Posts by Carbon

  • Forum Updates

    Forum software is updated to WoltLab Suite 6.2.1

    Stability releases (third part of the version number, also known as “patch releases”) aim to solve existing problems in the current version. Like every stability release, they do not introduce new features.

    Security Notice

    An internal code review has revealed a stored XSS vulnerability in the teaser text of articles (WoltLab Suite Core). This was caused by the incorrect handling of the teaser in the implementation of reactions.

    All WoltLab Cloud customers have already been updated.

    Notable Changes

    The list below differs a lot from our previous changelogs. First of all, we are trying a different approach that is much more verbose but provides a better insight into the actual changes. In earlier announcements we have been much more select in how much we cover but we have come to the conclusion that this larger list is more beneficial for developers.

    Second, we came across a pattern of bugs that sparked a much greater internal investigation. As a result we performed a thorough review of the changes between 6.1 and 6.2, identifying a lot of minor bugs that slipped through earlier reviews. In addition this has revealed a larger portion of small bugs that exist in earlier versions too but follow the same patterns.

    The update for 6.2 not only fixes a lot of previously hidden issues in that release but also includes a lot of fixes for bugs that have been in the code a long time but went unnoticed. It took us a lot of effort over the past two weeks to identify and resolve all these issues but we are super happy with the result.

    WoltLab Suite Forum

    • Fixed the RSS feed toggle using wrong API endpoints. 6.2
    • Fixed an exception when opening the RSS feed creation form. 6.2
    • Fixed the language selection field being visible when multilingualism is disabled in the RSS feed form. 6.2
    • Fixed the RSS feed form showing all languages instead of only content languages. 6.2
    • Fixed the RSS feed form listing link-type forums that cannot contain threads. 6.2
    • Fixed the thread feed returning the wrong post for the first post of a thread. 6.2
    • Fixed a template syntax error on the thread page. 6.2
    • Improved the accessibility of attachments in private forums. 6.1 6.1
    • Loading new posts could sometimes fail due to an incorrect handling of best answers. 6.2 6.1

    WoltLab Suite Core: Conversations

    • Conversations created from a draft are now correctly marked as read for the sender. 6.2
    • Added missing `type` attribute to the quick reply button. 6.2
    • Fixed incomplete list of dependent permissions being disabled when the main conversation permission is turned off. 6.2
    • Fixed the moderation report rendering using the wrong data type for conversation messages. 6.2
    • The label manager now only refreshes the list and shows a success notification when the dialog is confirmed. 6.2
    • Added runtime guards to prevent misleading results when conversation participant data is not available. 6.2
    • Migrated templates to use the new `unsafe:` output modifier and named route parameters. 6.2

    WoltLab Suite Core: Infractions

    • Fixed the default value of the points field when creating a new suspension to match its minimum value. 6.2
    • Fixed a crash when issuing a warning that triggers a suspension without an associated action. 6.2
    • Fixed the permission check for revoking warnings to use the correct permission. 6.2
    • Fixed the permission check for viewing the warning list of a user to use the correct permission. 6.2
    • Fixed the permission check for revoking suspensions to verify the correct permission. 6.2
    • Fixed the dialog title in warning details to be properly escaped for use in JavaScript. 6.2

    WoltLab Suite Core: Moderated User Groups

    • Fixed the return type of the `isVisible()` method in the user group application notification event. 6.2

    WoltLab Suite Core

    • SECURITY Fixed a stored XSS vulnerability in article teasers in combination with reactions. 6.2 6.1 6.0
    • Updated CKEditor to version 47.6.0. 6.2 6.1
    • Deprecated the JSON class and fixed the return type of JSON::decode(). 6.2
    • Gracefully handle undersized avatars instead of failing. 6.2
    • Fixed reCAPTCHA v3 not working without v2 keys being set. 6.2
    • Fixed broken pagination in grid and list views when filters are active. 6.2
    • Fixed various quote-related issues in the editor. 6.2
    • Fixed sorting by user in the trophy list. 6.2
    • Fixed the image cropper not providing dimensions in error messages for single-size configurations. 6.2
    • Fixed the ShowOrderFormField incorrectly including the edited object in the sibling list. 6.2
    • Fixed the moderation queue filter causing an SQL error on an empty IN clause. 6.2
    • Fixed the online badge being hidden on mobile devices. 6.2
    • Fixed the visibility of titles in Google Maps popups. 6.2 6.1
    • Fixed the use of multiple smiley categories in the form builder. 6.2
    • Fixed exceptions when using the trophy filter and the pagination in the exception log. 6.2
    • Fixed the link to discover automatically disabled phrases. 6.2
    • Fixed a missing space between anchor tag attributes. 6.2 6.1
    • Fixed the condition to migrate legacy images. 6.2
    • Fixed the wrong aria-title attribute name to aria-label. 6.2
    • Reset the category cache after adding or editing categories. 6.2
    • Reduced the impact of invalid files when rebuilding file data. 6.2
    • Added missing alt attribute to img tags. 6.2
    • Removed support for the footerBoxes position in ArticleListBoxController. 6.2
    • Fixed wrong PHPDoc types and unclosed generic type annotations. 6.2
    • Conditionally set the style exclude to avoid unnecessary restrictions. 6.2
    • Unified inconsistent phrases. 6.2
    • Updated third-party dependencies. 6.2