Flarum

Flarum is Internet forum software written primarily in PHP, and a combination of JavaScript and TypeScript for its user interface. It was created as part of a merger of two existing forum software, FluxBB and esoTalk , and their two main developers, Franz Liedke and Toby Zerner.

Flarum is designed to be minimal forum software with high extensibility. Most common features in other forum software are extensions to Flarum's core software, such as locking threads, private messaging, flagging posts, and assigning tags (categories) to discussions.

History
Flarum's history dates back long before the merger of FluxBB and esoTalk. Flarum's philosophy was conceptualised in 2010 by Toby Zerner, with initial designs and prototypes being created as early as 2012, and he entered Flarum into the University of Adelaide's eChallenge programme, winning the 2nd place prize with the project's idea.

In October 2014, Toby Zerner and his friend Stephen Grace launched a Kickstarter crowdfunding campaign to help fund Flarum's development at a time when Toby was studying medicine. The funds raised were planned to allow him to take a year out of his medical training in order to develop Flarum full-time, along with launching a paid cloud hosting service alongside Flarum. However, approximately two weeks after the Kickstarter launch, the campaign was cancelled, instead favoring an open-source and public approach to project development. The prototype code was published to GitHub in December 2014.

The original Flarum prototypes were created in PHP and JavaScript, using Laravel as a backend framework and Ember.js as a frontend framework. In April 2015, Ember.js was replaced with Mithril.js, which is still used in the latest releases of Flarum.

On August 27, 2015, the first beta version of Flarum was released to the public.

On July 4, 2019, Toby Zerner announced he would be leaving the Flarum project to focus on his own premium forum software, leaving Franz Liedke and Daniël Klabbers to lead the project into the future. Following Toby's departure, the remaining members of the Flarum team proceeded to found the non-profit Flarum Foundation (Dutch: Stichting Flarum) to be the legal owner of the Flarum open-source project, and its registered trademark.

In February 2021, Franz Liedke announced that he would also be leaving the Flarum project, due to being unable to consistently dedicate time to the project, leaving Daniël Klabbers to lead Flarum.

In May 2021, the first stable version of Flarum was released, after a total of 11 years in development.

In June 2021, a critical security vulnerability was found in Flarum's initial stable release allowing for cross-site scripting attacks against other users through clicking a URL. This was fixed with a patch release as version 1.0.2.

Controversy
Shortly after Flarum's initial stable release, a cross-site scripting vulnerability was found in the search field which could allow users to execute arbitrary JavaScript code without a user's permission. This vulnerability was patched in version 1.0.2. Following this vulnerability, the Flarum team opted to partner with open-source security reporting website Huntr.dev to allow for a more streamlined way to report issues, as well as providing a bounty for reports and fixes without costing the open-source project money.