Today, we are pleased to release XenForo 1.5.10. This release fixes several bugs and issues that were found since the release of 1.5.9.

Most importantly, this release includes a fix for a security issue that we found during internal testing. The issue is known as a server-side request forgery (SSRF). This could allow an attacker to use your server to bypass your server's firewall and make internal requests. Depending on the services found, this could lead to privilege escalation or remote code execution.

This is a potentially serious issue and we strongly recommend all customers follow one of the below methods to fix this security issue.


If you are running XenForo 1.4, please see the 1.4.13 announcement for a patch. If you are running XenForo 1.3 or older, you must upgrade to the latest 1.4 or 1.5 release to fix this issue.

If you are running XenForo Media Gallery 1.0, you...
XenForo Media Gallery 1.1.9 is a maintenance release for our media gallery add-on. We recommend all customers running XenForo Media Gallery to upgrade to 1.1.9 to benefit from increased stability.

While XenForo Media Gallery is potentially affected by the server side request forgery (SSRF) issue patched by XenForo 1.5.10, following the steps in the XenForo 1.5.10 announcement is sufficient to fix the issue in XenForo Media Gallery 1.1.5 or newer. If you are running XenForo Media Gallery 1.1.0 to 1.1.4, you must upgrade to 1.1.5 or newer and apply the XenForo 1.5.10 patch to fix the SSRF issue.

This release fixes several bugs that were reported following the release of XenForo Media Gallery 1.1.8:
  • Implements better permission checks in the Media alert handler
  • Resolves an issue which could see a thumbnail not created for short videos
  • Photopost importer fixes...
During internal testing, we discovered a security issue within XenForo. The issue is known as a server-side request forgery (SSRF). This could allow an attacker to use your server to bypass your server's firewall and make internal requests. Depending on the services found, this could lead to privilege escalation or remote code execution.

This is a potentially serious issue and we strongly recommend all customers running XenForo 1.4 or older follow one of the below methods to fix this security issue.


If you are running XenForo 1.3 or older, you must upgrade to the latest 1.4 or 1.5 release to fix this issue.

If you have any questions relating to installing this patch or upgrading to the new version, please post in the Upgrade Support forum.

Method 1: Upgrade to the New Version (Recommended)

You may upgrade to XenForo 1.4.13 (or the latest version of 1.5) to fix this issue. You...
In order to apply the security fix included in XenForo 1.4.13 or 1.5.10 to XenForo Media Gallery 1.0, XenForo Media Gallery 1.0.10 has been released.

This fixes the server-side request forgery (SSRF) security issue. This could allow an attacker to use your server to bypass your server's firewall and make internal requests. Depending on the services found, this could lead to privilege escalation or remote code execution.

This is a potentially serious issue and we strongly recommend all customers running XenForo Media Gallery 1.0 follow one of the below methods to fix this security issue. You must also follow the instructions in the XenForo 1.4.13 or 1.5.10 release announcements for this patch to be effective.

Please note that XenForo Media Gallery 1.1.5 and newer will automatically be secured from this issue if you follow the instructions in the XenForo 1.5.10 release...
[ข่าว] XenForo 1.5.9 Released
Today, we are pleased to release XenForo 1.5.9. This release fixes a number of bugs and issues that were found since the release of 1.5.8. As this is a maintenance release, the vast majority of the focus was an increase in stability.

Some of the bugs fixed in 1.5.9 include:
  • Improved compatibility with upcoming PHP 7.1 release.
  • Add basic email typo detection for specific cases to reduce false positives with StopForumSpam checks.
  • Indicate when a StopForumSpam result is from a general blacklisting rather than specific reports.
  • Disable the rich text editor in Windows 10 Mobile Edge versions less than 14 due to problems using it.
  • Fix a case where changing the price of a recurring user upgrade could cause some existing payments to not be processed correctly.
  • Fix a situation where a user mention in a profile post was not displayed correctly.
  • Fix user mention matching being case sensitive for accented characters.
  • Fix a bug that caused transparent images to...
XenForo Media Gallery 1.1.8 is a maintenance release for our media gallery add-on. We recommend all customers running XenForo Media Gallery to upgrade to 1.1.8 to benefit from increased stability.

