×
Kunena 5.1.14 Released - Security release (13 Aug 2019)

The Kunena team is proud to announce the arrival of Kunena 5.1.14 [K5.1.14] which is now available for download as a native Joomla extension for Joomla 3.9.x. This version addresses most of the issues that were discovered in K 5.1 and issues discovered during the development stages of K 5.1.14. This update fixed 1 security issue.

× Topics must relate to a currently supported version of Kunena. If you are unsure what is the current supported version of Kunena, please go to the download page.

If you are having problems then, for your own benefit, it would save us all a lot of time if you would kindly post your configuration report when you ask for help from this forum. If you do not post your configuration report we will not ask you for it but you will probably not get your problem solved, either.

Question 0 users 0 guests

More
5 months 5 hours ago #21 by Slacker
Replied by Slacker on topic 0 users 0 guests
It's not good for security if admin also often is logged in at frontend, because backend is then exposed.

Please Log in or Create an account to join the conversation.

More
4 months 4 weeks ago #22 by romagromov
Replied by romagromov on topic 0 users 0 guests

rich wrote: Probably is this the cause.


Exactly. I tested on 3 sites. Even on new clean Joomla + Kunena.

Shared sessions means that admin is logged in also in frontend. Right?


When admin logging in admin panel - he also logging in frontend.
Very useful.

It's not good for security if admin also often is logged in at frontend, because backend is then exposed.


You mean that Joomla Team implement security dangerous option?
I use this option on all my sites since it was implemented. No any problem.
Of course I use security logging in admin panel and RSFirewall.

Download Free Software for Windows absolutly free.

Please Log in or Create an account to join the conversation.

More
4 months 4 weeks ago #23 by Slacker
Replied by Slacker on topic 0 users 0 guests
When I started with Joomla 7 years ago I read that admin logging should be as short as possible to minimize risk of hacking. I guess they can steal the cookie and log in via it as admin.

Please Log in or Create an account to join the conversation.

More
4 months 4 weeks ago #24 by romagromov
Replied by romagromov on topic 0 users 0 guests

Slacker wrote: When I started with Joomla 7 years ago I read that admin logging should be as short as possible to minimize risk of hacking. I guess they can steal the cookie and log in via it as admin.


Just use AdminExile plugin - and they will never know which URL to use for admin panel access.
;)

Download Free Software for Windows absolutly free.

Please Log in or Create an account to join the conversation.

More
3 months 2 weeks ago #25 by gamecreator
Replied by gamecreator on topic 0 users 0 guests

romagromov wrote: Hello!
Still have problem with this.

I checked and cleaned kunena_session table
It not helps.
I added Who is online Joomla module and it displays correct data



I've checked setting in Kunena - All looks fine



Also this settings


My friend try to change browser. In fact, going to private mode in Chrome in Firefox solves90% cases, in other 10% cases literally nothing works... except using some third party program (or eventually going to chrome settings) and clearing all data.
Although private mode should be enough in your case!

Please Log in or Create an account to join the conversation.

  • Not Allowed: to create new topic.
  • Not Allowed: to reply.
  • Not Allowed: to edit your message.
Time to create page: 0.078 seconds