[ข่าว] XenForo 1.5.12 Released
Today, we are pleased to release XenForo 1.5.12. This release fixes a number of bugs and issues that were found since the previous release. As this is a maintenance release, the vast majority of the focus was an increase in stability.

However, by default, we have replaced the Flash-based attachment uploader with an HTML5-based approach. This has increased compatibility with mobile devices and removes Flash as a dependency for multiple file uploads. The Flash-based uploader is now deprecated. While the HTML5 uploader is enabled by default, you can change back to the previous uploader code by disabling the "Use new HTML5 uploader" option. Generally this should not be necessary; however it's possible the new uploader may not be immediately compatible with all add-ons. If you run into problems uploading files in an add-on, you may wish to disable this option. Note that we have released updates to XenForo Media Gallery and Resource Manager that improve compatibility with the HTML5...
XenForo Media Gallery 1.1.11 is a maintenance release for our media gallery add-on. We recommend all customers running XenForo Media Gallery to upgrade to this release to benefit from increased stability.

This release fixes several issues:
  • Changes to support the new HTML5 uploader in XenForo 1.5.12.
  • Prevent an attempt to copy an image unless it has actually changed.
  • Better support for transcoding video uploads on macOS.
  • Add a missing index on the xengallery_comment table.
For the full list of bug fixes, see the Resolved Media Gallery Bugs forum.

The following template has been changed:
  • xengallery_media_add
XenForo Media Gallery requires XenForo 1.5.0 or later.

Customers with active XenForo Media Gallery licenses may now download the new version from the customer area.

Download XenForo Media Gallery...
XenForo Resource Manager 1.2.4 is a maintenance release for our resource manager add-on. We recommend all customers running XenForo Resource Manager 1.2 upgrade to this release to benefit from increased stability and compatibility with the latest XenForo release.

This release fixes several issues:
  • Changes to support the new HTML5 uploader in XenForo 1.5.12.
  • Fix ignored users still receiving alerts when mentioned in a resource update or if a resource was posted/updated by an ignored user while watched.
  • Fix a specific situation where an option to delete an author's review response would appear incorrectly (display issue only; the response could not be removed).
  • Add a placeholder username if a review was left by a since deleted account.
  • Do not apply force enabled download permissions for your own resource when the resource was posted by a since deleted account.
  • When selecting a category to add a resource to, do not let the chooser be submitted until the user...
[ข่าว] XenForo 1.5.11 Released
Today, we are pleased to release XenForo 1.5.11. This release fixes a number of bugs and issues that were found since the release of 1.5.10. As this is a maintenance release, the vast majority of the focus was an increase in stability.

Notably, we have adjusted the exact procedure used for generating secure random data to adhere to current best practices. If your system does not have access to a modern and fully secure approach to generating random data, we will now warn you during installation/upgrades and display a message indicating this in the control panel. If possible, we recommend using PHP 7 to take advantage of the new features for generating random numbers. Thanks to @rugk for bringing this to our attention.

Some of the changes in 1.5.11 include:
  • Workaround a Firefox bug where the Flash uploader shows as an opaque white box.
  • Support redirects in the image proxy and link title conversion process (while maintaining security).
  • Improve autolinking when there...
XenForo Media Gallery 1.1.10 is a maintenance release for our media gallery add-on. We recommend all customers running XenForo Media Gallery to upgrade to 1.1.10 to benefit from increased stability.

This release fixes several bugs that were reported following the release of XenForo Media Gallery 1.1.9:
  • Ensure video quota permissions are displayed on the Gallery Permissions page
  • Some PhotoPost importer improvements
  • Performance improvements to reduce query time in large galleries
For the full list of bug fixes, see the Resolved Media Gallery Bugs forum.

The following template has been changed:
  • xengallery_album_thumb_item.css
  • xengallery_font_awesome
  • xengallery_media_add.css
  • xengallery_media_thumb_item.css
XenForo Media Gallery requires XenForo 1.5.0 or later.

