This thread discusses article CB 1.7.1 Security Release .

First of all there are 2 heros that I would like to thank a lot for their work and contribution to this release and its updated documentation: Our krileon (Kyle) and nant (Nick):
Kyle has prepared most fixes for known bugs of CB 1.7 and Nick the documentation, while I have been working on next CB 2.0 and on next CBSubs 1.3.0 and Kyle on next GroupJive 2.5.

We also had the CB Testteam giving some good feedbacks, while the whole CB Team has also been testing and fixing last CB bugs and thus we hope that what should normally be the last CB 1.x release before the 2.0 one will be a rock-solid smooth release.

Our thanks also go to the two persons having contributed finding and privately cooperated reporting the two security issues.

Changelog:

Fixed Bugs (39):

2700 ajax checking displaying "error"
2703 TLSv3 emails failing if fsocks doesn't support tls auto-switching
2704 Connections plugin language string grammatical error
2708 J1.7 : Modules missing j1.6/j1.7 client attribute in XML
2711 Forced memory limit changes causing problems on some hosts
2713 Multi-valued CB substitutions failing to display and IF statements on multi-valued fields do not work
2714 Forgot login button changes to "Send Username" with Email login mode
2719 J1.7 : Login module text parameters don't accept HTML
2720 J1.7: Backend: Misconfigured super-users which are in other groups as well (e.g. Registered) don't see groups above registered in user edit
2725 gids are not loaded into user objects on frontend userslists display
2726 Backend: xml-driven lists: unused filters output empty table cells taking unneded space
2729 Userdata substitutions no longer accept parameters reason and default
2730 Image fields ignore $reason on all outputs except html
2744 Chrome browser: Javascript error in on user profiles: "Uncaught SyntaxError: Unexpected token { from overlib_all_mini.js line 340"
2752 J1.7: usergroup mapping from user object and not from api
2754 "Allow Access To:" of "All Registered Users" not functional
2763 Curveycorners conflicting with templates in IE
2766 Image fields on registration upload with missing userid and before registration is successful
2772 PHP Mailer failing to function
2778 J1.6/1.7: Backend: CB Tools: Sampe data: user-list is not level public by default
2779 J1.6/1.7: Backend: CB Config: Image approver GID is level super admin by default instead of admin
2783 Ajax checks showing "error" on save actions
2800 J1.7: Field order fails to save
2801 Member emails improvements
2841 J1.7: Pathways not constructing properly
2860 2 line field display not functional with DIV layout
2864 Backend: with new Confirmation Resend CB 1.7 feature confirmed then unconfirmed users don't get correct link to confirm
2868 J1.7: PHP Mailer failing to send emails
2893 Date fields required flag not removed during registration when value is changed
2907 uddeim messages being sent with incorrect time
2920 ImageMagic: presence not correctly checked when open_base_dir restriction is in effect but exec() is allowed
2926 Author tab does not show articles to Everybody
2930 Backend XML of author and connection tabs : 2 minor language string corrections
2939 Missing string "Resend Confirmations" in translation files and untranslated in warning to select
2947 CB Email checking: New PHPMailer class needs exception handling
2948 Backend Mass-mailer: in case of email configuration issues the JSON is incorrect and sent emails message wrong
2949 Reply-To email still had "registration@whatever" instead of empty in default configuration
2950 CB Mass email loses users when using advanced is any of filtering on select field
2951 CB Userlists : when additional joins are needed, we are hitting a MySQL bug Unknown column 'u.id' in 'on clause'

Feature (3)

2775 Backend: Modify help message for Registration tab email addresses
2886 Add _macos folder to ignore folders list for CB plugins installation
2904 Speed-up and clean-up filtering

Only known minor Joomla bug (1)

2276 Known Joomla bug #23697 (unfixed yet): menu display and params in backend need fix in joomla


Details: see our Community Builder forge: forge.joomlapolis.com/projects/cb/issues?query_id=37

jojo12 wrote: Installation of 1.7.1 ok. Thanks!

The only thing in configuration manager it's written:

"1.7 New Community Builder 1.7 is a recommended upgrade now available for download on Joomlapolis.com fixing all known issues, including a backend security issue fixed in CB 1.7."
After updating there's no need!

Thanks for reporting back. Releasing a CB version is a whole process with many manual steps that cannot be done simultaneously. But we will change our process to update the latest version info server before we release next time

It's now fixed, and displays correctly.

tho wrote: Im in using cb 1.4. Do i need to upgrade?

Yes, you should.