device_type, country_code, referrer, adblock_detected)
Fixed: Fresh installations now include all columns in the initial table creation
Fixed: Cookie declaration page (/consent) crashed on fresh installations due to a reference to the removed Vendor repository
Fixed: OAuth scope for Ad Manager was incorrect (admanager.report does not exist, corrected to admanager)
Fixed: number_currency template function does not exist in XenForo, replaced with number
Fixed: Cookie scanner now detects XenForo style_variation cookie (set without prefix)
Fixed: Reopen consent button on /consent page now uses Google FC API (googlefc.showRevocationMessage) instead of removed custom banner JS
Fixed: Removed reference to non-existent deb_consent_cmp.js on the /consent page
Translation System
All 8 languages (EN, DE, ES, FR, IT, NL, PL, PT) are now automatically imported and compiled on every install and upgrade
Translations are guaranteed to work regardless of upgrade path or version history
Templates are automatically recompiled after phrase import to ensure correct language display
