Login
Username

Password



Not a member yet?
Click here to register.

Forgotten your password?
Request a new one here.
Navigation
Follow us on Facebook
Follow us on Google+
Update v7.02.07 released
DownloadsCritical patch v7.02.07 released!

Since our last patch we've discovered several security vulnerabilities that were not adressed in that patch, which have had us working really hard to release a major patch with all critical vulnerabilities tight shut once and for all, and also some bug´s have been adjusted.
Since this patch adresses several critical security vulnerabilities, we strongly recommend every single user out there to upgrade to this patch.
The version number is v7.02.07 and below follows a list of what's been adressed.

v7.02.07

[-] CORE: Fixed a potential security issue which could lead to file inclusion and arbitrary code execution given the "right" circumstances
[-] CORE: Fixed a panel restriction bug
[-] CORE: Added a MIME check function so faulty extensions won´t be uploaded to the system
[-] FORUM: Fixed SQL injection
[-] FORUM: Fixed Reflected XSS vulnerability
[-] FORUM: Fixed a bug where signature state couldn't be changed after a post
[-] FORUM: Fixed a bug where after deleting a user due to insufficient clean up several areas of the forum would display wrong or incomplete information
[-] INCLUDES: Fixed RCE and CSRF vulnerabilites

[-] ADMIN: Fixed a potential security issue which could lead to file inclusion and arbitrary code execution given the "right" circumstances
[-] ADMIN: Fixed several SQL injections
[-] ADMIN: Fixed a bug which could lead to arbitrary file deletition
[-] ADMIN: Fixed several Reflected XSS vulnerabilities

[-] USERS: Fixed bug #1366 - HTTPS schema bug in user's site address
[-] USERS: Fixed bug #1360 - avatar images resizing bug

[-] FRONT: Fixed Reflected XSS vulnerability

[*] FILES: The minor file check tool we've made is an ongoing work, we have alot of files in the system that are orphan files. So we designed this one to start the general cleaning process.


Improved/changed features:

[*] ADMIN: Strengthened temporary backup file name while creating a backup up
[*] FORUM: Improved "Edit reason" animation responsiveness


ALso we would like to take the time and opportunity to note that the merger of the old Development site to Development here has gone very smoothly and as you no doubt can see, many developers have been very busy and hard at work, both with this patch and also with the work on v8 as well.
Thank you all who are working hard with the development of this fine CMS!
We will release a special news item regarding v8 the next couple of days, not in detail as of yet, but keeping you all posted about how far we've come, where we're going with it and how we will achieve it.
We're alive and kicking and we will be even more so!

Download upgrade here : PHP-Fusion 7.02.07-Update
Download full version here : PHP-Fusion 7.02.07
Domi on June 18 2013 17:52:24
Comments
39855 #11 JoiNNN

on Jun 19 2013 at 19:36:17
Fixed Wanabo
42888 #12 Archer

on Jul 01 2013 at 20:51:51
Grin
13606 #13 HobbyMan

on Jul 06 2013 at 12:58:39
Great work, guys Smile
2 sites so far upgraded with no problems. I like the "orphan file" list - very helpful Good
3664 #14 Domi

on Jul 11 2013 at 12:41:38
Thank you Phil!
I guess it could be more extensive aswell but i figured that i should only compare from V7.0 to current version. Just to not make it to messy for now.
I belive i will extend it for a V8 release in the update scripts so we have a solid upgrade pack and everyone runs "clean" versions from start.
550 #15 younis

on Jul 16 2013 at 07:21:09
Just quickly... Is there a recommended sequence to follow when performing an Update? Should you open up the Upgrade Admin page first? Upload the upgrade.php file first? Or just upload all files and then open up the Upgrade Admin?
Post Comment
Please Login to Post a Comment.
Official Home of PHP-Fusion uses cookies. Some may already have been set. Read more about our Cookies here.
Please click the button I Consent Cookies to hide this bar and accept our cookies. If you continue to use the site with no action taken, we'll assume that you consent our cookies anyway.
Cookiebar Panel fromVenue
Latest Addons
Pogo Profile Us... 24
Top Slide Panel 34
Nivo Slider Panel 75
Clock Calender ... 34
Infused Theme 92
jQuery Popup Panel 83
Nickpages v3.1 69
Windows 8 Menu ... 74
A Little SEO 76
Tattoo Theme 111
Glider Captcha 118
Lord of the Rin... 134
jQuery News Tic... 115
TinyURL_for_PHP... 113
ZUgame 111
ZindeX 119
Zabro 106
Yosk 112
Y!Mess 108
X-Pload 129
Xmas Snow 102
Xmas 2 98
XD Error 99
XD Error Blue 122
XD GF 111
XDC Gaming 140
Multi Comment P... 152
Alienewe 121
Metalic 129
Vista 126
Voyager 113
World of Warcra... 111
World of Warcra... 100
World of Warcra... 101
Womanbird 101
Void Resurrection 105
Vim 97
ThumbsUp Panel 147
Void 104
Violet Dreams 104
Windows 7 82
Wild Oscar 87
Wild Blue 79
White Rose 78
White Christmas 64
White and Light 50
Webmaster Files 63
Popular Addons
iTheme2 7303
Arise 7234
User Control v1.23 5853
Event Calendar 5361
Photowidget panel 4725
Radio-Theme red... 4476
Facebook Connec... 4312
Highslide Gallery 4260
CSS/JavaScript ... 4148
Dynamic Menu 3875
Slideshow Light... 3713
Black 3385
L-AMANT 3372
2Dark 3359
Facebook Commen... 3262
Advanced Custom... 2951
Social Panel 2843
Hayaletsevgili ... 2753
Professional Do... 2709
4Newspapers 2629
Graphical Count... 2625
Google Sitemap ... 2600
OnAir 2597
Advertising Man... 2533
HappyAccidents 2388
Blue Marble 2355
jQuery Login Pa... 2184
MW3 2182
NewSlider 2156
LOA Shoutbox Ce... 2107
Dark-Matrix 1979
Blue Marble v2 1938
Blogstar [New T... 1893
Multicolor Theme 1875
Status & Mood 1872
Hayaletsevgili ... 1822
Youtube videoga... 1798
Advanced Custom... 1782
F-Book | A Face... 1774
Section Mainten... 1774
Facebook Connec... 1751
Ddraig 1711
Wave 1694
Forum Useful Po... 1630
Dev.Rus v1.2 1598
Auto Database S... 1595
Restricted 1595
Last Seens
Last Seen > Members
[M] Webzone 00:09:39
[M] Craig 01:04:09
[M] Rolly8-HL 02:45:43
[M] TalkFever 02:54:08
[M] lagkdok 03:37:17
[M] afoster 03:51:13
[M] mpflash 04:29:37
[M] jugolo 04:55:28
[M] hooz 05:21:28
[M] Sony_PL 05:26:32
[M] DonZorro 05:33:54
[M] odien541 05:55:34
[M] 1click 06:04:42
[M] Creatium 06:06:51
[M] matze45 06:16:14


Last Seen > Admins
[A] Kamillo 04:19:42
[A] Layzee 06:18:24
[SA] Domi 07:17:45
[A] PolarFox 11:12:09
[A] jikaka 12:05:18