Announcements

XenForo 1.5.22 is now available for all licensed customers to download. We recommend that all customers running previous versions of XenForo 1.5 upgrade to this release to benefit from increased stability. Download XenForo 1.5.22 Some of the changes in XF 1.5.22 include: Improve compatibility with MySQL 8.0. Improve support for newer TLS versions in emails for PHP versions >= PHP 5.6. In the spam cleaner only show email addresses to admin users who have the users permission. Use deconstructImages on GIFs (where available) in order to reduce the resulting file size. Bypass username validation when renaming a user on delete. Ensure registration defaults do not override receive_admin_email settings specified on registration. Prevent a...

No, you're not imagining it - we are doing another release, just a day after the release of 2.0.8. XenForo 2.0.9 fixes a flaw that could potentially be exploited to create a cross-site scripting vulnerability. We recommend that all customers running XenForo 2.0 upgrade to 2.0.9 or use the attached patch file as soon as possible. Note that if you are applying the patch rather than doing a full upgrade to 2.0.9, you will need to apply the 2.0.8 patch too. XenForo extends thanks to Thomas Schneider for identifying the issue. The issue is a XSS vulnerability. XSS (Cross Site Scripting) issues allow scripts and malicious HTML to be injected into the page, potentially allowing data theft or unauthenticated access. Applying a Fix...

Today, we are releasing XenForo 2.0.8 to address a potential security vulnerability. We recommend that all customers running XenForo 2.0 upgrade to 2.0.8 or use the attached patch file as soon as possible. The issue is a XSS vulnerability. XSS (Cross Site Scripting) issues allow scripts and malicious HTML to be injected into the page, potentially allowing data theft or unauthenticated access. Specifically, the issue relates to specially crafted text entered into messages and output using the structured text system (used in profile posts and comments). Thank you to @batpool52! for identifying the issue and reporting it to us. There are no other fixes included in this version. There will be a further maintenance release in the coming...

Hot on the heels of our previous GDPR centric releases, today we're pleased to announce the release of XenForo 1.5.21 and XenForo 2.0.7 which aims to resolve some issues found since the release of the previous versions, and include a few further tweaks to enhance GDPR compliance on your forum. See our previous release announcement for details of how we can help you comply with the new GDPR regulations. A summary of the changes in this release are as follows: Ensure the server side validates the privacy policy/terms and rules acceptance form (XF1 and XF2) Ensure certain fields output in the data portability exports are escaped (XF1 and XF2) Some small phrase adjustments (XF1 and XF2) Attempt to ensure the new cookie notice does not...

Slightly ahead of schedule, we are today releasing stable versions of both XenForo 1.5.20 and XenForo 2.0.6 which implement some new functionality to aid compliance with the GDPR. For a much more detailed overview of what GDPR is and what new features have been added, please read the following thread Upcoming changes for GDPR compliance in XF1 and XF2. A summary of the changes in this release for both XF1 and XF2: New notice position "Fixed" which fixes notices to the bottom of the page. GDPR: New default privacy policy help page GDPR: Ability to mark change log entries as "protected" so they will never be pruned GDPR: New fields to log the date and time that the privacy policy / terms and rules were last accepted (logged as...

Today we are releasing both XenForo 1.5.20 Beta 2 and XenForo 2.0.6 Beta 2 which resolves a small number of issues that have been reported to us since the release of Beta 1 which introduced some new functionality to aid compliance with the GDPR. For a much more detailed overview of what GDPR is and what new features have been added, please read the following thread Upcoming changes for GDPR compliance in XF1 and XF2. This is beta software. It is not officially supported. We do not recommend running it in production. For details of the bugs fixed in this release, view the Resolved bugs forum. A summary of the changes in this release for both XF1 and XF2: New notice position "Fixed" which fixes notices to the bottom of the page...

As promised, we are today releasing both XenForo 1.5.20 Beta 1 and XenForo 2.0.6 Beta 1 which implements some new functionality to aid compliance with the GDPR. For a much more detailed overview of what GDPR is and what new features have been added, please read the following thread Upcoming changes for GDPR compliance in XF1 and XF2. This is beta software. It is not officially supported. We do not recommend running it in production. A summary of the changes in this release for both XF1 and XF2: New notice position "Fixed" which fixes notices to the bottom of the page. GDPR: New default privacy policy help page GDPR: Ability to mark change log entries as "protected" so they will never be pruned GDPR: New fields to log the date and...