Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> v2.3 RN Announcements
Author Message
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17073

PostPosted: Sat Feb 28, 2009 12:29 pm Reply with quote

RavenNuke(tm) v2.30.01 - Security Change Log

===================================================
IT IS IMPERATIVE THAT YOU READ THIS SECURITY QUICK GUIDE BEFORE PROCEEDING
RavenNuke_Security_Change Log
===================================================

RavenNuke(tm) v2.30.01 - Security Specific Change Log

2009-02-18 v2.30.01 Security/Fix/Maintenance Release for RavenNuke(tm) - Minor Enhancements Possible
=================================
SECURITY QUICK GUIDE
=================================
To ensure your site is patched/secured in the shortest possible time, please upload/replace the following immediately!

** If you are upgrading from ANY version of RavenNuke(tm) that uses the CAPTCHA System: **
images/captcha.php
**
** If you are upgrading from ANY version of RavenNuke(tm) that uses the Resend Email Module: **
modules/Resend_Email/xx.xx - the entire Resend_Email folder/directory
**
** If you are upgrading from RavenNuke(tm) v2.30.00: **
admin.php
modules/Your_Account/xx.xx - the entire Your_Account folder/directory
**
** We strongly recommend that you make backups of all of the above mentioned files and just upload/replace them all
REGARDLESS of what version of RavenNuke(tm) you are using. Then of you have issues with the new files please
post in the forums for help. These files offer fixes and/or patches for various security issues.
**
0001349: [Captcha] Full path disclosure and remote detection of local files in captcha.php (KGuske) - resolved.
0001371: [Core - Modules] Sql Injection in "Resend_Email" module (Raven) - resolved.
0001350: [Module - Your Account (RNYA)] Remote Php Code Execution in avatarlist.php (KGuske) - resolved.
0001351: [Module - Your Account (RNYA)] Remote Php Code Execution in Your Account module (KGuske) - resolved.
0001376: [Module - Your Account (RNYA)] XSS Vulnerability in Your_Account (Evaders99) - resolved.
0001358: [Security / Vulnerability] Additional Form validation (Guardian2003) - resolved.
===================================================


===================================================
2009-02-18 v2.30.01 Security/Fix/Maintenance Release for RavenNuke(tm) - Minor Enhancements Possible
===================================================
0001294: [Addons - Content Plus] Compliance issues with content plus (jestrella) - resolved.
0001307: [Addons - Content Plus] Content added by admin message text (jestrella) - resolved.
0001348: [Addons - Content Plus] Content Plus Read Me (jestrella) - resolved.
0001337: [Addons - Content Plus] Content Plus, in association with check_html and kses.php strips color codes (jestrella) - resolved.
0001280: [Addons - Content Plus] Fixed several issues with Content Plus (jestrella) - resolved.
0001279: [Addons - Content Plus] Typo in Content Plus line 177 (jestrella) - resolved.
0001313: [Addons - Content Plus] Update Content Plus to version 2.2.1 (jestrella) - resolved.
0001278: [Addons - ShortLinks] Add ShortLinks for Contact Plus Module (Montego) - resolved.
0001295: [Addons - WYSIWYG] WYSIWYG Editor not working fine with mailto links and centered text or content (KGuske) - resolved.
0001389: [Admin Functions - Modules] Notice error when deleting Comments (Raven) - resolved.
0001282: [Admin Functions - Nuke] Duplicate modules after upgrade (Montego) - resolved.
0001349: [Captcha] Full path disclosure and remote detection of local files in captcha.php (KGuske) - resolved.
0001304: [Core (in General)] Several $prefix should be $user_prefix (Raven) - resolved.
0001277: [Core (in General)] Update all version number references to 2.30.01 (JakeC) - resolved.
0001336: [Core (in General)] Upgrade RN version numbers in configuration files to 2.30.01 (Raven) - resolved.
0001284: [Core - admin.php] Accessing Edit Admins as superuser imposes a ban if you are not also a God admin (RNTEAM) - resolved.
0001384: [Core - mainfile.php] Extraneous code removal from mainfile (Palbin) - resolved.
0001325: [Core - Modules] $bypassNukeSentinelInvalidIPCheck Missing From includes/nukesentinel.php (Raven) - resolved.
0001328: [Core - Modules] Message Admin - Add/Remove Quotes Problem (Raven) - resolved.
0001371: [Core - Modules] Sql Injection in "Resend_Email" module (Raven) - resolved.
0001324: [Core - Modules] Undefined variable: user_points (KGuske) - resolved.
0001363: [Core - Themes] Compliance problem with CT_RN viewtopic_body.tpl (fkelly) - resolved.
0001315: [Core - Themes] Page incorrectly centered on new user registration (KGuske) - resolved.
0001299: [Core - Themes] RavenIce Theme - Show Block Problem (Raven) - resolved.
0001342: [Documentation] HowToInstall - Link Problems (Raven) - resolved.
0001285: [Documentation] Incorrect instruction in Upgrade document (Raven) - resolved.
0001341: [Documentation] Link to Support Forum in HowToInstall - Wrong Forum (Raven) - resolved.
0001368: [Enhancement Request] Added NukeProject to AddOnFiles (Palbin) - resolved.
0001331: [Enhancement Request] WYSIWYG Editor in Admin Areas (Palbin) - resolved.
0001339: [General] Copyright update (Palbin) - resolved.
0001388: [Installation/Installer] Database Upgrade Script (fkelly) - resolved.
0001316: [Installation/Installer] Synchronize the logic for login/password values/lengths with edits in Core (Raven) - resolved.
0001381: [Installation/Installer] Wrong version of RNYA inserted in Database (KGuske) - resolved.
0001298: [Installer] Setup/Configuration Tool - Image Source for Message Problem (Raven) - resolved.
0001297: [Module - Advertising] Advertising Module Compliance - Flash (Guardian2003) - resolved.
0001314: [Module - Advertising] Advertising module is defaulted to ads(1) as "Left Block" when it should be "Page Header" (Montego) - resolved.
0001288: [Module - Downloads] Downloads Admin Language Problem - _CATEGORY (Guardian2003) - resolved.
0001382: [Module - Downloads] Downloads notice: mktime expects parameter 1 to be long, string given (KGuske) - resolved.
0001357: [Module - Encyclopedia] Encyclopedia admin WYSIWYG functions use regular user tool bar (KGuske) - resolved.
0001330: [Module - Encyclopedia] Undefined constants and Variables - Admin Area - Encyclopedia (KGuske) - resolved.
0001333: [Module - FAQ] Undefined constants and variables - Admin Area - FAQ (KGuske) - resolved.
0001344: [Module - Forums] Error when uploading a remote avatar when it doesn't meet height and width requirements (Evaders99) - resolved.
0001293: [Module - Forums] Misc fixes for Forums (Evaders99) - resolved.
0001291: [Module - Forums] Notice error: Forums page_header constant not defined (Guardian2003) - resolved.
0001345: [Module - Forums] Remote Avatars are not checked for Height, Width, or Size compliance (Evaders99) - resolved.
0001305: [Module - GCalendar] View Month Warning (Raven) - resolved.
0001312: [Module - GCalendar] Wrong datatype for second argument in GCalendar block (Montego) - resolved.
0001318: [Module - HTML Newsletter] Re-declared constant HTML Newsletter (Raven) - resolved.
0001275: [Module - News] Notice: Undefined _CATEGORY fix from 0001270 not quoted (Raven) - resolved.
0001379: [Module - nukeWYSIWYG/FCKEditor] Unable to create files in /uploads folder (KGuske) - resolved.
0001319: [Module - Private Messages] Undefined variable $forum_on (Guardian2003) - resolved.
0001310: [Module - rwsMetAuthors] Notice: Constant _CATEGORY already defined (Raven) - resolved.
0001329: [Module - Statistics] Detailed statistic doesn't show the year (Raven) - resolved.
0001338: [Module - Statistics] Statistics dates don't reflect the correct language translations (Raven) - resolved.
0001287: [Module - Surveys] View Past Surveys not handled correctly (multi-lingual) (Guardian2003) - resolved.
0001383: [Module - Web Links] Add ability to shutoff non-admin access to adding/modifying web links (Montego) - resolved.
0001311: [Module - Web Links] Notice: Constant _CATEGORY already defined (Raven) - resolved.
0001386: [Module - Web Links] Web Links notice: mktime expects parameter 1 to be long, string given (KGuske) - resolved.
0001296: [Module - Your Account (RNYA)] Email to admin not sent when user tries to register (fkelly) - resolved.
0001302: [Module - Your Account (RNYA)] Issue with Go Back - Security Code - New registration (KGuske) - resolved.
0001387: [Module - Your Account (RNYA)] List users does not remembers page from previous type, resulting in blank list (KGuske) - resolved.
0001378: [Module - Your Account (RNYA)] Notice undefined constant user_password in Your Account (Palbin) - resolved.
0001350: [Module - Your Account (RNYA)] Remote Php Code Execution in avatarlist.php (KGuske) - resolved.
0001351: [Module - Your Account (RNYA)] Remote Php Code Execution in Your Account module (KGuske) - resolved.

