Today, we release updates for some products that fix security issue. The updates are: QAEngine and DirectoryEngine. We take the security issue very seriously, so as soon as we notice the bug, we immediately work on and remove it at soonest.
Please remember to get the latest versions right away so that it won’t affect your business.
For more details, we fixed the function code so that the attacker can’t obtain the administrator accounts any more. They can’t create a new admin account or change the password just by using the user_ID.
This issue was notified by one of our customers, thanks to him, we can quickly resolve the bug. Also, we’ve checked the theme thoroughly all over again to make sure everything will be fine. This is a valuable experience for us and we’ll have plan for a regular security review.
We really sorry for the inconvenience the issue may cause.
QAEngine version 1.5.1
Together with the security update release, we want to introduce some small changes in QAEngine version 1.5.1
Implement “Pending” tab
A new section named “Pending” is added so that admin can easily approve new posts. This section stored all the new posted ones, admin don’t have to visit every single post to approve it anymore. You can quickly find new questions or answers right in the front-end and approve them just by a click.
Hide admin account on displayed widget
Moreover, admin user names are now excluded from the widget “Users lists” to enhance the security. You don’t have to worry that attacker can find out the admin accounts anymore.
Add lightbox to image in blog section
In the blog post, when users click on the image, it’ll be zoomed out and overlap the content. As a result, the photo will be displayed prettier and users can see the photo clearly.
Other bugs fixes
- Fix “Responsive” issue on Tablet: The menu now automatically change the appearance based on the devices.
- Fix “Filter” issue: The link won’t redirect o to 404 page when you filter answers anymore.