FluxBB 1.4.2 released

Today we have released FluxBB 1.4.2 This release fixes various minor bugs, as well as a rare bug when upgrading from 1.2 and a critical vulnerability in PHP <= 5.2.13/5.3.2 regarding unserialize().

Note: The vulnerability is in PHP and not FluxBB itself! If you are running PHP 5.2.14/5.3.3 or later the vulnerability does not affect you, and this upgrade is not critical, though obviously we recommend upgrading anyway

Changes since 1.4.1 include:

 

•PHP unserialize() vulnerability affects cookie data

 

•Upgrading to utf8_general_ci can cause “identical” usernames

 

•Huge posts can break formatting

 

•Blank errors from DBLayer::error() when a transaction fails

 

•Parameters of extern.php changed from 1.2 to 1.4

 

•Reason must be under 65535 bytes when making a report

 

•FluxBB’s cache is not updated when used with apc.stat=0

 

•Constant PUN_RANKS_LOADED already defined

 

•Censor URL in viewtopic.php

 

•No IP when banning a user without posts

 

•LIMIT X,Y is used in various places other than just displaying posts

 

•Add database password confirmation in install script

 

•Localization of “New forum”

 

•Name for quick reply form

 

For language pack maintainers:

 

•admin_forums.php – new entry: ‘New forum’

 

•misc.php – new entry: ‘Reason too long’

 

•post.php – ‘Too long message’ has changed to accept a parameter specifying the max length instead of being hard-coded

 

•mail_templates/rename.tpl – New mail template

 

As usual, downloads can be found on the download page and in the download folder. http://fluxbb.org/downloads/

Leave a Reply

Your email address will not be published. Required fields are marked *