News
Aug 13, 2008, 4:36 am
Security fix: Quicksilver Forums 1.4.2 Released
Samson
This release fixes one security exploit that was discovered:
SQL injection (PoC code failed but there's definitely missing checks) ref: secunia-31419
As well as the following other miscelaneous bugs:
+ External http links are not setting _blank targets as needed. [Fixed by Detruire]
+ Conversion code is using the wrong DB file name.
+ Removing all member titles causes everyone to logout, as well as post problems
+ Topic publishing flags were not defined in the log actions.
+ Cannot edit a user's email from the AdminCP.
+ Bug# 1007 - Search criteria doesn't span multiple result pages.
+ Corrected lack of formatting on forum names.
+ Corrected validation recommendations for email addresses.
+ Over aggressive formatting in RSS feeds.
+ Poll icon is missing from the recent posts display.
One new feature was also added:
+ Mark a PM as unread.
Due to the existence of a proof of concept exploit for the security fix ( which fails btw, personally tried it and got nowhere ) it is highly advisable to upgrade your sites ASAP before the exploit can be updated to become effective.
( Add a comment )
Site Upgraded (Oct 21, 2007, 10:47 pm) - Samson
Security Fix: Quicksilver Forums 1.4.1 Released (Sep 30, 2007, 6:45 am) - Samson
Quicksilver Forums 1.4.0 Released (Aug 26, 2007, 5:55 pm) - Samson
The winner of the QSF 1.3.1 skinning comp is Detruire (Jan 15, 2007, 10:51 pm) - Geoff
Make a skin and win $500 (Nov 1, 2006, 10:40 pm) - Geoff
