Kunena 2.0.3 Security Release
- Details
- Published on Saturday, 24 November 2012 10:30
The Kunena team has now released Kunena 2.0.3 for J! 1.5 and J! 2.5. K 2.0.3 is a security and maintenance release for Kunena that addresses over 75 issues that were reported since the last version release. The Kunena team recommends this updated version as a replacement for any earlier version of Kunena.
Details about K 2.0.3 are contained in the Kunena 2.0.3 release notes. Although K 2.0.3 is only a minor dot-point release, there are enough changes in behaviour between this version and the previous release (K 2.0.2) that make it essential for people to read the release notes before upgrading. Reading the release notes will better prepare you for changes to the way Kunena now works.
As a security response against possible XSS attacks, K 2.0.3 makes all previous versions of Kunena obsolete and no longer supported by the team. We encourage all users to upgrade to this new version as soon as possible to avoid the possibility that your forum's operations may be compromised as a result of this issue.
With the release of K 2.0.3 out of the way, the Kunena team will now be able to focus attention on the development of K 3.0. The essential differences between K 3.0 and K 2.0 are
- K 3.0 will not support J! 1.5
- K 3.0 will support J! 2.5 and J! 3.0
K 2.0.3 Highlights
- A potential XSS vulnerability has been detected and changes have been made to address this matter.
- Changes to improve compatibility with J! 2.5, PHP, HTML and CSS (including the interoperability with some third-party plugins that may be used with Kunena).
- Changes to improve compatibility with RSS feeds and other fixes relating to RSS content filtering
- Fixes to many reported problems with Kunena menu types that failed to work since the introduction of K 2.0
- Changed behaviour: Moderators can now delete unapproved topics and posts
- Changed behaviour: Users no longer have the option to change their votes in polls. This feature (introduced in K 1.7) has caused numerous problems and, for sake of continued reliability, it was decided that this option should be removed from the component.
- Changed behaviour: Guests can now see if attachments exist. This change sets K 2.0 behaviour to the way the forum behaved in K 1.7)
- Changed behaviour: Added confirmation dialog to Restore Default Settings
- Improved security and operation in connection with Kunena Announcements
- Remediation of Last post date "42 years ago" - access denied to topic - database errors
Kunena 2.0.3 is available for download at http://www.kunena.org/download.
The future of K 2.0
With the release of K 2.0.3 completed, and with the team now focusing on K 3.0, we would expect that this version will be the last in the K 2.0 series. This means that K 2.0.3 will be the only version supported (by the team) as far as J! 1.5 is concerned, but only to the extent of providing essential hotfixes. It is unlikely that a new version of K 2.0 will be released after this time.
What this means for those who have J! 1.5 websites is that they will be stuck with K 2.0 and people will not be able to take advantage of enhancements, features or bugfixes that may occur in future. What this means for those who have J! 1.5 is that, at some stage after the release of K 3.0, K 2.0 will no longer be supported by the team. This should signal J! 1.5 site operators to consider their strategic position as to how they will proceed from now. While there is no urgency at this time for people to upgrade from a website that they currently have no problems with, this does not mean that people should necessarily become complacent either. These are matters for each J! 1.5 site owner to consider for themselves.
The future of Kunena is tied to the future of Joomla. With J! 3.0 soon to be used more widely, the team is making efforts to respond to the ongoing challenges of ensuring that Kunena meets the growing demand for the "latest and greatest".
