mm_forum version 1.8.3 available in TER
mm_forum 1.8.3 released in TER due to a security related issue.
The version 1.8.3 of the mm_forum extension is now available in the TYPO3 Extension Repository. The new version fixes a security related bug that allows Cross-Site Scripting.
The vulnerability can be avoided by using a specific TypoScript setup. The new version just modifies the default value for a specific configuration property. If for any reason, you cannot upgrade to the new version, you can fix the xss vulnerability just as good by inserting
plugin.tx_mmforum_pi1.validatorSettings.quotes = double
into your Typoscript setup. Credits go to Stefanos Karasavvidis, who initially discovered the problem.