[DBTech] DragonByte Security 4.7.0

Update highlights

This update changes the way the "Country Blocks" feature works internally.

Prior to this update, IP addresses were updated and saved to the ban log when you made changes to the "Country Blocks" page without any kind of background processing. This meant that if you were trying to block either a large number of countries, or a country with a large IP block such as China or the United States, the page could time out.

In this update, the IP addresses are updated and blocked in the background when you save the page, reducing the risk of timeout errors.


Complete Change Log

Change: Country blocks are now saved / updated in the background

Update highlights

This is a minor bug fix release that fixes an issue where the password rules would break the layout of the password box in the user control panel as well as on the registration page.


Complete Change Log

Fix: Fixed an issue where the password rules would break the password box layout

Update highlights

This release features back-end only changes, making required changes to support XenForo 2.1.

In addition, an issue with a template modification being incorrectly applied in the Admin panel, causing a server error during an upgrade of this product, has been fixed. It is safe to ignore that error, this upgrade is the last time it'll appear (hopefully!)


Complete Change Log

Change: Updated various HTTP requests to match the changes in XF 2.1
Fix: Fixed an issue where a template modification would display a server error during an upgrade of this addon. It is safe to ignore that error.

Update highlights

After a lengthy Beta period, this product has gone Gold

This version contains no changes from the previous version. Future updates will require XenForo 2.1.

This version does not work on XenForo 2.1. Please do not upgrade to XenForo 2.1 until a 2.1 compatible version has been released.

To see the full details on the v4.1.0 release, click here: https://www.dragonbyte-tech.com/store/dragonbyte-security.345/release/1751/


Complete Change Log

No changes.

Because of a backwards breaking change in XenForo 2.1, and because I plan to take advantage of new features only available in XenForo 2.1, the next version will require XenForo 2.1.

The current version will NOT work with XenForo 2.1. A blocking issue has been identified with XenForo 2.1:

• Certain Cron jobs will not work due to a change in the back-end code that powers XenForo (A.K.A. "The Guzzle Change")

The issue has been fixed in an internal build that will be released A.S.A.P., once I am confident enough there are no other blocking issues.

In the meantime, I will release a "Gold" version of the current beta or RC version. This "Gold" version should work fine with XenForo 2.1. There are no known blocking issues with the planned "Gold" version of this mod preventing it from running on XenForo 2.1.

Update highlights

This update improves the "Account Lock" and "Password Change" features by allowing you to set redirect whitelists, just like XF2's "Terms of Service whitelist".

Lastly, it fixes a race condition where it was possible for a user to get stuck in a redirect loop if they were forced to accept the ToS / Privacy Policy and change their password at the same time.

To see the full details on the v4.1.0 release, click here: https://www.dragonbyte-tech.com/store/dragonbyte-security.345/release/1751/


Complete Change Log

Feature: Route whitelist feature for the "Account Lock" redirect
Feature: Route whitelist for the "Password Change" redirect
Fix: Fixed an infinite redirect loop when a user was forced to change their password AND accept privacy policy / terms

Update highlights

This update fixes an issue with the Bad Behavior integration where it would generate a server error after inserting new data.

To see the full details on the v4.1.0 release, click here: https://www.dragonbyte-tech.com/store/dragonbyte-security.345/release/1751/


Complete Change Log

Fix: Fixed an issue where Bad Behavior would cause a server error

Update highlights

We're happy to bring you the first Beta version of our fourth major rewritten XenForo 2 only mod: DragonByte Security!

Before we delve into the changes:

• This is a Beta version, with sweeping database changes. Do not install this on a production forum without a backup that you can revert to in case something goes wrong. But please help us test it!
• This version will not run on XenForo 1. Going forward, the focus of development will be on the XF2 version.
• It is recommended that you disable the modification before updating, if you're upgrading from v4.0.x.

Without further ado, onto the changes!


Security Watchers UI changes
The UI for managing Security Watchers has received a complete overhaul in order to ensure it works better on mobile devices. Each individual rule set is now inserted as a separate entry, rather than managing all rule sets from a single page.
The main security watchers list now also displays information about the configured rule, making it easier to see at a glance which watchers you have configured.


"Force password change" and "Mass password reset" changes
These two pages now use the user search form, allowing you to more specifically target the users you want to force change or reset passwords for. Super admins are now also excluded from these tools, as it's imperative they can always access their accounts.


Change Log overhaul
The "Change log" within this mod previously rolled its own solution to store changes. In this update, this has been removed. Instead, changes that were previously logged in our own solution now uses XF2's change log, which has a vastly superior data storage system, and a vastly improved display UI.


Improved log UIs
Every log has a vastly improved UI, making them better able to be viewed on mobile devices, and less likely to produce warped displays in the event a large amount of data was logged.


Complete Change Log

Feature: IP address search now uses XF2's IP log
Feature: The "Force Password Change" page now uses the "user search form" to give greater control over whose passwords need changing
Feature: The "Mass password reset" page now uses the "user search form" to give greater control over whose passwords are reset
Feature: The ".htaccess password generator" has an improved password generator, with more advanced rule options
Feature: The "Change log" now uses XF2's change log rather than a custom solution
Change: Country Blocking now stores its data in XF2's IP Match table
Change: The breach checker now uses XF2's "Rebuild" feature to make it a rebuild job
Change: Overhauled the UI for Security Watchers
Change: Every log page has a vastly improved UI that works better on mobile devices

What is happening?
On the 11th of July 2018, XenForo published their Resource Guidelines aimed at ensuring performance & stability of XenForo modifications. At the moment, this product does not meet these standards, due to the fact that this product has been engineered to allow the core code to run on both XenForo 1 and XenForo 2.

As a result, I am beginning work on re-engineering this product to become a "native" XenForo 2 modification. At this point in time, there are no plans to re-engineer the XenForo 1 version, as the guidelines appear to target XF2 specifically.


What does this mean for the XF1 version?

Given that I will no longer be able to produce new features for XF1 and XF2 simultaneously without also doubling the work, the version numbers for the XF1 and XF2 versions may diverge going forward. The primary focus of development will be the XenForo 2 version of this product. Support for the XF1 version is NOT ending, and you will continue to be able to download the XF1 version alongside the XF2 version free of charge. Whether I will bump the XF1 version's version number to be in line with XF2 is undecided at this time.


What does this mean for the XF2 version?

First of all, I want to be clear that you will NOT have to uninstall the existing XF2 version in order to continue using this product going forward. I will be releasing beta versions of the re-engineered XF2 version as I finish working on them. I will need your help testing the various features and combinations of features in order to ensure the Gold version is as stable as possible.


When will this update be released?

Unfortunately it is not possible for me to give an ETA on when these updates will be completed, as it depends on the complexity of each individual modification.


Will this be a paid upgrade?

If you have an active license at the time of release, you will be able to download the new version free of charge.


----
I would also like to ask for your patience while I work on this update. My ability to fix bugs in the existing released version may be diminished, depending on the complexity of the issue.

Update highlights

This release fixes an issue with the web service GeoIP API utilised in parts of this mod. The previous API shut down, so a replacement was put in place.


Complete Change Log

Fix: Updated the endpoint for the GeoIP "Web service" API