FluxBB est une application de forum open source. Hérité de PunBB, en 2008, que FluxBB est une application populaire pour des forums légers, propulsant déjà des forums pour Arch Linux et μTorrent.
Sauvegarde et restauration
29 Mars - 3MB
- Increase minimum password length
- Prohibit links in topic subjects (based on existing anti-spam permission)
- Allow longer SMTP passwords
- Return correct HTTP status code on error and maintenance pages (to prevent search engines from indexing)
- Prevent duplicate bans
- User profiles: Use user's date/time formats, not the viewer's
- Improve error message for very short searches
- Proper CSRF protection for rebuilding the search index, logging in and promoting users
- Stop using insecure random number generator on certain PHP versions
- Fix insufficient escaping of HTML output in installer and error pages
Lire la suite: http://fluxbb.org/forums/viewtopic.php?id=9472
1.5.10(version de sécurité)
21 Juin 2016 - 3MBThis release fixes a security vulnerability as well as several bugs, and also contains several small improvements.
In addition, this release contains some minor improvements in the area of CSS and usability, and fixes several smaller bugs.
- bug #792: Profile and signature img
- bug #1012: Incorrect coding login.php
- bug #1017: fix CSS
- bug #1056: Invalidate only feed caches
- bug #1058: hash_equals(): Expected known_string to be a string, null given
- bug #1059: No csrf_token in unsubscibe link of subscription email
- bug #1062: Edit.php and checkboxes
- bug #1068: Wrong description for BBCode
- bug #1072: The DB class for SQLite doesn't maintain string values by default?
- bug #1075: Empty PHP_SELF somewhere
- bug #1078: InnoDB check failed
- bug #1082: Custom title overrides "Banned"
- enhancement #1019: Refactor/move forum_list_plugins to common_admin.php
- enhancement #1025: Display error message inline with login form
- enhancement #1027: Change htmlspecialchars to pun_htmlspecialchars
- enhancement #1064: error() function, PUN_DEBUG and security
- enhancement #1066: For long nicknames
Lire la suite: http://fluxbb.org/forums/viewtopic.php?id=8856
1.5.9(version de sécurité)
10 Novembre 2015 - 3MBThis release fixes two security issues: The first one allowed attackers to trick moderators into e.g. locking or stickying other topics without noticing. The second change prevents sophisticated timing attacks targeted at e.g. password hashes.
Other changes in this release include several fixes of regressions introduced in the last release, fixes related to the handling of several esoteric HTTP headers, and a fix for a quote bug that broke the forum layout. Finally, if you want to embed your forum in another web page, the relevant HTTP header is now configurable.
Lire la suite: http://fluxbb.org/forums/viewtopic.php?id=8203
1.5.8(version de sécurité)
24 Janvier 2015 - 3MBThis release fixes a minor security issue in install.php. The installer could be tricked into loading and executing any file named install.php. Abuse of this vulnerability could have only been possible in combination with other security issues that would have allowed an attacker to create files with that name.
As a special present, in this release we made it super-easy to install anti-spam modifications by providing a few hooks where these modifications can hook into. All you will need to do to install this new generation of anti-spam tools is to copy one or two files into certain folders of your FluxBB installation. We hope this change encourages the community to create a broad range of more diverse antispam tools, so that spammers will hit unpredictable obstacles when targetting FluxBB. As an example, I have created a modification that adds Google's new reCAPTCHA system to your registration page. Expect more documentation in the next days.
This release also brings some security hardening, fine-tuning, several small features and usability improvements to your forum.
- Clickjacking attacks should now be prevented by modern browsers
- Direct links to certain actions from notification emails
- Quickly promote users to the next group
- New moderator permission for promoting users
- Streamlined forum creation process
- Improved default styles and dropped support for Internet Explorer 6
- bug #925: Scrollbar in chrome fluxbb1.5.5
- bug #949: Use \r\n for SMTP, FORUM_EOL for others
- bug #951: [url][img] patch doesn't work.
