Osclass 3.7.4: security update

Last 21st July, we detected, thanks to the notice of several users of our forums, that in some Osclass websites appeared a new admin account. Said account was created without the knowledge of the administrator. Given the security risk that this may represent for our users, we are releasing a new version of Osclass which corrects this error and will prevent it from happening in the future.
Meanwhile, we continue to analyze the cause of the intrusion. At the moment we the lack of information on what the source of this bug is or how many sites may have been affected. As soon as we have more information we will provide you the necessary explanations. At the moment, we ask you all to update your sites with this new version.

You can update it from your admin panel or download Osclass 3.7.4 manually. If you have any doubt, please use this guide on how to update Osclass or post your questions in the forums.

Posted in Development | 1 Comment

Osclass 3.7.3 Ready to download!

We’re releasing a new version 3.7.3 that contains several bugfixes. Please update, if you are using a previous version.

Osclass 3.7.3 changelog:

  • Improved compatibility with MariaDB
  • Using openssl functions instead of mcrypt (if available)
  • Improved Imagick usage, falling back to GD when not available. Can now be disabled on admin panel too.
  • Fixed duplication of indexes on upgrade
  • Search alerts correctly being sent to unregistered users
  • Fixed issue with session’s id being invalid
  • Multiple minor fixes and improvements

You can update it from your admin panel or download Osclass 3.7.3 manually. If you have any doubt, please use this guide on how to update Osclass or post your questions in the forums.

Posted in Releases | Comments Off on Osclass 3.7.3 Ready to download!

Discover the official Osclass Apps for Android and iOS

Osclass already has its official apps that work with any installation of our script, regardless the theme in use. With these apps, for iOS and Android, all esential Osclass functionalities are now available in your mobile phone: publish an ad, register, share, create your favourite ads list or use your website filters to search in your app.

Osclass relied on KikApp to build its official app for Android & iOS.

What is KikApp?
KikApp is a framework to develop native mobile apps based on PHP. This tool interprets the language, translates the code and exports it to the market’s most popular platforms.

Who can use it?
Any developer who is interested in making apps in the most commonly used language for web development.

Get further information at: www.kikapptools.com and wiki.kikapptools.com

Posted in Market | Comments Off on Discover the official Osclass Apps for Android and iOS

Osclass 3.7.0 Ready to download!

We’re releasing a new version 3.7.0 that contains four security patches and several bugfixes. Please update, if you are using a previous version.

Osclass 3.7.0 changelog:

  • Multisite fixes and improvements
  • Fixed an issue with custom fields on edit item
  • Mysql 5.7 compatibility
  • Comment email notification only if comment moderation is disabled
  • Use https in order to prevent warnings
  • Remove temporal unremoved files (auto_qqfile_*)
  • Cron skipping issues has been fixed
  • New hooks, pre_item_add_error and pre_item_edit_error. Plugins can add FlashMessages.
  • Prevent subscribe to searches twice (Alerts)
  • Increase PHP minimum version to 5.6.0
  • Robots.txt overwrite has been fixed
  • Improved helper function osc_validate_email()
  • Added new noCaptcha ReCaptcha
  • Added listings link at item add / item edit (oc-admin)
  • Fixed Authenticated cross-site scripting issues.
  • Found by Robin Peraglie with the help of the RIPS code analyser (https://www.ripstech.com)
  • Osclass core fixed and improvements
  • Bender theme minor fixes

You can update it from your admin panel or download Osclass 3.7.0 manually. If you have any doubt, please use this guide on how to update Osclass or post your questions in the forums.

Posted in Development | Comments Off on Osclass 3.7.0 Ready to download!

Osclass 3.6.0 Ready to download!

We’re releasing a new version 3.6.0 that contains four security patches and several bugfixes. Please update, if you are using a previous version.

Osclass 3.6.0 changelog:

  •  Fixed SQL injection vulnerability thanks to High-Tech Bridge Security Research Lab ( https://www.htbridge.com/ )
  •  Minor bug fixes and improvements
  • Improvements in the market area

You can update it from your admin panel or download Osclass 3.6.0 manually. If you have any doubt, please use this guide on how to update Osclass or post your questions in the forums.

Posted in Releases | Comments Off on Osclass 3.6.0 Ready to download!