Updates Updates Installed 8-31-2016

Discussion in 'Announcements' started by admin, Aug 31, 2016.

  1. admin

    admin Administrator Staff Member

    Today, we made several updates to the forum software. This release fixes several bugs and issues that were found since the previous release.

    Most importantly, this release includes a fix for a security issue the software authors found during internal testing. The issue is known as a server-side request forgery (SSRF). This could allow an attacker to use ther server to bypass the server's firewall and make internal requests. Depending on the services found, this could lead to privilege escalation or remote code execution.

    Some of the bugs fixed in in this release include:
    • Add several language code/locale options for pages.
    • Fix a situation where white space may not be maintained 100% when pasting code/pre-formatted into the rich text editor.
    • Ensure that poll resetting/deleting is logged correctly.
    • Automatically adjust uploaded image extensions to match their type (rather than throwing an error).
    • Change NoCaptcha requests to POST to prevent a possible regular expression failure.
    • Fix an issue with automatic vendor prefixing in the CSS when using @supports.
    • Fix a timezone related issue when displaying stats output.
    • Adjust the meta description of member profiles to handle missing components better.
    • Prevent an error in the phpBB 3.1 importer relating to timezones.
    • Implements better permission checks in the Media alert handler
    • Resolves an issue which could see a thumbnail not created for short videos
    • Photopost importer fixes
    • Media and album comment likes now displayed correctly in the Admin CP Stats
     

Share This Page