Introduction

The Kunena team is proud to announce the arrival of Kunena 5.0.4 [K 5.0.4] which is now available for download as a native Joomla extension for J! 3.6.x. This version addresses most of the issues that were discovered in K 5.0 and issues discovered during the development stages of K 5.0. This is a Security release.

The key distinctions of K 5.0.4 are:

  • XSS - HIGH vulnerability - File Upload
  • 17 bugs fixed
  • 19 enchaments
  • Find the full changes: Here.

Update instructions

Because K5.0 has depricated the old templates, you should do a backup first (files and database). After the update. You need to recheck the settings. Kunena Configuration and on the template itself (template manager - click on the template name).

Upgrading to K 5.0 involves changes that may affect Kunena's interoperability with other extensions installed on your site. For this reason it is advisable that you first test K 5.0.4 on a test site before you upgrade your live production site(s). At this stage the team is not treating interoperability with other Joomla extensions as the topmost priority. The main priority at this time is about installation/upgrade and operability as a standalone Joomla component.

K 5.0.4 is available for download on the download page.



Changes


XSS - HIGH vulnerability - File Upload

[20161121] - Core - Upload Modifications

• Project: Kunena
• SubProject: Forum Core
• Severity: High
• Versions: 4.0.0 through 5.0.3
• Exploit type: Upload Modifications
• Reported by: Glenn Smith
• Reported Date: 2016-November-21
• Fixed Date: 2016-November-22
• Release Date: 2016-November-26
• Joomla VEL: Joomla Vel

Description:
Incorrect check on file upload, serveral file extensions could be uploaded. In some server settings you could exploit the file as a XSS vulnerability.

Affected Installs

Kunena versions 4.0.0 through 5.0.3

Solution

Upgrade to version 5.0.4

Contact

This email address is being protected from spambots. You need JavaScript enabled to view it..


More SEO Improvements

We have improved more seo pages. Google should not warn any message again. If you found some, please inform us on the forum.


Plain HTML Emails

We have now supported plain html emails, the new setting is on the kunena configuration - user tab.


Tooltips Option

You could now disable the tooltips. Setting is on the template settings - Basic settings tab


Donate

Kunena is open source and free to use. We love providing one of the best forum out there, and don't expect to be paid for it. That said, projects like this have costs involved such as hosting and licenses. If you feel you have benefited from Kunena, and are able to do so, we would love your contribution. If you don't have the money to donate, then don't use any adblocker on our website. This will help us with the advertisements.

Log in to comment

roland_d_alsace replied the topic: #1 2 years 10 months ago

redlo wrote: Is posible update k 4.0.11 to 5.0.4 directy? Problems? . I have a forum with 75.000 user . And It's important for me not to encounter problems.
Thanks ;)

Hi.

Never do this. Even if everyone tells you there will be no problems !

Always 1st do this in a testing website, clone of you production site.

K4 and K5 are major version, not minor version.

merry Christmas
Nemo10's Avatar
Nemo10 replied the topic: #2 2 years 10 months ago
Redio

it is important to all of us, personally, but easy to understand your caution.

Other than setting up on a duplicate site, as I did, I would tread very carefully.

You'll get a lot of help on here but only after the event, and sometimes none at all, depends on the issue and how it has been described.

They do the best they can but it is all voluntarily so you sort of get what you pay for (or don't). You wont get a guarantee, none of us will.

The only problem with staying with K4.xxx are security issues, we found out the hard way but am now happy with K5.0.4, but only after testing, testing, testing on a duplicate site.

Always best to start your own topic, you'll get a faster response that way.
redlo's Avatar
redlo replied the topic: #3 2 years 10 months ago
Is posible update k 4.0.11 to 5.0.4 directy? Problems? . I have a forum with 75.000 user . And It's important for me not to encounter problems.
Thanks ;)
polleke's Avatar
polleke replied the topic: #4 2 years 11 months ago
Hi very nice. But now i can no longer add topics to the forum. How comes.

regards Jan