Differences

This shows you the differences between two versions of the page.

Link to this comparison view

glfusion:whatsnew [2011/04/24 15:25]
Mark
glfusion:whatsnew [2014/06/30 14:38] (current)
Mark
Line 1: Line 1:
 ~~NOTOC~~ ~~NOTOC~~
-====== What's New in glFusion v1.2.2======+====== What's New in glFusion v1.4.2======
  
-glFusion v1.2.2 continues our commitment to providing a secure and robust content management system. This releases contains some significant stability updates and several small bug fixes.  All glFusion users are encouraged to upgrade as soon as possible.+===== Major Changes =====
  
-For those who are **upgrading**, please don't forget to run the **[[glfusion:upgrade|Upgrade Wizard]]** after you have loaded the files to your server.+No major changes are included with glFusion v1.4.2.
  
-There were no template changes in v1.2.2.+===== Functional Changes =====
  
-====== Notable Enhancements for glFusion v1.2.2 ======+**Bad Behavior Plugin Filtering**
  
-  * Updated Czech language files from Ivan +The Bad Behavior 2 plugin has been enhanced to detect and block 2 new threats:
-  * Fixed hard coded language string (Groups) in admin/user.php +
-  * Mail to user (admin user edit screen) did not work properly +
-  * German language update from André +
-  * FileMgmt - Display max allowed filesize in admin upload screen +
-  * Updates to better support MySQL 5.5 +
-  * Do not show Awaiting Verification in user edit as an option when user does not enter their own password +
-  * Fixed bug where user's password was not properly checked to determine if blank when registering a new user+
  
-====== Full ChangeLog (all changes since original 1.2.1 release) ======+  * Spam bot attempts to register using users.php?do=register - glFusion does not use the **do=register** parameter to register new users This is a syntax used by other content management systems Since spam bots don't seem to care that the request will fail and blindly attempt it - Bad Behavior will now catch and block these attempts. 
 +  * /RS=0/RKrequests - so far there isn't much information on these types of requests, seems bots are appending /RS=0/RK=.... on URLs.  Since these seem to be up to no good - Bad Behavior now blocks these requests.
  
-  * Updated Bad Behavior Plugion to v2.0.43 
-  * Fixed typo in lib-security 
-  * Fixed issue with token expiration when in admin functions 
-  * Fixed permission check for story edit 
-  * Calendar: Fixed permission check for anon users adding master calendar events 
-  * Fixed performance issue with forum lists when user rating enabled 
-  * Fixed bug where validation email requests would fail 
-  * Fixed issue deleting comments 
-  * FileMgmt: Expand autotags when displaying comments 
-  * Implemented global autotag recursion checks 
-  * Advanced story editor has some 'quirks' in IE 
-  * Fixed SQL error when creating FileMgmt content syndication 
-  * Updated MSN IPs for Bad Behavior2 Plugin 
-  * Bad Behavior provides an option to allow cross-site POST requests; these are meant to be blocked by default as most sites do not need to receive form data submitted from other sites. However, the option to enable it for those sites which do need it had inverted logic, resulting in cross-site requests being allowed when the option was set to disallow them, and vice versa. 
-  * Fixed missing call to CUSTOM_userEdit() in user profile panel 
-  * Fixed an issue with the plugin uploader where it could overwrite existing configuration files during plugin updates. 
-  * Fixed issue with URL parser retrieving URL parameters when only $_SERVER['orig_path_info'] is set. 
-  * Removed global <li> style from SiteTailor stylesheet. 
-  * Added some safety checks to dvlpupdate.php 
-  * Security Fix - bbcode implementation suffered from several XSS vulnerabilities.  Reported by Saif El-Sherei 
-  * Fixed plugin uninstall to not crash if plugin directory is missing 
-  * Removed unneeded log message in user create 
  
-====== What's New Archives ======+**HTML Filtering**
  
 +HTML Filtering now allows you to specify which elements and their attributes.
 +
 +You should set the Default HTML For Stories to:
 +<code>
 +div[class], h1, h2, h3, pre, br, p[style], b[style], s, strong[style], i[style], em[style], u[style], strike, a[style|href|title|target], ol[style|class], ul[style|class], li[style|class], hr[style], blockquote[style], img[style|alt|title|width|height|src|align], table[style|width|bgcolor|align|cellspacing|cellpadding|border], tr[style], td[style], th[style], tbody, thead, caption, col, colgroup, span[style|class], sup, sub
 +</code>
 +
 +===== Configuration Changes =====
 +
 +No additional configuration options were implemented with glFusion v1.4.2.
 +
 +===== Template Changes =====
 +
 +
 +No template changes were made in glFusion v1.4.2.
 +
 +===== Special Considerations when Upgrading =====
 +glFusion v1.4.2 enhanced how the Bad Behaviour Plugin handles SSL cookies. As a result, the bad-behavior-glfusion.php file will be overwritten when you load glFusion v1.4.1.  If you have made any modifications to this file (for example, set the **httpbl_key**), please make a backup before upgrading.
 +
 +
 +====== What's New Archives ======
 +[[glfusion:whatsnew:v141|v1.4.1]]\\
 +[[glfusion:whatsnew:v140|v1.4.0]]\\
 +[[glfusion:whatsnew:v130|v1.3.0]]\\
 +[[glfusion:whatsnew:v122|v1.2.2]]\\
 [[glfusion:whatsnew:v121|v1.2.1]]\\ [[glfusion:whatsnew:v121|v1.2.1]]\\
 [[glfusion:whatsnew:v120|v1.2.0]]\\ [[glfusion:whatsnew:v120|v1.2.0]]\\
glfusion/whatsnew.1303658700.txt.gz · Last modified: 2014/05/24 20:20 (external edit)
 
Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3