As spring comes to an end and summer is ramping up, we decided it was time to make our next release of glFusion. We are please to announce the release of glFusion v1.7.4. This release continues our commitment to security, privacy and stability for glFusion. glFusion v1.7.4 contains several privacy enhancements, the usual array of bug and stability fixes and some minor security updates. We've added as many new capabilities as we could while still maintaining our commitment to supporting legacy PHP versions back to 5.3.3 and current releases of both PHP and MySQL. Read the rest of the article to get a full list of all the coolness in this release.
glFusion takes the security of our code very seriously. Security has always been more than a slogan, instead something we strive for every day. Once again, one of our awesome users has offered their services to glFusion and provided a Web Application Security scan of the glFusion system using HPE’s Fortify WebInspect. Results were excellent, only noting one item that we needed to be addressed, adding a Cross Frame scripting header. Of course, we also perform our internal audits as we work on glFusion and include security enhancements as needed.
Online privacy is getting a lot of attention these day. With the recent Facebook / Cambridge Analytica debacle and the European GDPR going into effect, user's privacy is getting a lot of focus these days. With glFusion v1.7.4 we have implemented a few additional privacy controls to allow site administrators more options in handling their user’s privacy. Please keep in mind, how you chose to implement privacy and privacy features is entirely your responsibility. Privacy control enhancements include:
Improved Account Deletion. With glFusion v1.7.4, we have enhanced the user delete function to fully scrub all information for the user. Their profile information is completely deleted. Submitted content such as comments, stories or forum posts are now fully anonymized, meaning their name, IP and any other identifying information that was stored with the post is now fully anonymized so there is no way to identify the poster. glFusion does not alter the contents of the post.
Anonymized IP Addresses: glFusion now stores IP addresses associated with content submissions in an anonymous format. This allows site administrators to still have visibility into general geographic / hosting data but prevents exact identification of a user. Spam logs still contain the full IP address of any content submissions or registrations that were flagged as spam.
Your User’s Privacy and Privacy of their data is ultimately your responsibility
MySQL v8.0 reached General Availability in April 2018. We have validated that glFusion v1.7.4 works fine with MySQL v8.0. There were a few SQL tweaks implemented to ensure proper compatibility. MySQL v8 contains a considerable number of bug fixes and several key performance improvements. Note There are still some issues with PHP to MySQL v8 compatibility - older versions of PHP not well supported. Sites running UTF8MB4 character sets may also see connection issues with PHP v7.0 and PHP v7.1.
We have also back-ported a feature from the glFusion Next General development code to provide PDO support for connecting / interacting with databases. This under-the-hood update provides improved performance for database access.
Based on community feedback, we have adjusted the Database Backup utility to be more efficient. Previously, the SQL backup files consisted of a single INSERT statement for every row in a database. On large sites, this would result in very slow imports when restoring a database. We now insert multiple rows with a single INSERT command, in many cases, reducing the restore time by as much as 80%.
Remote Login Improvements
Remote Logins, using services such as Facebook, Twitter, etc. have always been treated differently than a local login. With glFusion v1.7.4 we've added consistency to how logins work, regardless of the type. When a user logs in for the first time with a remote login, they will be redirected to a local glFusion registration screen after authenticating with the remote service. This allows glFusion to now perform spam checks and allows the user to validate / tweak the automatically generated username, update their email and any other information needed. This also allows full integration with plugins like the Custom Profile plugin so you can collect the same information you request for local logins from folks using remote logins. Once they have completed the registration screen, remote logins will simply log the user in.
The awesome CKEditor which is used by glFusion to provide the WYSIWYG (What You See is What You Get) editing features has been upgraded to the latest release.
Finally, our great community found a few bugs and made some great recommendations for tweaking the usefulness of some features.
See the What's New Wiki Page for a full list of all tweaks in glFusion v1.7.4. The glFusion Wiki has been updated to reflect all the latest updates.
As always, I would like to thank the glFusion community for all the feedback, bug reports, ideas and encouragement as we continue to evolve glFusion. I encourage everyone to Get Involved!