About This File
Released Yesterday at 15.12.2019
Version 4.4.9 .1 Security Update
- Block binary/octal/hex/decimal based hostnames from being submitted in forms that could trigger an SSRF.
- Gfycat OEmbed endpoint could create XSS. Also informed Gfycat of issue. - Thanks to René Kroka - https://renekroka.cz for reporting this issue.
- Addition attachment permission checks when downloading attachments.
Version 4.4.9 is a maintenance update to fix critical issues reported since 4.4.8.
- Fixed an issue where duplicate quote/mention/embed notifications could be sent when editing content.
- Fixed an issue where you could submit the form to update your profile information with no date set for your birthday, resulting in your form submission being ignored.
- Fixed an unclear page title when searching for members.
- Fixed a potential issue sending digests when cron is used to run tasks.
- Fixed a situation where duplicate display names were allowed when checking out as a guest and the user was not prompted for their display name.
- Fixed Stripe webhooks potentially reporting an error.
- Fixed an issue with generating renewal invoices via the task system.
- Fixed a styling issue for widgets not set to show on all devices in some cases on pages.
- Fixed an issue where the sitemap could be stopped being rebuilt.
What's New in Version 1.0.0 See changelog
No changelog available for this version.