miniBB

^®
Support Forums

| Start | Register | Search | Statistics | File Bank | Manual |

	miniBB Support Forums / News /
	miniBB version 2.0.5 released
	Page 1 of 2: 1 2 Next »

	Paul Lead Developer	#1 \| Posted: 24 May 2007 05:29
		The most important part of this release is (discovered by one of our users from Czech Republic) XSRF/CSRF hack protection, based on introduction of additional random "token" cookie, which is set when a member is signed in. New non-mandatory option $addMainTitle allows to display generic forums name following certain forum's or topic's title in <title> tag (by default it won't be displayed anymore). This upgrade is highly recommended to everybody, since after initial testing, CSRF protection based on the new cookie, will be also introduced in some paid addons later next week. Be sure your software version is safe! As usually, follow the bottom of Update History file to note the files which need to be upgraded. Comments regarding the update are welcome as always.

	tom322 Active Member	#2 \| Posted: 25 May 2007 16:41
		So far so good - simple, but effective idea with a new cookie.

	marsbar Associated Member	#3 \| Posted: 26 May 2007 18:13
		Hi Paul, You may already know this: the upgrade to 2.0.5 affects admin's and pre-moderators' ability to delete topics--held in the pre-moderation queue--via the pre-moderation interface. (The error message reads: Can not proceed: possible CSRF/XSRF attack!) Admin and pre-moderators can, however, get around the problem by quitting the pre-moderation interface and then deleting the 'pending topics' via miniBB's default (post-)moderation interface. Hope I am making sense to you! :-) - mb

	Paul Lead Developer	#4 \| Posted: 28 May 2007 06:50
		marsbar Thanks for reporting this - as I mentioned above, I will work on the plugins this week time by time and I hope you'll get the updated version ASAP (please inform me privately if you still have no access to the customers area downloads).

	marsbar Associated Member	#5 \| Posted: 28 May 2007 07:15
		Apologies, Paul: short-sighted me must have missed the bit about updating the plugins, in your original post! (Didn't mean to rush you! :-)) Shall contact you shortly, in private, about accessing the customers area. Best - mb

	Paul Lead Developer	#6 \| Posted: 28 May 2007 10:07
		I didn't mean at all you've meant to rush me ;-) Ok, I did a quick upgrade of the Premoderation addon and File upload addon this time (this stuff is also upgraded on minibbtest as much as the newest miniBB release is installed there). marsbar, I've sent you the customers information, welcome to test new premoderation addon release and inform me how it works. Thank you in advance. Other addons will be upgraded during the week; we will issue a special news notice when the whole upgrading process will be completed.

	marsbar Associated Member	#7 \| Posted: 30 May 2007 01:41
		Paul wrote: marsbar, I've sent you the customers information, welcome to test new premoderation addon release and inform me how it works. As always, many thanks for your prompt response, Paul. I am happy to report that the deletion problem experienced before the upgrade (to v1.2.1) is now no more. Perfect! :-) Cheers, mb

	teva Partaker	#8 \| Posted: 30 May 2007 02:10
		Hey! I just did a clean upgrade to 2.0.5 and i also get Can not proceed: possible CSRF/XSRF attack! I don't have premoderation on file upload addon. Any idea how to fix this? tnx

	Paul Lead Developer	#9 \| Posted: 30 May 2007 03:28
		teva Be sure you have updated templates/main_posts.html file's JavaScript codes and functions.

	teva Partaker	#10 \| Posted: 30 May 2007 04:40
		yep..it works now..tnx Were there any more changes in templates dir? I have changed quite few templates and comparing with new ones would take some time. I used 2.0 RC6b before upgrading to 2.0.5 tnx

	marsbar Associated Member	#11 \| Posted: 30 May 2007 05:29
		Teva, have a look at the miniBB update history (change log) for details. - mb

	Paul Lead Developer	#12 \| Posted: 31 May 2007 05:08
		I would like to mention that the following addons were updated because of CSRF vulnerability too: Avatars Member Pictures Moving Replies

	Ivan Advanced Member	#13 \| Posted: 8 Jun 2007 07:52
		Hi Paul! :) I, too, like Martin Luther King, have a dream. His one was about the freedom. Mine is about a Visual Special Addon for miniBB 2 :) Do you think my dream is possible in the real world? :)))

	Paul Lead Developer	#14 \| Posted: 8 Jun 2007 08:20
		Yes I have it in plans, but the plans have no exact date and not exact estimate. Most probably I could work on it in 2 years or something.

	Talbot Partaker	#15 \| Posted: 9 Jun 2007 09:36
		To be honest I'm not exactly sure what these recently discovered hacks are supposed to be doing or their nature, but do I need to replace all of minibb 2.x with 2.05 ? Or just specific sections ? As I recall certain scripts have custom code in them from me or add ons, and it's a pain to replace everything if it's just 1 or 2 scripts that are different. I'm guessing it's just any file in the Zip that has modification date > 20th April? Also does captcha paid add on need to be updated for 2.05 ? It wasn't mentioned here: https://www.minibb.com/forums/9_4678_0.html thanks

Page

Page 1 of 2: 1 2 Next »

	miniBB Support Forums / News /
	miniBB version 2.0.5 released Share Topic's Link


	Home Features Requirements Demo Download Showcase Gallery of Arts Compiler Premium Extensions Premium Support License Contact Us

Proceed with the File and Picture Attachments add-on: extend your miniBB-forums, attaching images and files.

⇑