The XOOPS developers released 2 more upgrades to the 2.4.x series, moving quickly to a final release on both 2.4.3 and 2.4.4. They continue to patch bugs reported in the the 2.4.x series and some of the fixes include security updates. If are running an earlier version of 2.4, it is recommended you update to 2.4.4
A brief recent history of 2.4 -
- 2.4.0 was released on 26 October 2009
- 2.4.1 was released on 11 November 2009
- 2.4.2 was released on 30 November 2009
- 2.4.3 was released on 31 December 2009
- 2.4.4 was released on 22 January 2010
Here are the highlights of changes in 2.4.3 and 2.4.4 -
User Improvements
- Images stored in the database instead of the file system now load when using php 5.3
- User can now select system avatars
Administrator Improvements
- Cross-Site Scripting vulnerability in PM module
- SQL Injection vulnerability in kernel/notification.php
- Users can see other users profile in edit profile
- Profile module Field weight: > 9 incorrect display
Developer Improvements
- Lots of code refactoring
- Separate debug notices for deprecated functions and methods
- Changes to how preloads are loaded for modules
- New caching functions
There are detailed instructions to follow if you are using earlier versions of the xoopseditors - be sure to read and follow them. Please remember: If you're installing it over previous installation, make a BACKUP of your files and database first! Also note that some hacks done for previous XOOPS versions might not work with this release: testing before installing is always a good practice.