Jump to content

4.1.9 - Security Release


RevengeFNF
 Share

Recommended Posts

I guess I'm not seeing where it's being labeled a security release. It's not being labeled that in
https://community.invisionpower.com/release-notes/

I also notice only about less than 1/4 of updates mentioned is security. It appears to be mostly fixes and a bigger release to boot? Maybe I'm missing something?

You do realize what line will come next from someone :D I decided to leave the obvious out :D

Regards

Link to comment
Share on other sites

1 hour ago, superj707 said:

This thread on mobile

image.png

Same error happened on my site on one of my threads. Hope this can be prevented with some kind of fix

This is because ZeroHour's post has the following code:

<div style="margin-left:1077px;margin-top:56px;">
			<div title="Protected by Grammarly">
				 
			</div>
		</div>

inserted by the Grammarly plugin. It's happening on my site as well because the plugin is quite popular (2 million users!). I reported that before but IPS said this isn't a bug.

Link to comment
Share on other sites

36 minutes ago, Kirill N said:

inserted by the Grammarly plugin. It's happening on my site as well because the plugin is quite popular (2 million users!). I reported that before but IPS said this isn't a bug.

And I would agree. If anything, it’s a bug of Grammarly. It’s not supposed to change the layout of the text it is meant to check for spelling/grammer. 

Edited by opentype
Link to comment
Share on other sites

The only bullet-proof way around that is to not allow any external rich-text content to go into the editor in the first place. If you do allow it, you will always be able to vandalize a post. That’s not a bug, it is by design. If you allow HTML styling in the post, you will get whatever styling that is. You would need artificial intelligence built in to decide which style statements (e.g. width, margin, padding, color, background-color …) are useful for the post/page and which are not. 

Link to comment
Share on other sites

8 hours ago, Kirill N said:

This is because ZeroHour's post has the following code:


<div style="margin-left:1077px;margin-top:56px;">
			<div title="Protected by Grammarly">
				 
			</div>
		</div>

inserted by the Grammarly plugin. It's happening on my site as well because the plugin is quite popular (2 million users!). I reported that before but IPS said this isn't a bug.

Sneaky %^&%^& I had no idea it was doing that, I have removed the addon now!

 

EDIT: I actually think the way the plugin works is causing the editor to pick up the html rewrites it does for its inserts rather than a tracker blip. Its one of the issues between chrome plugins and a html editor.

Edited by ZeroHour
Link to comment
Share on other sites

17 hours ago, Morgin said:

Is there a specific reason md5 is still used in the suite? I see the security fixes are for md5 issues. Is that backwards compatibility?

We don't use md5 for passwords or "encrypting" any sensitive information, but we do use it for certain areas where we need a random unique string.

17 hours ago, Marius said:

What exactly is this?

An example of what does this it would be ideal.

It's just a change to the REST API introduced in 4.1.6. Any endpoints which return member data will now include the member's custom profile field values.

Link to comment
Share on other sites

On 3/4/2016 at 7:07 AM, Mark said:

 

It's just a change to the REST API introduced in 4.1.6. Any endpoints which return member data will now include the member's custom profile field values.

That will be extremely useful. It will be nice to make use of those fields in 3rd party apps etc.

Link to comment
Share on other sites

  • 2 weeks later...
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...