Firefox PHP

Phorum 5.2.17 released - SECURITY FIX

Posted by Thomas Seifert 
Phorum 5.2.17 released - SECURITY FIX
August 26, 2011 06:59AM
We are happy to announce our latest stable release Phorum-5.2.17.
It is a bug fix release over 5.2.16 fixing some issues reported (including patches, thanks folks!) and other collected changes since the last release.

It also includes a security fix for an XSS issue reported by Russ McRee @ holisticinfosec in the real name screen in the controlcenter. Thanks Russ!

As there were again some users having problems while running phorum on PHP4 we made PHP5 a requirement with this version. Effectively that means that users running PHP4 won't be able to install Phorum anymore and the install screen will tell them so.

You can download this new release from our downloads page.

This is the excerpt from the changelog:

Thu Aug 25 16:22:59 2011 +0200: Thomas Seifert
* fixed XSS reported by Russ McRee @ holisticinfosec

Sun Jul 31 12:46:18 2011 +0200: Maurice Makaay
* Fixed a Safari prompt() issue for the editor tools.

Fri Jul 8 15:15:16 2011 +0200: Thomas Seifert
* fixing thread title in first merge thread screen (thanks to vrtisworks, fixes #868)

Fri Jul 8 10:54:49 2011 +0200: Thomas Seifert
* first part of "Make Ajax calls without enabled cookies work". Server-side work is done with this commit. Now only the JS-part in the phorum ajax lib is missing (related to #816)

Fri Jul 8 10:22:10 2011 +0200: Thomas Seifert
* fixed "multibyte chop corruption" (fixes #865, thanks to Phorum user glen!)

Fri Jul 8 10:10:15 2011 +0200: Thomas Seifert
* fixed "Follow mode is not kept when quoting" (fixes #869, thanks to mariusmuja)

Tue Jul 5 12:17:27 2011 +0200: Thomas Seifert
* getting rid of warning when uploading zero sized file in controlcenter. Thanks to hsn! (fixes #859).

Tue Jul 5 12:12:50 2011 +0200: Thomas Seifert
* fixing "invalid" sql. Thanks to hsn. (fixes #858)

Tue Jul 5 11:58:27 2011 +0200: Thomas Seifert
* unified the webserver check in console scripts and added shebang-line. Thanks to glen! (fixing #866)

Tue Jul 5 11:42:59 2011 +0200: Thomas Seifert
* fixing invalid message but upon splitting threads. Thanks to rfc! (Fixing #870)

Tue Jul 5 11:38:55 2011 +0200: Thomas Seifert
* fixing php warning when Phorum is set to Read-Only. Thanks to rfc! (fixes #871)

Tue May 10 03:37:34 2011 +0000: brian
* if the current running script has defined PHORUM_ADMIN, we don't need to check file access permissions

Tue Apr 12 10:23:04 2011 +0000: ts77
* better message cache invalidation on moderation actions. now using the correct forum_id for messages moderated in a different forum than the current one and invalidation just once for each forum.

Sun Mar 13 10:10:47 2011 +0000: ts77
* added option to phorum_strip_body to skip stripping tags - and use that for the plain text quoting to avoid missing data in the quotes.

Tue Feb 8 05:05:47 2011 +0000: brian
* Adding a new hook to allow for alternate methods of retrieving private messages. e.g. for doing a module that pages the results.

Mon Jan 24 05:27:29 2011 +0000: mmakaay
* Added Brazillian Portuguese translation for Spam Hurdles.

Thomas Seifert

Edited 1 time(s). Last edit at 08/26/2011 07:07AM by Thomas Seifert.
Sorry, only registered users may post in this forum.

Click here to login