Christian Pöschl from usd AG has found another XSS vulnerability in Friendica which is closed with this hotfix release of Friendica.
In addition some other bugfixes for the distribution of forum postings and improvements to the update process of node information are included in this release.
For details, please the CHANGELOG file in the repository.
What is Friendica
Friendica is a decentralized communications platform, you can use to host your own social media server that integrates with independent social networking platforms (like the Fediverse or Diaspora*) but also some commercial ones like Twitter.
How to Update
Updating from old Friendica versions
If you are updating from an older version than the 2022.06 release, please first update your Friendica instance to that version as it contained some breaking changes.
Ensure that the last backup of your Friendica installation was done recently.
Updating from the git repositories should only involve a pull from the Friendica core repository and addons repository, regardless of the branch (stable or develop) you are using. Remember to update the dependencies with composer as well. So, assuming that you are on the
stable branch, the commands to update your installation to the 2023.01 release would be
cd friendica git pull bin/composer.phar install --no-dev cd addon git pull
If you want to use a different branch than the
stable one, you need to fetch and checkout the branch before your perform the git pull.
Pulling in the dependencies with composer will show some deprecation warning, we will be working on that in the upcoming release.
Using the Archive Files
If you had downloaded the source files in an archive file (tar.gz) please download the current version of the archive from friendica-full-2023.01.tar.gz (sha256) and friendica-addons 2023.01.tar.gz (sha256)) and unpack it on your local computer.
As many files got deleted or moved around, please upload the unpacked files to a new directory on your server (say
friendica_new) and copy over your existing configuration (
.htaccess files. Afterwards rename your current Friendica directory (e.g. friendica) to
The files of the dependencies are included in the archive (make sure you are using the friendica-full-2023.01 archive), so you don’t have to worry about them.
Post Update Tasks
The database update should be applied automatically, but sometimes it gets stuck. If you encounter this, please initiate the DB update manually from the command line by running the script
bin/console dbstructure update
from the base of your Friendica installation. If the output contains any error message, please let us know using the channels mentioned below.
Please note, that some of the changes to the database structure will take some time to be applied, depending on the size of your Friendica database.
Regarding the update process none as of writing.
How to Contribute
If you want to contribute to the project, you don’t need to have coding experience. There are a number of tasks listed in the issue tracker with the label “Junior Jobs” we think are good for new contributors. But you are by no means limited to these – if you find a solution to a problem (even a new one) please make a pull request at github or let us know in the development forum.
Contribution to Friendica is also not limited to coding. Any contribution to the documentation, the translation or advertisement materials is welcome or reporting a problem. You don’t need to deal with Git(Hub) or Transifex if you don’t like to. Just get in touch with us and we will get the materials to the appropriate places.
Thanks everyone who helped making this release possible and have fun!