Flarum
A major contributor to this article appears to have a close connection with its subject. (January 2022) |
Initial release | May 27, 2021[1] |
---|---|
Stable release | v1.8.2
/ September 22, 2023 |
Repository | github |
Written in | PHP, JavaScript and TypeScript[2] |
Type | Internet forum |
License | MIT License |
Website | flarum |
Flarum is Internet forum software written primarily in PHP, and a combination of JavaScript and TypeScript for its user interface. It was created as part of a merger of two existing forum software, FluxBB and esoTalk, and their two main developers, Franz Liedke and Toby Zerner.
Flarum is designed to be minimal forum software with high extensibility. Most common features in other forum software are extensions to Flarum's core software, such as locking threads, private messaging, flagging posts, and assigning tags (categories) to discussions.
History
Flarum's history dates back long before the merger of FluxBB and esoTalk. Flarum's philosophy was conceptualised in 2010 by Toby Zerner,[3] with initial designs and prototypes being created as early as 2012,[4] and he entered Flarum into the University of Adelaide's eChallenge programme, winning the 2nd place prize with the project's idea.[5]
In October 2014, Toby Zerner and his friend Stephen Grace launched a Kickstarter crowdfunding campaign to help fund Flarum's development at a time when Toby was studying medicine. The funds raised were planned to allow him to take a year out of his medical training in order to develop Flarum full-time, along with launching a paid cloud hosting service alongside Flarum. However, approximately two weeks after the Kickstarter launch, the campaign was cancelled, instead favoring an open-source and public approach to project development. The prototype code was published to GitHub in December 2014.[6]
The original Flarum prototypes were created in PHP and JavaScript, using Laravel as a backend framework and Ember.js as a frontend framework. In April 2015, Ember.js was replaced with Mithril.js,[7] which is still used in the latest releases of Flarum.
On August 27, 2015, the first beta version of Flarum was released to the public.[8]
On July 4, 2019, Toby Zerner announced he would be leaving the Flarum project to focus on his own premium forum software, leaving Franz Liedke and Daniël Klabbers to lead the project into the future.[9] Following Toby's departure, the remaining members of the Flarum team proceeded to found the non-profit Flarum Foundation (Dutch: Stichting Flarum) to be the legal owner of the Flarum open-source project, and its registered trademark.[10]
In February 2021, Franz Liedke announced that he would also be leaving the Flarum project, due to being unable to consistently dedicate time to the project, leaving Daniël Klabbers to lead Flarum.[11]
In May 2021, the first stable version of Flarum was released, after a total of 11 years in development.[3]
In June 2021, a critical security vulnerability was found in Flarum's initial stable release allowing for cross-site scripting attacks against other users through clicking a URL. This was fixed with a patch release as version 1.0.2.[12]
Controversy
Shortly after Flarum's initial stable release, a cross-site scripting vulnerability was found in the search field which could allow users to execute arbitrary JavaScript code without a user's permission. This vulnerability was patched in version 1.0.2.[12][13][14] Following this vulnerability, the Flarum team opted to partner with open-source security reporting website Huntr.dev to allow for a more streamlined way to report issues, as well as providing a bounty for reports and fixes without costing the open-source project money.[15]
See also
References
- ^ "Flarum 1.0.0 Released - Flarum Community".
- ^ "Flarum/Framework". GitHub. 31 March 2022.
- ^ a b "Flarum 1.0.0 Released - Flarum Community". discuss.flarum.org. Retrieved 2021-12-23.
- ^ "Flarum: The Year Ahead – Toby Zerner". tobyzerner.com. Retrieved 2021-12-23.
- ^ Rooney, Kleo. "Energy from Waste wins the ECIC e-Challenge 2013 First Prize". News and Events from the ECIC. Retrieved 2021-12-23.
- ^ "GitHub - flarum/core at 74db323f83116087e773d23c3b547bc6627c1956". GitHub. Retrieved 2021-12-23.
- ^ "Replace Ember app with Mithril app · flarum/core@b68a471". GitHub. Retrieved 2021-12-23.
- ^ "Release 0.1.0-beta · flarum/core". GitHub. Retrieved 2021-12-23.
- ^ "Farewell and What's Next For Flarum - Flarum Community". discuss.flarum.org. Retrieved 2021-12-23.
- ^ "Flarum Foundation, 1: the why and who - Flarum Community". discuss.flarum.org. Retrieved 2021-12-23.
- ^ "Leaving the project - Flarum Community". discuss.flarum.org. Retrieved 2021-12-23.
- ^ a b "Critical security update to Flarum core, with new incident write-up (v1.0.2) - Flarum Community". discuss.flarum.org. Retrieved 2021-12-23.
- ^ "Build software better, together". GitHub. Retrieved 2021-12-23.
- ^ "CVE - CVE-2021-32671". cve.mitre.org. Retrieved 2021-12-23.
- ^ "huntr.dev as first point for security vuln (#2918) · flarum/core@5ee5f82". GitHub. Retrieved 2021-12-23.