We have recently become aware of a security issue within XenForo and have released a patch and new version (XenForo 1.4.10) to resolve this issue. We strongly recommend all XenForo customers follow the steps below to resolve this issue.

The issue is a cross site scripting (XSS) flaw that could allow an attacker to steal cookies or force a user to take actions without their consent or knowledge (possibly including administrative actions).

If you have any questions relating to installing this patch or upgrading to the new version, please post in the Upgrade Support forum.

Method 1: Upgrade to the New Version

You may upgrade to XenForo 1.4.10 to fix this issue. You should upgrade as you would to any other release.

Customers with an active license may download this version from their customer area. Full details for how to...
We have recently become aware of a security issue within XenForo Media Gallery and have released a patch and new version (XenForo Media Gallery 1.0.9) to resolve this issue. We strongly recommend all XenForo Media Gallery customers follow the steps below to resolve this issue.

The issue is a cross site scripting (XSS) flaw that could allow an attacker to steal cookies or force a user to take actions without their consent or knowledge (possibly including administrative actions).

We would like to thank @batpool52! for bringing this to our attention.

If you have any questions relating to installing this patch or upgrading to the new version, please post in the Media Gallery Support forum.

Method 1: Upgrade to the New Version

The security fix can be applied by downloading XenForo Media Gallery 1.0.9 from your customer area and...
We have recently become aware of a security issue within XenForo and have released a patch and new version (XenForo 1.3.8) to resolve this issue. We strongly recommend all XenForo customers follow the steps below to resolve this issue.

The issue is a cross site scripting (XSS) flaw that could allow an attacker to steal cookies or force a user to take actions without their consent or knowledge (possibly including administrative actions).

If you have any questions relating to installing this patch or upgrading to the new version, please post in the Upgrade Support forum.

Method 1: Upgrade to the New Version

You may upgrade to XenForo 1.3.8 to fix this issue. You should upgrade as you would to any other release.

Customers with an active license may download this version from their customer area. Full details for how to...
We have recently become aware of a security issue within XenForo and have released a patch and new version (XenForo 1.2.9) to resolve this issue. We strongly recommend all XenForo customers follow the steps below to resolve this issue.

The issue is a cross site scripting (XSS) flaw that could allow an attacker to steal cookies or force a user to take actions without their consent or knowledge (possibly including administrative actions).

If you have any questions relating to installing this patch or upgrading to the new version, please post in the Upgrade Support forum.

Method 1: Upgrade to the New Version

You may upgrade to XenForo 1.2.9 to fix this issue. You should upgrade as you would to any other release.

Customers with an active license may download this version from their customer area. Full details for how to...
We have recently become aware of a security issue relating to a third-party library included with XenForo Media Gallery and have released a patch to resolve this issue. The issue is a cross site scripting (XSS) flaw that could allow an attacker to steal cookies or force a user to take actions without their consent or knowledge (possibly including administrative actions). We recommend all XenForo Media Gallery customers use one of the methods described below to resolve this issue and improve their security.

We would like to thank @batpool52! for bringing this to our attention.

If you have any questions regarding this patch, please post in the Media Gallery Support forum.

Method 1: Install the Patch

Download the patch zip file attached to the end of this message. It contains 2 files:
  • js/xengallery/media_add.js
  • js/xengallery/min/media_add.js
These 2 files should be uploaded to your...
Today, we are pleased to release XenForo 1.4.9. This release fixes a number of bugs and issues that were found since the release of 1.4.8. As this is a maintenance release, the vast majority of the focus was an increase in stability.

Please note that we are now formally recommending that you upgrade to PHP 5.4 or newer. Our intention with XenForo 2.0 is to require PHP 5.4 or newer. If you are running PHP 5.3 or 5.2, you will receive a warning when installing or upgrading XenForo.

Some of the bugs fixed in 1.4.9 include:
  • Make changes to support version 2.4 of the Facebook API. This fixes problems registering via Facebook with newly created Facebook apps.
  • Make the contact page trigger a redirect if it is not loaded in an overlay. If it is loaded in an overlay, reset the contact form after successful submission.
  • Fix filter list input height in Windows 10 version of IE 11.
  • Fix unexpected parsing of email addresses within autolinked URLs.
  • Fix a situation where BB...
XenForo Media Gallery 1.0.7 is a maintenance release for our media gallery add-on. We recommend all customers running XenForo Media Gallery upgrade to benefit from increased stability.

This release fixes several bugs that were reported following the release of XenForo Media Gallery 1.0.6:
  • Properly handle privacy for guests viewing New Media.
  • Improvements to the Add Media form when there are no categories which media can be added to.
  • Prevent malformed requests for media thumbnails from causing server errors.
  • Pass the page navigation params to the User Media page properly so the order is preserved when moving from page to page.
  • Handle a potential 'undefined variable' error when importing from XFR User Albums.
  • Use the correct external data URL for the 'nothumb' image.
  • More clear handling of cases where certain tools (user tagging and cropping) are not available on touch devices.
For the full list of bug fixes, see the...
We are happy to announce that XenForo Resource Manager 1.2.0 Beta 1 is now available to all customers with active Resource Manager licenses. This release adds resource tagging, author alerts and improves integration into the XenForo core framework. You can read more about what's in this release in our Have You Seen thread.

XenForo Resource Manager 1.2.0 Beta 1 requires XenForo 1.5.0 Beta 3 or later.

Customers with the appropriate license may download XenForo Resource Manager via their customer area.

This is beta software. It is not officially supported. We do not recommend running it in production.

Please remember that this is beta software. It contains known bugs and incomplete functionality. We do not recommend running beta software in a production environment, and support is limited at this time to questions...
XenForo 1.5.0 Beta 3 is now available to all customers with active licenses. This release primarily focuses on fixing bugs, conflicts, and usability issues discovered since the release of XenForo 1.5.0 Beta 2. We recommend that all customers running a previous 1.5.0 beta upgrade when possible.

This is beta software. It is not officially supported. We do not recommend running it in production.

Please remember that this is beta software. It contains known bugs and incomplete functionality. We do not recommend running beta software in a production environment, and support is limited at this time to questions here on the community forums.

If you choose to run beta software, it is your responsibility to ensure that you make a backup of your data. We recommend you do this before attempting an upgrade.

Installation and Upgrade Instructions

It is highly recommended that you back up your XenForo database and files before you attempt to upgrade. This is...
We are happy to announce that XenForo 1.5.0 Beta 1 is now available to all customers with active licenses. XenForo 1.5 includes a number of new features, such as two-step verification, content tagging, floating notices, a responsive admin control panel and more. You can see the full list of new features in the Have You Seen...? forum.

This is beta software. It is not officially supported. We do not recommend running it in production.

Please remember that this is beta software. It contains known bugs and incomplete functionality. We do not recommend running beta software in a production environment, and support is limited at this time to questions here on the community forums.

Add-ons and custom styles may be broken after upgrading to 1.5. You must test your add-ons thoroughly or look for updates. Be especially careful with add-ons that cover similar features to ones that are added...