glFusion Wiki

Site Tools



This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
glfusion:whatsnew [2011/04/24 10:25]
glfusion:whatsnew [2015/10/31 07:59] (current)
Line 1: Line 1:
 ~~NOTOC~~ ~~NOTOC~~
-====== What's New in glFusion v1.2.2======+====== What's New in glFusion v1.5.0======
-glFusion v1.2.2 continues our commitment ​to providing a secure ​and robust content management system. This releases contains some significant stability updates and several small bug fixes.  ​All glFusion ​users are encouraged to upgrade ​as soon as possible.+glFusion v1.5.0 has several significant enhancements and changes ​to both features ​and functionality.  ​Many of these enhancements will have an impact on current ​glFusion ​sites and should be considered and managed during the upgrade ​process.
-For those who are **upgrading**,​ please don't forget to run the **[[glfusion:​upgrade|Upgrade Wizard]]** after you have loaded the files to your server.+===== Major Changes =====
-There were no template changes in v1.2.2.+=== PHP and MySQL Minimum Required Versions ===
-====== Notable Enhancements for glFusion v1.2.2 ======+The minimum required PHP version is now PHP v5.3.3 or greater - Please validate you have PHP v5.3.3 or greater available on your server before upgrading.
-  * Updated Czech language files from Ivan +The minimum required MySQL version is now MySQL v5.0.1 or greater ​Please validate you have MySQL v5.0.1 or greater available on your server before upgrading.
-  * Fixed hard coded language string (Groups) in admin/user.php +
-  * Mail to user (admin user edit screen) did not work properly +
-  * German language update from André +
-  * FileMgmt ​Display max allowed filesize in admin upload screen +
-  * Updates to better support ​MySQL 5.+
-  * Do not show Awaiting Verification in user edit as an option when user does not enter their own password +
-  * Fixed bug where user's password was not properly checked to determine if blank when registering a new user+
-====== Full ChangeLog (all changes since original 1.2.1 release) ======+=== JavaScript Library - Move to jQuery ​===
-  * Updated Bad Behavior Plugion to v2.0.43 +jQuery is now the standard JavaScript library for glFusionThis means any existing widgets you have in place, such as the image slider or the tab slider will need to be updated ​to work with jQuery.  ​The [glfusion:​widgets|Widget Documentationhas been updated and explains how to re-create existing widgets using the new jQuery model.
-  * Fixed typo in lib-security +
-  * Fixed issue with token expiration when in admin functions +
-  * Fixed permission check for story edit +
-  * Calendar: Fixed permission check for anon users adding master calendar events +
-  * Fixed performance issue with forum lists when user rating enabled +
-  * Fixed bug where validation email requests would fail +
-  * Fixed issue deleting comments +
-  * FileMgmt: Expand autotags when displaying comments +
-  * Implemented global autotag recursion checks +
-  * Advanced story editor has some '​quirks'​ in IE +
-  * Fixed SQL error when creating FileMgmt content syndication +
-  * Updated MSN IPs for Bad Behavior2 Plugin +
-  * Bad Behavior provides an option to allow cross-site POST requests; these are meant to be blocked by default ​as most sites do not need to receive form data submitted from other sites. However, ​the option to enable it for those sites which do need it had inverted logic, resulting in cross-site requests being allowed when the option was set to disallow them, and vice versa. +
-  * Fixed missing call to CUSTOM_userEdit() in user profile panel +
-  * Fixed an issue with the plugin uploader where it could overwrite existing configuration files during plugin updates. +
-  * Fixed issue with URL parser retrieving URL parameters when only $_SERVER['​orig_path_info'​is set. +
-  * Removed global <li> style from SiteTailor stylesheet. +
-  * Added some safety checks ​to dvlpupdate.php +
-  * Security Fix bbcode implementation suffered from several XSS vulnerabilities ​Reported by Saif El-Sherei +
-  * Fixed plugin uninstall to not crash if plugin directory is missing +
-  * Removed unneeded log message in user create+
-====== What's New Archives ======+To ease the transition - we have kept the Nouveau theme in place, and it continues to use the older MooTools JavaScript library, so existing sites can easily migrate over to the new jQuery widgets as time allows.
 +For sites that want to leverage the new jQuery JavaScript engine, but keep the current Nouveau look and feel - we have included the **Vintage** theme that maintains the Nouveau look (and associated style sheets), but uses the jQuery JavaScript library.
 +=== Bad Behavior2 Plugin ===
 +The Bad Behavior2 (BB2) plugin has been more tightly integrated into the glFusion core code. The advantages of this is that it allows BB2 to filter traffic very early in the page building process, which greatly reduces site load if the request is ultimately blocked.
 +The BB2 configuration options are now available through the glFusion online configuration administration screens. If you have entered any configurations in the bad-behavior-glfusion.php file, you will need to re-enter this information into the online configuration.
