Hébergement FluxBB

1.5.11

29 Mars - 3MB
Increase minimum password length

Prohibit links in topic subjects (based on existing anti-spam permission)

Allow longer SMTP passwords

Return correct HTTP status code on error and maintenance pages (to prevent search engines from indexing)

Prevent duplicate bans

User profiles: Use user's date/time formats, not the viewer's

Improve error message for very short searches

Proper CSRF protection for rebuilding the search index, logging in and promoting users

Stop using insecure random number generator on certain PHP versions

Fix insufficient escaping of HTML output in installer and error pages

Lire la suite: http://fluxbb.org/forums/viewtopic.php?id=9472






1.5.10
 (version de sécurité)
21 Juin 2016 - 3MBThis release fixes a security vulnerability as well as several bugs, and also contains several small improvements.



The vulnerability, kindly disclosed by Kacper Szurek, allowed skilled attackers to inject malicious JavaScript into the page that is shown when administrators try to view information about a user's IP address.



In addition, this release contains some minor improvements in the area of CSS and usability, and fixes several smaller bugs.



Changelog

bug #792: Profile and signature img
bug #1012: Incorrect coding login.php
bug #1017: fix CSS
bug #1056: Invalidate only feed caches
bug #1058: hash_equals(): Expected known_string to be a string, null given
bug #1059: No csrf_token in unsubscibe link of subscription email
bug #1062: Edit.php and checkboxes
bug #1068: Wrong description for BBCode
bug #1072: The DB class for SQLite doesn't maintain string values by default?
bug #1075: Empty PHP_SELF somewhere
bug #1078: InnoDB check failed
bug #1082: Custom title overrides "Banned"
enhancement #1019: Refactor/move forum_list_plugins to common_admin.php
enhancement #1025: Display error message inline with login form
enhancement #1027: Change htmlspecialchars to pun_htmlspecialchars
enhancement #1064: error() function, PUN_DEBUG and security
enhancement #1066: For long nicknames

Lire la suite: http://fluxbb.org/forums/viewtopic.php?id=8856






1.5.9
 (version de sécurité)
10 Novembre 2015 - 3MBThis release fixes two security issues: The first one allowed attackers to trick moderators into e.g. locking or stickying other topics without noticing. The second change prevents sophisticated timing attacks targeted at e.g. password hashes.



Other changes in this release include several fixes of regressions introduced in the last release, fixes related to the handling of several esoteric HTTP headers, and a fix for a quote bug that broke the forum layout. Finally, if you want to embed your forum in another web page, the relevant HTTP header is now configurable.
Lire la suite: http://fluxbb.org/forums/viewtopic.php?id=8203






1.5.8
 (version de sécurité)
24 Janvier 2015 - 3MBThis release fixes a minor security issue in install.php. The installer could be tricked into loading and executing any file named install.php. Abuse of this vulnerability could have only been possible in combination with other security issues that would have allowed an attacker to create files with that name.



As a special present, in this release we made it super-easy to install anti-spam modifications by providing a few hooks where these modifications can hook into. All you will need to do to install this new generation of anti-spam tools is to copy one or two files into certain folders of your FluxBB installation. We hope this change encourages the community to create a broad range of more diverse antispam tools, so that spammers will hit unpredictable obstacles when targetting FluxBB. As an example, I have created a modification that adds Google's new reCAPTCHA system to your registration page. Expect more documentation in the next days.



This release also brings some security hardening, fine-tuning, several small features and usability improvements to your forum.



