Iceclog 2.4.2 Release Notes: Security and UX Improvements

Version 2.4.2 of Iceclog is released, based on user and member feedback, and security scans.

Register page with Google reCaptcha

During performance and membership account reviews we noticed fake (bot) accounts. To reduce this, we have added the Google reCaptcha mechanism on the registration page.

This will decrease the number of spoilers, fake accounts.

UX Improvements

Featured main images now have nicely rounded border, more elegant.

Action buttons under posts – like, comment, favorite, delete, edit, spam – are now unified across the social network, making UX cleaner and easier to understand.

Furthermore, a mechanism for rendering of shared image is improved, resulting in a better preview of shared images and stopping blurry images from being generated.

The social sharing buttons are positioned differently, and are now on top of the posts. This way, you can interact and share content that you like right away.

Bug Fixes

The Reported bug “Not possible to cancel membership request” has been resolved.

And AMP related coverage issues have been resolved as well. This will enable a better visibility on search engines for our members’ content.

Deployment Improvements

We have introduced additional improvements in development and deployment. We updated our tests with commonly used features to ensure a minimum number of issues in production.

Security maintenance

We performed regular security maintenance and updated our whole infrastructure, server and CMS based. We updated our CMS to the latest available version. Furthermore, we updated all our modules to the newest versions and removed several modules which were no longer supported or needed.

Furthermore, this version includes some major security fixes recognized by our ongoing vulnerability scans. These security fixes include protection from cross-site vulnerabilities, improvements of HTTPS responses, and adding Missing Headers that could cause Clickjacking.

Finally, we have improved the protection against Cross Site Request Forgery (CSRF/XSRF) making our forms safer for usage, according to the latest standards.