Customers with active XenForo Media Gallery licenses may now download the new...
XenForo Enhanced Search 1.1.6 is a maintenance release for our search add-on. This release is designed to improve compatibility with the recent Elasticsearch 5 release. If you plan to use Elasticsearch 5, you must use this (or a subsequent) version of XenForo Enhanced Search.

XenForo Enhanced Search requires Elasticsearch and XenForo 1.3.0 or later.

Customers with active XenForo Enhanced Search licenses may now download the new version from the customer area.

Download XenForo Enhanced Search 1.1.6
From the Licensed Customer Area

Purchasing

The XenForo Enhanced Search can be purchased with a new license via the purchase page or with an existing license via the customer area.

Installation, Upgrading and Configuration

Please see our...
Today, we are pleased to release XenForo 1.5.10. This release fixes several bugs and issues that were found since the release of 1.5.9.

Most importantly, this release includes a fix for a security issue that we found during internal testing. The issue is known as a server-side request forgery (SSRF). This could allow an attacker to use your server to bypass your server's firewall and make internal requests. Depending on the services found, this could lead to privilege escalation or remote code execution.

This is a potentially serious issue and we strongly recommend all customers follow one of the below methods to fix this security issue.


If you are running XenForo 1.4, please see the 1.4.13 announcement for a patch. If you are running XenForo 1.3 or older, you must upgrade to the latest 1.4 or 1.5 release to fix this issue.

If you are running XenForo Media Gallery 1.0, you...
XenForo Media Gallery 1.1.9 is a maintenance release for our media gallery add-on. We recommend all customers running XenForo Media Gallery to upgrade to 1.1.9 to benefit from increased stability.

While XenForo Media Gallery is potentially affected by the server side request forgery (SSRF) issue patched by XenForo 1.5.10, following the steps in the XenForo 1.5.10 announcement is sufficient to fix the issue in XenForo Media Gallery 1.1.5 or newer. If you are running XenForo Media Gallery 1.1.0 to 1.1.4, you must upgrade to 1.1.5 or newer and apply the XenForo 1.5.10 patch to fix the SSRF issue.

This release fixes several bugs that were reported following the release of XenForo Media Gallery 1.1.8:
  • Implements better permission checks in the Media alert handler
  • Resolves an issue which could see a thumbnail not created for short videos
  • Photopost importer fixes...
During internal testing, we discovered a security issue within XenForo. The issue is known as a server-side request forgery (SSRF). This could allow an attacker to use your server to bypass your server's firewall and make internal requests. Depending on the services found, this could lead to privilege escalation or remote code execution.

This is a potentially serious issue and we strongly recommend all customers running XenForo 1.4 or older follow one of the below methods to fix this security issue.


If you are running XenForo 1.3 or older, you must upgrade to the latest 1.4 or 1.5 release to fix this issue.

If you have any questions relating to installing this patch or upgrading to the new version, please post in the Upgrade Support forum.

Method 1: Upgrade to the New Version (Recommended)

You may upgrade to XenForo 1.4.13 (or the latest version of 1.5) to fix this issue. You...
In order to apply the security fix included in XenForo 1.4.13 or 1.5.10 to XenForo Media Gallery 1.0, XenForo Media Gallery 1.0.10 has been released.

This fixes the server-side request forgery (SSRF) security issue. This could allow an attacker to use your server to bypass your server's firewall and make internal requests. Depending on the services found, this could lead to privilege escalation or remote code execution.

This is a potentially serious issue and we strongly recommend all customers running XenForo Media Gallery 1.0 follow one of the below methods to fix this security issue. You must also follow the instructions in the XenForo 1.4.13 or 1.5.10 release announcements for this patch to be effective.

Please note that XenForo Media Gallery 1.1.5 and newer will automatically be secured from this issue if you follow the instructions in the XenForo 1.5.10 release...
  • Sponser

  • Like us on Facebook

  • Buy us a beer!

    The management works very hard to make sure the community is running the best software, best designs, and all the other bells and whistles. Care to buy us a beer? We'd really appreciate it!

    Donate to us!