I am glad to finally announce the next patch release of FluxBB: version 1.5.11.Feature updates
Increase minimum password length
Prohibit links in topic subjects (based on existing anti-spam permission)
Allow longer SMTP passwords
Return correct HTTP
... [More]
status code on error and maintenance pages (to prevent search engines from indexing)
Prevent duplicate bans
User profiles: Use user's date/time formats, not the viewer's
Improve error message for very short searches
Please check out the details in the full changelog. In addition, this release fixes nine bugs, some of which affect...Security
Proper CSRF protection for rebuilding the search index, logging in and promoting users
Stop using insecure random number generator on certain PHP versions
Fix insufficient escaping of HTML output in installer and error pages
This release has benefited from contributions by jasonrohrer, nsuchy and Visman. Thank you!I also want to thank TheBritain, Visman, Li of SEC Consult Vulnerability Lab and Omar Kurt of Netsparker for respectfully and responsibly disclosing security-relevant issues.Project updateAs you know, this is the first release in a long time. I have decided to continue giving FluxBB the maintenance it deserves. However, I need support to achieve this. Before I announce all of my plans, as a token of goodwill and to regain some trust, I plan to release the long-awaited v1.6 within the next few weeks. This release will clean up some of the dusty bits under the hood of FluxBB. By removing support for old PHP and browser versions, we can lay the foundations to carefully modernize the codebase, while staying true to the spirit of FluxBB. This means that 1.5.11 is the last release to support PHP 4 (which is horribly outdated). In addition, 1.6 will get some much-needed love in the realm of security hardening.With that out of the way: please go ahead and download the new version on the downloads page. If you are upgrading an existing forum, you can find instructions and resources on the upgrade page.Enjoy using FluxBB and stay tuned for more news on v1.6! [Less]
|
I am glad to finally announce the next patch release of FluxBB: version 1.5.11.Feature updates
Increase minimum password length
Prohibit links in topic subjects (based on existing anti-spam permission)
Allow longer SMTP passwords
Return correct HTTP
... [More]
status code on error and maintenance pages (to prevent search engines from indexing)
Prevent duplicate bans
User profiles: Use user's date/time formats, not the viewer's
Improve error message for very short searches
Please check out the details in the full changelog. In addition, this release fixes nine bugs, some of which affect...Security
Proper CSRF protection for rebuilding the search index, logging in and promoting users
Stop using insecure random number generator on certain PHP versions
Fix insufficient escaping of HTML output in installer and error pages
This release has benefited from contributions by jasonrohrer, nsuchy and Visman. Thank you!I also want to thank TheBritain, Visman, Li of SEC Consult Vulnerability Lab and Omar Kurt of Netsparker for respectfully and responsibly disclosing security-relevant issues.Project updateAs you know, this is the first release in a long time. I have decided to continue giving FluxBB the maintenance it deserves. However, I need support to achieve this. Before I announce all of my plans, as a token of goodwill and to regain some trust, I plan to release the long-awaited v1.6 within the next few weeks. This release will clean up some of the dusty bits under the hood of FluxBB. By removing support for old PHP and browser versions, we can lay the foundations to carefully modernize the codebase, while staying true to the spirit of FluxBB. This means that 1.5.11 is the last release to support PHP 4 (which is horribly outdated). In addition, 1.6 will get some much-needed love in the realm of security hardening.With that out of the way: please go ahead and download the new version on the downloads page. If you are upgrading an existing forum, you can find instructions and resources on the upgrade page.Enjoy using FluxBB and stay tuned for more news on v1.6! [Less]
|
I am pleased to announce the eleventh release in the 1.5 cycle: v1.5.10 is here.This release fixes a security vulnerability as well as several bugs, and also contains several small improvements.The vulnerability, kindly disclosed by Kacper Szurek
... [More]
, allowed skilled attackers to inject malicious JavaScript into the page that is shown when administrators try to view information about a user's IP address.In addition, this release contains some minor improvements in the area of CSS and usability, and fixes several smaller bugs. For more details, please view the full changelog.Please update your forums as soon as possible.We also recommend subscribing to the security mailing list in your site's user profile. That way, you will get notified of new security-relevant releases immediately.As always, download packages can be found on our download page.Changed files and patches are available on the upgrade page. Please remember to make a backup of your files as well as the database before upgrading your forum!A big thank you to all contributors, and again a hat-tip to Kacper Szurek for the detailed and responsible disclosure of security information! [Less]
|
|
Posted
over 8 years
ago
by
I am pleased to announce the eleventh release in the 1.5 cycle: v1.5.10 is here.This release fixes a security vulnerability as well as several bugs, and also contains several small improvements.The vulnerability, kindly disclosed by Kacper Szurek
