This release fixes a security vulnerability in Flarum 0.1.0-beta.7. When exploited, the vulnerability allows an attacker to bypass the email verification step during registration. The vulnerability only affects forums which have OAuth extensions enabled (Facebook Auth, GitHub Auth, Twitter Auth, or any third-party auth extensions).
Please note that this release only contains the security fix. This is the first release we've had to push out specifically to address a security issue (we knew this day would come eventually!). All changes scheduled (and already finished) for beta 8 are due to be released separately in the next few weeks.
We recommend upgrading your Flarum installation immediately. To do so, run the following command at the root of your Flarum installation:
If you are running PHP with an OPCache, you will need to restart the PHP process to clear the cache. No further steps are required.
A Note About Security
Thanks to @clarkwinkelmann for disclosing this security issue to us responsibly. A reminder that if you ever become aware of a security issue in Flarum, please report it to us privately by emailing firstname.lastname@example.org, and we will address it promptly.