[DBTech] DragonByte Security 5.1.0.1

Update highlights

This update improves the "Account Lock" and "Password Change" features by allowing you to set redirect whitelists, just like XF2's "Terms of Service whitelist".

Lastly, it fixes a race condition where it was possible for a user to get stuck in a redirect loop if they were forced to accept the ToS / Privacy Policy and change their password at the same time.

To see the full details on the v4.1.0 release, click here: https://www.dragonbyte-tech.com/store/dragonbyte-security.345/release/1751/


Complete Change Log

Feature: Route whitelist feature for the "Account Lock" redirect
Feature: Route whitelist for the "Password Change" redirect
Fix: Fixed an infinite redirect loop when a user was forced to change their password AND accept privacy policy / terms

Update highlights

This update fixes an issue with the Bad Behavior integration where it would generate a server error after inserting new data.

To see the full details on the v4.1.0 release, click here: https://www.dragonbyte-tech.com/store/dragonbyte-security.345/release/1751/


Complete Change Log

Fix: Fixed an issue where Bad Behavior would cause a server error

Update highlights

We're happy to bring you the first Beta version of our fourth major rewritten XenForo 2 only mod: DragonByte Security!

Before we delve into the changes:

• This is a Beta version, with sweeping database changes. Do not install this on a production forum without a backup that you can revert to in case something goes wrong. But please help us test it!
• This version will not run on XenForo 1. Going forward, the focus of development will be on the XF2 version.
• It is recommended that you disable the modification before updating, if you're upgrading from v4.0.x.

Without further ado, onto the changes!


Security Watchers UI changes
The UI for managing Security Watchers has received a complete overhaul in order to ensure it works better on mobile devices. Each individual rule set is now inserted as a separate entry, rather than managing all rule sets from a single page.
The main security watchers list now also displays information about the configured rule, making it easier to see at a glance which watchers you have configured.


"Force password change" and "Mass password reset" changes
These two pages now use the user search form, allowing you to more specifically target the users you want to force change or reset passwords for. Super admins are now also excluded from these tools, as it's imperative they can always access their accounts.


Change Log overhaul
The "Change log" within this mod previously rolled its own solution to store changes. In this update, this has been removed. Instead, changes that were previously logged in our own solution now uses XF2's change log, which has a vastly superior data storage system, and a vastly improved display UI.


Improved log UIs
Every log has a vastly improved UI, making them better able to be viewed on mobile devices, and less likely to produce warped displays in the event a large amount of data was logged.


Complete Change Log

Feature: IP address search now uses XF2's IP log
Feature: The "Force Password Change" page now uses the "user search form" to give greater control over whose passwords need changing
Feature: The "Mass password reset" page now uses the "user search form" to give greater control over whose passwords are reset
Feature: The ".htaccess password generator" has an improved password generator, with more advanced rule options
Feature: The "Change log" now uses XF2's change log rather than a custom solution
Change: Country Blocking now stores its data in XF2's IP Match table
Change: The breach checker now uses XF2's "Rebuild" feature to make it a rebuild job
Change: Overhauled the UI for Security Watchers
Change: Every log page has a vastly improved UI that works better on mobile devices

What is happening?
On the 11th of July 2018, XenForo published their Resource Guidelines aimed at ensuring performance & stability of XenForo modifications. At the moment, this product does not meet these standards, due to the fact that this product has been engineered to allow the core code to run on both XenForo 1 and XenForo 2.

As a result, I am beginning work on re-engineering this product to become a "native" XenForo 2 modification. At this point in time, there are no plans to re-engineer the XenForo 1 version, as the guidelines appear to target XF2 specifically.


What does this mean for the XF1 version?

Given that I will no longer be able to produce new features for XF1 and XF2 simultaneously without also doubling the work, the version numbers for the XF1 and XF2 versions may diverge going forward. The primary focus of development will be the XenForo 2 version of this product. Support for the XF1 version is NOT ending, and you will continue to be able to download the XF1 version alongside the XF2 version free of charge. Whether I will bump the XF1 version's version number to be in line with XF2 is undecided at this time.


What does this mean for the XF2 version?

First of all, I want to be clear that you will NOT have to uninstall the existing XF2 version in order to continue using this product going forward. I will be releasing beta versions of the re-engineered XF2 version as I finish working on them. I will need your help testing the various features and combinations of features in order to ensure the Gold version is as stable as possible.


When will this update be released?

Unfortunately it is not possible for me to give an ETA on when these updates will be completed, as it depends on the complexity of each individual modification.


Will this be a paid upgrade?

If you have an active license at the time of release, you will be able to download the new version free of charge.


----
I would also like to ask for your patience while I work on this update. My ability to fix bugs in the existing released version may be diminished, depending on the complexity of the issue.

Update highlights

This release fixes an issue with the web service GeoIP API utilised in parts of this mod. The previous API shut down, so a replacement was put in place.


Complete Change Log

Fix: Updated the endpoint for the GeoIP "Web service" API

Change: The copyright URL has been changed to match DBTech's new XF2 URLs
Fix: Bugfix roll-up since previous version

Fix: Bugfix rollup

Fix: Bugfix roll-up from the previous Beta

Fix: Bugfix roll-up since previous Beta

Fix: Bugfix roll-up from Beta 1