Skip to content
tenzap edited this page Nov 27, 2024 · 17 revisions

0.8.3-beta-1

  • Add support for PHP 8.3
  • migrate plugin system to CI3. (Closes: #518)
    • You are advised to backup your database before updating because the update will update the 'plugins' table.
    • At the first time you run kalkun after the update you will have to go through the installer (keep the 'install' file so that it enters the installer/updater, remove it when the installation screens tells you to do so). kalkun will automatically migrate the 'plugins' table in the database while progressing through the installation screens.

Version 0.8.2.1

  • update LICENSE file (forgotten in 0.8.2)

Version 0.8.2

  • Add support for PHP 8.3
  • Change kalkun license to GPL-2.0-or-later (instead of GPL-3.0-or-later)
  • drop 'emoticons' option
  • update to jquery 3.7.1

Version 0.8.1

  • Add support for PHP 8.2
    • If you run PHP 8.2 you will need a version of CodeIgniter 3 that supports PHP 8.2. At the time of the release of Kalkun 0.8.1, codeigniter latest version is 3.1.13 which doesn't support PHP 8.2. Until it is updated you will have to patch it manually by taking the changes from this Pull Request that adds PHP 8.2 support to CI3.
  • Rest_api plugin was updated to use RestController library version 3.1.5 from https://github.com/chriskacerguis/codeigniter-restserver.git By default it will return the result in json format. Before kalkun 0.8.1, the output was in xml. You can set the format back to xml in the configuration file of the plugin.
  • nusoap is now taken from composer instead of being shipped as a file in Kalkun
  • update jquery (to 3.7.0), chartjs (to 4.3.0, but keep compatibility with 2.x & 3.x)
  • Ubuntu packages are now available also in the kalkun PPA at https://launchpad.net/~kalkun/+archive/ubuntu/kalkun-releases

Version 0.8

Upgrade to CodeIgniter 3

  • Kalkun upgraded from CodeIgniter 1 to CodeIgniter 3.1.13

Min/max version of PHP

  • Minimum version of PHP is now 5.6
  • Code updated to work on PHP >= 7 up to PHP 8.1

Library updates

  • You need PHP Composer tool. Many libraries that used to be copied in the source code of Kalkun have been removed from the code base. They are now fetched using PHP composer.

libphonenumber

  • Phone number input is now checked towards the libphonenumber-for-php library based on Google's libphonenumber.

  • Before entering the database, the phone number is checked for validity. Then reformatted to international format for storage in the database.

  • Whenever you edit an existing user or contact that was added before the use of libphonenumber, the number will pass through this library, will be checked for validation. If you save it, it will be updated to international format in the database.

  • If you use an API (JSONRPC, REST...) phonenumber is checked too. Be sure you enter a valid phone number in international format when using an API. Otherwise your request might be rejected for "invalid phone number".

  • Besides, you can check a number for validity by calling (PR #396):

    http://localhost/kalkun/index.php/kalkun/phone_number_validation?phone=PHONENUMBER&region=REGION
    

    or by doing a POST request to

    http://localhost/kalkun/index.php/kalkun/phone_number_validation
    

    with parameters: phone=PHONENUMBER&region=REGION

    The output is a json encoded string: "true" if the number is valid, or the message error reported by libphonenumber.

Change the default encryption_key

  • To improve security, it's higly recommended to change the default encryption_key in application/config/config.php. See setting your encryption key.
  • On unix/linux you may run
php -r 'echo bin2hex(random_bytes(16)), "\n";'

Write the value in application/config/config.php and enclose it in a call to hex2bin() function. For example:

$config['encryption_key'] = hex2bin('32_CHAR_LONG_ENC_KEY');

Password update

  • Algorithm to store user password changes with 0.8. Thus old passwords stored with v0.7.1 won't work anymore.
  • You need to tell your users to reset their password.
  • If you still use the default password, it is updated during upgrade process.
  • To manually set a password in the database:
    1. Compute a hash for the given password this way:
    php -r 'echo password_hash("new_password", PASSWORD_BCRYPT) . "\n";'
    1. Insert it in the DB. SQL QUERY would be
      1. for MySQL syntax
      UPDATE user SET password = 'HASH_COMPUTED_ABOVE'
      WHERE id_user = 1 AND username = 'kalkun';
      1. for PostgreSQL syntax
      UPDATE public."user" SET password = 'HASH_COMPUTED_ABOVE'
      WHERE id_user = 1 AND username = 'kalkun';

Encryption library

  • During migration to CodeIgniter 3 we switched from the older CI3 Encrypt Library to the CI3 Encryption Library for security reasons. This required to update the default encryption key. The password you may have stored with the older version can't be recovered with the new encryption key.
  • If you were using these plugins: sms to wordpress or sms to xmpp you need to update their credentials.

