glFusion v1.6.5 Now Available!


I am very pleased to announce the release of glFusion v1.6.5. Another milestone in our evolution and quest for stability with style! This release continues our focus on security, bug remediation and stability improvements. Many of the updates were driven by community input and as always, we really appreciate our users and their feedback. It is highly recommended that everyone upgrade their existing installation to the latest version.

Security Update

glFuison has long used the excellent phpMailer library to handle sending mail in glFusion. Recently, there were several security vulnerabilities identified in phpMailer. Fortunately, these issues did not have a large impact on glFusion since glFusion filters all user supplied input prior to calling phpMailer. Regardless, we have upgraded phpMailer to the latest upstream version which includes all security patches. We've also enhanced the security controls and protections around mailing features as an extra layer of defense. 

Continue Reading

glFusion v1.5.0 Now Available!


The glFusion team is pleased to announce that glFusion v1.5.0 is now available for download. This release continues our commitment to providing a secure, stable, and robust content management system.  This release contains several significant enhancements to both stability and style.  glFusion has migrated the JavaScript library to jQuery, providing a much more robust environment and tools.  glFusion has also standardized and implemented the UIKIT Framework as our web interface development platform.  glFusion has also been audited by the HP Fortify, which has resulted in over 200 code improvements around enhanced security. For those upgrading, please be sure and read the Upgrade Documentation

Continue Reading

glFusion v1.4.x Security Issue


A Cross-site scripting (XSS) vulnerability has been found the File Management plugin used by the CKEditor in glFusion. XSS enables attackers to inject client-side script into Web pages viewed by other users. The issue was found by Mohammad Sikkandar Sha.

Continue Reading

Fighting BOTs and spammers


Over the past couple of weeks, we've all seen the BOT traffic increase on our websites. Many of us saw a large number of BOTs registering on our sites. It became clear that the standard CAPTCHA implementation we used simply didn't provide the protection we need. We can't be sure, but it seems obvious that the CAPTCHA was broken where an automated system could read and properly responds to the CAPTCHA challenge. We released glFusion v1.3.2 this past weekend to improve the CAPTCHA offerings and to fix a few minor bugs.

Continue Reading

DokuWiki v2.2.2 Plugin (Security Update)


DokuWiki Integration Plugin v2.2.2 is now available for download.  This release contains a security fix to the core DokuWiki code.  This release also resolves somes issues with the edit toolbar not displaying properly in Internet Explorer.  The DokuWIki core code has been updated to 2011-05-25a "Rincewind".  This includes a security fix and a few minor bug fixes. For a full list of changes, see the DokuWiki Documentation.  All DokuWiki users are encouraged to upgrade as soon as possible.