0001340: [Module - Your Account (RNYA)] RNYA Copyright Image Missing & Link to RavenNuke Team Incorrect (Raven) - resolved.
0001321: [Module - Your Account (RNYA)] RNYA Delete User functionality (Palbin) - resolved.
0001303: [Module - Your Account (RNYA)] RNYA New User creation (RNTEAM) - resolved.
0001343: [Module - Your Account (RNYA)] Several problems with remote avatars and error messages dealing with avatars (Palbin) - resolved.
0001377: [Module - Your Account (RNYA)] Undefined variable in Avatarlist.php (Evaders99) - resolved.
0001309: [Module - Your Account (RNYA)] Update lang german (RNYA) (Raven) - resolved.
0001354: [Module - Your Account (RNYA)] URL Filter does not allow localhost as a valid URL (KGuske) - resolved.
0001376: [Module - Your Account (RNYA)] XSS Vulnerability in Your_Account (Evaders99) - resolved.
0001326: [Module - Your Account] Undefined variables in RNYA (KGuske) - resolved.
0001356: [NukeSentinel] Notices in NukeSentinel - IP2C Add Range (Raven) - resolved.
0001322: [NukeSentinel] NS Test Switch no saving (Guardian2003) - resolved.
0001289: [NukeSentinel] Re-declared constant AB_NOREFERERS (Guardian2003) - resolved.
0001332: [Other] ErrorDocuments when outside of root dir (Raven) - resolved.
0001358: [Security / Vulnerability] Additional Form validation (Guardian2003) - resolved.
0001286: [Theme] Block preview not working on some themes like RavenIce (jestrella) - resolved.
0001290: [Theme] Notice Error - undefined constant (Guardian2003) - resolved.
0001366: [Theme] Traditional Theme - Left Side Blocks Don't Show (RNTEAM) - resolved.
0001308: [Un-Categorized] Robots meta tag tweak (Raven) - resolved.
0001391: [Upgrade Scripts/Process] File compare utility update (Guardian2003) - resolved.
0001375: [Upgrade Scripts/Process] Upgrade questions (fkelly) - resolved.
0001323: [W3C Compliance and Code Clean-Up] Compliance issues with CT_RN and DeepBlue themes as reported in support forums (jestrella) - resolved.

[85 issues]
 
View user's profile Send private message
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> v2.3 RN Announcements

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©