-
VaultWiki News
by Published on November 12, 2022 12:10 PM
VaultWiki 4.1.6 is now available for licensed customers. This version is a maintenance release with roughly 100 bug fixes.
For a list of changes in this release, please see Changelog for 4.1.6. If you are a style or language pack maintainer, please check here for changes which may affect you.
Some Improvements
Aside from 100 bug fixes, VaultWiki 4.1.6 adds support for new collations in recent versions of MySQL that can allow for a wider variety of wiki titles and can improve title conflict resolution.
This version makes some tweaks to how edits are weighted when calculating page rating averages, including using a faster algorithm, and reducing the effect of minor edits on averages.
This release also increases the default lifetime for automatically created synonyms, which are typically created when a page is renamed. We have also added a setting to allow admins to set the lifetime to a value that works best for their site.
Release Notes
VaultWiki 4.1.6 improves product stability. We encourage anyone using VaultWiki to update to this release for the best experience.by Published on November 9, 2022 12:21 PM
As of November 9, security patches for November 2022 are now available.
Issue List
VWE-2022-6473 is a Permissions Escalation issue, where a forum moderator can bypass the disallowed titles list when converting a thread to a wiki page. The issue affects VaultWiki 4.0.16 and higher.
VWE-2022-6474 is a Permissions Escalation issue, where a forum moderator can bypass the prefix limitations of the target area when converting a thread to a wiki page. The issue affects VaultWiki 4.0.16 and higher.
VWE-2022-6477 is a Subscription Management issue, where a user's attempts to disable all email notifications simultaneously in the default wiki subscription folder fails with a permissions error. The issue affects all versions of the VaultWiki 4.1.x series.
VWE-2022-6478 is a Subscription Management issue, where a user's attempts to disable email notifications for all wiki subscription folders simultaneously fails with a permissions error. The issue affects all versions of the VaultWiki 4.1.x series.
VWE-2022-6479 is a Subscription Management issue, where a user's attempts to unwatch all subscriptions simultaneously in the default wiki subscription folder fails with a permissions error. The issue affects all versions of the VaultWiki 4.1.x series.
Patches
The following patches address the aforementioned issues:
- 4.1.5 Patch Level 4
- 4.1.4 Patch Level 5
- 4.1.3 Patch Level 8
Notes
We strongly recommend that all users running VaultWiki in a production environment update to a patched release.by Published on October 6, 2022 4:37 PM
As of October 6, security patches for October 2022 are now available.
Issue List
VWE-2022-6463 is a Data Loss issue, where a user can unwittingly delete a page when they only want to remove the page's node behavior, such as a book or category. The issue affects VaultWiki 4.1.3 and higher, on XenForo 2.x-based platforms only.
VWE-2022-6466 is a Permissions Escalation issue, where users can submit ratings to wiki content that moderators are unable to remove. The issue affects VaultWiki 4.1.0 RC 2 and higher.
VWE-2022-6469 is a Permissions Escalation issue, where when the WIDGET BB-Code's Maximum Items in Widget Output is less than the default number for a variant, some variants may render the default number anyway when the count parameter is unspecified. The issue affects all versions of the VaultWiki 4.x series.
VWE-2022-6470 is a Permissions Escalation issue, where when the WIDGET BB-Code's Maximum Items in Widget Output is less than 25, some variants may render more than permitted. The issue affects VaultWiki 4.0.11 and higher.
Patches
The following patches address the aforementioned issues:
- 4.1.5 Patch Level 3
- 4.1.4 Patch Level 4
- 4.1.3 Patch Level 7
Notes
We strongly recommend that all users running VaultWiki in a production environment update to a patched release.by Published on September 9, 2022 4:27 PM
As of September 9, security patches for September 2022 are now available.
Issue List
VWE-2022-6458 is a Permissions Escalation issue, where a user can change tags for a wiki page even though they don't have permissions to tag that page, as long as they know the URL for the page's tag editor and have permissions to change the page's categories. The issue affects VaultWiki 4.1.3 and higher. Prior to 4.1.3, there was no separate permission for changing tags.
Patches
The following patches address the aforementioned issue:
- 4.1.5 Patch Level 2
- 4.1.4 Patch Level 3
- 4.1.3 Patch Level 6
Notes
We highly recommend that all users running VaultWiki in a production environment update to a patched release as soon as they are able.by Published on July 7, 2022 12:11 PM
As of July 7, security patches for July 2022 are now available.
Issue List
VWE-2022-6453 is a Permissions Escalation issue, where a user is able to manage the wiki integrations on another user's profile. The issue affects VaultWiki 4.0.0 Beta 7 and higher, on XenForo 1.x platforms only.
Patches
The following patches address the aforementioned issue:
- 4.1.5 Patch Level 1
- 4.1.4 Patch Level 2
- 4.1.3 Patch Level 5
Notes
We highly recommend that all users running VaultWiki on XenForo 1.x in a production environment update to a patched release as soon as they are able.by Published on June 7, 2022 2:14 PM
VaultWiki 4.1.5 is now available for licensed customers. This version is a maintenance release with roughly 30 bug fixes.
For a list of changes in this release, please see Changelog for 4.1.5. If you are a style or language pack maintainer, please check here for changes which may affect you.
PHP 8.1.x Support
Beginning with VaultWiki 4.1.5, we will now support installations running PHP 8.1.x. After close to 6 months of low-traffic testing, we believe that we have addressed a majority of the compatibility issues with the newest branch of PHP.
While we believe VaultWiki will now run on these versions of PHP, we expect that there are still issues that may be revealed in higher-use environments, so please take that into consideration when upgrading PHP. Also remember that in addition to VaultWiki, you must be using a compatible release of forum software, such as XenForo 2.2.9 or higher.
Release Notes
VaultWiki 4.1.5 improves product stability. We encourage anyone using VaultWiki to update to this release for the best experience.by Published on May 3, 2022 2:27 PM
As of May 3, security patches for May 2022 are now available.
Issue List
VWE-2022-6416 is an Information Disclosure issue, where some variants of the VAR BB-Code allow any wiki editor to view and publicize the current VaultWiki version number. The issue affects VaultWiki 4.0.19 and higher. Prior to 4.0.19, Information Disclosures were not treated as security issues.
VWE-2022-6420 is an HTML Injection issue, where by leveraging a flaw in the cropping of overly-long WIKI BB-Code usages, a malicious user can modify the expected contents of HTML blocks outside the intended user-generated content locations. The issue affects VaultWiki 4.0.9 and higher, as well as earlier patches for VWE-2016-2072.
VWE-202206426 is a Denial of Service issue, where on some hosts and server configurations, VaultWiki's deferred tasks trigger a false-positive in denial-of-service protective measures, which causes some visitors to inappropriately receive temporary bans or for the hosting account to be temporarily suspended, because the web-based deferred tasks may be processed in rapid succession. The issue affects all versions of the VaultWiki 4.x series, although the issue is more pronounced on XenForo-based platforms.
Patches
The following patches address the aforementioned issues:
- 4.1.4 Patch Level 2
- 4.1.3 Patch Level 4
- 4.1.2 Patch Level 6
Notes
We highly recommend that all users running VaultWiki in a production environment update to a patched release as soon as they are able.
This site uses cookies to help personalize content, to tailor your experience, and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.
By continuing to use this site, you are consenting to our use of cookies.