From Habari Project
Welcome to Habari Version 0.8!
This latest release of Habari contains security fixes, major improvements, and feature changes. You should read the Upgrading page before you upgrade.
- Don't let admin pages be loaded in an iframe d8a544eb85
- Protect Habari Silo uploads from CSRF 04cd07adfc, 85940b8d8f
- Filter the page string of requested admin pages to remove a non-persistent XSS hole a0f34009aa
- Prevent direct loading of config files 5eb87a12ca
Thanks again to Mauro Gentile for working with us on these security issues, his contributions are greatly appreciated, as is his patience in waiting for this release before revealing these bugs!
A complete list of all the bugs fixed is near impossible. Here are a selected few, and the rest can be found in the commit logs.
- Remove a call to a PHP 5.3+ method on the admin logs page when filtering by date. r5125 fixes #1447.
- Many strings that had translation values available but were not using them now will show localized text.
- Fix errors displayed when using Charcoal. 9a18afb6 fixes #221.
- Use signed values for moving taxonomy terms. 35735ae fixes #229.
- Wrong date in entry dash module. 7041fc62 fixes #208.
- Prevent direct access to files. 64089ee3.
- Add initial support for child themes, wherein a child theme can use all of the templates of its parent, overriding only templates and styles that it intends to augment.
- Improve the consistency of rewrite rule names, which may break plugins using those rules. The rule update_entries has been renamed update_posts.
- Change the default behavior of theme functions from echo to return.
- Add support for gzip and deflate compression to both SocketRequestProcessor and CurlRequestProcessor, so that any external HTTP requests will be seamlessly compressed to save bandwidth, 5e20c9f3b7 and 3687139d57
- The k2 theme has been removed. It can now be found in habari-extras.
Please read about upgrading to version 0.8. All users will be affected by the change in theme functions and many will want to remove a potential path disclosure issue. Now that it has been removed from the Habari installation, users of the k2 theme will need to manually include it.
Many bug fixes and improvements have been made since the last release, but as with any piece of software issues and enhancement requests remain. For full details see Habari's change management system.
These release notes were compiled by the Habari Community.
On behalf of the community, we give our warmest thanks to the developers and contributors who made this Habari release possible.