 +BB2 has a new feature where IP addresses can be banned. This supports manual bans, where you enter the IP address to block and also automatic banning (which is a temporary ban) certain activities can cause an IP to be temporarily banned.
 +Automatic banning has been integrated with CAPTCHA, where you can enable glFusion to automatically ban an IP if it fails the CAPTCHA challenge 5 times within an hour. This is a great way to prevent automated Bots from continuing to use up your system resources as they try to register new accounts.
 +Automatic banning has also been integrated into the glFusion Cross Site Request Forgery Protection. If a client attempts to post to a form and the referring URL does not have a proper CSRF (Cross Site Request Forgery) token in the system, the IP is automatically banned (temporary ban) for 24 hours.
 +Automatic banning is disabled by default. You can enable it by turning on the feature in Command & Control → Configuration → Spam / Bot Protection.
 +The BB2 Log Entry screen now has the ability to filter the view based the reason the IP was blocked. This is a great way to quickly see how many requests were blocked for a specific reason.
 +=== Alternate Topics ===
 +Each story can now have a second, alternate topic assigned. We've run into many cases where it would be convenient to have a story appear in more than one topic.
 +=== Media Gallery Enhancements ===
 +Media Gallery now supports creating square thumbnails. ​ This provides a much more modern look to the album pages.
 +=== Remote Authenticated Users can be Queued ===
 +User's who authenticate via remote services such as Google, Facebook or Twitter can now be queued and must be approved by a site administrator before gaining access to the site.
 +=== New UIKIT Framework ===
 +The biggest change for glFusion v1.5.0 is we have standardized on the UIKIT Framework as the presentation framework. ​ UIKIT is a lightweight and modular front-end framework for developing fast and powerful web interfaces. ​ The first UIKIT based theme is the **CMS** theme. ​ The **CMS** theme is glFusion'​s default theme for new installations. ​
 +When making a major transition like this, we understand this can be disruptive to existing glFusion installations. ​ To ensure a smooth transition, we have taken the following actions:
 +  - All glFusion plugin template files that have been re-styled for the UIKIT framework are included in the layout/​cms/​plugin/​ directory of the CMS theme. ​ This allow glFusion plugins to continue to work with existing older themes.
 +  - We have included a **Vintage** theme, which is based on the original Nouvea theme that was glFusion'​s default theme until now.  This allows existing sites to migrate to the new jQuery based JavaScript framework and still maintain the current style of their site.
 +Long term, it is recommended that existing glFusion installations migrate to one of the UIKIT framework themes. ​ The glFusion team will only maintain the Vintage theme for one ore two release cycles.
 +== Benefits of the UIKIT Framework ==
 +There are several benefits to using a modern framework like UIKIT. ​ The primary benefit is a truly responsive layout that works as well on a mobile device as it does on a desktop.  ​
 +Another key benefit is it is much easier to customize colors and other attributes of the theme. ​ UIKIT provides an [[http://​​docs/​customizer.html|Online Customizer]] to allow you to easily and visually modify the color schemes. ​ These customization'​s can be downloaded and directly applied to glFusion without any further modifications.
 +We have taken this opportunity of moving to a new framework to also rework and improve many of the forms and entry screens in glFusion. ​ For example, the administrative screens are much more consistent. ​ The Story Submission page is now much more user friendly and easier to navigate.  ​
 +=== Security Improvements ===
 +glFusion'​s code base was analyzed by HP Fortify. ​ Since 2001, HP Fortify, the leader in application security testing, has dedicated our market leading Source Code Analyzer (SCA) solution to the advancement and security of Open Source security projects. ​ Today, as HP Fortify continues its journey, the HP Fortify Open Review team is providing open source project owners a no-cost assessment. ​
 +The glFusion assessment identified several potential issues or areas for review. ​ A large majority of the items identified were not open security issues, but were areas in the code where variable validation or alternative approaches could provide enhanced controls. ​ Several items identified were validated to be false positives, generally where the Source Code Analyzer did not understand some of the variable validation routines in glFusion. ​ A good example is the COM_applyFilter() call which is used to sanitize user provided input. In many cases, the analyzer flagged a potential issue because it did not understand that COM_applyFilter() actually forced a numeric value, or stripped embedded JavaScript.  ​
 +Overall, we made over 200 code improvements as a direct result of the assessment. We are grateful for the assessment and excited to continue to improve the glFusion code base.
 +====== What's New Archives ======
 [[glfusion:​whatsnew:​v121|v1.2.1]]\\ [[glfusion:​whatsnew:​v121|v1.2.1]]\\
 [[glfusion:​whatsnew:​v120|v1.2.0]]\\ [[glfusion:​whatsnew:​v120|v1.2.0]]\\
glfusion/whatsnew.1303658700.txt.gz · Last modified: 2015/07/11 17:21 (external edit)