- bug #963: Add rel="prev", rel="next" and rel="canonical"
- bug #969: New TLDs not allowed as valid URLs
- bug #996: Prevent clickjacking attacks
- bug #998: Bug in validate_redirect() function
- bug #1001: Remove setting of values in quickpostform
- bug #1006: [HTB23246] File Inclusion in install.php
- enhancement #57: Making a new forum is a 2 step process
- enhancement #810: Improve unread forums tracking
- enhancement #935: Auto-promotion improvements
- enhancement #936: Add new group permission to allow moderators to promote users
- enhancement #941: Remove obsolete global variables
- enhancement #944: Remove "page 1" when thread or forum has just one page
- enhancement #947: Improve Air/Earth/Fire design
- enhancement #948: Require passwords with at least 6 characters
- enhancement #959: Quick actions from registration email
- enhancement #965: Avoid double redirect when no new posts are found
- enhancement #976: [PATCH] Invalidate updated cache files from PHP's Opcache
- enhancement #992: Drop IE6 support
- enhancement #997: Make random passwords longer
- enhancement #1007: Antispam hooks
- enhancement #1008: Please delete your install.php file
- task #942: Remove obsolete language strings
- task #966: Optimize images in FluxBB core
Lire la suite: http://fluxbb.org/forums/viewtopic.php?id=8203
Afficher plus de versions
1.5.7(version de sécurité)
20 Octobre 2014 - 3MBThis release fixes a critical security vulnerability that could potentially allow clever attackers to take over other user accounts on a FluxBB forum. We also fixed another less severe issue related to redirects in login.php.
- bug #961: Open Redirection Vulnerability
- bug #990: SQL injection in profile.php
Lire la suite: http://fluxbb.org/forums/viewtopic.php?id=8001
1.5.6(version de sécurité)
8 Janvier 2014 - 3MB
- bug #923: Redeclared method error when changing usernames
- bug #940: Cross-site request forgery issues with FluxBB
- enhancement #913: Adding subject if someone hits the preview button
- enhancement #927: Split thread function is... "splitted"
- enhancement #929: Textarea resize
- enhancement #930: Allow non array page titles
- enhancement #934: HTML5 validation
Lire la suite: http://fluxbb.org/forums/viewtopic.php?id=7513
18 Novembre 2013 - 3MB
- bug #884: No horizontal scrollbar in [code]
- bug #887: URLs with user/forum/topic/post ID are broken
- bug #888: Notices in FluxBB 1.5.4
- bug #895: random_pass() might generate URL-unfriendly passwords
- bug #896: No permission without 403
- bug #897: "\r\n" breaks headers in email in certain conditions
- bug #903: UTF8 related fixes
- bug #904: Charset conversion in db_update.php doesn't work
- bug #905: Merging topics hangs when users are subscribed
- bug #911: Triple border in IE11
- enhancement #889: Excess array cell of $lang_install
- enhancement #891: Remove unused line of code in generate_quickjump_cache
- enhancement #902: Miscellaneous
- enhancement #908: Regenerate the users info cache in register.php
- enhancement #919: $page_title in admin_loader.php
- enhancement #921: Disable admin_forums.php form when no categories exist
- enhancement #922: Function do_smilies() and $pun_config
Lire la suite: http://fluxbb.org/forums/viewtopic.php?id=7405
14 Août 2013 - 3MBThese releases fix another security issue that allowed attackers to redirect forum users from the attacker's site to any URL on the internet via FluxBB's email contact form. This is a problem as the users might be redirected to a dangerous or inappropriate webpage, even though they assume to visit a trusted site (the forum). Unfortunately, we were not contacted before the vulnerability was published; I still want to thank the Zero Science Lab for the helpful communication after the issue was brought to our attention.
FluxBB 1.5.4 also brings along fixes for a bunch of smaller issues in the 1.5 branch.
Lire la suite: http://fluxbb.org/forums/viewtopic.php?id=7217
22 Février 2013 - 3MBThis release fixes a security issue that could allow skilled attackers to guess one of the random tokens that are sent out via email when users have forgotten their passwords.
Lire la suite: http://fluxbb.org/forums/viewtopic.php?id=6916
4 Février 2013 - 3MB
Nos hébergements Web compatibles avec
Hébergement Web 100% SSD
100 Go et +
Gestion avancée des certificats SSL EV et DV
10 Go de VOD
2 CPU et +
6 Go de RAM et +
Ressources 100% dédiées
Infomaniak gère votre serveur
En savoir plus
à partir de 29 € / mois
Prix en EUR