Announcements

We have recently become aware of a security issue within XenForo and have released a patch and new version (XenForo 1.3.8) to resolve this issue. We strongly recommend all XenForo customers follow the steps below to resolve this issue. The issue is a cross site scripting (XSS) flaw that could allow an attacker to steal cookies or force a user to take actions without their consent or knowledge (possibly including administrative actions). If you have any questions relating to installing this patch or upgrading to the new version, please post in the Upgrade Support forum. Method 1: Upgrade to the New Version You may upgrade to XenForo 1.3.8 to fix this issue. You should upgrade as you would to any other release. Customers with an...

We have recently become aware of a security issue within XenForo and have released a patch and new version (XenForo 1.2.9) to resolve this issue. We strongly recommend all XenForo customers follow the steps below to resolve this issue. The issue is a cross site scripting (XSS) flaw that could allow an attacker to steal cookies or force a user to take actions without their consent or knowledge (possibly including administrative actions). If you have any questions relating to installing this patch or upgrading to the new version, please post in the Upgrade Support forum. Method 1: Upgrade to the New Version You may upgrade to XenForo 1.2.9 to fix this issue. You should upgrade as you would to any other release. Customers with an...

We have recently become aware of a security issue relating to a third-party library included with XenForo Media Gallery and have released a patch to resolve this issue. The issue is a cross site scripting (XSS) flaw that could allow an attacker to steal cookies or force a user to take actions without their consent or knowledge (possibly including administrative actions). We recommend all XenForo Media Gallery customers use one of the methods described below to resolve this issue and improve their security. We would like to thank @batpool52! for bringing this to our attention. If you have any questions regarding this patch, please post in the Media Gallery Support forum. Method 1: Install the Patch Download the patch zip file...

Today, we are pleased to release XenForo 1.4.9. This release fixes a number of bugs and issues that were found since the release of 1.4.8. As this is a maintenance release, the vast majority of the focus was an increase in stability. Please note that we are now formally recommending that you upgrade to PHP 5.4 or newer. Our intention with XenForo 2.0 is to require PHP 5.4 or newer. If you are running PHP 5.3 or 5.2, you will receive a warning when installing or upgrading XenForo. Some of the bugs fixed in 1.4.9 include: Make changes to support version 2.4 of the Facebook API. This fixes problems registering via Facebook with newly created Facebook apps. Make the contact page trigger a redirect if it is not loaded in an overlay. If it...

XenForo Media Gallery 1.0.7 is a maintenance release for our media gallery add-on. We recommend all customers running XenForo Media Gallery upgrade to benefit from increased stability. This release fixes several bugs that were reported following the release of XenForo Media Gallery 1.0.6: Properly handle privacy for guests viewing New Media. Improvements to the Add Media form when there are no categories which media can be added to. Prevent malformed requests for media thumbnails from causing server errors. Pass the page navigation params to the User Media page properly so the order is preserved when moving from page to page. Handle a potential 'undefined variable' error when importing from XFR User Albums. Use the correct external...

We are happy to announce that XenForo Resource Manager 1.2.0 Beta 1 is now available to all customers with active Resource Manager licenses. This release adds resource tagging, author alerts and improves integration into the XenForo core framework. You can read more about what's in this release in our Have You Seen thread. XenForo Resource Manager 1.2.0 Beta 1 requires XenForo 1.5.0 Beta 3 or later. Customers with the appropriate license may download XenForo Resource Manager via their customer area. This is beta software. It is not officially supported. We do not recommend running it in production. Please remember that this is beta software. It contains known bugs and incomplete functionality. We do not recommend running beta...

XenForo 1.5.0 Beta 3 is now available to all customers with active licenses. This release primarily focuses on fixing bugs, conflicts, and usability issues discovered since the release of XenForo 1.5.0 Beta 2. We recommend that all customers running a previous 1.5.0 beta upgrade when possible. This is beta software. It is not officially supported. We do not recommend running it in production. Please remember that this is beta software. It contains known bugs and incomplete functionality. We do not recommend running beta software in a production environment, and support is limited at this time to questions here on the community forums. If you choose to run beta software, it is your responsibility to ensure that you make a backup of...