Members Status
Search Forums
Forum Recent Posts
UserCandy Framework 1.0.4 - Security Improvements
Views 106
Sweets 1
Images 0

5 months ago Topic

DaVaR
Offline
Administrator
Total Posts: 9
Joined: September 12, 2019
Posted: December 24, 2019 @ 10:21 AM
UserCandy Frameworks 1.0.3 and prior will not longer be able to download from the Dispensary at this time.
I am working on a security update that requires the framework to provide a unique file id in order to get which file to download. This and many other security features will ensure that the correct UserCandy Dispensary files are downloaded before installing. Also prevents hackers from being able to directly call files from the server. The goal with UserCandy Framework 1.0.4 is to increase security across the board where possible. We want to provide the most secure experience for all users as possible. I do plan to use many of the same techniques for a future Downloads Plug-In. The new update is expected to release by the first of the new year.



Reply By: DaVaR
4 months ago #1

DaVaR
Offline
Administrator
Total Posts: 9
Joined: September 12, 2019
Posted: January 05, 2020 @ 09:18 PM
I took the security a few steps further for this release. The dispensary no longer uses the URL to see what the user is trying to download and update. It also checks the file hash on the server and compares to the file downloaded to make sure they match. I will continue to look for ways to improve security across the framework. Release is coming soon!


Reply By: DaVaR
4 months ago #2

DaVaR
Offline
Administrator
Total Posts: 9
Joined: September 12, 2019
Posted: January 16, 2020 @ 08:10 PM
UserCandy Framework 1.0.4 has released! https://www.usercandy.com/Downloads Here is a list of the changes that have been made to 1.0.4 Added major security updates to the Dispenser Added assets folder ability to Dispenser Items Fixed error with deleting files on windows servers. Set Home, About, and Contact pages to copy to custom pages folder if not exist. Reworked how Framework updates are handled. Changed when the custom/pages folder is created to fix error after install Added Templates to the Dispensary, and setup the ability to use them within each page permission. Updated Dispenser styles to look cleaner. Removed Mass Email Updated the AdminPanel styles. Updated the AdminPanel Sidebar. Grouped Framework Settings and User Management. Fixed home page issue when not set for logged in home page. Updated routes file to exclude files that are no longer used. Reworked how Success and Error Messages are displayed. Move to Modals. Fixed issue in Account-Settings with SuccessMessages class. Updated security in the Csrf class. Updated styles in the Login and Register pages to look cleaner. Fixed error with sitemap Added Framework Upgrade Logs Fixed issue that did not allow wigets to load properly on custom pages Added Log File reader to AdminPanel Added New User Device Management system with email notifications Added Missing Language data for Auth Emails Added Email template settings


Forum Permissions
You cannot post in this forum.
You cannot moderate this forum.
You cannot administrate this forum.