#IPS #Community #Suite 4.1.12 è stata rilasciata

Come da segnalazione di @Daniel ./ips-community-suite-4111-è-stata-rilasciata-r153/#comment-234 e come da segnalazione appena giunta sul pannello di controllo (suppongo ci siano degli schemi per avvisare gli utenti affinché non aggiornino tutti allo stesso istante), la versione 4.1.12 di ipb – già in beta da alcuni giorni – è adesso stata rilasciata 🙂

Riporto qui le note di rilascio in Inglese:

Leggi tutto “#IPS #Community #Suite 4.1.12 è stata rilasciata”

Rilasciato WordPress 4.5.1 (Maintenance Release)

Traduzione veloce dall’articolo originale (con qualche aggiunta personale): https://wordpress.org/news/2016/04/wordpress-4-5-1-maintenance-release/

WordPress 4.5 era stato rilasciato appena due settimane fa e già era stato scaricato cca 6milione di volte! Adesso, il team di WordPress, evidentemente più operativo che mai, è già pronto ad annunciare il rilascio di una nuova versione: WordPress 4.5.1, una release di mantenimento.

Questa release corregge 12 bug, primo fra tutti uno che ha causato seri problemi ai blog che usano il tema Twenty Eleven, un’incompatibilità tra alcune versioni Chrome e l’editor visuale, e un bug di Imagick che potrebbe causare problemi durante l’upload dei file (media). Questa versione di mantenimento risolve un totale di 12 bug dalla versione 4.5. Per ulteriori informazioni, consultare le note di rilascio o il changelog (elenco delle modifiche).

Scarica WordPress 4.5.1 oppure Leggi tutto “Rilasciato WordPress 4.5.1 (Maintenance Release)”

IPS Community Suite 4.1.11 è stata rilasciata

Key Changes

This is a small maintenance release to fix a few issues reported in 4.1.10. In addition to bug fixes and performance improvements, it includes following new/changed features:

  • Integration with SparkPost replaces Mandrill for optional email service as Mandrill is stopping their current service toward the end of April.
  • Questions in Question and Answer forums can now be sorted by most votes.
  • The “All Activity” activity stream now has an RSS feed.
  • The filter bar at the top of the activity stream no longer sticks to the stop of the screen when scrolling.
  • If you receive a browser notification your notification menu will now reload to get the latest notification.
  • More consistent visual feedback when a post submit or edit is processing to reduce duplicates.
  • Sidebar widgets now how rounded corners to match rest of Suite.
  • Recaptcha style is now a per-theme setting.
  • You can now set which theme should be the default for the AdminCP separate to which should be the default for the front-end.

Important Note

This is the last release that will support PHP 5.4 as it is end of life and no longer supported by PHP.

Please also note that PHP 5.5 goes full end of life in July 2016 so you should look into upgrading if your web host is using outdated versions. We will not immediately stop supporting PHP 5.5 in July but it may follow soon after.

Additional Information

Important Fixes

In addition to many smaller bug fixes and performance improvements, the following important fixes are included:

  • Guests were able to create streams.
  • Logging into the AdminCP using Microsoft Sign In wasn’t working.
  • Pas were missing from the report center.
  • In some circumstances, “0” would be removed from post content.
  • MySQL 5.7 could throw an error when trying to clear out sessions.
  • A recent Chrome update caused ACP search results to not display.
  • Replying to support requests on an iPad wasn’t working in some circumstances.

Security Fixes

We are engaging in a third-party security audit of IPS Community Suite so you can expect the next few releases to contain a lot of security hardening. Many of these issues are not critical but we do still want to get the updates to you. This release includes fixes for several security issues:

  1. Several CSRF vulnerabilities – most importantly on the process for associating OAuth sign-ins (Facebook, Twitter, etc.) with an account, meaning a malicious user could associate their own OAuth sign-in with another user’s account.
  2. A session-hijacking vulnerability where after a login key is reset (such as after a password) since a new key is not immediately generated, the account was vulnerable to hijacking until they sign in again.
  3. A bug which meant the names of forums or other nodes a user did not have permission to access may have been exposed by accessing a particular URL.
  4. Several XSS vulnerabilities meaning if a malicious user could convince another user to perform particular steps, limited arbitrary JavaScript could be executed.
  5. A vulnerability where if using the “Download Member List” feature and opening the file with certain applications, malicious user data could cause expressions to be evaluated.

