Announcements

Today, we are releasing XenForo 1.2.8 to address two potential security vulnerabilities. We recommend that all customers running XenForo 1.2 or earlier upgrade to 1.2.8 or use the attached patch file as soon as possible.The two issues are XSS vulnerabilities. XSS (Cross Site Scripting) issues allow scripts and malicious HTML to be injected into the page, potentially allowing data theft or unauthenticated access.In the notices system, the name token was not escaped as expected. This could allow specially crafted requests to trigger an XSS for guests (or for a registered user to trigger an XSS on themselves). In the filter list system in the admin control panel, dynamic highlighting when filtering did not escape output properly...

XenForo Media Gallery 1.0.6 is a maintenance release for our media gallery add-on. We recommend all customers running XenForo Media Gallery to upgrade to 1.0.6 to benefit from increased stability.This release fixes several bugs that were reported following the release of XenForo Media Gallery 1.0.5:Provide more detailed error messages when trying to access deleted gallery content. Display a suitable error if content has no valid IP addresses logged. Ensure guests can view category based media and other media they have permission to see in New Media. Catch various exceptions that could be thrown when rebuilding watermarks on images. Restrict imported media titles to the max length set in Gallery Options. Fetch thumbnails for YouTube...

XenForo Media Gallery 1.0.5 is a maintenance release for our media gallery add-on. We recommend all customers running XenForo Media Gallery to upgrade to 1.0.5 to benefit from increased stability.This release fixes several bugs that were reported following the release of XenForo Media Gallery 1.0.4:Improved caching of permission based template params in templates. Some small fixes and improvements to inline moderation including the display of the "Selected Items" on all relevant pages. No longer show banned users in various blocks, such as Recent Comments, Top Contributors and Recent Albums. Highlight the correct "order" tabs when viewing albums shared with you Changes to no longer count media in various places that are located in...

Today, we are pleased to release XenForo 1.4.7. This release fixes a number of bugs and issues that were found since the release of 1.4.6. As this is a maintenance release, the vast majority of the focus was an increase in stability.Please note that we are now formally recommending that you upgrade to PHP 5.4 or newer. Our intention with XenForo 2.0 is to require PHP 5.4 or newer. If you are running PHP 5.3 or 5.2, you will receive a warning when installing or upgrading XenForo.Some of the bugs fixed in 1.4.7 include:Prevent double inclusion of the Facebook JavaScript files in certain cases. Add default support for the new Facebook video URL format. When upgrading an add-on, maintain the active state for existing BB codes. Fixed a...

Today, we are pleased to release XenForo 1.4.6. This release fixes a number of bugs and issues that were found since the release of 1.4.5. As this is a maintenance release, the vast majority of the focus was an increase in stability.However, we have improved our login brute force mitigation system to not only limit login attempts per user but to also place temporary blocks on entire IP addresses if they fail to login too many times.This release also brings our use of the Facebook Open Graph API up to version 2.0. Although you will not see any noticeable difference, it does ensure that the Facebook integration will continue to work after they officially end support for version 1.x of the API. In addition to this mostly...

XenForo Media Gallery 1.0.4 is a maintenance release for our media gallery add-on. We recommend all customers running XenForo Media Gallery to upgrade to 1.0.4 to benefit from increased stability.This release improves performance in various areas, especially for larger galleries, by adding indexes to various tables. Please be aware that depending on the size of these tables, it may take time for the queries to execute. This will vary significantly by board size and server configuration, but if the tables are very large, it could take minutes for each query to complete. In this case, the install process may seem to take longer than usual as the indexes will be added during the "Rebuilding" phase of the upgrade.This release also adds...

Today, we are pleased to release XenForo 1.4.5. This release fixes a number of bugs and issues that were found since the release of 1.4.4. As this is a maintenance release, the vast majority of the focus was an increase in stability.This release improves performance of several operations by adding indexes to 2 tables (xf_edit_history and xf_user_alert). If you are running a larger forum and have command line access, you may wish to consider using the command line upgrade option. The standard web-based upgrader will still work, but please be aware that depending on the size of these tables, it may take time for the queries to execute. This will vary significantly by board size and server configuration, but if the tables are very large...