Today, we are pleased to release XenForo 1.5.10. This release fixes several bugs and issues that were found since the release of 1.5.9.
Most importantly, this release includes a fix for a security issue that we found during internal testing. The issue is known as a server-side request forgery (SSRF). This could allow an attacker to use your server to bypass your server's firewall and make internal requests. Depending on the services found, this could lead to privilege escalation or remote code execution.
This is a potentially serious issue and we strongly recommend all customers follow one of the below methods to fix this security issue.
If you are running XenForo 1.4, please see the 1.4.13 announcement for a patch. If you are...