The XOOPS 2.5.11 version is progressing nicely, the start of work on this version of XOOPS began on April 4, 2019. It is therefore exactly 3 years today that the development of this version began.

We have decided to celebrate these three years by offering a regular follow-up of the modifications of the XOOPS 2.5.11 version. To date more than 900 commits have been made on github, this figure is huge and it is relatively difficult to know what these changes entail. We will provide a weekly statistical analysis of the commits made and the impact on XOOPS for the main ones.

At the end of this series we will provide a file that will track all commits.

We start this series (N°1) with the analysis which goes from April 4, 2019 to November 11, 2019 (8 months)

Some figures

• 49 commits
• 27 PR
• 7 contributors
• Greatest Contributor geekwright and GregMage

The type of commit

The authors

The most important commits

• XoopsObject::setFormVars() is now deprecated

  This method should no longer be used
  Obsolete
  PR #675

• System_CleanVars is deprecated since XOOPS 2.5.11

  It is now advised to use Request::getXxxxx()
  Obsolete
  PR #698

• Security flaw in the forms of the system module

  The scope of this security flaw is relatively low because you must have administrator rights to launch the attack (it is unlikely that an administrator will attack their system)
  Safety
  PR #698

• Vulnerability on external links

  Added noopener rel attribute to external links in TextSanitizer
  Safety
  PR #684

• Installation problem on ANSI databases

  Installation of xoops was impossible with MySQL 5.7 in ANSI mode
  Bug
  PR #681

• Removed zetadigme admin theme

  This theme was no longer followed
  Optimization
  PR #701