Flarum

Last updated
Flarum
Initial releaseMay 27, 2021;3 years ago (2021-05-27) [1]
Stable release
v1.8.5 / January 5, 2024;6 months ago (2024-01-05)
Repository github.com/flarum/framework
Written in PHP, JavaScript and TypeScript [2]
Type Internet forum
License MIT License
Website flarum.org

Flarum is Internet forum software written primarily in PHP [3] , and a combination of JavaScript and TypeScript for its user interface. It was created as part of a merger of two existing forum software [4] , FluxBB [5] and esoTalk [6] , and their two main developers, Franz Liedke and Toby Zerner.

Contents

Flarum is designed to be minimal forum software with high extensibility. Most common features in other forum software are extensions to Flarum's core software, such as locking threads, private messaging, flagging posts, and assigning tags (categories) to discussions.

History

Flarum's history dates back long before the merger of FluxBB and esoTalk. Flarum's philosophy was conceptualised in 2010 by Toby Zerner, [7] with initial designs and prototypes being created as early as 2012, [8] and he entered Flarum into the University of Adelaide's eChallenge programme, winning the 2nd place prize with the project's idea. [9]

In October 2014, Toby Zerner and his friend Stephen Grace launched a Kickstarter crowdfunding campaign to help fund Flarum's development at a time when Toby was studying medicine. The funds raised were planned to allow him to take a year out of his medical training in order to develop Flarum full-time, along with launching a paid cloud hosting service alongside Flarum. However, approximately two weeks after the Kickstarter launch, the campaign was cancelled, instead favoring an open-source and public approach to project development. The prototype code was published to GitHub in December 2014. [10]

The original Flarum prototypes were created in PHP and JavaScript, using Laravel as a backend framework and Ember.js as a frontend framework. In April 2015, Ember.js was replaced with Mithril.js, [11] which is still used in the latest releases of Flarum.

On August 27, 2015, the first beta version of Flarum was released to the public. [12]

On July 4, 2019, Toby Zerner announced he would be leaving the Flarum project to focus on his own premium forum software, leaving Franz Liedke and Daniël Klabbers to lead the project into the future. [13] Following Toby's departure, the remaining members of the Flarum team proceeded to found the non-profit Flarum Foundation (Dutch: Stichting Flarum) to be the legal owner of the Flarum open-source project, and its registered trademark. [14]

In February 2021, Franz Liedke announced that he would also be leaving the Flarum project, due to being unable to consistently dedicate time to the project, leaving Daniël Klabbers to lead Flarum. [15]

In May 2021, the first stable version of Flarum was released, after a total of 11 years in development. [7]

In June 2021, a critical security vulnerability was found in Flarum's initial stable release allowing for cross-site scripting attacks against other users through clicking a URL. This was fixed with a patch release as version 1.0.2. [16]

Controversy

Shortly after Flarum's initial stable release, a cross-site scripting vulnerability was found in the search field which could allow users to execute arbitrary JavaScript code without a user's permission. This vulnerability was patched in version 1.0.2. [16] [17] [18] Following this vulnerability, the Flarum team opted to partner with open-source security reporting website Huntr.dev to allow for a more streamlined way to report issues, as well as providing a bounty for reports and fixes without costing the open-source project money. [19]

See also

Related Research Articles

<span class="mw-page-title-main">Cinelerra</span> Video editing software

Cinelerra is a video editing and track-based digital compositing program designed for Linux. It is free software distributed under the open source GNU General Public License. In addition to editing, it supports advanced composition operations such as keying and mattes, including a title generator, many effects to edit video and audio, keyframe automation, and many other professional functions depending on the variant. It processes audio in 64 floating-point form. Video is processed in RGBA or YUVA color spaces, in 16-bit integer or floating-point form. It is resolution and image refresh rate independent. The GG variant supports up to 8K video, and can also create DVDs and Blu-rays.

<span class="mw-page-title-main">OpenSSL</span> Open-source implementation of the SSL and TLS protocols

OpenSSL is a software library for applications that provide secure communications over computer networks against eavesdropping, and identify the party at the other end. It is widely used by Internet servers, including the majority of HTTPS websites.