Enable CSRF Protection

  • CSRF Protection as provided by CodeIgniter 3 is now enabled by default in Kalkun.
  • By doing this change, some HTTP requests were changed from POST to GET. (PR #397)
  • You can disable it in the application/config/config.php file.

XSS (cross site scripting) mitigation strategy

  • The CodeIgniter methods that were used in Kalkun have been deprecated in CI3. Kalkun now does XSS filtering on output and not on input as suggested.

Cookie changes

  • SameSite policy is set to 'Strict' (PR #402)
  • httpOnly attribute is set to TRUE (PR #449)

Redirection to the requested page

  • If when requesting a URL of Kalkun you are no more logged in, you get redirected to the login screen. Once logged it, you will be directed to the page you originally requested with the Query (?key=value...) attached to that URL. Any data POSTed will be kept until the first page reached after successful login.

Ability to open the compose window by URL

  • It is now possible (PR #395) to arrive directly to the compose window and to have the form prefilled with phone number and message. To do so:
http://localhost/kalkun/index.php/?action=compose&type=prefill&msg=my_msg&phone=123123

For an clean compose window:

http://localhost/kalkun/index.php/?action=compose&type=normal
  • This can also be done with a POST request

Plugins configuration

  • The configuration of the plugins which used to be part of the plugins/plugin_name/plugin_name.php file have been extracted and moved to the plugins/plugin_name/config/plugin_name.php file.
  • Be sure to make a backup of your configuration and restore the values back to the new file.
  • Impacted plugins:
    • phonebook_ldap
    • phonebook_lookup
    • simple_autoreply
    • sms_credit
    • sms_member
    • sms_to_twitter
    • sms_to_email
    • sms_to_wordpress
    • sms_to_xmpp
    • stop_manager

SMS charset auto detection

  • Kalkun now automatically detects if a SMS has to be sent with Unicode or GSM charset. This change is in the GUI as well as for those using the APIs.
  • It is not needed anymore to pass the encoding when using the REST API.

b8 spam filter

  • upgrade to b8 v0.7
  • b8 table schema is upgraded to v3 during kalkun update
  • The old b8_wordlist table is backed up as b8_wordlist_v2

JSONRPC plugin

  • The plugin now uses datto/json-rpc-http which implements the JSONRPC 2.0 standard. In the previous version of Kalkun, it was JSONRPC 1.1 standard

Browser support

  • With upgrade of jQuery to v3.6.1, you need a modern browser. See jQuery Browser Support
  • The older Statistics display tool (open-flash-chart based on adobe flash player) is replaced by a Chart.js

Dropped cubrid DB support

There is no SQL script to create db for cubrid in gammu. See: https://github.com/gammu/gammu/tree/master/docs/sql. So we drop support. This hasn't been updated for years anyway.

Somes files have moved

  • SQL scripts went to application/sql/ (instead of media/db)
  • all text files at the root of the project (except LICENSE) we moved to docs/

Debian packages

  • They are built on every merge to a git branch. Find them as artifacts on the github actions jobs.

Error management

  • The source code reports errors that were hidden before and where one didn't know what was happening. When PHP reports an error or an exception Kalkun shows a specific window with the error reported.
  • Note: error reporting can be disabled completely by setting the CI_ENV env. variable of the web server.
  • CodeIgniter permits to use a http server environment variable named CI_ENV. By default we left it it development. You may want to change it to production. If your webserver is Apache's httpd it is set in .htaccess file. However if you use another web server, set this environment variable in the configuration of your server. If set to production no errors will be reported. While if set to developent, the errors will be reported, what may be a security risk. More details in the CodeIgniter documentation.

Demo mode

  • When installing Kalkun on a server for testing & demo purposes, it is now possible to enable the "demo_mode" in the configuration. When enabled, this forbids modification of the password of the kalkun user.
Clone this wiki locally