#IPS #Community #Suite 4.1.12 è stata rilasciata

Come da segnalazione di @Daniel ./ips-community-suite-4111-è-stata-rilasciata-r153/#comment-234 e come da segnalazione appena giunta sul pannello di controllo (suppongo ci siano degli schemi per avvisare gli utenti affinché non aggiornino tutti allo stesso istante), la versione 4.1.12 di ipb – già in beta da alcuni giorni – è adesso stata rilasciata 🙂

Riporto qui le note di rilascio in Inglese:

Leggi tutto “#IPS #Community #Suite 4.1.12 è stata rilasciata”

Error_Log: come configurarlo correttamente e in sicurezza

Nella programmazione, si sa, gli errori sono “estremamente importanti”.

Senza di essi non sapremmo cosa non funziona, ma se questi son pubblici si rischia di rivelare informazioni sensibili (eg: dati del database, percorso degli script ecc…). Meglio prestare attenzione!

Proprio in questi giorni, post cambio migrazione hosting, mi son ritrovato col dover nascondere gli errori al pubblico, e far sì che questi fossero però presenti da qualche parte affinché, in caso di evidenti problemi (script che non fanno quello che dovrebbero), almeno mi faccio un’idea di come poter rimediare.

Leggi tutto “Error_Log: come configurarlo correttamente e in sicurezza”

IPS Community Suite 4.1.10 è stata rilasciata

Released 04/05/2016

This is a security release and we recommend all clients upgrade as soon as possible.

Key Changes

This is a maintenance release to fix reported issues and add refinement to existing features. In addition to bug fixes and performance improvements, it includes following new/changed features:

  • Instant notifications are now dismissible.
  • The sidebar has been added back to the stream pages.
  • You can now sort by most downloaded in Downloads app.
  • The ModeratorCP and AdminCP IP Address Tools now allow you to track the IP addresses used to vote in polls.
  • A new setting has been added to disable the RSS feed for activity streams.
  • A new setting has been added to specify the minimum display name length.
  • Adds a new “can unban” moderator permission separate to the “can edit profiles” permission being used previously.
  • IP addresses now show in reports.
  • There is now a constant-level setting to disable the ACP IP address check in case of being locked out of the ACP.
  • Several improvements to Commerce to make some features clearer: the Shipping Rates configuration pages now indicate to the admin if a potential mistake has been made, the front-end indicates to admins if no support departments have been set up, and the renewal settings wording has been clarified.

Additional Information

Security Fixes

This release includes fixes for several security issues:

  1. A CSRF vulnerability on moderation tools, meaning a malicious user could exploit a moderator’s session to perform moderator actions.
  2. Several XSS vulnerabilities meaning if a malicious user could convince another user to perform particular steps, limited arbitrary JavaScript could be executed.
  3. A vulnerability that could cause attachments to be downloaded automatically without the user requiring to click on them.
  4. A vulnerability that could allow malicious users to modify other users stream settings.

Other Important Fixes

In addition to over 100 smaller bug fixes and performance improvements, the following important fixes are included:

  • Errors in Commerce when using a locale that uses a comma as the decimal point.
  • If friendly URL rewriting is not enabled, links shared on Facebook do not work.
  • Several issues with Anti-Fraud rules in Commerce, especially in conjunction with PayPal.
  • The “Upcoming Events” widget in Calendar may not show all events.
  • Pagination in some areas may be incorrect.
  • Several issues with BBCode, especially IMG tags inside of URL tags and lists.
  • Several issues with the new activity stream including an issue where container filters may not work and some situations may cause the page to overflow because the filter bar is too wide.
  • Emoticons may appear squished in the Chat application.
  • The support request auto resolve feature in Commerce may send emails at the wrong time.
  • Using MariaDB may cause some tables to be converted to MyISAM from InnoDB.
  • Some filters in the mass-move/prune feature in the AdminCP weren’t working correctly.
  • Trying to set up the 2CheckOut gateway in Commerce may not work.
  • Several MaxMind issues, including transactions made by guests would show an error.
  • Items set to be excluded from the sitemap may still be included.

