Xoops 2.5.6
29 April 2013
Xoops version 2.5.6 is now available (security release).
Upgrading to Xoops 2.5.6
Xoops 2.5.6 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply Xoops updates as new versions are released, or use Installatron's Clone feature to duplicate an existing Xoops install to test the 2.5.6 upgrade prior to applying it live. Get started managing your Xoops installations with Installatron
What's New in Xoops 2.5.6
Security fixes:
- XSS/CSRF vulnerability in system/admin/groupperm.php (Dingjie Yang,Qualys/trabis)
- XSS/CSRF vulnerability in system/modulesadmin/main.php (Dingjie Yang,Qualys/trabis)
- XSS/CSRF vulnerability in system/admin/blocksadmin/main.php (Marcin,Ariko-Security Team/trabis)
- LFI vulnerability in system/admin/tplsets/jquery.php (Marcin,Ariko-Security Team/trabis)
Bugfixes:
- updated English translations (Cesag,Mamba)
- extra check for $noHtml in XoopsEditorHandler->get (luciorota)
- fixing $GLOBAL typo in jquery.php (Zyspec)
- Array to string conversion (geekwright/mamba)
- issues with missing xoopscomments table (geekwright/sabahan/Mamba)
- bug with using reference for non-variables (geekwright/mamba)
- number of users when "all groups" selected was wrong (tatane/mamba)
- fix for potential lack of rendering css and javascript in Installer on the last screen (culex)
- fix for missing Protector logo under PHP 5.4 (mamba)
- replacing ereg with preg_match in userutility.php (pmartina/paul)
- #1219 dhtmltextarea editor accent not displayed (cesag/alain091)
- added missing call for user language in /profile/index.php (xoobaru/zyspec)
- errors related to static functions, so it works on PHP 5.4 (Mamba)
- bug #1245 in class XoopsLoad.php (Alain91)
Updated:
- TinyMCE to 3.5.8 (mamba)
- Smarty to 2.6.27 (mamba)
- jQuery to 1.8.3 (mamba)
- jQueryUI to version 1.10 (mamba)
Added:
- Fast Comment Hack (Voltan)