Introduction

The Kunena team is proud to announce the arrival of Kunena 5.1.8 [K5.1.8] which is now available for download as a native Joomla extension for Joomla 3.9.x. This version addresses most of the issues that were discovered in K 5.1 and issues discovered during the development stages of K 5.1.8. This update fixes also 3 security issue.

We have Released K5.1.8 because of a 1 Medium Security issue, and 2 Low Security issues.

The key distinctions of K 5.1.8 are:

  • 1 Security fix - Medium
  • 2 Security fix - Low
  • CB avatar has wrong path
  • Add button to subscribe users to categories selected
  • Uncaught ReferenceError: Joomla is not defined at bootstrap-datepicker
  • add missing tbody and tbody classes (Ruud)
  • Thumbnail fix unknown image
  • fix lightbox disable
  • Add a button to subscribe users to categories/topics
  • Fix tooltip title when teaser is enabled
  • Subject doesn't changed after the editting
  • Kunena Options Highlight table row if value has changed
  • It lacks the language strings for the privacy menu in the plg_system_privacy
  • [DOM] Input elements should have autocomplete attributes
  • [DOM] Found 2 elements with non-unique id
  • Two menus
  • Update Copyright Year
  • Fix PHP 7.3 warning: "continue" in "switch" is equal to "break"
  • Update Fancybox and Fontawesome
  • Empty modal after adding it to the message
  • Improve inline code. (Hide attachment from the bottom list under the message.)
  • Find the full changes: Here.

Delete Attachments - Medium vulnerability

[20181230] - Core - XSS Vulnerability

• Project: Kunena
• SubProject: Forum
• Severity: Medium
• Versions: 3.0 through 5.1.8
• Exploit type: XSS
• Reported by: Kunena Team
• Reported Date: 2018-12-29
• Fixed Date: 2018-12-29
• Release Date: 2018-12-30

Description:
Override authorize checks lead to an XSS vulnerability..

Affected Installs

Kunena versions 3.0.0 through 5.1.6.1 (Kunena 5.1.8 is not affected)

Solution

Upgrade to version 5.1.8

Contact

This email address is being protected from spambots. You need JavaScript enabled to view it..


Delete Avatar - Low vulnerability

[20181230] - Core - XSS Vulnerability

• Project: Kunena
• SubProject: Forum
• Severity: Low
• Versions: 3.0 through 5.1.8
• Exploit type: XSS
• Reported by: Kunena Team
• Reported Date: 2018-12-29
• Fixed Date: 2018-12-29
• Release Date: 2018-12-30

Description:
Override authorize checks lead to an XSS vulnerability..

Affected Installs

Kunena versions 3.0.0 through 5.1.6.1 (Kunena 5.1.8 is not affected)

Solution

Upgrade to version 5.1.8

Contact

This email address is being protected from spambots. You need JavaScript enabled to view it..


Change inline Attachment status - Low vulnerability

[20181230] - Core - XSS Vulnerability

• Project: Kunena
• SubProject: Forum
• Severity: Low
• Versions: 3.0 through 5.1.8
• Exploit type: XSS
• Reported by: Kunena Team
• Reported Date: 2018-12-29
• Fixed Date: 2018-12-29
• Release Date: 2018-12-30

Description:
Override authorize checks lead to an XSS vulnerability..

Affected Installs

Kunena versions 3.0.0 through 5.1.6.1 (Kunena 5.1.8 is not affected)

Solution

Upgrade to version 5.1.8

Contact

This email address is being protected from spambots. You need JavaScript enabled to view it..


Download

K 5.1.8 is available for download on the download page.

Log in to comment

mikerotec replied the topic:
5 years 1 month ago
mikerotec's Avatar

810 wrote: see your new topic.


... um, we can't install this security patch until its installer is FIXED ( see www.kunena.org/forum/k5-1-support/155985...-update-error#206697 )
810 replied the topic:
5 years 2 months ago
810's Avatar
see your new topic.
mikerotec replied the topic:
5 years 2 months ago
mikerotec's Avatar
attempted today's update: got this error message and update failed
Update failed: got this error updating from 5.1.7
Class 'Joomla\CMS\Filesystem\Folder' not found

Joomla! 3.8.13
PHP Version 7.2.13