- fixed vulnerability discovered by ADLab of Venustech (command injection, but requires admin access)
- webdav display UPPER/CASE/FULL/PATH with some webdav client
- standalone extplorer webdav does not work with PHP7
- CVE-2016-4313: archive path traversal vulnerability in extplorer 2.1.9
- #202 Users with read only permissions should not be able to extract archives.
- added indonesian language files