We have just released new versions of our products:
- WoltLab Suite 5.5.8
- WoltLab Suite 5.4.25
- WoltLab Suite 5.3.26
Stability releases (third part of the version number, also known as “patch releases”) aim to solve existing problems in the current version. Like every stability release, they do not introduce new features. It is strongly recommended to apply these updates.
We have been notified by Chabik Hatim about a vulnerability in the processing of a malformed user account activation code. Accessing the user account activation form with manipulated activation code parameters allowed HTML code to be injected into the generated error message on that page.
All WoltLab Cloud customer installations have already been updated.
How to Apply Updates
Open your Administration Control Panel and navigate to “Configuration → Packages → List Packages”. Please click on the button “Search for Updates” located in the right corner above the package list.
The list below includes only significant changes, minor fixes or typos are generally left out.
WoltLab Suite Calendar
- The check for overlapping dates did not correctly process dates before 1970. 5.5
WoltLab Suite Forum
- The display of status changes (“Closed”, “Moved”, “Labelled”, ...) within a thread was fixed. 5.5
- The filter for subscribed threads and forums in boxes generated an invalid database query. 5.5
- The import of subscribed thread has been fixed. 5.5
- Deletion of existing subscriptions when querying notifications for inaccessible threads and forums was fixed. 5.5
- Manual approval of posts and threads did not work for repeated requests. 5.5
WoltLab Suite Core: Importer
- WoltLab Suite 5.5
- The import of subscribed threads was fixed. 5.5
- IP.Board 3.x
- Encoded special characters in the user title were not decoded before saving. 5.5
WoltLab Suite Core
- (SECURITY) A vulnerability in processing incorrect activation codes for user activation was fixed. 5.5 5.4 5.3
- Fixed a compatibility problem with PHP 8.1 when searching for profile fields. 5.5
- The display of the button to show the participants of a poll was fixed. 5.5
- The behavior of inserting tables into the editor was improved. 5.5
- The “Edit profile” link in the user menu is now displayed only if the user is allowed to edit their profile. 5.5
- The rich embeds no longer cause an error when previewing an article in the administration interface. 5.5
- Domains that are stored in the list for “Additional Internal Domains” are now automatically valid domains for embedding external images. 5.5
- Links to the login form are now marked with rel="nofollow" to avoid that search engines call the login form with many changing ?url= parameters and thus waste resources. 5.5
- Empty description texts of styles are no longer displayed. 5.5
- A compatibility problem with outdated browsers in dialogs has been fixed. 5.5
- After deactivating the article system via the module control, existing entries in the “Recent Activities” are no longer displayed. 5.5
- HTTP responses are now automatically detected in code blocks and the appropriate syntax highlighter is selected. 5.5
- For developers: Corrections to the PHP DDL. 5.5
- For developers: Fixed the check against DatabaseObjectList::$baseClassName for derived classes. 5.5
- For developers: The check for “owned files” in the fileDelete PIP was fixed. 5.5
- For developers: Import of single functions from Dom/Util.ts works now. 5.5
- For developers: Using <delete> in the language PIP now correctly deletes language variables from the respective language only instead of from all languages. 5.5