Ushahidi Platform v2.4 – Bug Fix Release

It’s that time of the month again when we release a newer version of the Ushahidi platform.

As with the last one, this is also a bug fix release so no new features – just some ironing on what already exists. The Ushahidi core platform and Crowdmap are both updated.

Bug Fixes include

  • Scheduler Fixed: A 500 error that was being thrown by the Scheduler
  • Category icons not showing up on the map
  • Fix on the map styling on the Actions/Triggers module
  • Users and admin were not able to change their passwords  – this was due to some CSRF fixes
  • Users not being able to find locations using co-ordinates
  • Users not being able to subscribe for alerts from Trusted categories

All issues reside on github, but for more on the issues addressed, check this detailed bug tracking spreadsheet.

Security updates

There were also some security issues, which have since been addressed.

Details of an XSS exploit were posted on exploits DB some time ago.

This was initial fixed with a quick patch to the user admin view. However, XSS vulnerabilities were still present in other views and fields.

You can grab the patch from the Security notice page

Be sure to upgrade your deployments, those fixes are important. And, in case you come across any bugs or if you have a feature you would like, please add it as an issue on Ushahidi’s github issues .

Github Issues

The new version of the platform is also available here and also on this github link.

Thanks!
We’d like to thank everyone who submitted bug reports and tested the release. As well, special thanks to Sharon Rutto, our Ushahidi intern for her testing.

One Response to “Ushahidi Platform v2.4 – Bug Fix Release”

  1. shpendk

    Glad to see the XSS is finally fixed :)