WoltLab Suite 6.0.16 / 5.5.22 / 5.4.34

    • New
    • Official Post

    We have just released new versions of our products:

    • WoltLab Suite 6.0.15 + 6.0.16
    • WoltLab Suite 5.5.22
    • WoltLab Suite 5.4.34

    Stability releases (third part of the version number, also known as “patch releases”) aim to solve existing problems in the current version. Like every stability release, they do not introduce new features. It is strongly recommended to apply these updates.

    Security Notice

    When introduced with WoltLab Suite 3.0, the article system was designed as a purely editorial system for administrators and therefore had fewer restrictions as well as additional features like access to the media system. With later versions, the article system was further expanded and increasingly opened up to regular users, for example with the additional features for submitting articles.

    It was brought to our attention by SoftCreatR that the article system still permitted the use of arbitrary BBCodes. As a result, regular users were able to use BBCodes in articles that were not approved for them, which can open up possible security issues. Due to the still very editorial nature of the article system, the risk is deemed to be low. Nevertheless, we have decided to extend the existing restrictions for allowed BBCodes to the article system and to classify the previous lack of this restriction as a security risk.

    All installations of WoltLab Cloud customers have already been updated.

    How to Apply Updates

    Open your Administration Control Panel and navigate to “Configuration → Packages → List Packages”. Please click on the button “Search for Updates” located in the right corner above the package list.

    Notable Changes

    The list below includes only significant changes, minor fixes or typos are generally left out.

    WoltLab Suite Blog

    • Some wording has been improved. 6.0

    WoltLab Suite Calendar

    • Some wording has been improved. 6.0

    WoltLab Suite Filebase

    • Some wording has been improved. 6.0

    WoltLab Suite Gallery

    • Some formulations have been improved. 6.0

    WoltLab Suite Core: Elasticsearch Integration

    • The search did not correctly consider a partial match in some cases. 6.0

    WoltLab Suite Core: Importer

    • SMF 2.x
      • The import of conversations without participants did not work. 6.0

    WoltLab Suite Core

    • SECURITY The article system did not restrict the use of BBCodes, so it was possible to create content with BBCodes that may not be permitted. 5.4 5.5 6.0
    • A JavaScript error when creating comments has been fixed. 6.0
    • Closing the selection of a reaction no longer causes the page to scroll. 6.0
    • The icons for interacting with a code box were displayed incorrectly on mobile devices in some situations. 6.0
    • The filter for potentially misleading link titles in messages is now more tolerant. 6.0
    • The installation of incompatible packages via the Plugin-Store code is now rejected with the correct error message. 6.0
    • The authorization check when uploading signature file attachments when editing a user in the administration interface has been corrected. 6.0
    • When deleting replies to comments, the information on embedded objects was not cleaned up correctly. 6.0
    • The view of error logs now only includes first-level logs. 6.0

    Alexander Ebert
    Senior Developer WoltLab® GmbH

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!