Welcome to the Question2Answer Q&A. There's also a demo if you just want to try it out.
Ask a Question

Q2A 1.7.5 - security release

+15 votes
2.1k views
in Q2A Core by
edited by

A security issue has been discovered in Q2A (affecting all versions) so we're releasing a new version, 1.7.5. Big thanks to 'l3m0n' who reported the issue. I've informed Gideon, who should prepare a download and update the website soon. UPDATE: v1.7.5 now available here.

In the meantime, the quickest and simplest fix is to replace the file qa-include/qa-install.php in your site with this one from the Q2A Github repository. I recommend all site owners do this asap. (Alternatively you could delete the file as it's not required after you've installed Q2A.)

The fix has also been pushed to the master and dev branches on Github so you can download the latest code from there if you like. This also includes some other minor bug fixes that were in the dev branch and due to be part of 1.8, but they will be in 1.7.5 instead:

  • Use site language for reCAPTCHA.
  • Add site language to HTML tag.
  • Change from / reply-to for feedback form.
  • Fix missing icon on private messages in SnowFlat theme.
  • Fix users being unable to see all their own profile fields.
  • Minor validation fixes.

Show 4 previous comments
by
edited by
by
After update my site url link not use cyrillic symbol.
Example: Q2A 1.7.5 - security release
http://www.example.com/58970/q2a-1-7-5-security-release
Example: Как это работает?
http://www.example.com/58970/ not show Humanly understandable URL. Not use "Как это работает?" symbol.
by
@yerbol89kz, it will be good if you provide site url. Difficult to know what is happening just from your statements.

You can remove site url from post once issue is resolved.
by
@yerbol89kz I think that's due to the option "remove accents from URLs". Sounds like from your other problem that you're using v1.8 not 1.7.5. In v1.8 that option removes all non-ASCII characters i.e. everything except a-z or 0-9.

2 Answers

0 votes
by
I wished we had a newsletter or another notification system for security flaws. Most CMS for instance have something like this in their admin panel. Q2A checks for new versions also on /admin/stats
0 votes
by

After update my site category list not show. Why?

Show 2 previous comments
by
https://surak.baribar.kz/
I checked. There everything is in order.
Classification of questions:  Tags and categories
by
I tried a fresh install of 1.7.5 and categories work fine for me. It must be something with your theme. Have you changed any of the theme functions like sidepanel() or nav() etc?
by
I previously installed the current version of q2a version 1.8. Work good. And i download in github https://github.com/q2a/question2answer/tree/1.8 this version.
by
If you're using Q2A 1.8 then the categories are now a widget. It should have added the widget automatically when upgrading to 1.8 but if not you can add it manually on the Layout admin page.
Snow Theme by Q2A Market
Powered by Question2Answer
...