Introduction
The Kunena team is proud to announce the arrival of Kunena 5.0.4 [K 5.0.4] which is now available for download as a native Joomla extension for J! 3.6.x. This version addresses most of the issues that were discovered in K 5.0 and issues discovered during the development stages of K 5.0. This is a Security release.
The key distinctions of K 5.0.4 are:
- XSS - HIGH vulnerability - File Upload
- 17 bugs fixed
- 19 enchaments
- Find the full changes: Here.
Update instructions
Because K5.0 has depricated the old templates, you should do a backup first (files and database). After the update. You need to recheck the settings. Kunena Configuration and on the template itself (template manager - click on the template name).
Upgrading to K 5.0 involves changes that may affect Kunena's interoperability with other extensions installed on your site. For this reason it is advisable that you first test K 5.0.4 on a test site before you upgrade your live production site(s). At this stage the team is not treating interoperability with other Joomla extensions as the topmost priority. The main priority at this time is about installation/upgrade and operability as a standalone Joomla component.
K 5.0.4 is available for download on the download page.
Changes
XSS - HIGH vulnerability - File Upload
[20161121] - Core - Upload Modifications
• Project: Kunena• SubProject: Forum Core
• Severity: High
• Versions: 4.0.0 through 5.0.3
• Exploit type: Upload Modifications
• Reported by: Glenn Smith
• Reported Date: 2016-November-21
• Fixed Date: 2016-November-22
• Release Date: 2016-November-26
• Joomla VEL: Joomla Vel
Description:
Incorrect check on file upload, serveral file extensions could be uploaded. In some server settings you could exploit the file as a XSS vulnerability.
Affected Installs
Kunena versions 4.0.0 through 5.0.3
Solution
Upgrade to version 5.0.4
Contact
More SEO Improvements
We have improved more seo pages. Google should not warn any message again. If you found some, please inform us on the forum.
Plain HTML Emails
We have now supported plain html emails, the new setting is on the kunena configuration - user tab.
Tooltips Option
You could now disable the tooltips. Setting is on the template settings - Basic settings tab
Donate
Kunena is open source and free to use. We love providing one of the best forum out there, and don't expect to be paid for it. That said, projects like this have costs involved such as hosting and licenses. If you feel you have benefited from Kunena, and are able to do so, we would love your contribution. If you don't have the money to donate, then don't use any adblocker on our website. This will help us with the advertisements.