Introduction
The Kunena team is proud to announce the arrival of Kunena 5.1.8 [K5.1.8] which is now available for download as a native Joomla extension for Joomla 3.9.x. This version addresses most of the issues that were discovered in K 5.1 and issues discovered during the development stages of K 5.1.8. This update fixes also 3 security issue.
We have Released K5.1.8 because of a 1 Medium Security issue, and 2 Low Security issues.
The key distinctions of K 5.1.8 are:
- 1 Security fix - Medium
- 2 Security fix - Low
- CB avatar has wrong path
- Add button to subscribe users to categories selected
- Uncaught ReferenceError: Joomla is not defined at bootstrap-datepicker
- add missing tbody and tbody classes (Ruud)
- Thumbnail fix unknown image
- fix lightbox disable
- Add a button to subscribe users to categories/topics
- Fix tooltip title when teaser is enabled
- Subject doesn't changed after the editting
- Kunena Options Highlight table row if value has changed
- It lacks the language strings for the privacy menu in the plg_system_privacy
- [DOM] Input elements should have autocomplete attributes
- [DOM] Found 2 elements with non-unique id
- Two menus
- Update Copyright Year
- Fix PHP 7.3 warning: "continue" in "switch" is equal to "break"
- Update Fancybox and Fontawesome
- Empty modal after adding it to the message
- Improve inline code. (Hide attachment from the bottom list under the message.)
- Find the full changes: Here.
Delete Attachments - Medium vulnerability
[20181230] - Core - XSS Vulnerability
• Project: Kunena• SubProject: Forum
• Severity: Medium
• Versions: 3.0 through 5.1.8
• Exploit type: XSS
• Reported by: Kunena Team
• Reported Date: 2018-12-29
• Fixed Date: 2018-12-29
• Release Date: 2018-12-30
Description:
Override authorize checks lead to an XSS vulnerability..
Affected Installs
Kunena versions 3.0.0 through 5.1.6.1 (Kunena 5.1.8 is not affected)
Solution
Upgrade to version 5.1.8
Contact
Delete Avatar - Low vulnerability
[20181230] - Core - XSS Vulnerability
• Project: Kunena• SubProject: Forum
• Severity: Low
• Versions: 3.0 through 5.1.8
• Exploit type: XSS
• Reported by: Kunena Team
• Reported Date: 2018-12-29
• Fixed Date: 2018-12-29
• Release Date: 2018-12-30
Description:
Override authorize checks lead to an XSS vulnerability..
Affected Installs
Kunena versions 3.0.0 through 5.1.6.1 (Kunena 5.1.8 is not affected)
Solution
Upgrade to version 5.1.8
Contact
Change inline Attachment status - Low vulnerability
[20181230] - Core - XSS Vulnerability
• Project: Kunena• SubProject: Forum
• Severity: Low
• Versions: 3.0 through 5.1.8
• Exploit type: XSS
• Reported by: Kunena Team
• Reported Date: 2018-12-29
• Fixed Date: 2018-12-29
• Release Date: 2018-12-30
Description:
Override authorize checks lead to an XSS vulnerability..
Affected Installs
Kunena versions 3.0.0 through 5.1.6.1 (Kunena 5.1.8 is not affected)
Solution
Upgrade to version 5.1.8
Contact
Download
K 5.1.8 is available for download on the download page.