Forums

Unfortunately no one can be told what FluxBB is - you have to see it for yourself.

You are not logged in.

#1 2013-02-22 11:23:03

Franz
Lead developer
From: Germany
Registered: 2008-05-13
Posts: 6,384
Website

FluxBB 1.5.3 released

I am pleased to announce the immediate availability of FluxBB v1.5.3.

This release fixes a security issue that could allow skilled attackers to guess one of the random tokens that are sent out via email when users have forgotten their passwords. We fixed this by strengthening our random number generator, making use of an external library.
Thanks to our friends at Positive Technologies for reporting this in a responsible manner.

As always, download packages can be found on our download page.
Changed files and patches are available on the upgrade page.


fluxbb.de | develoPHP

"As code is more often read than written it's really important to write clean code."

Offline

#2 2013-02-22 12:49:31

barbuslex
Member
Registered: 2010-04-21
Posts: 18

Re: FluxBB 1.5.3 released

Hi,

The changed files not works !

Thanks to resolve it

Offline

#3 2013-02-22 16:17:19

Studio384
Developer
From: Belgium
Registered: 2012-04-11
Posts: 680
Website

Re: FluxBB 1.5.3 released

That's fast smile However, nice it's fixed. However, Franz, it would be nice if you also would say that

This update is critical!

Just as big as that one.

barbuslex wrote:

Hi,

The changed files not works !

Thanks to resolve it

We know that and are working on it. For now, you can find them also here:
https://github.com/fluxbb/fluxbb/compar … uxbb-1.5.3

Last edited by Studio384 (2013-02-22 16:25:30)

Offline

#4 2013-02-22 19:53:16

raygene
Member
From: QC, Canada
Registered: 2012-11-02
Posts: 57
Website

Re: FluxBB 1.5.3 released

I had a look at the changes on github, they seem to be quite easy to apply manually.

Thanks.

-----------------------

Update: The manual upgrade went great. Everything works as it should.

Cheers!

Last edited by raygene (2013-02-22 21:03:00)


Never, under any circumstances, take a laxative and a sleeping pill on the same night...

Offline

#5 2013-02-23 10:20:09

clm
Member
Registered: 2013-02-23
Posts: 5

Re: FluxBB 1.5.3 released

Thank for your work !
if i understand very well. I have to replace the pink line to the green ? big_smile

Offline

#6 2013-02-23 10:49:09

Studio384
Developer
From: Belgium
Registered: 2012-04-11
Posts: 680
Website

Re: FluxBB 1.5.3 released

clm wrote:

Thank for your work !
if i understand very well. I have to replace the pink line to the green ? big_smile

Yes, indeed.

Offline

#7 2013-02-23 12:07:13

clm
Member
Registered: 2013-02-23
Posts: 5

Re: FluxBB 1.5.3 released

thank you !!

Offline

#8 2013-03-01 06:55:32

Studio384
Developer
From: Belgium
Registered: 2012-04-11
Posts: 680
Website

Re: FluxBB 1.5.3 released

Franz, can you fix the link in the annauncement? It sends you to the 1.5.2 topic.

Offline

#9 2013-03-01 12:38:50

Franz
Lead developer
From: Germany
Registered: 2008-05-13
Posts: 6,384
Website

Re: FluxBB 1.5.3 released

Done, thanks.


fluxbb.de | develoPHP

"As code is more often read than written it's really important to write clean code."

Offline

#10 2013-03-10 11:48:24

Franz
Lead developer
From: Germany
Registered: 2008-05-13
Posts: 6,384
Website

Re: FluxBB 1.5.3 released

I finally fixed the HTML changesets (visual changed files).


fluxbb.de | develoPHP

"As code is more often read than written it's really important to write clean code."

Offline

#11 2013-04-09 21:49:15

PascL
Member
From: France
Registered: 2010-02-21
Posts: 8
Website

Re: FluxBB 1.5.3 released

Hi,

With the release of the 1.5.0, u said that 1.4 and 1.5 will be maintained in parallel.

This is a security update for 1.5, and after more than one month, there is not any update of 1.4, which has the same problem. Is it planned ? Or 1.4 has to be considered as obsolete ?


Bouh !
French !

Offline

#12 2013-04-10 06:21:25

Studio384
Developer
From: Belgium
Registered: 2012-04-11
Posts: 680
Website

Re: FluxBB 1.5.3 released

PascL wrote:

Hi,

With the release of the 1.5.0, u said that 1.4 and 1.5 will be maintained in parallel.

This is a security update for 1.5, and after more than one month, there is not any update of 1.4, which has the same problem. Is it planned ? Or 1.4 has to be considered as obsolete ?

We cancelled the development of 1.4.10 and move on with 1.5, there will not be an update for 1.4.

Offline

#13 2013-04-10 09:37:13

Franz
Lead developer
From: Germany
Registered: 2008-05-13
Posts: 6,384
Website

Re: FluxBB 1.5.3 released

Yannick, you're pretty quick with official statements like this.

