XenForo Announcements

XenForo 2.0.10 is now available for all licensed customers to download. We recommend that all customers running previous versions of XenForo 2.0 upgrade to this release to benefit from increased stability. In addition, we are now providing admins with a way to view helpful server information at a glance. Look out for the "Server environment report" block on the Admin CP home page: This will provide at-a-glance information about the environment in which XenForo is running. It will also report to you if your current PHP version is sufficient for running future versions of XenForo. In addition, the Admin home page will now also display messages if your environment no longer meets the minimum requirements for XenForo. This can happen...

XenForo Media Gallery 2.0.5 is now available for all licensed customers to download. We recommend that all customers running previous versions of XenForo Media Gallery 2.0 upgrade to this release to benefit from increased stability. Download XenForo Media Gallery 2.0.5 Some of the changes in XFMG 2.0.5 include: Add some missing uninstall steps When viewing a reported media item, show the media item. Fix typo in viewModeratedAlbums permission check. When editing an album/media item ensure that the description can be empited. Reduce query count when viewing albums/media items. When viewing an album, fix selected filters not displaying when filters are applied. Avoid content breaking out of the album/media item view columns. Display a...

XenForo Resource Manager 2.0.4 is now available for all licensed customers to download. We recommend that all customers running previous versions of XenForo Resource Manager 2.0 upgrade to this release to benefit from increased stability. Download XenForo Resource Manager 2.0.4 Some of the changes in XFRM 2.0.4 include: Support for filtering the resource list by prefix when browsing the resource overview page. Prevent an error in XFRM if a resource that is associated a thread who has been orphaned from its forum is updated. Use the correct column name when stopping category watch emails. Adjust the permission check for resource icon editing while creating a resource. The following public templates have had changes: xfrm_overview...

XenForo 1.5.22 is now available for all licensed customers to download. We recommend that all customers running previous versions of XenForo 1.5 upgrade to this release to benefit from increased stability. Download XenForo 1.5.22 Some of the changes in XF 1.5.22 include: Improve compatibility with MySQL 8.0. Improve support for newer TLS versions in emails for PHP versions >= PHP 5.6. In the spam cleaner only show email addresses to admin users who have the users permission. Use deconstructImages on GIFs (where available) in order to reduce the resulting file size. Bypass username validation when renaming a user on delete. Ensure registration defaults do not override receive_admin_email settings specified on registration. Prevent a...

No, you're not imagining it - we are doing another release, just a day after the release of 2.0.8. XenForo 2.0.9 fixes a flaw that could potentially be exploited to create a cross-site scripting vulnerability. We recommend that all customers running XenForo 2.0 upgrade to 2.0.9 or use the attached patch file as soon as possible. Note that if you are applying the patch rather than doing a full upgrade to 2.0.9, you will need to apply the 2.0.8 patch too. XenForo extends thanks to Thomas Schneider for identifying the issue. The issue is a XSS vulnerability. XSS (Cross Site Scripting) issues allow scripts and malicious HTML to be injected into the page, potentially allowing data theft or unauthenticated access. Applying a Fix...

Today, we are releasing XenForo 2.0.8 to address a potential security vulnerability. We recommend that all customers running XenForo 2.0 upgrade to 2.0.8 or use the attached patch file as soon as possible. The issue is a XSS vulnerability. XSS (Cross Site Scripting) issues allow scripts and malicious HTML to be injected into the page, potentially allowing data theft or unauthenticated access. Specifically, the issue relates to specially crafted text entered into messages and output using the structured text system (used in profile posts and comments). Thank you to @batpool52! for identifying the issue and reporting it to us. There are no other fixes included in this version. There will be a further maintenance release in the coming...

Hot on the heels of our previous GDPR centric releases, today we're pleased to announce the release of XenForo 1.5.21 and XenForo 2.0.7 which aims to resolve some issues found since the release of the previous versions, and include a few further tweaks to enhance GDPR compliance on your forum. See our previous release announcement for details of how we can help you comply with the new GDPR regulations. A summary of the changes in this release are as follows: Ensure the server side validates the privacy policy/terms and rules acceptance form (XF1 and XF2) Ensure certain fields output in the data portability exports are escaped (XF1 and XF2) Some small phrase adjustments (XF1 and XF2) Attempt to ensure the new cookie notice does not...