Update: WoltLab Suite 5.5.6 / 5.4.24 / 5.3.25

  • We have just released new versions of our products:

    • WoltLab Suite 5.5.6
    • WoltLab Suite 5.4.24
    • WoltLab Suite 5.3.25

    Stability releases (third part of the version number, also known as “patch releases”) aim to solve existing problems in the current version. Like every stability release, they do not introduce new features. It is strongly recommended to apply these updates.

    Security Notice

    The JavaScript code of the software as well as of installed plugins is moved to the end of the generated HTML for performance reasons, so that the page can be displayed in the browser as quickly as possible. We discovered a bug in the implementation that could cause this shift to be performed incorrectly. Under certain preconditions, this enabled an attacker to cause foreign JavaScript code to execute.

    All WoltLab Cloud customer installations have already been updated.

    How to Apply Updates

    Open your Administration Control Panel and navigate to “Configuration → Packages → List Packages”. Please click on the button “Search for Updates” located in the right corner above the package list.

    Notable Changes

    The list below includes only significant changes, minor fixes or typos are generally left out.

    WoltLab Suite Blog

    Minor fixes. 5.5

    WoltLab Suite Calendar

    • The default values for events were not correctly copied to the form. 5.5

    WoltLab Suite Filebase

    • Minor corrections. 5.5

    WoltLab Suite Forum

    • Simultaneous selection of filters by unread first and last post caused a collision when retrieving data from the database. 5.5
    • Deleting disabled topics no longer causes activity points to be deducted twice. 5.5

    WoltLab Suite Gallery

    • Creating direct links to a filtered album list could generate invalid links in rare cases. 5.5

    WoltLab Suite Core: Importer

    • phpBB
      • The import of user groups was fixed. 5.5

    WoltLab Suite Core

    • (SECURITY) A bug in the processing of regular JavaScript calls in HTML could be used by an attacker to execute foreign JavaScript code under certain circumstances. 5.5 5.4 5.3
    • Articles that do not contain content will no longer be displayed publicly. 5.5
    • When inserting quotes in the editor, the cursor was not always placed below the quote. 5.5
    • Using the StoreCode to install an already installed package now generates a proper error message. 5.5
    • After submitting the settings for your user account in the frontend, you now stay in the previously selected category. 5.5
    • The English explanation text for activating email-based multi-factor authentication now also shows the email address of the account. 5.5
    • The [list=1]-BBCode is now converted to a numeric list. 5.5
    • For developers: The UserStorageHandler now has parameter types to make debugging easier. Values must be valid strings, non-scalar data types must be serialized manually. 5.5
    • For developers: The content of templates.tar and acptemplates.tar is now validated. No folders must be included and all files must have the extension .tpl. 5.5
    • For developers: the "Settings" tab in the WysiwygFormContainer is now available even if the smiley module is disabled. 5.5
    • For developers: SCSS files in style/ folders that are not placed in the root directory of an app are no longer included in the generated CSS. This particularly affects SCSS files in the acp/style/ folder. 5.5

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!