Database
- Database layer rewritten to use PDO, instead of deprecated mysql extension.
- Can now be run unmodified on either mysql or postgresql (instead of just mysql)
- Database performance significantly improved
Security
- Password hashing now uses bcrypt (with adjustable effort) instead of md5, to prevent brute-forcing hashes in the event of disclosure.
- Improved random number generation to create cryptographically secure salts
- Improved session handling
- Logs are no longer encrypted using the database password
Useability and Features
- New log viewer filters log entries on client side, making it substantially faster
- Various tweaks to navigation, flagging of long items, etc
- Improved installer, allows the user to back out of installation
The code is available on Github:
https://github.com/robisacommonusername/fofork.git
Or as an archive:
https://github.com/robisacommonusername/fofork/tarball/master
It is possible to upgrade a fofork 1.0.x or 1.1.y installation to version 1.5.z using the included upgrade script. However, due to the changed password hashing algorithm, you will lose any created user accounts other than the admin account. If this is a problem, then you can upgrade your installation to version 1.1.1 (the newest in the 1.1 branch). This release corrects several minor security issues in the 1.1 branch, but is fully backwards compatible with versions 1.0. It is available at https://github.com/robisacommonusername/fofork/archive/v1.1.1.tar.gz
Future features to be included in version 1.6 include
- Allowing new users to register
- An API
- Upgrading Simplepie