Information for 3rd party developers

  • ProfileSync classes are no longer required to have a photo() method
  • jQuery has been updated to 1.12.2
  • CodeMirror has been updated to 5.13
  • Login Handlers must now implement a canProcess() method to verify that the login handler can be used in the event a member disassociates their account from a different service.

Leggi tutto “IPS Community Suite 4.1.10 è stata rilasciata”

La versione 4.1.9 di IPS Community Suite è ora disponibile.

La versione 4.1.9 di IPS Community Suite è ora disponibile.

This includes a security patch and we recommend you upgrade as soon as possible.

This release fixes reported issues from clients in our bug tracker and support tickets and adds refinement to existing features.

New or Changed Features

  • When your link auto-embeds in a post such as with an image, YouTube video, Twitter link, etc. an option will now display to revert the embed back to a plain text link if you do not want the embed.
  • New setting to disable embedding.
  • Facebook/Twitter integration improvements
  • If you are an administrator and encounter a system error, additional debug output will now display. Regular members will see the normal error message.
  • Custom Fields for Support Requests in Commerce now show on the front-end.
  • If an advertisement is set up with a main image, but not smaller images for tablets/mobiles, the ad would not show at all on tablets/mobiles. This has changed so the main image will display on all devices unless smaller images are provided.
  • Topics scheduled to automatically lock or unlock will now reflect this in the topic listing and when viewing the topic.
  • Placing a link to a Facebook status will embed when possible.
  • When viewing a report, the container (for example, the forum) the content is from is displayed.
  • Three character searches are now allowed in the Admin CP Live Search.
  • The Account Settings page now uses vertical rather than horizontal tabs to prevent overflow.
  • If Gravatar is enabled, and a user has not defined an profile photo, then their email address will be used to fetch from Gravatar unless explicitly set not to.
  • Gfycat embeds now use their oEmbed endpoint rather than their JS API.
  • Using Amazon CloudFront as https provider will now be recognized as valid secure connection.
  • The member REST API endpoint will now return custom fields.
  • The Developer Center for Plugins now shows the filename in the list of hooks, and when editing a hook, a breadcrumb includes a link back to the list.
  • Inline notifications can now be dismissed
  • Efficiency improvements to the search index
  • You can now close a poll independently of the topic

Important Fixes

In addition to dozens of smaller fixes this release includes fixes for the follow items that impacted many clients:

  • Several security enhancements.
  • The posting parser has been made more efficient.
  • Some BBCode does not parse correctly in version 4 and we have applied some fixes for this. In general BBCode is deprecated so we only provide basic support.
  • Sitemaps could sometimes be blank if there was no content in a specific section.
  • Certain URLs from version 3 were not redirecting properly to the new version 4 format.
  • The timezone detection is now more robust and will more gracefully fail if it cannot determine a visitor’s timezone.
  • Permission matrices have been reworked to send less data to prevent exceeding server limitations.
  • Decimal handling has been reworked in Commerce for more precise calculations.
  • The database class now handles InnoDB deadlocks more gracefully, and some queries have been changed to reduce the likeliness of deadlocks.
  • Performance improvements to areas which perform large updates on the members table (for example, when editing permissions).
  • Pages ‘number’ custom fields previously had an upper limit for submitted values around 2 billion.
  • Multiple fixes for tag searching

Leggi tutto “La versione 4.1.9 di IPS Community Suite è ora disponibile.”

Aspettando la versione 4.1.9, è stata appena rilasciata IPB Suite 4.1.8.1

IPS Community Suite 4.1.8.1

Released 02/04/2016


Key Changes

This is a very small release to fix a few rather annoying issues from 4.1.8. Sorry about that 😮

  • Fixes an issue where incoming emails were not being received correctly.
  • Fixes an issue where guests could do a partial account registration which could cause some confusion to the administrator when editing.
  • Fixes an issue where the AdminCP dashboard may incorrectly report tasks aren’t running when they actually are.

Leggi tutto “Aspettando la versione 4.1.9, è stata appena rilasciata IPB Suite 4.1.8.1”