Kunena Security und Bugfix Release 5.1.8

      Keine Kommentare zu Kunena Security und Bugfix Release 5.1.8

Die freie Forensoftware, Kunena für Joomla wurde am 30.12.2018 mit einem wichtigen Update versorgt. Das Update 5.1.8 behebt 3 Sicherheitslücken und behebt über 20 Fehler.

Kunena 5.1.8 Release Notes

  • 1 Security fix – Medium
  • 2 Security fix – Low
  • CB avatar has wrong path
  • Add button to subscribe users to categories selected
  • Uncaught ReferenceError: Joomla is not defined at bootstrap-datepicker
  • add missing tbody and tbody classes (Ruud)
  • Thumbnail fix unknown image
  • fix lightbox disable
  • Add a button to subscribe users to categories/topics
  • Fix tooltip title when teaser is enabled
  • Subject doesn’t changed after the editting
  • Kunena Options Highlight table row if value has changed
  • It lacks the language strings for the privacy menu in the plg_system_privacy
  • [DOM] Input elements should have autocomplete attributes
  • [DOM] Found 2 elements with non-unique id
  • Two menus
  • Update Copyright Year
  • Fix PHP 7.3 warning: “continue” in “switch” is equal to “break”
  • Update Fancybox and Fontawesome
  • Empty modal after adding it to the message
  • Improve inline code. (Hide attachment from the bottom list under the message.)
  • Find the full changes: Here.

Delete Attachments – Medium vulnerability

[20181230] – Core – XSS Vulnerability• Project: Kunena
• SubProject: Forum
• Severity: Medium
• Versions: 3.0 through 5.1.8
• Exploit type: XSS
• Reported by: Kunena Team
• Reported Date: 2018-12-29
• Fixed Date: 2018-12-29
• Release Date: 2018-12-30

Description: Override authorize checks lead to an XSS vulnerability..
Affected Installs: Kunena versions 3.0.0 through 5.1.6.1 (Kunena 5.1.8 is not affected)
Solution: Upgrade to version 5.1.

Delete Avatar – Low vulnerability

[20181230] – Core – XSS Vulnerability• Project: Kunena
• SubProject: Forum
• Severity: Low
• Versions: 3.0 through 5.1.8
• Exploit type: XSS
• Reported by: Kunena Team
• Reported Date: 2018-12-29
• Fixed Date: 2018-12-29
• Release Date: 2018-12-30

Description: Override authorize checks lead to an XSS vulnerability.
Affected Installs: Kunena versions 3.0.0 through 5.1.6.1 (Kunena 5.1.8 is not affected)
Solution: Upgrade to version 5.1.8

Change inline Attachment status – Low vulnerability

[20181230] – Core – XSS Vulnerability• Project: Kunena
• SubProject: Forum
• Severity: Low
• Versions: 3.0 through 5.1.8
• Exploit type: XSS
• Reported by: Kunena Team
• Reported Date: 2018-12-29
• Fixed Date: 2018-12-29
• Release Date: 2018-12-30

Description: Override authorize checks lead to an XSS vulnerability.
Affected Installs: Kunena versions 3.0.0 through 5.1.6.1 (Kunena 5.1.8 is not affected)
Solution: Upgrade to version 5.1.

Quelle: https://www.kunena.org/blog/201-kunena-5-1-8-released

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.

Diese Website verwendet Akismet, um Spam zu reduzieren. Erfahre mehr darüber, wie deine Kommentardaten verarbeitet werden.