Update: WoltLab Suite 5.3.6 / 5.2.14 / 3.1.22

  • We have just released new versions of our products:

    • WoltLab Suite 5.3.6
    • WoltLab Suite 5.2.14
    • WoltLab Suite 3.1.22

    Stability releases (also known as "minor releases") aim to solve existing problems in the current version. Like every stability release, they do not introduce new features; It is strongly recommended to apply these updates.

    Security Notice

    We have identified an issue that permits moderators to approve content or move it to the trash even if they should not be allowed to. This only applies to content that they can directly access via the moderation panel. The interface does not permit this action, the moderator must actively invoke the server side API to take advantage of this issue.

    We have identified another set of issues related to the embedded content, for example, embedded calendar events or forum posts. The responsible implementations did not verify the permissions of the viewer, potentially leaking the excerpt of the embedded message they have no access to.

    All WoltLab Cloud customers have already been patched to address these issues.

    How to Apply Updates

    Open your Administration Control Panel and navigate to Configuration > Packages > List Packages. Please click on the button Search for Updates located in the right corner above the package list.

    Notable Changes

    The list below includes only significant changes, minor fixes or typos are generally left out.

    WoltLab Suite Blog

    • (SECURITY) Failed to validate the permissions of the user before displaying an embedded excerpt. 5.3 5.2

    WoltLab Suite Calendar

    • (SECURITY) Failed to validate the permissions of the user before displaying an embedded event. 5.3 5.2
    • Allow event owners to add users that have a pending invitation as participants. 5.3 5.2
    • Incorrect detection of overlapping events in different categories. 5.3
    • Mark cancelled events in the export result. 5.3
    • Duplicate reaction buttons for comments in events. 5.3

    WoltLab Suite Filebase

    • (SECURITY) Failed to validate the permissions of the user before displaying an embedded excerpt. 5.3 5.2
    • The error message when exceeding the quota was malformed. 5.3 5.2 3.1

    WoltLab Suite Forum

    • (SECURITY) Failed to validate the permissions of the user before displaying an embedded post/thread. 5.3 5.2
    • Unified the access to the internal API to work-around an incompatibility with the plugin for ignored threads. 5.3
    • Resolved a compatibility issue with PHP installations using the ancient MySQL extension. 5.3
    • Improved the appearance and behavior of the post/thread BBCode. 5.3

    WoltLab Suite Gallery

    • (SECURITY) Failed to validate the permissions of the user before displaying an embedded image. 5.3 5.2 3.1
    • Beim Hinzufügen eines weiteren Video-Links im selben Formular kam es zu einem Fehler. 5.3 5.2
    • Die Anzahl weiterer Bilder in der Seitenleiste war fehlerhaft, wenn der Betrachter nicht alle Bilder aufrufen darf. 5.3

    WoltLab Suite Core: Conversations

    • Sorting the list of conversations after filtering by participant caused the filter to be removed again. 5.3

    WoltLab Suite Core: Infractions

    • The German translation used an incorrect wording in the title of the generated conversation. 5.3

    WoltLab Suite Core

    • (SECURITY) Validate the permissions of a moderator to approve content or to move content to the trash. 5.3 5.2 3.1
    • Updates to the own user profile now trigger a user rank recalculation. 5.3 5.2 3.1
    • Added the support for YouTube Shorts. 5.3 5.2
    • Incorrect handling of content from ignored users in the list of recent activities. 5.3 5.2
    • Prevent incomplete installations of apps from blocking the admin panel. 5.3
    • Changes to the editor while in source mode were not always recognized. 5.3
    • Improved the auto generation of anchors for the table of contents. 5.3
    • Removed a legacy work-around for old Chrome browsers that caused a visual glitch in some dialogs. 5.3
    • The list of packages from package servers now prefer the software's default language. 5.3
    • Exported styles contained the preview image and cover photos twice. 5.3
    • Modified the database queries to mark all notifications as read to prevent the likelihood of deadlocks. 5.3
    • Improved the visuals of embedded content. 5.3
    • Pasting code or inserting quotes on iOS behaved unexpectedly. 5.3
    • Selecting text on Android sometimes caused the browser to scroll to the end of the page. 5.3
    • Improved the behavior of floating action buttons on mobile devices. 5.3
    • Attachments in signatures are no longer included in the ImageViewer for messages. 5.3
    • Greatly improved the performance of the display of very large messages. 5.3

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!