Major ChangesPHP and MySQL Minimum Required Versions
The minimum required PHP version is now PHP v5.3.3 or greater - Please validate you have PHP v5.3.3 or greater available on your server before upgrading.
The minimum required MySQL version is now MySQL v5.0.1 or greater - Please validate you have MySQL v5.0.1 or greater available on your server before upgrading.
The Bad Behavior2 (BB2) plugin has been more tightly integrated into the glFusion core code. The advantages of this is that it allows BB2 to filter traffic very early in the page building process, which greatly reduces site load if the request is ultimately blocked.
The BB2 configuration options are now available through the glFusion online configuration administration screens. If you have entered any configurations in the bad-behavior-glfusion.php file, you will need to re-enter this information into the online configuration.
BB2 has a new feature where IP addresses can be banned. This supports manual bans, where you enter the IP address to block and also automatic banning (which is a temporary ban) certain activities can cause an IP to be temporarily banned.
Automatic banning has been integrated with CAPTCHA, where you can enable glFusion to automatically ban an IP if it fails the CAPTCHA challenge 5 times within an hour. This is a great way to prevent automated Bots from continuing to use up your system resources as they try to register new accounts.
Automatic banning has also been integrated into the glFusion Cross Site Request Forgery Protection. If a client attempts to post to a form and the referring URL does not have a proper CSRF (Cross Site Request Forgery) token in the system, the IP is automatically banned (temporary ban) for 24 hours.
Automatic banning is disabled by default. You can enable it by turning on the feature in Command & Control → Configuration → Spam / Bot Protection.
The BB2 Log Entry screen now has the ability to filter the view based the reason the IP was blocked. This is a great way to quickly see how many requests were blocked for a specific reason.
Each story can now have a second, alternate topic assigned. We've run into many cases where it would be convenient to have a story appear in more than one topic.
Media Gallery now supports creating square thumbnails. This provides a much more modern look to the album pages.
User's who authenticate via remote services such as Google, Facebook or Twitter can now be queued and must be approved by a site administrator before gaining access to the site.
The biggest change for glFusion v1.5.0 is we have standardized on the UIKIT Framework as the presentation framework. UIKIT is a lightweight and modular front-end framework for developing fast and powerful web interfaces. The first UIKIT based theme is the CMS theme. The CMS theme is glFusion's default theme for new installations.
When making a major transition like this, we understand this can be disruptive to existing glFusion installations. To ensure a smooth transition, we have taken the following actions:
All glFusion plugin template files that have been re-styled for the UIKIT framework are included in the layout/cms/plugin/ directory of the CMS theme. This allow glFusion plugins to continue to work with existing older themes.
Long term, it is recommended that existing glFusion installations migrate to one of the UIKIT framework themes. The glFusion team will only maintain the Vintage theme for one ore two release cycles.
There are several benefits to using a modern framework like UIKIT. The primary benefit is a truly responsive layout that works as well on a mobile device as it does on a desktop.
Another key benefit is it is much easier to customize colors and other attributes of the theme. UIKIT provides an Online Customizer to allow you to easily and visually modify the color schemes. These customization's can be downloaded and directly applied to glFusion without any further modifications.
We have taken this opportunity of moving to a new framework to also rework and improve many of the forms and entry screens in glFusion. For example, the administrative screens are much more consistent. The Story Submission page is now much more user friendly and easier to navigate.
glFusion's code base was analyzed by HP Fortify. Since 2001, HP Fortify, the leader in application security testing, has dedicated our market leading Source Code Analyzer (SCA) solution to the advancement and security of Open Source security projects. Today, as HP Fortify continues its journey, the HP Fortify Open Review team is providing open source project owners a no-cost assessment.
Overall, we made over 200 code improvements as a direct result of the assessment. We are grateful for the assessment and excited to continue to improve the glFusion code base.