Milestone 1.5.11 (2018-12-29)

    bug #1054: The bbcode2email() function has no localization
    bug #1057: Add CSRF protection to promote user action
    bug #1081: openssl_random_pseudo_bytes() is not cryptographically secure
    bug #1087: LIKE and '_'
    bug #1095: Radium and Cobalt have unreadable alert on admin index
    bug #1098: Don't use local aware format for sprintf
    bug #1124: Where is the start transaction in the db_update.php?
    enhancement #1089: Time formatting in profile.php
    enhancement #1097: We need a ban on references in the titles
    enhancement #1101: SMTP Password field on admin_options page too short
    enhancement #1103: Ban mail/domain dosent check for duplicates
    enhancement #1108: Incorrect answer for search results with short text
    enhancement #1115: Need 503 status for maintenance and error pages
    enhancement #1121: Require more characters for password

Milestone 1.5.10 (2016-06-16)

    bug #792: Profile and signature img
    bug #1012: Incorrect coding login.php
    bug #1017: fix CSS
    bug #1056: Invalidate only feed caches
    bug #1058: hash_equals(): Expected known_string to be a string, null given
    bug #1059: No csrf_token in unsubscibe link of subscription email
    bug #1062: Edit.php and checkboxes
    bug #1068: Wrong description for BBCode
    bug #1072: The DB class for SQLite doesn't maintain string values by default?
    bug #1075: Empty PHP_SELF somewhere
    bug #1078: InnoDB check failed
    bug #1082: Custom title overrides "Banned"
    enhancement #1019: Refactor/move forum_list_plugins to common_admin.php
    enhancement #1025: Display error message inline with login form
    enhancement #1027: Change htmlspecialchars to pun_htmlspecialchars
    enhancement #1064: error() function, PUN_DEBUG and security
    enhancement #1066: For long nicknames

Milestone 1.5.9

    bug #1011: No automatic redirection to install.php
    bug #1016: Does not work glob()
    bug #1032: No notifications for users w/ language set to an inexistent language
    bug #1033: Make it easier to configure frame options header
    bug #1039: Parser error message no have name tag
    bug #1040: PHP 7 compatibility
    bug #1041: Fatal error mysqli_free_result
    bug #1043: Prevent timing attack
    bug #1046: Exclude newlines when parsing username in quote tag
    bug #1049: CSRF attack allows to stick, lock, etc.
    enhancement #1029: db_update.php: Inline script trips over content security policy

Milestone 1.5.8 (2015-01-23)

    bug #925: Scrollbar in chrome fluxbb1.5.5
    bug #949: Use \r\n for SMTP, FORUM_EOL for others
    bug #951: [url][img] patch doesn't work.
    bug #963: Add rel="prev", rel="next" and rel="canonical"
    bug #969: New TLDs not allowed as valid URLs
    bug #996: Prevent clickjacking attacks
    bug #998: Bug in validate_redirect() function
    bug #1001: Remove setting of values in quickpostform
    bug #1006: [HTB23246] File Inclusion in install.php
    enhancement #57: Making a new forum is a 2 step process
    enhancement #810: Improve unread forums tracking
    enhancement #935: Auto-promotion improvements
    enhancement #936: Add new group permission to allow moderators to promote users
    enhancement #941: Remove obsolete global variables
    enhancement #944: Remove "page 1" when thread or forum has just one page
    enhancement #947: Improve Air/Earth/Fire design
    enhancement #948: Require passwords with at least 6 characters
    enhancement #959: Quick actions from registration email
    enhancement #965: Avoid double redirect when no new posts are found
    enhancement #976: [PATCH] Invalidate updated cache files from PHP's Opcache
    enhancement #992: Drop IE6 support
    enhancement #997: Make random passwords longer
    enhancement #1007: Antispam hooks
    enhancement #1008: Please delete your install.php file
    task #942: Remove obsolete language strings
    task #966: Optimize images in FluxBB core

Milestone 1.5.7 (2014-10-20)

    bug #961: Open Redirection Vulnerability
    bug #990: SQL injection in profile.php