ATTENTION! This release contains an XSS and SQL Injection Vulnerability fix. All previous versions of kunena are affected. Please update immediately.
Kunena 3.0.6 [K 3.0.6] is available for download as a native Joomla extension for J! 2.5 and J! 3.x. This version is a security release for Kunena that addresses several maintenance issues that have been reported since the last version release. and this new version replaces (and makes obsolete) all previous versions of Kunena.
This version of Kunena coincides with the simultaneous release of an updated language pack, downloaded separately, for deployment on non-English websites. The release of this version does not not coincide with the release of other Kunena Add-ons that have not been updated at this time and that may or may not be updated for this version.
In general, Kunena Add-ons designed for previous versions of K 3.x should interoperate with this version of Kunena; in general, Kunena Add-ons designed for older major versions of Kunena will not interoperate with this version of Kunena.
The summary of important changes in K 3.0.6 are:
- XSS vulnerability (credit goes to Raymond Rizk from Dionach Ltd., thank you for the report, much appreciated.
- SQL Injection vulnerability (credit goes to Raymond Rizk from Dionach Ltd., thank you for the report, much appreciated.
The Kunena 3.0.6 release notes are essential reading before installing K 3.0.6 for the first time or if you are upgrading from an earlier version of Kunena.
Upgrading to K 3.0 involves changes that may affect Kunena's interoperability with other extensions installed on your site. For this reason it is advisable that you first test K 3.0.6 on a test site before you upgrade your live production site(s).
For users who are familiar with older versions of Kunena, an overview of some of key differences is given in Kunena Features in the Wiki.
Find the full online README: Here.
K 3.0.6 is available for download on the download page.
K 3.0.6 is has been tested with the latest J! 3.3.3 (stable) and further work has been done to make Kunena more compatible with the J! 3.2.X series. For people contemplating the use of J! 3.3 on their site they should first test K 3.0.6 to make sure that there are no outstanding compatibility issues.
The team is is continuing to develop new, optional add-ons for Kunena — additional templates and features (e.g. WYSIWYG editing, "teasers") — that will be probably become available in the medium-term on a commercial basis (that is, things people will be able to purchase). The basic component and the currently available modules and plugins will continue to be available at no cost and there are no plans to reduce the current features in those areas.