Menu

Wikindx v6.4.1 Released

Focus: minor bug fixes, maintenance, security

IMPORTANT INFORMATION

The security vulnerability is critical. We advise to update quickly.

Bugs fixes

  • Typo in changelog.
  • Field userkgusergroupsUserGroupId in table user_kg_usergroups should not accept NULL on first install.
  • Fix [#304] (missing input when clicking on Quarantine in Admin menu).
  • Syntax error in TinyMCE spellChecker code.
  • Syntax errors in API doc.
  • Remove some leftover print_r() statements.
  • Fix a missing icon when deleting a resource.
  • Correct totals when paging through the front page list.
  • Fix a missing input error in bibliographic/citation styles (bugs [#249] & [#305]).
  • Fix a crash on upgrade of step 34 for version 6.4.0. MariaDB and/or MySQL engines don’t support to fill, drop, and create a table in a single transaction.
  • Vendor components cannot be enabled/disabled.
  • Ensure that user database rows are universally deleted when deleting a user.
  • Ensure that logged-in users can attach resources to user tags.
  • Ensure that logged-in users can only edit a resource's categories, keywords, and languages if they own the resource or allowed to by the superadmin.
  • Add a default value to the users.usersFullname field [#316].

Maintenance

  • The curl_close() function no longer has an effect (PHP 8.0 support) [#265].
  • Update future TinyMCE (5.6.2).
  • Add browserTabID functionality to the home page.
  • Update Smarty (v3.1.38).
  • Update style xml files for locales [#308].
  • Bump component compatibility version of styles to 5.
  • Fix some typos [#310].
  • Simplify MySQL/MariaDB version query.
  • Full Ukranian translation (thanks to Yuri Chornoivan).
  • Set utf8mb4_unicode_520_ci as the default collation of the database.
  • Improve browserTabID functionality for single resource views.
  • Credits of translators.

Security

  • A cross-site scripting (XSS) vulnerability in many forms of version 6.4.0 allows remote attackers to inject arbitrary web script or HTML via the 'message’ parameter (CVE-2021-3340, thanks to jppuetz).

Related

Bugs and feature requests : #249
Bugs and feature requests : #265
Bugs and feature requests : #304
Bugs and feature requests : #305
Bugs and feature requests : #308
Bugs and feature requests : #310
Bugs and feature requests : #316

Posted by Stéphane Aulery 2021-01-28