Jump to content

4.1.9 - Security Release


RevengeFNF

Recommended Posts

  • Management
Posted

We are in QA process on 4.1.9 now. The security updates are not extremely critical so we are not doing them outside of cycle.

Posted

Is there a specific reason md5 is still used in the suite? I see the security fixes are for md5 issues. Is that backwards compatibility?

Posted

What exactly is this?

Quote

The member REST API endpoint will now return custom fields.

An example of what does this it would be ideal.

Posted
Just now, Eudemon said:

also interested to know, because one of the bug I need it to be fixed was marked fixed for 4.1.9

 

as charles said, we're already in the QA phase and it shouldn't take that long :) 

4 hours ago, Charles said:

We are in QA process

 

 

Posted

This thread on mobile

image.png

Same error happened on my site on one of my threads. Hope this can be prevented with some kind of fix

Posted
1 hour ago, superj707 said:

This thread on mobile

image.png

Same error happened on my site on one of my threads. Hope this can be prevented with some kind of fix

This is because ZeroHour's post has the following code:

<div style="margin-left:1077px;margin-top:56px;">
			<div title="Protected by Grammarly">
				 
			</div>
		</div>

inserted by the Grammarly plugin. It's happening on my site as well because the plugin is quite popular (2 million users!). I reported that before but IPS said this isn't a bug.

Posted
36 minutes ago, Kirill N said:

inserted by the Grammarly plugin. It's happening on my site as well because the plugin is quite popular (2 million users!). I reported that before but IPS said this isn't a bug.

And I would agree. If anything, it’s a bug of Grammarly. It’s not supposed to change the layout of the text it is meant to check for spelling/grammer. 

Posted
14 minutes ago, opentype said:

And I would agree. If anything it’s a bug of Grammarly. It’s not supposed to change the layout of the text it is meant to check. 

Well the suite isn't supposed to allow modifications to the page layout either. Right now, anyone can vandalize a page with that plugin.

Posted

The only bullet-proof way around that is to not allow any external rich-text content to go into the editor in the first place. If you do allow it, you will always be able to vandalize a post. That’s not a bug, it is by design. If you allow HTML styling in the post, you will get whatever styling that is. You would need artificial intelligence built in to decide which style statements (e.g. width, margin, padding, color, background-color …) are useful for the post/page and which are not. 

Posted
8 hours ago, Kirill N said:

This is because ZeroHour's post has the following code:


<div style="margin-left:1077px;margin-top:56px;">
			<div title="Protected by Grammarly">
				 
			</div>
		</div>

inserted by the Grammarly plugin. It's happening on my site as well because the plugin is quite popular (2 million users!). I reported that before but IPS said this isn't a bug.

Sneaky %^&%^& I had no idea it was doing that, I have removed the addon now!

 

EDIT: I actually think the way the plugin works is causing the editor to pick up the html rewrites it does for its inserts rather than a tracker blip. Its one of the issues between chrome plugins and a html editor.

Posted
17 hours ago, Morgin said:

Is there a specific reason md5 is still used in the suite? I see the security fixes are for md5 issues. Is that backwards compatibility?

We don't use md5 for passwords or "encrypting" any sensitive information, but we do use it for certain areas where we need a random unique string.

17 hours ago, Marius said:

What exactly is this?

An example of what does this it would be ideal.

It's just a change to the REST API introduced in 4.1.6. Any endpoints which return member data will now include the member's custom profile field values.

Posted
On 3/3/2016 at 0:54 PM, Charles said:

We are in QA process on 4.1.9 now.

Just a random thought, I see that the current status is set to 'In Development'; wonder if we could get like a 'In QA' or various other statuses? IDK seems like the Dominos Pizza Tracker lol

Posted
On 3/4/2016 at 7:07 AM, Mark said:

 

It's just a change to the REST API introduced in 4.1.6. Any endpoints which return member data will now include the member's custom profile field values.

That will be extremely useful. It will be nice to make use of those fields in 3rd party apps etc.

  • 2 weeks later...

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...