Introduction
The Kunena team is proud to announce the arrival of Kunena 5.1.10 [K5.1.10] which is now available for download as a native Joomla extension for Joomla 3.9.x. This version addresses most of the issues that were discovered in K 5.1 and issues discovered during the development stages of K 5.1.10. This update fixed 1 security issue.
We have Released K5.1.10 because of a 1 Medium Security issue
The key distinctions of K 5.1.10 are:
- 1 Security fix - Medium
- Disable Joomla Login disables the complete dropdown also when you are loggin.
- Improve install checks
- Global Mods should have access to the tab Subscriptions in user profiles
- Validation error - duplicate ids
- When creating a topic or answer, the lightbox will not loaded
- Fix invalid HTML in Twitter widget
- Fix some closing tags html
- Crypsis b3 | Toggle button: It shows the description instead the symbol
- Crypsis b3 | Rendering Error in layout Widget/Social
- Fix instagram autoembed
- Backend: no action when I clicking on Moderator icon
- not validate api key
- RSS Feed | Ex- and Include categories affects the entire global feed
- Update readme and set joomla 3.9.3 as minimal version
- Trying to get property 'title' in template/j3/rank/edit.php
- Update Fancybox and Fontawesome
- Find the full changes: Here.
Active menu class - Medium vulnerability
[20190227] - Core - XSS Vulnerability
• Project: Kunena• SubProject: Forum
• Severity: Medium
• Versions: 5.1.0 through 5.1.10
• Exploit type: XSS
• Reported by: Arcus Security GmbH (Stefan Horlacher)
• Reported Date: 2019-02-27
• Fixed Date: 2019-02-27
• Release Date: 2019-03-03
Description:
Override active menu item lead to an XSS vulnerability.
Affected Installs
Kunena versions 5.1.0 through 5.1.10
Solution
Upgrade to version 5.1.10
Contact
Download
K 5.1.10 is available for download on the download page.