Login
Username

Password



Not a member yet?
Click here to register.

Forgotten your password?
Request a new one here.
Navigation
Follow us on Facebook
Follow us on Google+
Update v7.02.07 released
DownloadsCritical patch v7.02.07 released!

Since our last patch we've discovered several security vulnerabilities that were not adressed in that patch, which have had us working really hard to release a major patch with all critical vulnerabilities tight shut once and for all, and also some bug´s have been adjusted.
Since this patch adresses several critical security vulnerabilities, we strongly recommend every single user out there to upgrade to this patch.
The version number is v7.02.07 and below follows a list of what's been adressed.

v7.02.07

[-] CORE: Fixed a potential security issue which could lead to file inclusion and arbitrary code execution given the "right" circumstances
[-] CORE: Fixed a panel restriction bug
[-] CORE: Added a MIME check function so faulty extensions won´t be uploaded to the system
[-] FORUM: Fixed SQL injection
[-] FORUM: Fixed Reflected XSS vulnerability
[-] FORUM: Fixed a bug where signature state couldn't be changed after a post
[-] FORUM: Fixed a bug where after deleting a user due to insufficient clean up several areas of the forum would display wrong or incomplete information
[-] INCLUDES: Fixed RCE and CSRF vulnerabilites

[-] ADMIN: Fixed a potential security issue which could lead to file inclusion and arbitrary code execution given the "right" circumstances
[-] ADMIN: Fixed several SQL injections
[-] ADMIN: Fixed a bug which could lead to arbitrary file deletition
[-] ADMIN: Fixed several Reflected XSS vulnerabilities

[-] USERS: Fixed bug #1366 - HTTPS schema bug in user's site address
[-] USERS: Fixed bug #1360 - avatar images resizing bug

[-] FRONT: Fixed Reflected XSS vulnerability

[*] FILES: The minor file check tool we've made is an ongoing work, we have alot of files in the system that are orphan files. So we designed this one to start the general cleaning process.


Improved/changed features:

[*] ADMIN: Strengthened temporary backup file name while creating a backup up
[*] FORUM: Improved "Edit reason" animation responsiveness


ALso we would like to take the time and opportunity to note that the merger of the old Development site to Development here has gone very smoothly and as you no doubt can see, many developers have been very busy and hard at work, both with this patch and also with the work on v8 as well.
Thank you all who are working hard with the development of this fine CMS!
We will release a special news item regarding v8 the next couple of days, not in detail as of yet, but keeping you all posted about how far we've come, where we're going with it and how we will achieve it.
We're alive and kicking and we will be even more so!

Download upgrade here : PHP-Fusion 7.02.07-Update
Download full version here : PHP-Fusion 7.02.07
Domi on June 18 2013 17:52:24
Comments
39855 #11 JoiNNN

on Jun 19 2013 at 19:36:17
Fixed Wanabo
42888 #12 Archer

on Jul 01 2013 at 20:51:51
Grin
13606 #13 HobbyMan

on Jul 06 2013 at 12:58:39
Great work, guys Smile
2 sites so far upgraded with no problems. I like the "orphan file" list - very helpful Good
3664 #14 Domi

on Jul 11 2013 at 12:41:38
Thank you Phil!
I guess it could be more extensive aswell but i figured that i should only compare from V7.0 to current version. Just to not make it to messy for now.
I belive i will extend it for a V8 release in the update scripts so we have a solid upgrade pack and everyone runs "clean" versions from start.
550 #15 younis

on Jul 16 2013 at 07:21:09
Just quickly... Is there a recommended sequence to follow when performing an Update? Should you open up the Upgrade Admin page first? Upload the upgrade.php file first? Or just upload all files and then open up the Upgrade Admin?
Post Comment
Please Login to Post a Comment.
Official Home of PHP-Fusion uses cookies. Some may already have been set. Read more about our Cookies here.
Please click the button I Consent Cookies to hide this bar and accept our cookies. If you continue to use the site with no action taken, we'll assume that you consent our cookies anyway.
Cookiebar Panel fromVenue
Latest Addons
Pogo Profile Us... 12
Top Slide Panel 20
Nivo Slider Panel 56
Clock Calender ... 32
Infused Theme 82
jQuery Popup Panel 66
Nickpages v3.1 58
Windows 8 Menu ... 66
A Little SEO 65
Tattoo Theme 103
Glider Captcha 109
Lord of the Rin... 121
jQuery News Tic... 105
TinyURL_for_PHP... 102
ZUgame 103
ZindeX 107
Zabro 99
Yosk 104
Y!Mess 98
X-Pload 118
Xmas Snow 91
Xmas 2 91
XD Error 90
XD Error Blue 110
XD GF 99
XDC Gaming 135
Multi Comment P... 139
Alienewe 113
Metalic 115
Vista 114
Voyager 105
World of Warcra... 98
World of Warcra... 90
World of Warcra... 92
Womanbird 90
Void Resurrection 95
Vim 86
ThumbsUp Panel 141
Void 95
Violet Dreams 95
Windows 7 75
Wild Oscar 76
Wild Blue 70
White Rose 73
White Christmas 58
White and Light 44
Webmaster Files 55
Popular Addons
iTheme2 7293
Arise 7223
User Control v1.23 5837
Event Calendar 5347
Photowidget panel 4714
Radio-Theme red... 4463
Facebook Connec... 4296
Highslide Gallery 4252
CSS/JavaScript ... 4130
Dynamic Menu 3851
Slideshow Light... 3704
Black 3373
L-AMANT 3363
2Dark 3347
Facebook Commen... 3242
Advanced Custom... 2937
Social Panel 2826
Hayaletsevgili ... 2740
Professional Do... 2693
4Newspapers 2620
Graphical Count... 2616
OnAir 2584
Google Sitemap ... 2583
Advertising Man... 2520
HappyAccidents 2377
Blue Marble 2336
jQuery Login Pa... 2175
MW3 2173
NewSlider 2138
LOA Shoutbox Ce... 2092
Dark-Matrix 1970
Blue Marble v2 1927
Blogstar [New T... 1880
Multicolor Theme 1863
Status & Mood 1863
Hayaletsevgili ... 1814
Youtube videoga... 1781
Advanced Custom... 1774
F-Book | A Face... 1761
Section Mainten... 1761
Facebook Connec... 1738
Ddraig 1705
Wave 1682
Forum Useful Po... 1617
Dev.Rus v1.2 1593
Auto Database S... 1587
Restricted 1586
Last Seens
Last Seen > Members
[M] afoster 00:33:06
[M] Maiky20 00:46:52
[M] ntn 01:54:31
[M] KasteR 03:10:05
[M] gunnie 04:41:56
[M] Sladdaren 04:54:00
[M] lagkdok 05:09:30
[M] ctokepa 06:25:53
[M] insha 06:36:54
[M] Tobias 06:47:47
[M] Rolly8-HL 07:32:39
[M] jugolo 07:41:47
[M] Sony_PL 07:48:11
[M] adrianu89 08:48:58
[M] Creatium 09:02:13


Last Seen > Admins
[A] PHPar 06:29:09
[A] JoiNNN 09:02:07
[SA] Domi 10:08:19
[A] Layzee 12:27:33
[A] Brandon... 12:30:22