Upgrade issues

finid

@julian

just npm up nodebb-theme-*, nothing else, right?

julian

Actually, that probably wouldn't work. You can just pull the latest version from master of v0.4.x branch, and run npm install

finid

@julian

You mean *git-pull the theme itself or NodeBB?

julian

NodeBB itself -- package.json got updated

finid

@julian

Help me further, so I know I'm doing the right thing. After git-pull, npm install or ./nodebb upgrade?

julian

Both will work, though just so people don't get the wrong idea, ./nodebb upgrade is the official recommendation.

finid

@julian

All done. However, Emailer local bug has not been resolved.

Btw, let's chat. I've got something private for you.

frissdiegurke

@planner said:

@julian

While we on this, I think there's a major security bug on NodeBB that gives me admin rights on our posts. I can edit, delete, move them. See screenshot

That's weird. After navigating away from this page and coming back, I lost the privilege of editing your post.

Edit/Delete/Move post shown if loaded via ajax · Issue #1322 · NodeBB/NodeBB

It seems if any post gets posted by user B while user A reads the topic, the Edit, Delete and Move buttons are shown like user A would have the privileges of user B (tested Edit that doesn't work ^^ so no real security problem) noticed b...

GitHub (github.com)

julian

@frissdiegurke Thanks for the repro steps, now I know where to search

manuel

i have same errors and more X_x