BeanShell is a small, free, embeddable Java source interpreter with object scripting language features, written in Java. It runs in the Java Runtime Environment (JRE), dynamically executes standard Java syntax and extends it with common scripting conveniences such as loose types, commands, and method closures, like those in Perl and JavaScript.

<span class="mw-page-title-main">Git</span> Distributed version control software system

Git is a distributed version control system that tracks versions of files. It is often used to control source code by programmers collaboratively developing software.

The Common Vulnerabilities and Exposures (CVE) system provides a reference method for publicly known information-security vulnerabilities and exposures. The United States' National Cybersecurity FFRDC, operated by The MITRE Corporation, maintains the system, with funding from the US National Cyber Security Division of the US Department of Homeland Security. The system was officially launched for the public in September 1999.

<span class="mw-page-title-main">Polkit</span> Component of UNIX systems

Polkit is a component for controlling system-wide privileges in Unix-like operating systems. It provides an organized way for non-privileged processes to communicate with privileged ones. Polkit allows a level of control of centralized system policy. It is developed and maintained by David Zeuthen from Red Hat and hosted by the freedesktop.org project. It is published as free software under the terms of version 2 of the GNU Lesser General Public License.

systemd Suite of system components for Linux

systemd is a software suite that provides an array of system components for Linux operating systems. The main aim is to unify service configuration and behavior across Linux distributions. Its primary component is a "system and service manager" — an init system used to bootstrap user space and manage user processes. It also provides replacements for various daemons and utilities, including device management, login management, network connection management, and event logging. The name systemd adheres to the Unix convention of naming daemons by appending the letter d. It also plays on the term "System D", which refers to a person's ability to adapt quickly and improvise to solve problems.

<span class="mw-page-title-main">PunBB</span> Internet forum software

PunBB (PunBulletinBoard) is a discussion forum software written in PHP, released under the GNU General Public License. This software places a strong emphasis on minimalism, speed, and efficiency, making it a viable alternative for those seeking a lightweight solution for hosting an online community.

<span class="mw-page-title-main">MyBB</span> Open-source forum software

MyBB, formerly MyBBoard and originally MyBulletinBoard, is a free and open-source forum software developed by the MyBB Group. It is written in PHP, supports MariaDB, MySQL, PostgreSQL and SQLite as database systems and, in addition, has database failover support. It is available in multiple languages and is licensed under the LGPL. The software allows users to facilitate community driven interaction through a MyBB instance.

<span class="mw-page-title-main">Ember.js</span> JavaScript framework

Ember.js is an open-source JavaScript web framework that utilizes a component-service pattern. It is designed to allow developers to create scalable single-page web applications by incorporating common idioms, best practices, and patterns from other single-page-app ecosystem patterns into the framework.

<span class="mw-page-title-main">React (JavaScript library)</span> JavaScript library for building user interfaces

React is a free and open-source front-end JavaScript library for building user interfaces based on components by Facebook Inc. It is maintained by Meta and a community of individual developers and companies.

<span class="mw-page-title-main">WebAssembly</span> Cross-platform assembly language and bytecode designed for execution in web browsers

WebAssembly (Wasm) defines a portable binary-code format and a corresponding text format for executable programs as well as software interfaces for facilitating interactions between such programs and their host environment.

<span class="mw-page-title-main">OpenCart</span> ECommerce platform for creating online stores

OpenCart is an online store management system developed by Hong Kong-based OpenCart Limited. It is PHP-based, using a MySQLi or PostgreSQL database and HTML components. Support is provided for different languages and currencies. It is freely available under the GNU General Public License.

<span class="mw-page-title-main">Electron (software framework)</span> Development framework built on Chromium

Electron is a free and open-source software framework developed and maintained by OpenJS Foundation. The framework is designed to create desktop applications using web technologies that are rendered using a version of the Chromium browser engine and a back end using the Node.js runtime environment. It also uses various APIs to enable functionality such as native integration with Node.js services and an inter-process communication module.

