-
Notifications
You must be signed in to change notification settings - Fork 130
Release notes
- Add support for PHP 8.3
-
migrate plugin system to CI3. (Closes: #518)
- You are advised to backup your database before updating because the update will update the 'plugins' table.
- At the first time you run kalkun after the update you will have to go through the installer (keep the 'install' file so that it enters the installer/updater, remove it when the installation screens tells you to do so). kalkun will automatically migrate the 'plugins' table in the database while progressing through the installation screens.
- update LICENSE file (forgotten in 0.8.2)
- Add support for PHP 8.3
- Change kalkun license to GPL-2.0-or-later (instead of GPL-3.0-or-later)
- drop 'emoticons' option
- update to jquery 3.7.1
- Add support for PHP 8.2
- If you run PHP 8.2 you will need a version of CodeIgniter 3 that supports PHP 8.2. At the time of the release of Kalkun 0.8.1, codeigniter latest version is 3.1.13 which doesn't support PHP 8.2. Until it is updated you will have to patch it manually by taking the changes from this Pull Request that adds PHP 8.2 support to CI3.
-
Rest_api plugin was updated to use RestController library version 3.1.5 from https://github.com/chriskacerguis/codeigniter-restserver.git
By default it will return the result in
json
format. Before kalkun 0.8.1, the output was in xml. You can set the format back toxml
in the configuration file of the plugin. - nusoap is now taken from composer instead of being shipped as a file in Kalkun
- update jquery (to 3.7.0), chartjs (to 4.3.0, but keep compatibility with 2.x & 3.x)
- Ubuntu packages are now available also in the kalkun PPA at https://launchpad.net/~kalkun/+archive/ubuntu/kalkun-releases
- Kalkun upgraded from CodeIgniter 1 to CodeIgniter 3.1.13
- Minimum version of PHP is now 5.6
- Code updated to work on PHP >= 7 up to PHP 8.1
- You need PHP Composer tool. Many libraries that used to be copied in the source code of Kalkun have been removed from the code base. They are now fetched using PHP
composer
.
-
Phone number input is now checked towards the libphonenumber-for-php library based on Google's libphonenumber.
-
Before entering the database, the phone number is checked for validity. Then reformatted to international format for storage in the database.
-
Whenever you edit an existing user or contact that was added before the use of libphonenumber, the number will pass through this library, will be checked for validation. If you save it, it will be updated to international format in the database.
-
If you use an API (JSONRPC, REST...) phonenumber is checked too. Be sure you enter a valid phone number in international format when using an API. Otherwise your request might be rejected for "invalid phone number".
-
Besides, you can check a number for validity by calling (PR #396):
http://localhost/kalkun/index.php/kalkun/phone_number_validation?phone=PHONENUMBER®ion=REGION
or by doing a POST request to
http://localhost/kalkun/index.php/kalkun/phone_number_validation
with parameters:
phone=PHONENUMBER®ion=REGION
The output is a json encoded string:
"true"
if the number is valid, or the message error reported by libphonenumber.
- To improve security, it's higly recommended to change the default
encryption_key
inapplication/config/config.php
. See setting your encryption key. - On unix/linux you may run
php -r 'echo bin2hex(random_bytes(16)), "\n";'
Write the value in application/config/config.php
and enclose it in a call to hex2bin()
function. For example:
$config['encryption_key'] = hex2bin('32_CHAR_LONG_ENC_KEY');
- Algorithm to store user password changes with 0.8. Thus old passwords stored with v0.7.1 won't work anymore.
- You need to tell your users to reset their password.
- If you still use the default password, it is updated during upgrade process.
