FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » FUDforum » FUDforum Announcements » FUDforum 2.7.0 Released
Show: Today's Messages :: Unread Messages :: Show Polls :: Message Navigator
| Subscribe to topic | Bookmark topic 
Switch to threaded view of this topic Create a new topic Submit Reply
FUDforum 2.7.0 Released [message #26956] Tue, 23 August 2005 09:50 Go to next message
Ilia is currently offline  Ilia   Canada
Messages: 13241
Registered: January 2002
Karma: 0
Senior Member
Administrator
Core Developer
add to buddy list
ignore all messages by this user
After a fairly short incubation period, 2.7.0 final is now available for download.

!!!!!!!!!!!!!!!!
The release was made a bit faster then anticipated in response to a rather serious security problem found in the uploaded avatar handling code. All who use FUDforum and allow forum members to upload custom avatars are encouraged to upgrade immediately.
!!!!!!!!!!!!!!!!

The details of the exploit are not being released at this time, but believe me when I say that the problem is quite serious and you should most definitely upgrade if you use the uploaded avatar functionality.

Aside from the fix for the security problem, this release integrates a number of other changes and improvements.

Changes:
  1. Fixed a number of edge cases where E_NOTICE warnings may be generated.
  2. Unify SQL error handling.
  3. A number of PostgreSQL fixes and computability changes for older PostgreSQL releases.
  4. Fixed topic view skip in upgrade script.
  5. Fixed per-topic show unread and today's posts links.
  6. Added view building validation.
  7. Datadump import fixes for PostgreSQL.
  8. Added support for [ hr ] tag to FUDcode.
  9. Added handlers for situations where mbstring function overload is enabled.
  10. Allow database settings to remain strings, even when they are numbers.


FUDforum Core Developer

[Updated on: Tue, 30 August 2005 09:35]

Report message to a moderator

Re: FUDforum 2.7.0 Released [message #26957 is a reply to message #26956] Tue, 23 August 2005 10:09 Go to previous messageGo to next message
JamesS is currently offline  JamesS   United States
Messages: 275
Registered: July 2002
Location: Atlanta, GA
Karma: 0
Senior Member
add to buddy list
ignore all messages by this user
Will disabling custom avatar uploading prevent the exploit? Also, will disabling custom avatar uploading disable any avatars that have already been uploaded? I will be installing 2.7.0 ASAP but if I can get by for a little while by working around the problem without impacting current uploads I would like to do so.
Re: FUDforum 2.7.0 Released [message #26958 is a reply to message #26957] Tue, 23 August 2005 10:11 Go to previous messageGo to next message
Ilia is currently offline  Ilia   Canada
Messages: 13241
Registered: January 2002
Karma: 0
Senior Member
Administrator
Core Developer
add to buddy list
ignore all messages by this user
You don't need to disable custom avatars all together, simply disabling UPLOADing of avatars will solve the problem for older versions of the forum.

Existing uploaded avatars will not be affected by the disabling process.


FUDforum Core Developer
Re: FUDforum 2.7.0 Released [message #26960 is a reply to message #26956] Tue, 23 August 2005 10:13 Go to previous messageGo to next message
JamesS is currently offline  JamesS   United States
Messages: 275
Registered: July 2002
Location: Atlanta, GA
Karma: 0
Senior Member
add to buddy list
ignore all messages by this user
Thanks.
Re: FUDforum 2.7.0 Released [message #26971 is a reply to message #26956] Tue, 23 August 2005 15:19 Go to previous messageGo to next message
scoates is currently offline  scoates   Canada
Messages: 1
Registered: August 2005
Karma: 0
Junior Member
add to buddy list
ignore all messages by this user
I upgraded to FUDForum 2.7.0, this morning.

I'm running MySQL 3.23 (yeah, I know -- old).

There's a bug in the SQL for MySQL this old. I've already spoken to Ilia about this, and he's on the case.

Just a friendly warning.

S


Re: FUDforum 2.7.0/1 Released [message #26977 is a reply to message #26971] Tue, 23 August 2005 19:12 Go to previous messageGo to next message
Ilia is currently offline  Ilia   Canada
Messages: 13241
Registered: January 2002
Karma: 0
Senior Member
Administrator
Core Developer
add to buddy list
ignore all messages by this user
This has been resolved in 2.7.1 release.

FUDforum Core Developer
Re: FUDforum 2.7.0/1 Released [message #27304 is a reply to message #26977] Sat, 03 September 2005 16:01 Go to previous messageGo to next message
Mathieu is currently offline  Mathieu   France
Messages: 47
Registered: December 2004
Karma: 0
Member
add to buddy list
ignore all messages by this user
Does the security problem also concern the 2.6.15 release?
Re: FUDforum 2.7.0/1 Released [message #27305 is a reply to message #27304] Sat, 03 September 2005 16:03 Go to previous message
Ilia is currently offline  Ilia   Canada
Messages: 13241
Registered: January 2002
Karma: 0
Senior Member
Administrator
Core Developer
add to buddy list
ignore all messages by this user
Yes.

FUDforum Core Developer
Quick Reply
Formatting Tools:   
  Switch to threaded view of this topic Create a new topic
Previous Topic: FUDforum 2.7.2 Released
Next Topic: FUDforum 2.7.3RC2 Released
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Sun Oct 22 04:30:25 EDT 2017

Total time taken to generate the page: 0.00724 seconds