Highlights

Clickjacking attacks should now be prevented by modern browsers
Direct links to certain actions from notification emails
Quickly promote users to the next group
New moderator permission for promoting users
Streamlined forum creation process
Improved default styles and dropped support for Internet Explorer 6


Full Changelog

bug #925: Scrollbar in chrome fluxbb1.5.5
bug #949: Use \r\n for SMTP, FORUM_EOL for others
bug #951: [url][img] patch doesn't work.
bug #963: Add rel="prev", rel="next" and rel="canonical"
bug #969: New TLDs not allowed as valid URLs
bug #996: Prevent clickjacking attacks
bug #998: Bug in validate_redirect() function
bug #1001: Remove setting of values in quickpostform
bug #1006: [HTB23246] File Inclusion in install.php
enhancement #57: Making a new forum is a 2 step process
enhancement #810: Improve unread forums tracking
enhancement #935: Auto-promotion improvements
enhancement #936: Add new group permission to allow moderators to promote users
enhancement #941: Remove obsolete global variables
enhancement #944: Remove "page 1" when thread or forum has just one page
enhancement #947: Improve Air/Earth/Fire design
enhancement #948: Require passwords with at least 6 characters
enhancement #959: Quick actions from registration email
enhancement #965: Avoid double redirect when no new posts are found
enhancement #976: [PATCH] Invalidate updated cache files from PHP's Opcache
enhancement #992: Drop IE6 support
enhancement #997: Make random passwords longer
enhancement #1007: Antispam hooks
enhancement #1008: Please delete your install.php file
task #942: Remove obsolete language strings
task #966: Optimize images in FluxBB core

Lire la suite: http://fluxbb.org/forums/viewtopic.php?id=8203



Afficher plus de versions




1.5.7
 (version de sécurité)
20 Octobre 2014 - 3MBThis release fixes a critical security vulnerability that could potentially allow clever attackers to take over other user accounts on a FluxBB forum. We also fixed another less severe issue related to redirects in login.php.



Bugs Fixed

bug #961: Open Redirection Vulnerability
bug #990: SQL injection in profile.php

Lire la suite: http://fluxbb.org/forums/viewtopic.php?id=8001






1.5.6
 (version de sécurité)
8 Janvier 2014 - 3MB
bug #923: Redeclared method error when changing usernames
bug #940: Cross-site request forgery issues with FluxBB
enhancement #913: Adding subject if someone hits the preview button
enhancement #927: Split thread function is... "splitted"
enhancement #929: Textarea resize
enhancement #930: Allow non array page titles
enhancement #934: HTML5 validation

Lire la suite: http://fluxbb.org/forums/viewtopic.php?id=7513






1.5.5

18 Novembre 2013 - 3MB
bug #884: No horizontal scrollbar in [code]
bug #887: URLs with user/forum/topic/post ID are broken
bug #888: Notices in FluxBB 1.5.4
bug #895: random_pass() might generate URL-unfriendly passwords
bug #896: No permission without 403
bug #897: "\r\n" breaks headers in email in certain conditions
bug #903: UTF8 related fixes
bug #904: Charset conversion in db_update.php doesn't work
bug #905: Merging topics hangs when users are subscribed
bug #911: Triple border in IE11
enhancement #889: Excess array cell of $lang_install
enhancement #891: Remove unused line of code in generate_quickjump_cache
enhancement #902: Miscellaneous
enhancement #908: Regenerate the users info cache in register.php
enhancement #919: $page_title in admin_loader.php
enhancement #921: Disable admin_forums.php form when no categories exist
enhancement #922: Function do_smilies() and $pun_config

Lire la suite: http://fluxbb.org/forums/viewtopic.php?id=7405






1.5.4

14 Août 2013 - 3MBThese releases fix another security issue that allowed attackers to redirect forum users from the attacker's site to any URL on the internet via FluxBB's email contact form. This is a problem as the users might be redirected to a dangerous or inappropriate webpage, even though they assume to visit a trusted site (the forum). Unfortunately, we were not contacted before the vulnerability was published; I still want to thank the Zero Science Lab for the helpful communication after the issue was brought to our attention.



FluxBB 1.5.4 also brings along fixes for a bunch of smaller issues in the 1.5 branch.
Lire la suite: http://fluxbb.org/forums/viewtopic.php?id=7217






1.5.3

22 Février 2013 - 3MBThis release fixes a security issue that could allow skilled attackers to guess one of the random tokens that are sent out via email when users have forgotten their passwords.
Lire la suite: http://fluxbb.org/forums/viewtopic.php?id=6916






1.5.2

4 Février 2013 - 3MB