... [More]
, allowed skilled attackers to inject malicious JavaScript into the page that is shown when administrators try to view information about a user's IP address.In addition, this release contains some minor improvements in the area of CSS and usability, and fixes several smaller bugs. For more details, please view the full changelog.Please update your forums as soon as possible.We also recommend subscribing to the security mailing list in your site's user profile. That way, you will get notified of new security-relevant releases immediately.As always, download packages can be found on our download page.Changed files and patches are available on the upgrade page. Please remember to make a backup of your files as well as the database before upgrading your forum!A big thank you to all contributors, and again a hat-tip to Kacper Szurek for the detailed and responsible disclosure of security information! [Less]
|
|
Posted
about 9 years
ago
by
I would just like to take this opportunity to wish everyone a very Merry Christmas, happy holidays and a Happy New Year from all of us here at FluxBB! We hope this festive season is an exciting and fun one for all and we wish you the best for what's
... [More]
to come in 2016.Take this time to finalise your New Year's resolutions and continue to take care of yourselves. Santa is always watching. [Less]
|
I would just like to take this opportunity to wish everyone a very Merry Christmas, happy holidays and a Happy New Year from all of us here at FluxBB! We hope this festive season is an exciting and fun one for all and we wish you the best for what's
... [More]
to come in 2016.Take this time to finalise your New Year's resolutions and continue to take care of yourselves. Santa is always watching. [Less]
|
|
Posted
about 9 years
ago
by
I would just like to take this opportunity to wish everyone a very Merry Christmas, happy holidays and a Happy New Year from all of us here at FluxBB! We hope this festive season is an exciting and fun one for all and we wish you the best for what's
... [More]
to come in 2016.Take this time to finalise your New Year's resolutions and continue to take care of yourselves. Santa is always watching. [Less]
|
I would just like to take this opportunity to wish everyone a very Merry Christmas, happy holidays and a Happy New Year from all of us here at FluxBB! We hope this festive season is an exciting and fun one for all and we wish you the best for what's
... [More]
to come in 2016.Take this time to finalise your New Year's resolutions and continue to take care of yourselves. Santa is always watching. [Less]
|
Today marks the release of version 1.5.9 of the FluxBB forum software.Due to two security-relevant bug fixes, this release only contains bug fixes. Improvements that were originally planned to be released with this version, like SQLite3 support and a
... [More]
responsive design, will be delayed to a soon-to-be-released v1.5.10.Security fixesThis release fixes two security issues: The first one allowed attackers to trick moderators into e.g. locking or stickying other topics without noticing. The second change prevents sophisticated timing attacks targeted at e.g. password hashes.More bugfixesOther changes in this release include several fixes of regressions introduced in the last release, fixes related to the handling of several esoteric HTTP headers, and a fix for a quote bug that broke the forum layout. Finally, if you want to embed your forum in another web page, the relevant HTTP header is now configurable.UpdatingPlease update your forums as soon as possible.As always, download packages can be found on our download page.Changed files and patches are available on the upgrade page. Please remember to make a backup of your files as well as the database before upgrading your forum!Thank you to everyone involved in this release, from vulnerability reports to bug fixes.Flarum progressIn case you haven't followed its progress, Flarum is progressing nicely and is currently moving through regular beta releases. Go check it out on Flarum.org. [Less]
|
|
Posted
over 9 years
ago
by
Today marks the release of version 1.5.9 of the FluxBB forum software.Due to two security-relevant bug fixes, this release only contains bug fixes. Improvements that were originally planned to be released with this version, like SQLite3 support and a
... [More]
responsive design, will be delayed to a soon-to-be-released v1.5.10.Security fixesThis release fixes two security issues: The first one allowed attackers to trick moderators into e.g. locking or stickying other topics without noticing. The second change prevents sophisticated timing attacks targeted at e.g. password hashes.More bugfixesOther changes in this release include several fixes of regressions introduced in the last release, fixes related to the handling of several esoteric HTTP headers, and a fix for a quote bug that broke the forum layout. Finally, if you want to embed your forum in another web page, the relevant HTTP header is now configurable.UpdatingPlease update your forums as soon as possible.As always, download packages can be found on our download page.Changed files and patches are available on the upgrade page. Please remember to make a backup of your files as well as the database before upgrading your forum!Thank you to everyone involved in this release, from vulnerability reports to bug fixes.Flarum progressIn case you haven't followed its progress, Flarum is progressing nicely and is currently moving through regular beta releases. Go check it out on Flarum.org. [Less]
|