And several security improvements:

  1. Any existing sessions for a member are now cleared if they change their password, meaning users signed in on multiple devices will need to sign in again after a password change.
  2. A more secure hash generation algorithm is now used for login keys.

Information for 3rd party developers

  • ModCpMemberManagement can now return NULL to not display the tab.
  • CKEditor has been updated to 4.5.8.

Le note importanti, oltre ai vari bugfix, sono, a mio parere, la fine del supporto a php 5.4, e la presenza di un team di sicurezza esterno (il che dovrebbe portare a migliorare notevolmente la sicurezza dell’applicativo).

Insomma, buone nuove da Invision Community 🙂

Finito questo articolo, provvederò immediatamente all’aggiornamento 😉

Leggi tutto “IPS Community Suite 4.1.11 è stata rilasciata”

WordPress 4.5 – Nome in codice: “Coleman” – è stato rilasciato

WordPress rilascia sempre le sue versioni in onore di grandi musicisti Jazz, e questa nuova versione, la 4.5, è stata rilasciata in onore del sassofonista Coleman Hawkins.


Version 4.5 of WordPress, named “Coleman” in honor of jazz saxophonist Coleman Hawkins, is available for download or update in your WordPress dashboard. New features in 4.5 help streamline your workflow, whether you’re writing or building your site.

Leggi tutto “WordPress 4.5 – Nome in codice: “Coleman” – è stato rilasciato”

IPS Community Suite 4.1.10 è stata rilasciata

Released 04/05/2016

This is a security release and we recommend all clients upgrade as soon as possible.

Key Changes

This is a maintenance release to fix reported issues and add refinement to existing features. In addition to bug fixes and performance improvements, it includes following new/changed features:

  • Instant notifications are now dismissible.
  • The sidebar has been added back to the stream pages.
  • You can now sort by most downloaded in Downloads app.
  • The ModeratorCP and AdminCP IP Address Tools now allow you to track the IP addresses used to vote in polls.
  • A new setting has been added to disable the RSS feed for activity streams.
  • A new setting has been added to specify the minimum display name length.
  • Adds a new “can unban” moderator permission separate to the “can edit profiles” permission being used previously.
  • IP addresses now show in reports.
  • There is now a constant-level setting to disable the ACP IP address check in case of being locked out of the ACP.
  • Several improvements to Commerce to make some features clearer: the Shipping Rates configuration pages now indicate to the admin if a potential mistake has been made, the front-end indicates to admins if no support departments have been set up, and the renewal settings wording has been clarified.

Additional Information

Security Fixes

This release includes fixes for several security issues:

  1. A CSRF vulnerability on moderation tools, meaning a malicious user could exploit a moderator’s session to perform moderator actions.
  2. Several XSS vulnerabilities meaning if a malicious user could convince another user to perform particular steps, limited arbitrary JavaScript could be executed.
  3. A vulnerability that could cause attachments to be downloaded automatically without the user requiring to click on them.
  4. A vulnerability that could allow malicious users to modify other users stream settings.

Other Important Fixes

In addition to over 100 smaller bug fixes and performance improvements, the following important fixes are included:

  • Errors in Commerce when using a locale that uses a comma as the decimal point.
  • If friendly URL rewriting is not enabled, links shared on Facebook do not work.
  • Several issues with Anti-Fraud rules in Commerce, especially in conjunction with PayPal.
  • The “Upcoming Events” widget in Calendar may not show all events.
  • Pagination in some areas may be incorrect.
  • Several issues with BBCode, especially IMG tags inside of URL tags and lists.
  • Several issues with the new activity stream including an issue where container filters may not work and some situations may cause the page to overflow because the filter bar is too wide.
  • Emoticons may appear squished in the Chat application.
  • The support request auto resolve feature in Commerce may send emails at the wrong time.
  • Using MariaDB may cause some tables to be converted to MyISAM from InnoDB.
  • Some filters in the mass-move/prune feature in the AdminCP weren’t working correctly.
  • Trying to set up the 2CheckOut gateway in Commerce may not work.
  • Several MaxMind issues, including transactions made by guests would show an error.
  • Items set to be excluded from the sitemap may still be included.

Information for 3rd party developers

  • ProfileSync classes are no longer required to have a photo() method
  • jQuery has been updated to 1.12.2
  • CodeMirror has been updated to 5.13
  • Login Handlers must now implement a canProcess() method to verify that the login handler can be used in the event a member disassociates their account from a different service.

Leggi tutto “IPS Community Suite 4.1.10 è stata rilasciata”