glFusion Wiki

Site Tools


What's New in glFusion v1.5.0

glFusion v1.5.0 has several significant enhancements and changes to both features and functionality. Many of these enhancements will have an impact on current glFusion sites and should be considered and managed during the upgrade process.

Major Changes

PHP and MySQL Minimum Required Versions

The minimum required PHP version is now PHP v5.3.3 or greater - Please validate you have PHP v5.3.3 or greater available on your server before upgrading.

The minimum required MySQL version is now MySQL v5.0.1 or greater - Please validate you have MySQL v5.0.1 or greater available on your server before upgrading.

JavaScript Library - Move to jQuery

jQuery is now the standard JavaScript library for glFusion. This means any existing widgets you have in place, such as the image slider or the tab slider will need to be updated to work with jQuery. The [glfusion:widgets|Widget Documentation] has been updated and explains how to re-create existing widgets using the new jQuery model.

To ease the transition - we have kept the Nouveau theme in place, and it continues to use the older MooTools JavaScript library, so existing sites can easily migrate over to the new jQuery widgets as time allows.

For sites that want to leverage the new jQuery JavaScript engine, but keep the current Nouveau look and feel - we have included the Vintage theme that maintains the Nouveau look (and associated style sheets), but uses the jQuery JavaScript library.

Bad Behavior2 Plugin

The Bad Behavior2 (BB2) plugin has been more tightly integrated into the glFusion core code. The advantages of this is that it allows BB2 to filter traffic very early in the page building process, which greatly reduces site load if the request is ultimately blocked.

The BB2 configuration options are now available through the glFusion online configuration administration screens. If you have entered any configurations in the bad-behavior-glfusion.php file, you will need to re-enter this information into the online configuration.

BB2 has a new feature where IP addresses can be banned. This supports manual bans, where you enter the IP address to block and also automatic banning (which is a temporary ban) certain activities can cause an IP to be temporarily banned.

Automatic banning has been integrated with CAPTCHA, where you can enable glFusion to automatically ban an IP if it fails the CAPTCHA challenge 5 times within an hour. This is a great way to prevent automated Bots from continuing to use up your system resources as they try to register new accounts.

Automatic banning has also been integrated into the glFusion Cross Site Request Forgery Protection. If a client attempts to post to a form and the referring URL does not have a proper CSRF (Cross Site Request Forgery) token in the system, the IP is automatically banned (temporary ban) for 24 hours.

Automatic banning is disabled by default. You can enable it by turning on the feature in Command & Control → Configuration → Spam / Bot Protection.

The BB2 Log Entry screen now has the ability to filter the view based the reason the IP was blocked. This is a great way to quickly see how many requests were blocked for a specific reason.

Alternate Topics

Each story can now have a second, alternate topic assigned. We've run into many cases where it would be convenient to have a story appear in more than one topic.

Media Gallery now supports creating square thumbnails. This provides a much more modern look to the album pages.

Remote Authenticated Users can be Queued

User's who authenticate via remote services such as Google, Facebook or Twitter can now be queued and must be approved by a site administrator before gaining access to the site.

New UIKIT Framework

The biggest change for glFusion v1.5.0 is we have standardized on the UIKIT Framework as the presentation framework. UIKIT is a lightweight and modular front-end framework for developing fast and powerful web interfaces. The first UIKIT based theme is the CMS theme. The CMS theme is glFusion's default theme for new installations.

When making a major transition like this, we understand this can be disruptive to existing glFusion installations. To ensure a smooth transition, we have taken the following actions:

  1. All glFusion plugin template files that have been re-styled for the UIKIT framework are included in the layout/cms/plugin/ directory of the CMS theme. This allow glFusion plugins to continue to work with existing older themes.
  2. We have included a Vintage theme, which is based on the original Nouvea theme that was glFusion's default theme until now. This allows existing sites to migrate to the new jQuery based JavaScript framework and still maintain the current style of their site.

Long term, it is recommended that existing glFusion installations migrate to one of the UIKIT framework themes. The glFusion team will only maintain the Vintage theme for one ore two release cycles.

Benefits of the UIKIT Framework

There are several benefits to using a modern framework like UIKIT. The primary benefit is a truly responsive layout that works as well on a mobile device as it does on a desktop.

Another key benefit is it is much easier to customize colors and other attributes of the theme. UIKIT provides an Online Customizer to allow you to easily and visually modify the color schemes. These customization's can be downloaded and directly applied to glFusion without any further modifications.

We have taken this opportunity of moving to a new framework to also rework and improve many of the forms and entry screens in glFusion. For example, the administrative screens are much more consistent. The Story Submission page is now much more user friendly and easier to navigate.

Security Improvements

glFusion's code base was analyzed by HP Fortify. Since 2001, HP Fortify, the leader in application security testing, has dedicated our market leading Source Code Analyzer (SCA) solution to the advancement and security of Open Source security projects. Today, as HP Fortify continues its journey, the HP Fortify Open Review team is providing open source project owners a no-cost assessment.

The glFusion assessment identified several potential issues or areas for review. A large majority of the items identified were not open security issues, but were areas in the code where variable validation or alternative approaches could provide enhanced controls. Several items identified were validated to be false positives, generally where the Source Code Analyzer did not understand some of the variable validation routines in glFusion. A good example is the COM_applyFilter() call which is used to sanitize user provided input. In many cases, the analyzer flagged a potential issue because it did not understand that COM_applyFilter() actually forced a numeric value, or stripped embedded JavaScript.

Overall, we made over 200 code improvements as a direct result of the assessment. We are grateful for the assessment and excited to continue to improve the glFusion code base.

What's New Archives

glfusion/whatsnew.txt · Last modified: 2015/10/31 07:59 by Mark