- Details
- Category: News
- Hits: 5365
First of all, Community Builder and our CB Add-ons are not vulnerable to following third-party libraries vulnerabilities, in default or in any reasonable configuration. Additionally, third-party CB add-ons using correctly the CB API should also not be vulnerable through these third-party libraries vulnerabilities.
The CB team is following security news and Beat is part of the Joomla Security Strike Team (JSST). Thus we are usually aware very early of new vulnerabilities potentially affecting Community Builder or our add-ons. For all vulnerabilities of third-party libraries below, we have usually been aware within hours of the issues, and could each time assess with highest priority that those vulnerabilities could not be exploited through Community Builder or any of our Add-ons.
The CB Team implements using defensive programming techniques. This means that we often have multiple levels of protections and user-inputed data filterings, handling default cases, and always escaping at the right place, so that security reviews are easy. Also, no code change is made in core CB without peer-review inside the team. As a matter of fact, with CB 2.1.1, we are celebrating the 1234th merge-requests since CB 2.0! Each of those merge requests has been peer-reviewed and security-audited before being added to CB.
Community Builder 2.1.1 includes the newest PHPMailer 5.2.22 third party emailing library and a security-improved version of Guzzle HTTP/HTTPS requests third-party library.
As both libraries have experienced security vulnerabilities and fixes lately, CB team is issuing the following security statement on those issues and their non-exploitability in Community Builder.
- Details
- Category: News
- Hits: 4311
CB GroupJive 3.1 is now available for all paid members
CB GroupJive 3.1 is here with 11 new features, 16 bug fixes and looking cleaner than ever with SEO friendly URLs!
This new release has many styling improvements and more internal system URL hooks that take advantage of the new Community Builder 2.1 router technology to produce cleaner, friendlier URLs.
You can now create URLs like:
- /{menu-alias}/001-{category-name}/001-{group-name}
example: universities/001-new-jersey/001-rutgers - /{menu-alias}/001-{group-name} (if no category exists)
example: universities/001-rutgers
You can see the full changelog in the discussion thread and also see it in action on our updated demo site.
- Details
- Category: News
- Hits: 6813
Community Builder can be freely downloaded by all registered members
We are proud to release Community Builder 2.1 with 82 new features and 44 bug fixes!
We have been pushing, and blogging about, these new features and bug fixes out to our 565920 strong and growing community in the form of nightly builds over the past months.
This way our new development is continuously tested by thousands of users and we can all be confident that CB 2.1 is a rock solid system ready for prime time.
With so many new features, this article could not possibly begin to give this release the coverage it deserves. You can read the full changelog in the discussion thread and we will blogging more about CB 2.1, but in the meantime we have compiled a Magnificent Seven list of some really great features in CB 2.1:
- New Canvas layout gives user profiles and lists a cleaner more stylish look that is easier to adjust with CSS overrides.
Kyle has already given us a great preview on this new look and how to make it work for you. - Image browser side resizing and cropping make all your image fields look the best they can and fit nicely in your site layouts.
Another awesome preview on this feature also in Kyle's blog. - Improved and friendlier URLs for better SEO rankings - no more ugly and cryptic link names.
More about this new feature that needs Joomla 3.6 in Kyle's SEO Everything blog. - Language Override user interface with built-in string finder makes localization a breeze.
Learn more about Language Overrides and Language Key Finder - Substitution ELSE and ELSEIF feature gives you even more power to personalize your field outputs.
Here are some great use cases on this new functionality. - CSS Override user interface makes styling changes easy and simple.
Similar to language override concept that applies to templates. - Select options field improvements lets you group options and make things cleaner for your users.
Some great examples about this new functionality.
Of course Community Builder 2.1 if fully compatible with Joomla 3.6.5 and can be easily installed over any CB 2.0+ environment for a quick upgrade.
All Joomlapolis CB 2.0 compatible add-ons are also CB 2.1 compatible and you can see them in action on our updated demo site.
These are just 7 of the 82 new features that you can take advantage of on your existing or new community website.
See all 82 new features in our discussion thread and make your own Magnificient Seven list!
- Details
- Category: News
- Hits: 4435
Joomla 3.6.5 has been released to address three security vulnerabilities, some security hardenings and three bug fixes.
It is highly recommended that all Joomla sites upgrade to Joomla 3.6.5 especially if you have not previously upgraded to Joomla 3.6.4.
- Once again, sites with Community Builder 2.0+ are protected from the high level vulnerabilities fixed in Joomla 3.6.4 and 3.6.5.
- For sites below Joomla 3.6.4 and that don't have CB 2.0+ and can't be upgraded immediately, you should immediately turn Joomla user registration off, if it is on (CB user registration is not affected).
Community Builder 2.0.15 works great with this Joomla release.
Read the Joomla release announcement.
- Details
- Category: News
- Hits: 5274
Joomla has just published a Revised Assessment of 3.6.4 Security Release just a couple of days after the urgent Joomla 3.6.4 Critical Security Release that addresses 2 critical security vulnerabilities.
Basically the Joomla Security Strike Team has confirmed the original implications where malicious hackers could exploit the vulnerabilities to create their own administrator account but the team also confirmed that "under certain circumstances" the attackers could alter existing user accounts ( -- yes, even admin accounts).
The CB Team has also taken a closer look at Community Builder 2.0 installations on Joomla 3 environments and discovered that such sites are actually protected against these nasty Joomla vulnerabilities. By default, all CB 2.0+ installations automatically enable the CB system plugin that redirects Joomla registration and login requests to the equivalent CB requests that are not affected by these Joomla vulnerabilities.
So, simply put: all CB 2.0 / Joomla 3.x sites are protected from these Joomla vulnerabilities.
Please note that our recommendation is still to upgrade all Joomla sites to Joomla 3.6.4 as soon as possible, and additionally rename the Joomla htaccess.txt file (and configure it to your base folder if needed) for added protection.
- Joomla 3.6.4 Critical Security Release - Update Now!
- CB Gallery 2.0 released and full of power
- CB 2.0.15 released!
- Joomla 3.6.2 Released
- New downloads manager: CB Package Builder 5.1 with frontend management
- Joomla 3.6 Released
- Our Demo Site is up and running
- New Joomlapolis Rocks!
- CBSubs GPL 4.1 with Timed content, Taxes inclusive price display, and plan substitutions usable anywhere
- A website story - part 3