Oh no! Where's the JavaScript?
Your Web browser does not have JavaScript enabled or does not support JavaScript. Please enable JavaScript on your Web browser to properly view this Web site, or upgrade to a Web browser that does support JavaScript.
Sign In
Not a member yet? Click here to register.
Navigation

Update v7.02.07 released

Falk, June 18 2013 — Critical patch v7.02.07 released!

Since our last patch we've discovered several security vulnerabilities that were not adressed in that patch, which have had us working really hard to release a major patch with all critical vulnerabilities tight shut once and for all, and also some bug´s have been adjusted.
Since this patch adresses several critical security vulnerabilities, we strongly recommend every single user out there to upgrade to this patch.
The version number is v7.02.07 and below follows a list of what's been adressed.

v7.02.07

[-] CORE: Fixed a potential security issue which could lead to file inclusion and arbitrary code execution given the "right" circumstances
[-] CORE: Fixed a panel restriction bug
[-] CORE: Added a MIME check function so faulty extensions won´t be uploaded to the system
[-] FORUM: Fixed SQL injection
[-] FORUM: Fixed Reflected XSS vulnerability
[-] FORUM: Fixed a bug where signature state couldn't be changed after a post
[-] FORUM: Fixed a bug where after deleting a user due to insufficient clean up several areas of the forum would display wrong or incomplete information
[-] INCLUDES: Fixed RCE and CSRF vulnerabilites

[-] ADMIN: Fixed a potential security issue which could lead to file inclusion and arbitrary code execution given the "right" circumstances
[-] ADMIN: Fixed several SQL injections
[-] ADMIN: Fixed a bug which could lead to arbitrary file deletition
[-] ADMIN: Fixed several Reflected XSS vulnerabilities

[-] USERS: Fixed bug #1366 - HTTPS schema bug in user's site address
[-] USERS: Fixed bug #1360 - avatar images resizing bug

[-] FRONT: Fixed Reflected XSS vulnerability

[*] FILES: The minor file check tool we've made is an ongoing work, we have alot of files in the system that are orphan files. So we designed this one to start the general cleaning process.


Improved/changed features:

[*] ADMIN: Strengthened temporary backup file name while creating a backup up
[*] FORUM: Improved "Edit reason" animation responsiveness


ALso we would like to take the time and opportunity to note that the merger of the old Development site to Development here has gone very smoothly and as you no doubt can see, many developers have been very busy and hard at work, both with this patch and also with the work on v8 as well.
Thank you all who are working hard with the development of this fine CMS!
We will release a special news item regarding v8 the next couple of days, not in detail as of yet, but keeping you all posted about how far we've come, where we're going with it and how we will achieve it.
We're alive and kicking and we will be even more so!

Download upgrade here : PHP-Fusion 7.02.07-Update
Download full version here : PHP-Fusion 7.02.07

You might also like:

  • by Falk
    PHP-Fusion Main have been upgraded to PHP-Fusion 9 (9.03)
    Besides the custom Theme we have upgraded basics such as Users, Forums, Downloads, FaQ and a larger patch to AddonDB.…
    Continue Reading
    0 1160
  • by Falk
    v7 to v9 Themes Ported
    RobiNN have been porting some of the more popular Themes from 7 to 9 for us. We will even be…
    Continue Reading
    0 3115
  • by Falk
    Merry Christmas and a Happy New 2018
    Merry Christmas and a Happy New 2018To all our National Support Sites, Co-workers, Users, Supporters and to all our…
    Continue Reading
    0 6747
  • by Falk
    PHP-Fusion 9.0 Stable
    We are very proud to offer the most advanced and feature rich PHP-Fusion version ever released. Download PHP-Fusion…
    Continue Reading
    0 45437