Zikula Core 1.5.8 released!

August 5, 2018


The core development team is proud to announce the availabilty of Zikula Core 1.5.8.

Zikula Core 1.5.8 is available as of today, 05 August, 2018.

  • Security fixes from Symfony:
    • Remove support for legacy and risky HTTP headers (CVE-2018-14773).
    • Possible host header injection when using HttpCache (CVE-2018-14774).
  • Deprecated:
    • bootstrap-plus/bootstrap-jqueryui is deprecated and will be removed in 2.1. Use jQuery UI directly.
  • Fixes:
    • Unset upgrading flag after successful upgrade (#3899).
    • Fixed invalid request access in hook controller.
    • Changed default storage engine in CLI installer to InnoDB (#3909).
    • Avoid linking to user registration page if registration functionality is disabled.
    • Use localised date format in user administration list.
    • Show user account menu on login page (like on registration and forgot xy pages, too).
    • Moved JavaScript code in several templates into footer area to ensure jQuery is available.
    • Added maxlength constraint to username field in registration form.
    • Ensure jQuery UI is loaded before bootstrap (#3912).
    • Suppress warning in PHP 7.2 if session is accessed before it is regenerated (e.g. during a login) (#3898, #3914).
    • Fixed wrong modvar reference in ZAuth validator (#3913).
    • Explicitly specify translation domain in pager templates (#3917).
    • Explicitly specify translation domain in user mail helper for calls from external modules (#3918).
    • Avoid information disclosure if database exceptions occur.
    • Fixed broken user search in Groups administration.