The fact of the matter: I wrote that 1.4 would see no more releases unless there's a security bug. Which I didn't. Because I forgot, I guess. I'm very sorry about this and will release 1.4.10 with those fixes this week.


fluxbb.de | develoPHP

"As code is more often read than written it's really important to write clean code."

Offline

#14 2013-04-10 11:03:17

Studio384
Developer
From: Belgium
Registered: 2012-04-11
Posts: 680
Website

Re: FluxBB 1.5.3 released

Franz wrote:

Yannick, you're pretty quick with official statements like this.

The fact of the matter: I wrote that 1.4 would see no more releases unless there's a security bug. Which I didn't. Because I forgot, I guess. I'm very sorry about this and will release 1.4.10 with those fixes this week.

No 1.4 updates, except for security releases.

Sorry, wasn't ment as that. By the way, if you working on 1.4.10, are you taking the security fixes from 1.5.1, 1.5.2 and 1.5.4 also?

Last edited by Studio384 (2013-04-10 11:04:13)

Offline

#15 2013-04-10 11:10:52

Franz
Lead developer
From: Germany
Registered: 2008-05-13
Posts: 6,384
Website

Re: FluxBB 1.5.3 released

Yeah, anything security-related will be in there.


fluxbb.de | develoPHP

"As code is more often read than written it's really important to write clean code."

Offline

#16 2013-04-10 18:56:13

PascL
Member
From: France
Registered: 2010-02-21
Posts: 8
Website

Re: FluxBB 1.5.3 released

Thanks for these answers smile


Bouh !
French !

Offline

#17 2013-04-10 19:33:14

Trace
Member
From: Poland
Registered: 2012-06-21
Posts: 155
Website

Re: FluxBB 1.5.3 released

Have you so hardly modified forum that you don't want update to the latest version?


My FluxBB 1.5.8 styles:
DarkAce | Sadness

Offline

#18 2013-04-10 19:58:09

JohnHenry
Member
Registered: 2011-12-22
Posts: 12

Re: FluxBB 1.5.3 released

They killed the ranks feature in 1.5.
I only upgraded to 1.5 recently because I thought 1.4 was abandoned.

Offline

#19 2013-04-10 20:15:54

Gil
Member
From: France
Registered: 2008-05-10
Posts: 173
Website

Re: FluxBB 1.5.3 released

JohnHenry wrote:

They killed the ranks feature in 1.5.
I only upgraded to 1.5 recently because I thought 1.4 was abandoned.

Agree with that. It still use 1.4. I love Flux, but the killing is not fair.

By the way, in documentation (http://fluxbb.org/docs/v1.5), the following sentence:

We also got rid of the Ranks feature in FluxBB v1.5, because the ranks feature essentially is the same as the updated groups feature.

is false and should be rewritten. One cannot say it's essentially the same; aim is different, feature is different.

Offline

#20 2013-04-10 20:42:33

Franz
Lead developer
From: Germany
Registered: 2008-05-13
Posts: 6,384
Website

Re: FluxBB 1.5.3 released

You're right, I updated that sentence. Thanks for the heads-up.

It is a little bit of work, but you can actually do something like the ranks feature with groups and auto-promotion - and you can add more permission based on these groups.


fluxbb.de | develoPHP

"As code is more often read than written it's really important to write clean code."

Offline

#21 2013-04-11 21:23:34

Gil
Member
From: France
Registered: 2008-05-10
Posts: 173
Website

Re: FluxBB 1.5.3 released

Hum, should be difficult and very annoying with 26 ranks sad
Do not get me wrong... I don't think ranks is truly a core function.
But unfortunately, it was one, and now we use it, and even if it was installed for fun, it should be difficult to announce to our members: "sorry, I should upgrade to a new version so you must forget ranks"...

Offline

#22 2013-04-15 06:42:08

sklerder
Member
From: Brittany
Registered: 2012-11-06
Posts: 117
Website

Re: FluxBB 1.5.3 released

Hi.

Good news smile

PascL has re-implemented the ranks for FluxBB 1.5.3. Thanks to him !

Offline

#23 2013-04-15 14:24:22

Studio384
Developer
From: Belgium
Registered: 2012-04-11
Posts: 680
Website

Re: FluxBB 1.5.3 released

Franz, are you already working on 1.4.10? If not, maybe I can do it so you can concentrate on 2.0 (since I don't have anything else to do).

Offline

#24 2013-04-15 15:24:41

Franz
Lead developer
From: Germany
Registered: 2008-05-13
Posts: 6,384
Website

Re: FluxBB 1.5.3 released

That'd be cool. I was more busy during the weekend than I had anticipated.


fluxbb.de | develoPHP

"As code is more often read than written it's really important to write clean code."

Offline

#25 2013-04-15 18:26:34

Studio384
Developer
From: Belgium
Registered: 2012-04-11
Posts: 680
Website

Re: FluxBB 1.5.3 released

Franz wrote:

That'd be cool. I was more busy during the weekend than I had anticipated.

As soon as I'm done, to which repo do I need to push FluxBB 1.4.10? And don't we need a milestone for this one (in the tracker)?

Last edited by Studio384 (2013-04-15 18:27:33)

Offline

Board footer

Powered by FluxBB