XOOPS 2.5.11 Change Tracking (P.1)
The XOOPS 2.5.11 version is progressing nicely, the start of work on this version of XOOPS began on April 4, 2019. It is therefore exactly 3 years today that the development of this version began.
We have decided to celebrate these three years by offering a regular follow-up of the modifications of the XOOPS 2.5.11 version. To date more than 900 commits have been made on github, this figure is huge and it is relatively difficult to know what these changes entail. We will provide a weekly statistical analysis of the commits made and the impact on XOOPS for the main ones.
At the end of this series we will provide a file that will track all commits.
We start this series (N°1) with the analysis which goes from April 4, 2019 to November 11, 2019 (8 months)
Some figures
- 49 commits
- 27 PR
- 7 contributors
- Greatest Contributor geekwright and GregMage
The type of commit
The authors
The most important commits
-
XoopsObject::setFormVars() is now deprecated
This method should no longer be used -
System_CleanVars is deprecated since XOOPS 2.5.11
It is now advised to use Request::getXxxxx() -
Security flaw in the forms of the system module
The scope of this security flaw is relatively low because you must have administrator rights to launch the attack (it is unlikely that an administrator will attack their system) -
Vulnerability on external links
Added noopener rel attribute to external links in TextSanitizer -
Installation problem on ANSI databases
Installation of xoops was impossible with MySQL 5.7 in ANSI mode -
Removed zetadigme admin theme
This theme was no longer followed
Belle initiative !