- To manually set a password in the database:
- Compute a hash for the given password this way:
php -r 'echo password_hash("new_password", PASSWORD_BCRYPT) . "\n";'
- Insert it in the DB. SQL QUERY would be
- for MySQL syntax
UPDATE user SET password = 'HASH_COMPUTED_ABOVE' WHERE id_user = 1 AND username = 'kalkun';
- for PostgreSQL syntax
UPDATE public."user" SET password = 'HASH_COMPUTED_ABOVE' WHERE id_user = 1 AND username = 'kalkun';
- During migration to CodeIgniter 3 we switched from the older CI3
Encrypt
Library to the CI3Encryption
Library for security reasons. This required to update the default encryption key. The password you may have stored with the older version can't be recovered with the new encryption key. - If you were using these plugins:
sms to wordpress
orsms to xmpp
you need to update their credentials.
- CSRF Protection as provided by CodeIgniter 3 is now enabled by default in Kalkun.
- By doing this change, some HTTP requests were changed from POST to GET. (PR #397)
- You can disable it in the
application/config/config.php
file.
- The CodeIgniter methods that were used in Kalkun have been deprecated in CI3. Kalkun now does XSS filtering on output and not on input as suggested.
- SameSite policy is set to 'Strict' (PR #402)
- httpOnly attribute is set to TRUE (PR #449)
- If when requesting a URL of Kalkun you are no more logged in, you get redirected to the login screen. Once logged it, you will be directed to the page you originally requested with the Query (?key=value...) attached to that URL. Any data POSTed will be kept until the first page reached after successful login.
- It is now possible (PR #395) to arrive directly to the compose window and to have the form prefilled with phone number and message. To do so:
http://localhost/kalkun/index.php/?action=compose&type=prefill&msg=my_msg&phone=123123
For an clean compose window:
http://localhost/kalkun/index.php/?action=compose&type=normal
- This can also be done with a POST request
- The configuration of the plugins which used to be part of the
plugins/plugin_name/plugin_name.php
file have been extracted and moved to theplugins/plugin_name/config/plugin_name.php
file. - Be sure to make a backup of your configuration and restore the values back to the new file.
- Impacted plugins:
- phonebook_ldap
- phonebook_lookup
- simple_autoreply
- sms_credit
- sms_member
- sms_to_twitter
- sms_to_email
- sms_to_wordpress
- sms_to_xmpp
- stop_manager
- Kalkun now automatically detects if a SMS has to be sent with Unicode or GSM charset. This change is in the GUI as well as for those using the APIs.
- It is not needed anymore to pass the encoding when using the REST API.
- upgrade to b8 v0.7
- b8 table schema is upgraded to v3 during kalkun update
- The old
b8_wordlist
table is backed up asb8_wordlist_v2
- The plugin now uses datto/json-rpc-http which implements the JSONRPC 2.0 standard. In the previous version of Kalkun, it was JSONRPC 1.1 standard
- With upgrade of jQuery to v3.6.1, you need a modern browser. See jQuery Browser Support
- The older Statistics display tool (open-flash-chart based on adobe flash player) is replaced by a Chart.js
There is no SQL script to create db for cubrid in gammu. See: https://github.com/gammu/gammu/tree/master/docs/sql. So we drop support. This hasn't been updated for years anyway.
- SQL scripts went to
application/sql/
(instead of media/db) - all text files at the root of the project (except LICENSE) we moved to
docs/
- They are built on every merge to a git branch. Find them as artifacts on the github actions jobs.
- The source code reports errors that were hidden before and where one didn't know what was happening. When PHP reports an error or an exception Kalkun shows a specific window with the error reported.
- Note: error reporting can be disabled completely by setting the CI_ENV env. variable of the web server.
- CodeIgniter permits to use a http server environment variable named
CI_ENV
. By default we left it itdevelopment
. You may want to change it toproduction
. If your webserver is Apache's httpd it is set in.htaccess
file. However if you use another web server, set this environment variable in the configuration of your server. If set toproduction
no errors will be reported. While if set todevelopent
, the errors will be reported, what may be a security risk. More details in the CodeIgniter documentation.
- When installing Kalkun on a server for testing & demo purposes, it is now possible to enable the "demo_mode" in the configuration. When enabled, this forbids modification of the password of the kalkun user.