×
Kunena 5.2 Beta 1 Released (24 Sep 2020)

The Kunena team is thrilled to announce the first public beta release of Kunena 5.2, a native Joomla extension for Joomla 3.9. This is a development release and should be only be used for testing; this version is not recommended for live websites at this stage.

The purpose of this release is to encourage testing by downloading, installing and identifying any problems or shortcomings that people may discover. K 5.2.0 B1 is stable and we are aware that people will discover defects. We encourage you to use the forum to report defects, as soon as they are discovered, so that the development team can work through the problems before the release of K 5.1 as a stable product. Reporting defects does not mean that the problems can or will be fixed. The Kunena team is looking forward to hearing your feedback on how well we have achieved our design goals.

Question Kunena 5.1.14 Released - Security update

More
1 year 1 month ago #1 by 810
The key distinctions of K 5.1.14 are:

1 Security fix -...

Introduction

The Kunena team is proud to announce the arrival of Kunena 5.1.14 [K5.1.14] which is now available for download as a native Joomla extension for Joomla 3.9.x. This version addresses most of the issues that were discovered in K 5.1 and issues discovered during the development stages of K 5.1.14. This update fixed 1 security issue.

We have Released K5.1.14 because of a 1 High Security issue

1 New feature to turn off "Re:" on subject names.

Read more...

Please Log in or Create an account to join the conversation.

More
1 year 3 weeks ago #2 by reufelss
Sorry but Iám new hier.

We have the cross site scripting problem. By abusing the vulnerability an attacker can store JavaScript in the database, which is stored in the title of the answer he or she wrote. The now stored XSS is executed every time a user enters the affected topic in the forum, which could therefore be triggered by any user of the system. Note that the XSS gets only executed if it is the latest answer of the topic.

Can you help us?

Attachment not found


Attachment not found

Please Log in or Create an account to join the conversation.

More
1 year 3 weeks ago #3 by 810
You should install the update, then the problem should be solved. If you run any issue, then please try the nightly build, its on our download page, on the bottom.

Please Log in or Create an account to join the conversation.

More
1 year 3 weeks ago #4 by reufelss
I have installed the update. Our Version is 5.1.14

Please Log in or Create an account to join the conversation.

More
1 year 3 weeks ago - 1 year 3 weeks ago #5 by reufelss
Hello, we have just installed version 5.1.15 DEV. Unfortunately, Java scripts, e.g. when replying to posts, can be execute in the header.
We testet it with the script "><script>alert(1)</script>
Last edit: 1 year 3 weeks ago by reufelss.

Please Log in or Create an account to join the conversation.

More
1 year 3 weeks ago #6 by rich
Please use the correct category for your problem. This category here is for official announcements and not for troubleshooting.

Please Log in or Create an account to join the conversation.

  • Not Allowed: to create new topic.
  • Not Allowed: to reply.
  • Not Allowed: to edit your message.
Time to create page: 0.110 seconds