Today, we are pleased to release XenForo 1.5.8. This release fixes a number of bugs and issues that were found since the release of 1.5.7. As this is a maintenance release, the vast majority of the focus was an increase in stability.
This release includes fixes for 2 security-related issues reported by Julien Ahrens (from www.innogames.com). We consider these issues to be very minor and are very unlikely to be exploitable, so they have been included as part of the 1.5.8 fixes rather than as a separate patch. The issues fixed were:
An image injection vulnerability in SWFUpload. This could allow a user to believe they were loading an image from your domain while it was being loaded from an external domain which may lead to user...