4.1.9 - Security Release

[RevengeFNF]

Because 4.1.9 is now being labelled as a Security Release, is there any time estimation for the release of it?

[DesignzShop]

I guess I'm not seeing where it's being labeled a security release. It's not being labeled that in
https://community.invisionpower.com/release-notes/

I also notice only about less than 1/4 of updates mentioned is security. It appears to be mostly fixes and a bigger release to boot? Maybe I'm missing something?

You do realize what line will come next from someone I decided to leave the obvious out

Regards

[sudo]

Just now, DesignzShop said:

I guess I'm not seeing where it's being labeled a security release. It's not being labeled that in
https://community.invisionpower.com/release-notes/

 

It has the security exclamation mark on my screen.

[Ilya Hoilik]

5 minutes ago, DesignzShop said:

I guess I'm not seeing where it's being labeled a security release

[DesignzShop]

By golly I guess there is a little red mark there I'd still doubt anything around weekend time imo. Could happen. Doubt it though.

[Charles]

We are in QA process on 4.1.9 now. The security updates are not extremely critical so we are not doing them outside of cycle.

[Morgin]

Is there a specific reason md5 is still used in the suite? I see the security fixes are for md5 issues. Is that backwards compatibility?

[Marius]

What exactly is this?

Quote

The member REST API endpoint will now return custom fields.

An example of what does this it would be ideal.

[Eudemon]

also interested to know, because one of the bug I need it to be fixed was marked fixed for 4.1.9

[Daniel F]

Just now, Eudemon said:

also interested to know, because one of the bug I need it to be fixed was marked fixed for 4.1.9

 

as charles said, we're already in the QA phase and it shouldn't take that long  

4 hours ago, Charles said:

We are in QA process

 

 

[SJ77]

This thread on mobile

Same error happened on my site on one of my threads. Hope this can be prevented with some kind of fix

[Kirill N]

1 hour ago, superj707 said:

This thread on mobile

Same error happened on my site on one of my threads. Hope this can be prevented with some kind of fix

This is because ZeroHour's post has the following code:

<div style="margin-left:1077px;margin-top:56px;">
			<div title="Protected by Grammarly">
				 
			</div>
		</div>

inserted by the Grammarly plugin. It's happening on my site as well because the plugin is quite popular (2 million users!). I reported that before but IPS said this isn't a bug.

[opentype]

36 minutes ago, Kirill N said:

inserted by the Grammarly plugin. It's happening on my site as well because the plugin is quite popular (2 million users!). I reported that before but IPS said this isn't a bug.

And I would agree. If anything, it’s a bug of Grammarly. It’s not supposed to change the layout of the text it is meant to check for spelling/grammer. 

[SJ77]

Looks like a bug to me

[Kirill N]

14 minutes ago, opentype said:

And I would agree. If anything it’s a bug of Grammarly. It’s not supposed to change the layout of the text it is meant to check. 

Well the suite isn't supposed to allow modifications to the page layout either. Right now, anyone can vandalize a page with that plugin.

[opentype]

The only bullet-proof way around that is to not allow any external rich-text content to go into the editor in the first place. If you do allow it, you will always be able to vandalize a post. That’s not a bug, it is by design. If you allow HTML styling in the post, you will get whatever styling that is. You would need artificial intelligence built in to decide which style statements (e.g. width, margin, padding, color, background-color …) are useful for the post/page and which are not. 

[sudo]

8 hours ago, Kirill N said:

This is because ZeroHour's post has the following code:

<div style="margin-left:1077px;margin-top:56px;">
			<div title="Protected by Grammarly">
				 
			</div>
		</div>

inserted by the Grammarly plugin. It's happening on my site as well because the plugin is quite popular (2 million users!). I reported that before but IPS said this isn't a bug.

Sneaky %^&%^& I had no idea it was doing that, I have removed the addon now!

 

EDIT: I actually think the way the plugin works is causing the editor to pick up the html rewrites it does for its inserts rather than a tracker blip. Its one of the issues between chrome plugins and a html editor.

[Mark]

17 hours ago, Morgin said:

Is there a specific reason md5 is still used in the suite? I see the security fixes are for md5 issues. Is that backwards compatibility?

We don't use md5 for passwords or "encrypting" any sensitive information, but we do use it for certain areas where we need a random unique string.

17 hours ago, Marius said:

What exactly is this?

An example of what does this it would be ideal.

It's just a change to the REST API introduced in 4.1.6. Any endpoints which return member data will now include the member's custom profile field values.

[MADMAN32395]

On 3/3/2016 at 0:54 PM, Charles said:

We are in QA process on 4.1.9 now.

Just a random thought, I see that the current status is set to 'In Development'; wonder if we could get like a 'In QA' or various other statuses? IDK seems like the Dominos Pizza Tracker lol

[SJ77]

On 3/4/2016 at 7:07 AM, Mark said:

 

It's just a change to the REST API introduced in 4.1.6. Any endpoints which return member data will now include the member's custom profile field values.

That will be extremely useful. It will be nice to make use of those fields in 3rd party apps etc.

[RevengeFNF]

Will 4.1.9 probably be released this week?

[ZakRhyno]

On 3/7/2016 at 11:57 AM, RevengeFNF said:

Will 4.1.9 probably be released this week?

Are the week after this post from the week you posted @RevengeFNF