<span class="mw-page-title-main">Vue.js</span> Open-source JavaScript library for building user interfaces

Vue.js is an open-source model–view–viewmodel front end JavaScript framework for building user interfaces and single-page applications. It was created by Evan You and is maintained by him and the rest of the active core team members.

qutebrowser Free keyboard-focused web browser with a minimal GUI

qutebrowser is a QtWebEngine web browser for Linux, Windows, and macOS operating systems with Vim-style key bindings and a minimal GUI. It is keyboard-driven and is inspired by similar software such as Vimperator and dwb. It uses DuckDuckGo as the default search engine. qutebrowser is included in the native repositories of Linux distributions such as Fedora and Arch Linux. qutebrowser is developed by Florian Bruhin, for which he received a CH Open Source award in 2016.

Transient execution CPU vulnerabilities are vulnerabilities in a computer system in which a speculative execution optimization implemented in a microprocessor is exploited to leak secret data to an unauthorized party. The archetype is Spectre, and transient execution attacks like Spectre belong to the cache-attack category, one of several categories of side-channel attacks. Since January 2018 many different cache-attack vulnerabilities have been identified.

<span class="mw-page-title-main">Home Assistant</span> Home automation software

Home Assistant is free and open-source software used for home automation. It serves as an integration platform and smart home hub, allowing users to control smart home devices. The software emphasizes local control and privacy and is designed to be independent of any specific Internet of Things (IoT) ecosystem. Its interface can be accessed through a web-based user interface, by using companion apps for Android and iOS, or by voice commands via a supported virtual assistant, such as Google Assistant, Amazon Alexa, Apple Siri, and Home Assistant's own "Assist" using natural language.

Log4Shell (CVE-2021-44228) is a zero-day vulnerability in Log4j, a popular Java logging framework, involving arbitrary code execution. The vulnerability had existed unnoticed since 2013 and was privately disclosed to the Apache Software Foundation, of which Log4j is a project, by Chen Zhaojun of Alibaba Cloud's security team on 24 November 2021. Before an official CVE identifier was made available on 10 December 2021, the vulnerability circulated with the name "Log4Shell", given by Free Wortley of the LunaSec team, which was initially used to track the issue online. Apache gave Log4Shell a CVSS severity rating of 10, the highest available score. The exploit was simple to execute and is estimated to have had the potential to affect hundreds of millions of devices.

References

  1. "Flarum 1.0.0 Released - Flarum Community".
  2. "Flarum/Framework". GitHub . 31 March 2022.
  3. "flarum Languages is PHP 100%". GitHub. Flarum. 14 July 2024. Retrieved 15 July 2024.
  4. "About Flarum : Flarum Documentation". docs.flarum.org. Retrieved 18 July 2024.
  5. "Future development - FluxBB". Internet Archive . 2 July 2022. Retrieved 18 July 2024.
  6. "GitHub - esotalk". GitHub. Retrieved 18 July 2024.
  7. 1 2 "Flarum 1.0.0 Released - Flarum Community". discuss.flarum.org. Retrieved 2021-12-23.
  8. "Flarum: The Year Ahead – Toby Zerner". tobyzerner.com. Retrieved 2021-12-23.
  9. Rooney, Kleo. "Energy from Waste wins the ECIC e-Challenge 2013 First Prize". News and Events from the ECIC. Retrieved 2021-12-23.
  10. "GitHub - flarum/core at 74db323f83116087e773d23c3b547bc6627c1956". GitHub. Retrieved 2021-12-23.
  11. "Replace Ember app with Mithril app · flarum/core@b68a471". GitHub. Retrieved 2021-12-23.
  12. "Release 0.1.0-beta · flarum/core". GitHub. Retrieved 2021-12-23.
  13. "Farewell and What's Next For Flarum - Flarum Community". discuss.flarum.org. Retrieved 2021-12-23.
  14. "Flarum Foundation, 1: the why and who - Flarum Community". discuss.flarum.org. Retrieved 2021-12-23.
  15. "Leaving the project - Flarum Community". discuss.flarum.org. Retrieved 2021-12-23.
  16. 1 2 "Critical security update to Flarum core, with new incident write-up (v1.0.2) - Flarum Community". discuss.flarum.org. Retrieved 2021-12-23.
  17. "Build software better, together". GitHub. Retrieved 2021-12-23.
  18. "CVE - CVE-2021-32671". cve.mitre.org. Retrieved 2021-12-23.
  19. "huntr.dev as first point for security vuln (#2918) · flarum/core@5ee5f82". GitHub. Retrieved 2021-12-23.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.