Die freie Forensoftware, Kunena für Joomla wurde am 30.12.2018 mit einem wichtigen Update versorgt. Das Update 5.1.8 behebt 3 Sicherheitslücken und behebt über 20 Fehler.
Kunena 5.1.8 Release Notes
- 1 Security fix – Medium
- 2 Security fix – Low
- CB avatar has wrong path
- Add button to subscribe users to categories selected
- Uncaught ReferenceError: Joomla is not defined at bootstrap-datepicker
- add missing tbody and tbody classes (Ruud)
- Thumbnail fix unknown image
- fix lightbox disable
- Add a button to subscribe users to categories/topics
- Fix tooltip title when teaser is enabled
- Subject doesn’t changed after the editting
- Kunena Options Highlight table row if value has changed
- It lacks the language strings for the privacy menu in the plg_system_privacy
- [DOM] Input elements should have autocomplete attributes
- [DOM] Found 2 elements with non-unique id
- Two menus
- Update Copyright Year
- Fix PHP 7.3 warning: “continue” in “switch” is equal to “break”
- Update Fancybox and Fontawesome
- Empty modal after adding it to the message
- Improve inline code. (Hide attachment from the bottom list under the message.)
- Find the full changes: Here.
Delete Attachments – Medium vulnerability
[20181230] – Core – XSS Vulnerability• Project: Kunena
• SubProject: Forum
• Severity: Medium
• Versions: 3.0 through 5.1.8
• Exploit type: XSS
• Reported by: Kunena Team
• Reported Date: 2018-12-29
• Fixed Date: 2018-12-29
• Release Date: 2018-12-30
Description: Override authorize checks lead to an XSS vulnerability..
Affected Installs: Kunena versions 3.0.0 through 5.1.6.1 (Kunena 5.1.8 is not affected)
Solution: Upgrade to version 5.1.
Delete Avatar – Low vulnerability
[20181230] – Core – XSS Vulnerability• Project: Kunena
• SubProject: Forum
• Severity: Low
• Versions: 3.0 through 5.1.8
• Exploit type: XSS
• Reported by: Kunena Team
• Reported Date: 2018-12-29
• Fixed Date: 2018-12-29
• Release Date: 2018-12-30
Description: Override authorize checks lead to an XSS vulnerability.
Affected Installs: Kunena versions 3.0.0 through 5.1.6.1 (Kunena 5.1.8 is not affected)
Solution: Upgrade to version 5.1.8
Change inline Attachment status – Low vulnerability
[20181230] – Core – XSS Vulnerability• Project: Kunena
• SubProject: Forum
• Severity: Low
• Versions: 3.0 through 5.1.8
• Exploit type: XSS
• Reported by: Kunena Team
• Reported Date: 2018-12-29
• Fixed Date: 2018-12-29
• Release Date: 2018-12-30
Description: Override authorize checks lead to an XSS vulnerability.
Affected Installs: Kunena versions 3.0.0 through 5.1.6.1 (Kunena 5.1.8 is not affected)
Solution: Upgrade to version 5.1.
Quelle: https://www.kunena.org/blog/201-kunena-5-1-8-released
Interessiert in verschiedenste IT Themen, schreibe ich in diesem Blog über Software, Hardware, Smart Home, Games und vieles mehr. Ich berichte z.B. über die Installation und Konfiguration von Software als auch von Problemen mit dieser. News sind ebenso spannend, sodass ich auch über Updates, Releases und Neuigkeiten aus der IT berichte. Letztendlich nutze ich Taste-of-IT als eigene Dokumentation und Anlaufstelle bei wiederkehrenden Themen. Ich hoffe ich kann dich ebenso informieren und bei Problemen eine schnelle Lösung anbieten. Wer meinen Aufwand unterstützen möchte, kann gerne eine Tasse oder Pod Kaffe per PayPal spenden – vielen Dank.