Welcome to the Question2Answer Q&A. There's also a demo if you just want to try it out.

Q2A 1.7.5 - security release

+13 votes
246 views
asked Aug 8 in Q2A Core by Scott
edited Aug 8 by Scott

A security issue has been discovered in Q2A (affecting all versions) so we're releasing a new version, 1.7.5. Big thanks to 'l3m0n' who reported the issue. I've informed Gideon, who should prepare a download and update the website soon. UPDATE: v1.7.5 now available here.

In the meantime, the quickest and simplest fix is to replace the file qa-include/qa-install.php in your site with this one from the Q2A Github repository. I recommend all site owners do this asap. (Alternatively you could delete the file as it's not required after you've installed Q2A.)

The fix has also been pushed to the master and dev branches on Github so you can download the latest code from there if you like. This also includes some other minor bug fixes that were in the dev branch and due to be part of 1.8, but they will be in 1.7.5 instead:

  • Use site language for reCAPTCHA.
  • Add site language to HTML tag.
  • Change from / reply-to for feedback form.
  • Fix missing icon on private messages in SnowFlat theme.
  • Fix users being unable to see all their own profile fields.
  • Minor validation fixes.

commented Aug 16 by ProThoughts
@yerbol89kz, it will be good if you provide site url. Difficult to know what is happening just from your statements.

You can remove site url from post once issue is resolved.
commented 5 days ago by Scott
@yerbol89kz I think that's due to the option "remove accents from URLs". Sounds like from your other problem that you're using v1.8 not 1.7.5. In v1.8 that option removes all non-ASCII characters i.e. everything except a-z or 0-9.

2 Answers

0 votes
answered Aug 9 by q2apro.com
I wished we had a newsletter or another notification system for security flaws. Most CMS for instance have something like this in their admin panel. Q2A checks for new versions also on /admin/stats
0 votes
answered Aug 9 by yerbol89kz

After update my site category list not show. Why?

commented Aug 16 by yerbol89kz
I previously installed the current version of q2a version 1.8. Work good. And i download in github https://github.com/q2a/question2answer/tree/1.8 this version.
commented 6 days ago by Scott
If you're using Q2A 1.8 then the categories are now a widget. It should have added the widget automatically when upgrading to 1.8 but if not you can add it manually on the Layout admin page.
...