glFusion v1.4.1 has undergone some significant security validation. Including a Web Application Assessment from HP's WebInspect tool. Initial scans did disclose some minor issues that were addressed and resolved.
We have continued our efforts to audit the code base to ensure there are no other issues. This is an on-going effort to provide both a secure and stable environment.
glFusion v1.4.1 has been well tested when running with SSL. Several minor issues were addressed to improve the overall operation and security when running under SSL. Including the ability to properly set the secure cookie setting at time of installation if the install is run under SSL. This gives you an out of the box setup that is correctly configured.
glFusion v1.4.1 has also been well tested under PHP v5.5, the latest version of PHP. Systems running PHP v5.5 should not have any issues running glFusion. There are a few items that glFusion uses that are now depreciated in PHP v5.5. These will be completely removed with the next major release of glFusion. Rest assured, these depreciated items do not hinder your site from running with the latest release of PHP.
There are several bug fixes included in this release, as well as, a few minor functionality improvements. Specifically we have integrated the embedded CKEditor WYSIWYG editor with the Smiley plugin, added the ability to use the WYSIWYG editor when editing blocks, and improved the Filemanager plugin included with CKEditor. We added the ability for each user to have their own private directory for use with the CKEditor filemanager.
Please review the Upgrade Documentation for detailed instructions on upgrading your existing site.
You should also review the What's New Page and the Template Changes Page for details on changes you will need to make when upgrading.
For first time installations, please refer to the Installation Documentation.
glFusion v1.4.1 Updates
Several stability improvements
Several code improvements for running a site under SSL
Improved URL filtering
Fixed issue where sub menus with URLs did not use the defined URL
Added Github oauth authentication
Stories under what's new block now display the time interval
Older Stories block did not display the proper date
Fixed error where Comment header did not always display in what's new block
Notification emails did not send properly for newly uploaded files
CKEditor's filemanager plugin now supports per-user directories for images.
Fixed row styling on admin lists
Ratings did not register when 'clicked'
CKEditor FileManager could not locate images/library/ directory
StaticPages: Last update date was incorrect
Added WYSIWYG editor support for blocks
Fixed error when submitting a new article when auto close comments was enabled.
CKEditor now support direct integration with Smiley plugin
Installation / upgrade enhancements to better support PHP v5.5+
Update OAuth library to latest release