Software:Flarum

From HandWiki
Short description: Internet forum software written primarily in PHP
Flarum
Orange gradient background with a digital paper-like white speech bubble overlaid.
Flarum Discuss screenshot.png
Screenshot of Flarum's official forums, named Discuss.
Initial releaseMay 27, 2021; 3 years ago (2021-05-27)[1]
Stable release
v1.8.3 / October 18, 2023; 8 months ago (2023-10-18)
Repositorygithub.com/flarum/framework
Written inPHP, JavaScript and TypeScript[2]
TypeInternet forum
LicenseMIT License
Websiteflarum.org

Flarum is Internet forum software written primarily in PHP, and a combination of JavaScript and TypeScript for its user interface. It was created as part of a merger of two existing forum software, FluxBB and esoTalk, and their two main developers, Franz Liedke and Toby Zerner.

Flarum is designed to be minimal forum software with high extensibility. Most common features in other forum software are extensions to Flarum's core software, such as locking threads, private messaging, flagging posts, and assigning tags (categories) to discussions.

History

Flarum's history dates back long before the merger of FluxBB and esoTalk. Flarum's philosophy was conceptualised in 2010 by Toby Zerner,[3] with initial designs and prototypes being created as early as 2012,[4] and he entered Flarum into the University of Adelaide's eChallenge programme, winning the 2nd place prize with the project's idea.[5]

In October 2014, Toby Zerner and his friend Stephen Grace launched a Kickstarter crowdfunding campaign to help fund Flarum's development at a time when Toby was studying medicine. The funds raised were planned to allow him to take a year out of his medical training in order to develop Flarum full-time, along with launching a paid cloud hosting service alongside Flarum. However, approximately two weeks after the Kickstarter launch, the campaign was cancelled, instead favoring an open-source and public approach to project development. The prototype code was published to GitHub in December 2014.[6]

The original Flarum prototypes were created in PHP and JavaScript, using Laravel as a backend framework and Ember.js as a frontend framework. In April 2015, Ember.js was replaced with Mithril.js,[7] which is still used in the latest releases of Flarum.

On August 27, 2015, the first beta version of Flarum was released to the public.[8]

On July 4, 2019, Toby Zerner announced he would be leaving the Flarum project to focus on his own premium forum software, leaving Franz Liedke and Daniël Klabbers to lead the project into the future.[9] Following Toby's departure, the remaining members of the Flarum team proceeded to found the non-profit Flarum Foundation (Dutch: Stichting Flarum) to be the legal owner of the Flarum open-source project, and its registered trademark.[10]

In February 2021, Franz Liedke announced that he would also be leaving the Flarum project, due to being unable to consistently dedicate time to the project, leaving Daniël Klabbers to lead Flarum.[11]

In May 2021, the first stable version of Flarum was released, after a total of 11 years in development.[3]

In June 2021, a critical security vulnerability was found in Flarum's initial stable release allowing for cross-site scripting attacks against other users through clicking a URL. This was fixed with a patch release as version 1.0.2.[12]

Controversy

Shortly after Flarum's initial stable release, a cross-site scripting vulnerability was found in the search field which could allow users to execute arbitrary JavaScript code without a user's permission. This vulnerability was patched in version 1.0.2.[12][13][14] Following this vulnerability, the Flarum team opted to partner with open-source security reporting website Huntr.dev to allow for a more streamlined way to report issues, as well as providing a bounty for reports and fixes without costing the open-source project money.[15]

See also

Note: This topic belongs to "Free and open-source software " portal

References

  1. "Flarum 1.0.0 Released - Flarum Community". https://discuss.flarum.org/d/27394-flarum-100-released. 
  2. "Flarum/Framework". 31 March 2022. https://github.com/flarum/framework. 
  3. 3.0 3.1 "Flarum 1.0.0 Released - Flarum Community". https://discuss.flarum.org/d/27394-flarum-100-released. 
  4. "Flarum: The Year Ahead – Toby Zerner" (in en). http://tobyzerner.com/flarum.html. 
  5. Rooney, Kleo. "Energy from Waste wins the ECIC e-Challenge 2013 First Prize" (in en). https://blogs.adelaide.edu.au/ecic/2013/11/27/energy-from-waste-wins-the-ecic-e-challenge-2013-first-prize/. 
  6. "GitHub - flarum/core at 74db323f83116087e773d23c3b547bc6627c1956" (in en). https://github.com/flarum/core. 
  7. "Replace Ember app with Mithril app · flarum/core@b68a471" (in en). https://github.com/flarum/core/commit/b68a4711dceb303dfc9b9b47cf9ae45b18d470b5. 
  8. "Release 0.1.0-beta · flarum/core" (in en). https://github.com/flarum/core/releases/tag/v0.1.0-beta. 
  9. "Farewell and What's Next For Flarum - Flarum Community". https://discuss.flarum.org/d/20590-farewell-and-what-s-next-for-flarum. 
  10. "Flarum Foundation, 1: the why and who - Flarum Community". https://discuss.flarum.org/d/20818-flarum-foundation-1-the-why-and-who. 
  11. "Leaving the project - Flarum Community". https://discuss.flarum.org/d/26175-leaving-the-project. 
  12. 12.0 12.1 "Critical security update to Flarum core, with new incident write-up (v1.0.2) - Flarum Community". https://discuss.flarum.org/d/27558-critical-security-update-to-flarum-core-with-new-incident-write-up-v102. 
  13. "Build software better, together" (in en). https://github.com/. 
  14. "CVE - CVE-2021-32671". https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32671. 
  15. "huntr.dev as first point for security vuln (#2918) · flarum/core@5ee5f82" (in en). https://github.com/flarum/core/commit/5ee5f82e3d54ac0dc49ff6bd93382e768976dbdd. 

External links