The core development team is proud to announce the availabilty of Zikula Core 1.5.8.

Zikula Core 1.5.8 is available as of today, 05 August, 2018.

• Security fixes from Symfony:
  • Remove support for legacy and risky HTTP headers (CVE-2018-14773).
  • Possible host header injection when using HttpCache (CVE-2018-14774).
• Deprecated:
  • bootstrap-plus/bootstrap-jqueryui is deprecated and will be removed in 2.1. Use jQuery UI directly.
• Fixes:
  • Unset upgrading flag after successful upgrade (#3899).
  • Fixed invalid request access in hook controller.
  • Changed default storage engine in CLI installer to InnoDB (#3909).
  • Avoid linking to user registration page if registration functionality is disabled.
  • Use localised date format in user administration list.
  • Show user account menu on login page (like on registration and forgot xy pages, too).
  • Moved JavaScript code in several templates into footer area to ensure jQuery is available.
  • Added maxlength constraint to username field in registration form.
  • Ensure jQuery UI is loaded before bootstrap (#3912).
  • Suppress warning in PHP 7.2 if session is accessed before it is regenerated (e.g. during a login) (#3898, #3914).
  • Fixed wrong modvar reference in ZAuth validator (#3913).
  • Explicitly specify translation domain in pager templates (#3917).
  • Explicitly specify translation domain in user mail helper for calls from external modules (#3918).
  • Avoid information disclosure if database exceptions occur.
  • Fixed broken user search in Groups administration.