Announcements

XenForo 2.0.5 is now available for all licensed customers to download. We recommend that all customers running previous versions of XenForo 2.0 upgrade to this release to benefit from increased stability. In addition to the usual bug fixes and improvements, we have also included a new file to overwrite the potentially exploitable SWFUpload library that you may still have on your file system if you upgraded from XF 1.x. To clean up any old XF1 files, we recommend using the XF1 Cleanup Command. Download XenForo 2.0.5 Some of the changes in 2.0.5 include: Allow oEmbed loaded embeds to be aligned left, right or center depending on on the text alignment of the content. Small phrase adjustments. Update LiveLeak site matching and URLs. Fix...

Today, we have released XenForo Media Gallery 2.0.4, a maintenance release for our gallery add-on. This release primarily targets bug fixes and other small improvements. Some of the changes include: Ensure hourly and daily clean up crons are running at the correct time. Fix part of the Setup when upgrading from very old versions to version 2. Fix an issue which meant that embed thumbnails were not rebuilt. Make it clearer when adding media where you are adding media to. Do not display option to send alert when performing certain actions on only your own media/albums/comments. Display the correct album owner stats when viewing an album. Add missing "move album" alert template. Fix display of certain structured data for media items. Fix...

Today, we have released XenForo Resource Manager 2.0.3, a maintenance release for our resource management add-on. This release primarily targets bug fixes and other small improvements. Some of the changes include: Number of accessibility improvements. Clicking "Watched" in the navigation under Resources now takes you to your "Watched resources". When previewing resource update text, ensure mentions render as expected. No longer force icon dimensions to be no more than two times the opposite dimension. Improve error handling if errors are encountered while adding a resource icon when adding or editing a resource. For the full list of bug fixes, see the Resolved Resource Manager bugs forum. The following public templates have had...

XenForo 1.5.19 is now available for all licensed customers to download. This release fixes a number of bugs and issues that were found since the previous release. As this is a maintenance release, the vast majority of the focus was an increase in stability. In addition to the usual array of fixes and improvements to XenForo 1.5, we have also released XenForo Media Gallery 1.1.17 and XenForo Resource Manager 1.2.5. Significantly, these three releases solve a potential "authentication phishing" exploit inside the SWFUpload library that was reported to us by Julien from RCE Security. Most browsers either no longer have Flash by default, or mitigate this issue sufficiently, therefore the issue is fairly low risk. However, as a precaution...

XenForo 2.0.4 is now available for all licensed customers to download. We recommend that all customers running previous versions of XenForo 2.0 upgrade to this release to benefit from increased stability. Download XenForo 2.0.4 Some of the changes in 2.0.4 include: Prevent errors when CLI jobs run and return a phrase as a status message. Prevent infinite loops when CLI jobs run and resume with a continue date in the future. Fix error on contact form when validating. Cached add-on entries could be used to build the active add-on cache with outdated information. When merging templates, ensure that the version details are updated accordingly, even if the template itself hasn't been changed. Remove unused duplicate method in the...

Today, we have released XenForo Importers 1.0.1, a maintenance release for our importers add-on. This release primarily targets bug fixes: Some of the changes include: vBulletin: Only rewrite quotes where a post ID is specified in the quote BB code. vBulletin: Re-implement the blogModerators step and disable the blogUsers step. vBulletin: Prevent errors when importing smilies if there are no smilies to import.. vBulletin: Process buddy/ignore lists correctly. vBulletin: Double-encoded strings (usernames, titles etc.) are now not double-encoded General: Importers are now expected to decide for themselves whether each field should have HTML entities decoded or not. You can either do this using EntityEmulator->set($fieldName, $value...

XenForo 2.0.3 is now available for all licensed customers to download. We recommend that all customers running previous versions of XenForo 2.0 upgrade to this release to benefit from increased stability. Download XenForo 2.0.3 Most importantly, this release includes a fix for a security issue that was reported to us by Julien from RCE Security. The issue was not found within XF code itself, but instead a file which we previously included with XF 1.5.x within the Video JS library. The issue is known as an "authentication phishing" exploit which involves posting a specially crafted URL pointed at the Video JS SWF file. This specially crafted URL, when clicked on or embedded in a page, can include another URL which returns a 401...