We are releasing today a security patch for v6. Vulnerabilities were reported by Lane Thames and are registered under CVE-2015-3431 and CVE-2015-3432. Upgrade is of course highly recommanded.
If you have not yet updated to v6, please take the complete product tour here.
- Date: May, 6th 2015
- License: Affero GPL v3
- Download: Sourceforge Project
- Source Code: Github Project
- Copyright: Abstrium SAS / Charles du Jeu 2015
- Contributors: Cdujeu, DepaMarco, C12simple, Lane Thames
- Upgrading from 6.0.6:
- In-app upgrade for Zip archives installations
- RPM/DEB update: using apt-get or YUM commands.
A number of other small bugs are fixed as well, listed below.
- Add new parameter in ShareCenter to force password on public links. (details)
- Massive refactoring of ElasticSearch plugin. Keyword search and indexed fields is working. (details)
- Fix text logger: was broken due to the clone call on object: refresh the fileHandle resource on clone. (details)
- Limit API connection “Login” logs to one per hour, otherwise it fills the log table, and makes the analytics quite slow. (details)
- SMB Auth: include domain name to user name (details)
- Get list of repository automatically (details)
- AuthService test userExist and create new (details)
- InfoPanel: catch modifier evaluation error – CSS: hack transparent backgrounds for IE8 using \9 symbol. (details)
- Correct smb path string (details)
- ShareCenter : fix link pointing to a non-existing repository (details)
- ShareCenter.js: forgotten console calls (details)
- ShareCenter: Catch exceptions when forwarding changes, otherwise it stops the loop. (details)
- AjxpUtils::convertBytes : handle comma – Ajxp_VarsFilter::filter : pass an object or an id as resolve user (details)
- Major update of ElasticSearch implementation / Refactor some method to common parent with Lucene. (details)
- Check userExist to create new user for new sharing (details)
- Add a new dependency type phpExtension to avoid loading plugin that have a strong dependency to one or more php extensions. (details)
- Remove (beta) from sync clients buttons (details)
- ShareCenter: Fix “Preview” checkbox being automagically rechecked. Check template is not ajxp_unique_dl. (details)
- Start refactoring major JS resources. Split into subfolders. (details)
- Display admin Search Results with USER_DISPLAY_NAME (details)
- webdav error on smb workspace (details)
- Shared user watch is not correctly removed when user is removed from “Share with…” list. (details)
- Fix group listing for shared users when inside a group (cherry picked from commit a9fdc8c) (details)
- Ability to use multiple secure_token in one session, to avoid force reload on new tab. Notify existing windows with <require_registry_reload>. (details)
- IE8 Fixes – Fix #899 : remove tooltip when refreshing templates. (details)
- Make Etherpad more simple: support only .pad extensions, disable hideExtension() hook. (details)
- Refix c0205642045e943c086eb054f3947d5311d9997e : case is different if group listing is allowed on all groups or sub groups only. (details)
- Pass AJXP_VALUE_CLEAR as metadata value to force clearing key after array_merge() (details)
- Fix un-removed notification by checking ACL when listing the watches and updating metadata accordingly. (details)
- Fix Zip options tweaking, by properly separating zipBrowsingEnabled vs. zipCreationEnabled. (details)
- Use Dibi syntax for cross-db limit (details)
- Fix Jumploader not correctly sending node.change event (thus missing indexation) (details)
- Fix PLUploader : new way to get secure_token (details)