Die freie Forensoftware, Kunena für Joomla wurde am 30.12.2018 mit einem wichtigen Update versorgt. Das Update 5.1.8 behebt 3 Sicherheitslücken und behebt über 20 Fehler.
Kunena 5.1.8 Release Notes
- 1 Security fix – Medium
- 2 Security fix – Low
- CB avatar has wrong path
- Add button to subscribe users to categories selected
- Uncaught ReferenceError: Joomla is not defined at bootstrap-datepicker
- add missing tbody and tbody classes (Ruud)
- Thumbnail fix unknown image
- fix lightbox disable
- Add a button to subscribe users to categories/topics
- Fix tooltip title when teaser is enabled
- Subject doesn’t changed after the editting
- Kunena Options Highlight table row if value has changed
- It lacks the language strings for the privacy menu in the plg_system_privacy
- [DOM] Input elements should have autocomplete attributes
- [DOM] Found 2 elements with non-unique id
- Two menus
- Update Copyright Year
- Fix PHP 7.3 warning: “continue” in “switch” is equal to “break”
- Update Fancybox and Fontawesome
- Empty modal after adding it to the message
- Improve inline code. (Hide attachment from the bottom list under the message.)
- Find the full changes: Here.
Delete Attachments – Medium vulnerability
[20181230] – Core – XSS Vulnerability• Project: Kunena
• SubProject: Forum
• Severity: Medium
• Versions: 3.0 through 5.1.8
• Exploit type: XSS
• Reported by: Kunena Team
• Reported Date: 2018-12-29
• Fixed Date: 2018-12-29
• Release Date: 2018-12-30
Description: Override authorize checks lead to an XSS vulnerability..
Affected Installs: Kunena versions 3.0.0 through 5.1.6.1 (Kunena 5.1.8 is not affected)
Solution: Upgrade to version 5.1.
Delete Avatar – Low vulnerability
[20181230] – Core – XSS Vulnerability• Project: Kunena
• SubProject: Forum
• Severity: Low
• Versions: 3.0 through 5.1.8
• Exploit type: XSS
• Reported by: Kunena Team
• Reported Date: 2018-12-29
• Fixed Date: 2018-12-29
• Release Date: 2018-12-30
Description: Override authorize checks lead to an XSS vulnerability.
Affected Installs: Kunena versions 3.0.0 through 5.1.6.1 (Kunena 5.1.8 is not affected)
Solution: Upgrade to version 5.1.8
Change inline Attachment status – Low vulnerability
[20181230] – Core – XSS Vulnerability• Project: Kunena
• SubProject: Forum
• Severity: Low
• Versions: 3.0 through 5.1.8
• Exploit type: XSS
• Reported by: Kunena Team
• Reported Date: 2018-12-29
• Fixed Date: 2018-12-29
• Release Date: 2018-12-30
Description: Override authorize checks lead to an XSS vulnerability.
Affected Installs: Kunena versions 3.0.0 through 5.1.6.1 (Kunena 5.1.8 is not affected)
Solution: Upgrade to version 5.1.
Quelle: https://www.kunena.org/blog/201-kunena-5-1-8-released