A few minor issues and multiple cross site scripting security issues have been identified since the release of glFusion v1.2.2 so we are releasing patch level #4 to resolve these issues.
- High-Tech Bridge Security Research Lab has discovered multiple cross site scripting vulnerabilities in glFusion v1.2.2. All identified issues are resovled with this update.
- Fixed plugin installation error where plugin name was not properly detected
- FCKeditor security updates to improve variable filtering
- Forum Plugin: Fixed issue where non UTF-8 characters would not display properly
- Fixed stylesheet issue that caused right blocks to display improperly in recent Chrome releases
To simplify the installation of this patch level release, we have packaged all the updated files into a single archive. Download the file and copy the files to your server. There is no need to run the upgrade wizard.
Although you do not need to run the installation wizard, you should go into the Plugin Administration screen and run the update for the Bad Behavior 2 plugin.
All glFusion users should upgrade as soon as possible!
For more information on Patch Levels, please see the Known Issues page.