Kunena Logo

Kunena Security und Bugfix Release 5.1.8

von

Die freie Forensoftware, Kunena für Joomla wurde am 30.12.2018 mit einem wichtigen Update versorgt. Das Update 5.1.8 behebt 3 Sicherheitslücken und behebt über 20 Fehler.

Kunena 5.1.8 Release Notes

  • 1 Security fix – Medium
  • 2 Security fix – Low
  • CB avatar has wrong path
  • Add button to subscribe users to categories selected
  • Uncaught ReferenceError: Joomla is not defined at bootstrap-datepicker
  • add missing tbody and tbody classes (Ruud)
  • Thumbnail fix unknown image
  • fix lightbox disable
  • Add a button to subscribe users to categories/topics
  • Fix tooltip title when teaser is enabled
  • Subject doesn’t changed after the editting
  • Kunena Options Highlight table row if value has changed
  • It lacks the language strings for the privacy menu in the plg_system_privacy
  • [DOM] Input elements should have autocomplete attributes
  • [DOM] Found 2 elements with non-unique id
  • Two menus
  • Update Copyright Year
  • Fix PHP 7.3 warning: “continue” in “switch” is equal to “break”
  • Update Fancybox and Fontawesome
  • Empty modal after adding it to the message
  • Improve inline code. (Hide attachment from the bottom list under the message.)
  • Find the full changes: Here.

Delete Attachments – Medium vulnerability

[20181230] – Core – XSS Vulnerability• Project: Kunena
• SubProject: Forum
• Severity: Medium
• Versions: 3.0 through 5.1.8
• Exploit type: XSS
• Reported by: Kunena Team
• Reported Date: 2018-12-29
• Fixed Date: 2018-12-29
• Release Date: 2018-12-30

Description: Override authorize checks lead to an XSS vulnerability..
Affected Installs: Kunena versions 3.0.0 through 5.1.6.1 (Kunena 5.1.8 is not affected)
Solution: Upgrade to version 5.1.

Delete Avatar – Low vulnerability

[20181230] – Core – XSS Vulnerability• Project: Kunena
• SubProject: Forum
• Severity: Low
• Versions: 3.0 through 5.1.8
• Exploit type: XSS
• Reported by: Kunena Team
• Reported Date: 2018-12-29
• Fixed Date: 2018-12-29
• Release Date: 2018-12-30

Description: Override authorize checks lead to an XSS vulnerability.
Affected Installs: Kunena versions 3.0.0 through 5.1.6.1 (Kunena 5.1.8 is not affected)
Solution: Upgrade to version 5.1.8

Change inline Attachment status – Low vulnerability

[20181230] – Core – XSS Vulnerability• Project: Kunena
• SubProject: Forum
• Severity: Low
• Versions: 3.0 through 5.1.8
• Exploit type: XSS
• Reported by: Kunena Team
• Reported Date: 2018-12-29
• Fixed Date: 2018-12-29
• Release Date: 2018-12-30

Description: Override authorize checks lead to an XSS vulnerability.
Affected Installs: Kunena versions 3.0.0 through 5.1.6.1 (Kunena 5.1.8 is not affected)
Solution: Upgrade to version 5.1.

Quelle: https://www.kunena.org/blog/201-kunena-5-1-8-released

Schreibe einen Kommentar

Diese Website verwendet Akismet, um Spam zu reduzieren. Erfahre mehr darüber, wie deine Kommentardaten verarbeitet werden.