Gotchas for 0.3.0

NodeBB Development

Suggested Topics

  • 3 Votes
    1 Posts

    Hello all,

    We are notifying you today about a security vulnerability that was present in older versions of NodeBB. We were notified of these vulnerabilities on 25 May 2022, and have patched and released fixed versions of NodeBB, v2.0.1 and v1.19.8, three days later, on 28 May.

    The specifics of this vulnerability are available upon request, but they are considered critical and affect the security of any site running an affected version of NodeBB. Admins are urged to upgrade to these patched versions as soon as possible.

    Alternatively, the following changesets can be cherry-picked into your installation of NodeBB in lieu of a full upgrade:

    v2.x v1.19.x

    As always, the NodeBB team is available at your disposal to answer any questions or provide assistance in implementing these changesets.

    For more information on the security vulnerability, please visit the GitHub Security Advisory page for this disclosure
  • 2 Votes
    7 Posts

    @jw-sbat Always make sure the plugins you are using are working fine before deploying to production. Even if the plugin doesn't specify compatibility directly it could still work. That property specifies a minimum nodebb version.

  • 0 Votes
    2 Posts

    Please contact your host about installing npm (unless you can do it yourself)

  • NodeBB v0.7.0-dev

    NodeBB Development
    0 Votes
    3 Posts

    @julian said:

    Right now, it's on the master branch of our GitHub repository 🙂

    Yes! Thanks 🍗

  • Gotchas for v0.5.0

    NodeBB Development
    2 Votes
    18 Posts

    Related issue:

    This is another breaking change. It effects anyone using the hook filter:user.custom_fields and to add custom data to users on registration.

    If you were using filter:user.custom_fields to add new entries into the user object you can just switch the hook you are using to filter:user.create. No need to change anything else.

    If you are using to add new entries into the registration form and want these entries to get added into the user object you need to use the hook filter:user.custom_fields. In your plugin that adds new entries into the registration form just add a listener for filter:user.custom_fields and add the fields that you added to the form into the array passed in, here is a sample.

    // plugin.json { ... "hooks": [ { "hook": "filter:user.custom_fields", "method": "addCustomFields"} ], ... } //plugin code function addCustomFields(fields, callback) { fields.push('newCustomField1'); // must match the input name you added to regForm fields.push('otherCustomField1'); callback(null, fields); }

    After this when a new user registers they will have newCustomField1 and otherCustomField1 entries in their user object.

    @bentael nothing needs to be done for spam-be-gone since we don't want the captcha form entries in the database anyways.

    Before this change it was possible to add any field into the registration form client side and it was inserted into the database. Now only the fields that core and plugins specify are inserted.