Update: WoltLab Suite 5.2.4

  • We have just released new versions of our products:

    • WoltLab Suite 5.2.4


    Stability releases (also known as "minor releases") aim to solve existing problems in the current version. Like every stability release, they do not introduce new features; It is strongly recommended to apply these updates.

    Users Sending Emails to Users

    The software contains a legacy feature that enables users (and if configured, also guests) to send emails to other users. This feature has little use today, but is more often than not overlooked by administrators, especially those migrating from previous versions. The form uses a dedicated group permissions that was enabled by default in previous versions and was often left unchanged.


    It has come to our attention that attackers take advantage of this feature and actively abused it to send out spam emails to other users. We've taken two steps to mitigate this issue to some extent:

    1. Force revoked the group permissions to use this form. Site owner can grant the permissions again at their own discrection, although we strongly advise against this.
    2. The captcha protection of the mail form was previously enabled for guest access only and is now enforced for users alike. This is the first form to enforce the captcha for logged-in users too.

    For Developers: Changes to the HTML Markup For .contentItemLink

    The new .contentItemList was introduced as a generic implementation for content pieces that rely on teaser images. However, the DOM is somewhat flawed by expecting a link to wrap around the whole content section, which easily collides with certain content elments.

    HTML
    <a href="…" class="contentItemLink">
    <!-- content -->
    </a>

    Should be changed into:

    HTML
    <div class="contentItemLink">
    <!-- content -->
    <a href="…" class="contentItemLinkShadow"></a>
    </div>

    The CSS remains unaffected, causing no visual change if the old DOM is continued to be used, preserving compatibility with existing implementations. The changes to the CSS is fully backwards compatible, however, we strongly encourage developers to adopt these changes as soon as possible.


    https://github.com/WoltLab/WCF/issues/3189

    Performing System Updates

    Open your Administration Control Panel and navigate to Configuration > Packages > List Packages. Please click on the button Search for Updates located in the right corner above the package list.

    Notable Changes

    The list below includes only significant changes, minor fixes or typos are generally left out.

    WoltLab Suite Blog

    • The generated HTML for the article preview was invalid, causing some parts of the preview to not respond to clicks. 5.2
    • Pages excluded from access by search engines were incorrectly listed in the sitemap. 5.2
    • The list of articles by tag did not support multiple result pages. 5.2
    • New template event in the header section of articles. 5.2

    WoltLab Suite Calendar

    • Pages excluded from access by search engines were incorrectly listed in the sitemap. 5.2
    • The list of events by tag did not support multiple result pages. 5.2

    WoltLab Suite Filebase

    • Custom input fields of type boolean could not be enabled due to a collision of the HTML id. 5.2
    • Pages excluded from access by search engines were incorrectly listed in the sitemap. 5.2
    • The list of files by tag did not support multiple result pages. 5.2

    WoltLab Suite Gallery

    • The list of deleted images raised an exception when viewed by guests. 5.2
    • Pages excluded from access by search engines were incorrectly listed in the sitemap. 5.2
    • The list of albums and images by tag did not support multiple result pages. 5.2

    WoltLab Suite Forum

    • Attempting to move a thread raised an exception in PHP 7.4. 5.2
    • Incorrect handling of empty threads in the AMP view. 5.2
    • The list of threads by tag did not support multiple result pages. 5.2

    WoltLab Suite Core: Conversations

    • Resolved an issue when replying to conversations when one or more participants were deleted. 5.2

    WoltLab Suite Core: Importers

    • XenForo 2.x
      • Support for pixel based font sizes and the support for the rgb() format for colors. 5.2
      • Support for additional meta data used with embedded attachments. 5.2
    • WoltLab Suite 3.x, 5.x
      • Incorrect recognition of categories for imported media. 5.2

    WoltLab Suite Core

    • Resolved two compatibility issues with PHP 7.4. 5.2
    • New template events in the message sidebar in the rank section. 5.2
    • The form to add new phrases sometimes failed the validation of the selected category. 5.2
    • Incorrect prompt for i18n articles when attempting to create an article on the category list. 5.2
    • Collision of the mobile UI for messages on screen widths between 768 and 1024 px. 5.2
    • Improved main menu on oversized tablets that exceed 1024 px screen width. 5.2
    • Improved the display of code boxes in the AMP view. 5.2
    • The generated HTML for the article preview was invalid, causing some parts of the preview to not respond to clicks. 5.2

    Alexander Ebert
    Senior Developer WoltLab® GmbH