We have just released new versions of our products:
- WoltLab Suite 5.2.5
- WoltLab Suite 3.1.13
- WoltLab Suite 3.0.24
Stability releases (also known as "minor releases") aim to solve existing problems in the current version. Like every stability release, they do not introduce new features; It is strongly recommended to apply these updates.
Users Sending Emails to Users
The software contains a legacy feature that enables users (and if configured, also guests) to send emails to other users. This feature has little use today, but is more often than not overlooked by administrators, especially those migrating from previous versions. The form uses a dedicated group permissions that was enabled by default in previous versions and was often left unchanged.
It has come to our attention that attackers take advantage of this feature and actively abused it to send out spam emails to other users. We've taken two steps to mitigate this issue to some extent:
- Force revoked the group permissions to use this form. Site owner can grant the permissions again at their own discrection, although we strongly advise against this.
- The captcha protection of the mail form was previously enabled for guest access only and is now enforced for users alike. This is the first form to enforce the captcha for logged-in users too.
This change has previously been applied to the 5.2 series and is now in full effect for the entire WoltLab Suite 3.x series.
Performing System Updates
Open your Administration Control Panel and navigate to Configuration > Packages > List Packages. Please click on the button Search for Updates located in the right corner above the package list.
Notable Changes
The list below includes only significant changes, minor fixes or typos are generally left out.
WoltLab Suite Blog
- Pages excluded from access by search engines were incorrectly listed in the sitemap. 3.1
WoltLab Suite Calendar
- Pages excluded from access by search engines were incorrectly listed in the sitemap. 3.1
WoltLab Suite Filebase
- Pages excluded from access by search engines were incorrectly listed in the sitemap. 3.1
- File owners were unable to delete responses to reviews despire having the permissions. 5.2
WoltLab Suite Gallery
- The list of deleted images raised an exception when viewed by guests. 3.0 3.1
- Pages excluded from access by search engines were incorrectly listed in the sitemap. 3.1
WoltLab Suite Forum
- Attempting to move a thread raised an exception in PHP 7.4. 5.0 5.1
- Pages excluded from access by search engines were incorrectly listed in the sitemap. 5.1 5.2
WoltLab Suite Core: Conversations
- Resolved an issue when replying to conversations when one or more participants were deleted. 3.0 3.1
- The import from vBulletin could fail due to an incorrect recognition of numeric values. 3.0 3.1 5.2
WoltLab Suite Core
- Resolved two compatibility issues with PHP 7.4. 3.0 3.1
- Reading articles yielded an incorrect location in the users online list. 3.0 3.1 5.2
- Requests dispatched through HTTPRequest would not apply the timeout value to the stream itself. 3.0 3.1 5.2
- Improved the behavior of the mobile message UI. 3.1
- Optimized the processing speed of messages with excessive amounts of HTML nodes. 3.1 5.2
- An incorrect sort direction caused packages installed via the package server to sometimes favor older versions over newer ones. 3.1 5.2
- Removed the compatibility check for the API versions. 3.1
- Overly restrictive permission checks for non owner groups. 5.2
kilde: Please login to see this link.
