×
Kunena 5.1.5 Released - Security Release (14 Oct 2018)

The Kunena team has announce the arrival of Kunena 5.1.5 [K 5.1.5] which is now available for download as a native Joomla extension for J! 3.8.x. This version addresses most of the issues that were discovered in K 5.1 and issues discovered during the development stages of K 5.1. This is a Security release.

× Topics must relate to a currently supported version of Kunena. If you are unsure what is the current supported version of Kunena, please go to the download page.

If you are having problems then, for your own benefit, it would save us all a lot of time if you would kindly post your configuration report when you ask for help from this forum. If you do not post your configuration report we will not ask you for it but you will probably not get your problem solved, either.

Question Kunena 5.0.10. Security issue?

More
1 year 2 months ago #1 by Smirnov
Hi, I saw this strange problem several times. Finally, I made a screencast ..
Take a look, please.





How to reproduce the problem: I dont know... :( This happens rarely. But the screencast is able to convince you that I was not drunk.

1. I'm an unprivileged forum user, and I'm creating a new topic.
2. Unexpectedly, I get the opportunity to edit an old article in the forum.

I ask the developers of kunena to investigate this strange problem, I do not like this at all. Perhaps the collision is given by JotCash? I do not understand, help please. The security problem?

Please Log in or Create an account to join the conversation.

More
1 year 2 months ago #2 by rich
Replied by rich on topic Kunena 5.0.10. Security issue?
This is not a security issue, it is a problem with the cache. It is anyway not optimal if you call the forum over this cache.
For me it looks, it loads the editor including the content from the cache and it would be created a new topic with the same content. Have you tried, whether you can actually edit an unauthorized topic?
If you exclude Kunena from this cache, the problem should be solved.

Please Log in or Create an account to join the conversation.

More
1 year 2 months ago #3 by Smirnov
Thank you, rich. It was just a question only. I did not investigate the problem in detail. But if the bbcode contains (for example) a tag of modules_anywhere, it can have very unpleasant consequences.

Please Log in or Create an account to join the conversation.

More
1 year 2 months ago #4 by 810
Replied by 810 on topic Kunena 5.0.10. Security issue?
i think you use : plugin - Page Cache . please disable it, also check that you don't use progressive cache on the joomla configuration.

Both option are for static websites.

Please Log in or Create an account to join the conversation.

More
1 year 2 months ago #5 by Smirnov

810 wrote: i think you use : plugin - Page Cache . please disable it, also check that you don't use progressive cache on the joomla configuration.


No, I'm using JotCache. I asked for advice from Vlado Kanich (author of JotCache). I hope, a compromise solution will be found.

Please Log in or Create an account to join the conversation.

  • Not Allowed: to create new topic.
  • Not Allowed: to reply.
  • Not Allowed: to add attachements.
  • Not Allowed: to edit your message.
Time to create page: 0.121 seconds