XenForo Announcements

XenForo Enhanced Search (XFES) 1.1.4 is a maintenance release for our add-on that replaces XenForo's built in search engine with one powered by Elasticsearch to provide greater performance and better search results. This release fixes several bugs: Prevent creating result sizes greater than Elaticsearch's default index.max_result_window value (10000). Improve error handling in newer versions of Elasticsearch and prevent this error handling from interfering with the main request being processed. Requirements XFES requires that you have elasticsearch 0.16.0 or newer installed. As such, this add-on is only applicable if you have root access to your server (such as with a dedicated server or VPS). XFES also requires XenForo 1.3.0 or...

Today, we are pleased to release XenForo 1.5.6. This release fixes a number of bugs and issues that were found since the release of 1.5.5. As this is a maintenance release, the vast majority of the focus was an increase in stability. In addition to the usual bug fixes, we've made a few improvements: In June, PayPal will be making changes to force all requests to use TLS 1.2. If your server does not support TLS 1.2, after this date, user upgrades will not be processed correctly. As of 1.5.6, we attempt to ensure that we use a connection type that supports TLS 1.2 so service will not be interrupted when the change happens. Unfortunately, your server may not support TLS 1.2. If you are using user upgrades, it's important to check this...

XenForo Media Gallery 1.1.5 is a maintenance release for our media gallery add-on. We recommend all customers running XenForo Media Gallery to upgrade to 1.1.5 to benefit from increased stability. In addition to the usual bug and stability focus we have added beta support for importing from the IP Gallery versions which were designed to work with IP Board 4.0 and IP Board 4.1. This release fixes several bugs that were reported following the release of XenForo Media Gallery 1.1.4: A new option has been added to allow you to disable the ability to upload images from a URL. Disable this to prevent your server IP address being identified through use of this feature. (Alternatively, XenForo 1.5.6's untrusted HTTP client configuration is...

XenForo Resource Manager 1.2.3 is a maintenance release for our resource manager add-on. We recommend all customers running XenForo Resource Manager 1.2 upgrade to 1.2.3 to benefit from increased stability. This release fixes several bugs that were reported following the release of XenForo Resource Manager 1.2.2: Fix an issue where clicking the "Updated Resource File" label focuses the wrong input while adding a new version. Fix for an 'Undefined index error' in XenResource_Listener_Proxy_ControllerFindNew Implement URL canonicalization for the Resource Author view. Merge the resource_count field in the xf_user table when merging users. Replaced the now unsupported ReviewAggregate data-vocabulary.org structured data with schema.org...

Today, we are pleased to release XenForo 1.5.5. This release fixes a number of bugs and issues that were found since the release of 1.5.4. As this is a maintenance release, the vast majority of the focus was an increase in stability. Please note that we are now formally recommending that you upgrade to PHP 5.4 or newer. Our intention with XenForo 2.0 is to require PHP 5.4 or newer. If you are running PHP 5.3 or 5.2, you will receive a warning when installing or upgrading XenForo. Some of the bugs fixed in 1.5.5 include: Fix an issue where logging in via Facebook would immediately log you out again Prevent a database error when using the IP Board 4.0/4.1 importer with a IPB 4.1 database Resolve a timeout when dealing with long data...

XenForo Media Gallery 1.1.4 is a maintenance release for our media gallery add-on. We recommend all customers running XenForo Media Gallery to upgrade to 1.1.4 to benefit from increased stability. This release fixes several bugs that were reported following the release of XenForo Media Gallery 1.1.3: Tweak to attachment uploader styling Better support for RTL languages when tagging users in media Couple of small permission checks in templates Change so that the auto complete search for members in the move media dialog no longer takes into consideration a user's recent activity Change to the RSS feed to show thumbnails by default and remove the individual item descriptions (some readers would ignore the content in favour of the...

During routine internal testing, we discovered a security issue within XenForo 1.3 and newer. The issue allows a cross site scripting (XSS) attack to potentially be triggered via a specially crafted profile post. XSS issues may allow an attacker to steal data (including cookies) or force a user to take actions without their consent or knowledge (possibly including administrative actions). We strongly recommend all XenForo customers follow one of the steps below to resolve this issue. If you have any questions relating to installing this patch or upgrading to the new version, please post in the Upgrade Support forum. Method 1: Upgrade to the New Version (Recommended) You may upgrade to XenForo 1.5.4 (or any subsequent version) to fix...