Jump to content
Forum²

Update: WoltLab Suite 5.4.13 / 5.3.19 / 5.2.19 / 3.1.27


Recommended Posts

Guest Alexander Ebert
Posted

We have just released new versions of our products:

 

  • WoltLab Suite 5.4.13
  • WoltLab Suite 5.3.19
  • WoltLab Suite 5.2.19
  • WoltLab Suite 3.1.27

 

Stability releases (third part of the version number, also known as "patch releases") aim to solve existing problems in the current version. Like every stability release, they do not introduce new features. It is strongly recommended to apply these updates.

 

[HEADING=1]Security Notice[/HEADING]

 

We have received a report that suggested that there is a fatal flaw in the processing of unknown BBCodes. The issue was confirmed to be a vulnerability for “cross-site scripting” (“XSS”) attacks that allows an attacker to embed JavaScript from external sources and have the code executed in the context of the page.

 

 

 

Thanks to @methosiea for reporting the issue.

 

 

 

All WoltLab Cloud customers have already been patched to address these issues

 

[HEADING=1]How to Apply Updates[/HEADING]

 

Open your Administration Control Panel and navigate to "Configuration > Packages > List Packages". Please click on the button "Search for Updates" located in the right corner above the package list.

 

[HEADING=1]Notable Changes[/HEADING]

 

The list below includes only significant changes, minor fixes or typos are generally left out.

 

[HEADING=2]WoltLab Suite Core[/HEADING]

  • (SECURITY): The processing of unknown BBCodes worked incorrectly and could be exploited to execute “cross-site scripting“ (“XSS”) attacks. 5.4 5.3 5.2 3.1
  • The encoding of single dots in e-mail headers has been corrected. 5.4 5.3
  • For developers: Processing of surveys with FormBuilder was improved. 5.4
  • For developers: Entering the minimum version for com.woltlab.wcf is now checked when editing the package.xml by the developer tools. 5.4
  • PHP 8.1 compatibility has been improved. 5.4

 

Continue reading...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...