Critical patch v7.02.07 released!
Since our last patch we've discovered several security vulnerabilities that were not adressed in that patch, which have had us working really hard to release a major patch with all critical vulnerabilities tight shut once and for all, and also some bug´s have been adjusted.
Since this patch adresses several critical security vulnerabilities, we strongly recommend every single user out there to upgrade to this patch.
The version number is v7.02.07 and below follows a list of what's been adressed.
[-] CORE: Fixed a potential security issue which could lead to file inclusion and arbitrary code execution given the "right" circumstances
[-] CORE: Fixed a panel restriction bug
[-] CORE: Added a MIME check function so faulty extensions won´t be uploaded to the system
[-] FORUM: Fixed SQL injection
[-] FORUM: Fixed Reflected XSS vulnerability
[-] FORUM: Fixed a bug where signature state couldn't be changed after a post
[-] FORUM: Fixed a bug where after deleting a user due to insufficient clean up several areas of the forum would display wrong or incomplete information
[-] INCLUDES: Fixed RCE and CSRF vulnerabilites
[-] ADMIN: Fixed a potential security issue which could lead to file inclusion and arbitrary code execution given the "right" circumstances
[-] ADMIN: Fixed several SQL injections
[-] ADMIN: Fixed a bug which could lead to arbitrary file deletition
[-] ADMIN: Fixed several Reflected XSS vulnerabilities
[-] USERS: Fixed bug #1366 - HTTPS schema bug in user's site address
[-] USERS: Fixed bug #1360 - avatar images resizing bug
[-] FRONT: Fixed Reflected XSS vulnerability
[*] FILES: The minor file check tool we've made is an ongoing work, we have alot of files in the system that are orphan files. So we designed this one to start the general cleaning process.
[*] ADMIN: Strengthened temporary backup file name while creating a backup up
[*] FORUM: Improved "Edit reason" animation responsiveness
ALso we would like to take the time and opportunity to note that the merger of the old Development site to Development here has gone very smoothly and as you no doubt can see, many developers have been very busy and hard at work, both with this patch and also with the work on v8 as well.
Thank you all who are working hard with the development of this fine CMS!
We will release a special news item regarding v8 the next couple of days, not in detail as of yet, but keeping you all posted about how far we've come, where we're going with it and how we will achieve it.
We're alive and kicking and we will be even more so!
Download upgrade here : PHP-Fusion 7.02.07-Update
Download full version here : PHP-Fusion 7.02.07