This release fixes several bugs that were reported following the release of XenForo Media Gallery 1.1.7:
  • Improved compatibility with upcoming PHP 7.1 release.
  • Improved the performance of marking large numbers of media as viewed.
  • Workaround a situation where MySQL's wait_timeout could prevent video transcoding from completing if set to a lower value.
  • For PhotoPostVb and PhotoPostXf importers, import Member Categories as albums.
  • For all other PhotoPost related importers, do not skip items belonging to users who no longer exist.
  • Thank you to @Kirby for suggesting a number of fixes for the vBGallery importer.
  • Only rebuild thumbnails if we have the ability to resize them.
  • Hide some of the automatic watch settings if there is no permission to view categories or...
XenForo Enhanced Search 1.1.5 is a maintenance release for our search add-on. We recommend all customers running XenForo Enhanced Search upgrade to 1.1.5 to benefit from increased stability.

This changes in this release include::
  • Improve compatibility with the upcoming Elasticsearch 5 release.
  • Do not treat a "-" with spaces around it as a negation operator in searches.
  • Fix a situation where errors when indexing would be erroneously detected, causing a "no response" error to be logged.
XenForo Enhanced Search requires Elasticsearch and XenForo 1.3.0 or later.

Customers with active XenForo Enhanced Search licenses may now download the new version from the customer area.

Download XenForo Enhanced Search 1.1.5
From the Licensed Customer Area

Purchasing

The XenForo Enhanced Search can be purchased with a new license via the...
[ข่าว] XenForo 1.5.8 Released
Today, we are pleased to release XenForo 1.5.8. This release fixes a number of bugs and issues that were found since the release of 1.5.7. As this is a maintenance release, the vast majority of the focus was an increase in stability.

This release includes fixes for 2 security-related issues reported by Julien Ahrens (from www.innogames.com). We consider these issues to be very minor and are very unlikely to be exploitable, so they have been included as part of the 1.5.8 fixes rather than as a separate patch. The issues fixed were:
  • An image injection vulnerability in SWFUpload. This could allow a user to believe they were loading an image from your domain while it was being loaded from an external domain which may lead to user confusion.
  • A self-XSS related to uploading an invalid attachment file with a specially crafted filename. This can only be triggered by the user uploading the file, so it would require tricking a user to...
XenForo Media Gallery 1.1.7 is a maintenance release for our media gallery add-on. We recommend all customers running XenForo Media Gallery to upgrade to 1.1.7 to benefit from increased stability.

This release fixes several bugs that were reported following the release of XenForo Media Gallery 1.1.6:
  • Change so that unsharp masking is not allowed to happen with some image resize operations.
  • Fix for an issue that could have seen invalid values entered as a thumbnail path for a media site.
  • Catch Exceptions that may be thrown as a result of media site thumbnail generation failing.
  • Ensure GALLERY BB code limits are enforced in conversations.

For the full list of bug fixes, see the Resolved Media Gallery Bugs forum.

No templates have had changes in this version.

XenForo Media Gallery requires XenForo 1.5.0 or later.

Customers with active XenForo Media Gallery licenses...
XenForo Media Gallery 1.1.6 is a maintenance release for our media gallery add-on. We recommend all customers running XenForo Media Gallery to upgrade to 1.1.6 to benefit from increased stability.

This release fixes several bugs that were reported following the release of XenForo Media Gallery 1.1.5:
  • Added a new option to control the thumbnail quality of JPG thumbnails.
  • Added a new unsharp mask filter to the thumbnail process to make thumbnails appear sharper.
  • The cached thumbnail URL is no longer used for album thumbnails therefore changes made to the XF data directory take effect immediately.
  • Prevented a situation where a video embed could be updated to an invalid URL.
  • Improved some of the custom field display styling on the media view.
  • Implemented spam checking on Gallery comments. Gallery comments are therefore now checked against Spam Phrases and Akismet (where enabled).
  • Prevent a 'Serialized value contains an object and this is not allowed' error...
  • Sponser

  • Like us on Facebook

  • Buy us a beer!

    The management works very hard to make sure the community is running the best software, best designs, and all the other bells and whistles. Care to buy us a beer? We'd really appreciate it!

    Donate to us!