Kunena 7.0.5 & Kunena 6.4.11 – Security Updates Released

The Kunena team has announce the arrival of Kunena 7.0.5 [K 7.0.5] in stable which is now available for download as a native Joomla extension for J! 5.4.x/6.0.x. This version addresses most of the issues that were discovered in K 6.2 / K 6.3 / K 6.4 and issues discovered during the last development stages of K 7.0.

The Kunena team is also pleased to announce the eleventh version of Kunena 6.4, a native Joomla extension for Joomla! 5.0, 5.1, 5.2, 5.3, 5.4 and 6.0.

Question Install warning - Upgrade from 1.0.7b to 1.0.8

More
17 years 3 months ago - 17 years 3 months ago #3999 by lelkins
Install warning - Upgrade from 1.0.7b to 1.0.8 was created by lelkins
I got the following messages when upgrading Kunena from 1.0.7b to 1.0.8

Warning: Unable to fix fb_favorites table. All Favorites will be removed.\nDB function failed with error number 1044
Access denied for user 'xxx'@'%' to database 'xxx' SQL=CREATE TEMPORARY TABLE jos_fb_temp SELECT thread, userid FROM jos_fb_favorites WHERE userid>0 GROUP BY thread, userid
SQL =

CREATE TEMPORARY TABLE jos_fb_temp SELECT thread, userid FROM jos_fb_favorites WHERE userid>0 GROUP BY thread, userid

in xxx\components\com_kunena\lib\kunena.debug.php on line 69

Warning: Unable to fix fb_subscriptions table. All Subscriptions will be removed.\nDB function failed with error number 1044
Access denied for user 'xxx'@'%' to database 'xxx' SQL=CREATE TEMPORARY TABLE jos_fb_temp SELECT thread, userid, future1 FROM jos_fb_subscriptions WHERE userid>0 GROUP BY thread, userid
SQL =

CREATE TEMPORARY TABLE jos_fb_temp SELECT thread, userid, future1 FROM jos_fb_subscriptions WHERE userid>0 GROUP BY thread, userid
xxx\components\com_kunena\lib\kunena.debug.php on line 69


I hope this is all the info that you need. If you need any more then just ask and I will do my best to answer.

EDIT: Having a quick play around and it seems to have installed ok. All features seem to be working as expected and it showed Install:Successful

Many thanks.
Last edit: 17 years 3 months ago by lelkins.

Please Log in or Create an account to join the conversation.

More
17 years 3 months ago #4002 by fxstein
Replied by fxstein on topic Re:Install warning - Upgrade from 1.0.7b to 1.0.8
Hi,

Yes we expect to see this on some system. It is non critical - just a warning.

There was a severe security vulnerability in prior releases that allowed unregistered users to submit countless subscription and favorite requests to the server. This could have eventually crashed the server.

In order to fix the problem we had to cleanup the existing tables.

The warning is because your MySQL user id does not have the proper authorization to perform a create temporary table statement.

The fall back logic is to remove all favorites and subscriptions if invalid ones have been detected.

We appologize for the warning but had to code a logic that guarantees that security and content is restored.

FYI This is an old FB security bug, most likely there since very early releases, potentially dating back to before FB.

The install finishes even if you encounter these warnings.

We will add it to the requirements pages and FAQ so other know what is happening here.

Have a great day!

fxstein
We love stars on the Joomla Extension Directory . :-)

Please Log in or Create an account to join the conversation.

More
17 years 3 months ago #4011 by lelkins
Replied by lelkins on topic Re:Install warning - Upgrade from 1.0.7b to 1.0.8
Thanks for the quick reply.
I see that it isn't a problem, unfortunately I am with a shoddy host who doesn't allow temporary tables.
Thanks for the great work, having a quick look and so far it does seem quicker. I will post back with anything I notice.

Again, thanks. Now time to hit the pub for a week or 2?

Please Log in or Create an account to join the conversation.

Time to create page: 0.225 seconds