- Posts: 29
- Thank you received: 0
Kunena 7.0.5 & Kunena 6.4.11 – Security Updates Released
The Kunena team has announce the arrival of Kunena 7.0.5 [K 7.0.5] in stable which is now available for download as a native Joomla extension for J! 5.4.x/6.0.x. This version addresses most of the issues that were discovered in K 6.2 / K 6.3 / K 6.4 and issues discovered during the last development stages of K 7.0.
The Kunena team is also pleased to announce the eleventh version of Kunena 6.4, a native Joomla extension for Joomla! 5.0, 5.1, 5.2, 5.3, 5.4 and 6.0.
Question SWF video bbcode no longer working..
15 years 7 months ago - 15 years 7 months ago #65702
by sozzled
Blue Eagle vs. Crypsis reference guide
Read my blog and
Replied by sozzled on topic SWF video bbcode no longer working..
Let me deal first with the flash video question you asked. See
html code in posts?
and the messages following the one I wrote (msg 4).
For the search problem that's a different subject and, as we can't reproduce the symptoms, maybe we'll just have to forget about it for the time being.
As far as the template changes are concerned, they will be disconcerting for some users (as I mentioned in my 'blog posting Kunena 1.6 - a moderator's view ). Some people love the changes and some people don't. C'est la vie.
For the search problem that's a different subject and, as we can't reproduce the symptoms, maybe we'll just have to forget about it for the time being.
As far as the template changes are concerned, they will be disconcerting for some users (as I mentioned in my 'blog posting Kunena 1.6 - a moderator's view ). Some people love the changes and some people don't. C'est la vie.
Blue Eagle vs. Crypsis reference guide
Read my blog and
Last edit: 15 years 7 months ago by sozzled.
Please Log in or Create an account to join the conversation.
15 years 7 months ago #65703
by fxstein
We love stars on the Joomla Extension Directory .
Replied by fxstein on topic SWF video bbcode no longer working..
Hi,
Thanks a lot for your feedback. We are looking into the search issue.
As for the template and its color choices: You can select different colors for some parts of the template inside the template manager.
If you like other styles, there are several in the extension directory. Simply download and install with the Kunena template manager.
As for swf files - yes you are correct. We got flagged for allowing flags files to be embedded by users, as this represents a security vulnerability. A proof of concept was submitted to us that showed how you can take over controls of the browser with an malicious swf file. We had no choice but to disable the function.
Flash is turning more and more into a security risk for websites. You could program to delete topics or do other bad things, that once a moderator or admin visits that page would get executed without you knowing about it.
As much as we liked that feature, we cannot have it part of our distribution.
If somebody was to create a simple hack - that would be outside of our control - but again, you would open up your site to security vulnerabilities.
Sorry for not being or more help here.
Thanks a lot for your feedback. We are looking into the search issue.
As for the template and its color choices: You can select different colors for some parts of the template inside the template manager.
If you like other styles, there are several in the extension directory. Simply download and install with the Kunena template manager.
As for swf files - yes you are correct. We got flagged for allowing flags files to be embedded by users, as this represents a security vulnerability. A proof of concept was submitted to us that showed how you can take over controls of the browser with an malicious swf file. We had no choice but to disable the function.
Flash is turning more and more into a security risk for websites. You could program to delete topics or do other bad things, that once a moderator or admin visits that page would get executed without you knowing about it.
As much as we liked that feature, we cannot have it part of our distribution.
If somebody was to create a simple hack - that would be outside of our control - but again, you would open up your site to security vulnerabilities.
Sorry for not being or more help here.
We love stars on the Joomla Extension Directory .
Please Log in or Create an account to join the conversation.
15 years 7 months ago #65712
by Rooster
Replied by Rooster on topic SWF video bbcode no longer working..
First, let me say thanks for the replies.
@the search: You can reproduce the error? Seriously, your searches for you every time? I've tried on IE8 and FF, both do the same thing.. If that's the case, that's bizzare. (on different PC's too, fwiw).
@the templates: I may have come off harsh, I'm not hating on the new template design/system, and it's cool to know now there are some other options out there. It was never a big deal on the previous version because one of the ones offered by default matched our sites theme/template perfectly
@the meat of the topic, flash: I respect your response, and understand your reasoning. Will you pass along the way to re-enable bbcode flash? My site is a small site, special interest I suppose you could say, no one I don't trust there. And more to the point, don't you think such a decision should be left to the site admin? Make it a congifuration option to allow/enable or not flash code, don't just rip it as a choice from everyone. I mean, by that logic, you should wipe your HDD if you're running a windows operating system, as it COULD potentially be used by hackers to DDoS other computers, or download illegal content, or whatever.. Point is, I respect you and your choice, but humbly request you revisit your decision and allow site admins the decision of whether they want to 'take that risk' or not.
Thanks,
Rooster
@the search: You can reproduce the error? Seriously, your searches for you every time? I've tried on IE8 and FF, both do the same thing.. If that's the case, that's bizzare. (on different PC's too, fwiw).
@the templates: I may have come off harsh, I'm not hating on the new template design/system, and it's cool to know now there are some other options out there. It was never a big deal on the previous version because one of the ones offered by default matched our sites theme/template perfectly
@the meat of the topic, flash: I respect your response, and understand your reasoning. Will you pass along the way to re-enable bbcode flash? My site is a small site, special interest I suppose you could say, no one I don't trust there. And more to the point, don't you think such a decision should be left to the site admin? Make it a congifuration option to allow/enable or not flash code, don't just rip it as a choice from everyone. I mean, by that logic, you should wipe your HDD if you're running a windows operating system, as it COULD potentially be used by hackers to DDoS other computers, or download illegal content, or whatever.. Point is, I respect you and your choice, but humbly request you revisit your decision and allow site admins the decision of whether they want to 'take that risk' or not.
Thanks,
Rooster
Please Log in or Create an account to join the conversation.
15 years 7 months ago - 15 years 7 months ago #65713
by fxstein
We love stars on the Joomla Extension Directory .
Replied by fxstein on topic SWF video bbcode no longer working..
Rooster,
Unfortunately we cannot have an options that makes us vulnerable. Eventually we would get flagged and removed from all public listings out there.
We cannot offer you a hack but I can show you what changed in the svn to make Kunena more secure:
joomlacode.org/gf/project/kunena/scmsvn/....php&r1=3464&r2=3486
Hope this helps!
Unfortunately we cannot have an options that makes us vulnerable. Eventually we would get flagged and removed from all public listings out there.
We cannot offer you a hack but I can show you what changed in the svn to make Kunena more secure:
joomlacode.org/gf/project/kunena/scmsvn/....php&r1=3464&r2=3486
Hope this helps!
We love stars on the Joomla Extension Directory .
Last edit: 15 years 7 months ago by fxstein.
Please Log in or Create an account to join the conversation.
Time to create page: 0.253 seconds