XenForo 1.5.18 is now available for all licensed customers to download. This release fixes a number of bugs and issues that were found since the previous release. As this is a maintenance release, the vast majority of the focus was an increase in stability.
Most importantly, this release includes a fix for a security issue that was reported to us by Julien from RCE Security. The issue was not found within XF code itself, but instead a file which we previously included with XF 1.5.x within the Video JS library. The issue is known as an "authentication phishing" exploit which involves posting a specially crafted URL pointed at the Video JS SWF file. This specially crafted URL, when clicked on or embedded in a page, can include another...