[DBTech] DragonByte Security 5.1.0.1

Update highlights​

This version fixes a regression from v5.0.x causing active forums to receive a MySQL error message saying "lock wait timeout exceeded".

Additionally, further optimisations have been made to the session update code to improve performance.

Complete Change Log​

Fix: The isExpired check now uses the new settings
Fix: Fix regression causing MySQL errors

Update highlights​

This version adds significant changes and performance improvements to the extended session handling.

You can now optionally enable extended session tracking but disable guest session tracking. This will significantly reduce the number of database rows if most of your visitors are guests. You can also entirely turn off extended session tracking. Turning this off will prevent users from seeing their sessions on the "Password and security" page.

Furthermore, an issue where three sessions could be created by a guest logging in has been resolved. A known issue remains: if someone sees the "You must be logged in to do that" login screen as their very first visit to your site, and they successfully log in from that page, a second session will be created (one for the guest visit and one for the logged-in visit).

Lastly, you can now adjust the expiry time for extended sessions for guests and logged in users separately. Previously, all sessions were hardcoded to expire in 30 days. The default expiry time for logged-in users is 30 days and 24 hours for guests.

Complete Change Log​

Feature: Optionally disable extended session tracking
Feature: Configurable logged-in session pruning
Feature: Configurable guest session pruning
Change: Disabling fingerprint logging will now purge existing fingerprints
Fix: Reduced the amount of sessions being created per user

Update highlights​

This version resolves a compatibility issue with XenForo Cloud. You must not enable "Config.php tampering" Watcher on XenForo Cloud, as that will continue to trigger this issue.

Complete Change Log​

Fix: Fix compatibility issue with XenForo Cloud

Update highlights​

This version is now considered stable. No issues were discovered during the testing phase.

Complete Change Log​

Version bump

Update highlights​

!!!This version requires PHP 8.0+!!!

This version mainly introduces compatibility with XenForo 2.3. The add-on has been fully updated, meaning no compatibility layers such as loading jQuery or other such patches are required for this add-on.

One important thing to mention; The WebAuthn integration has been removed, since this is now natively supported in XenForo 2.3.

Furthermore, a few reported bugs since the release of the last version for XenForo 2.2 have also been resolved.

Complete Change Log​

Change: Reduced query count due to new XenForo 2.3 functionality
Change: Remove WebAuthn support (natively supported in XF 2.3)
Change: Update entity references to use class-string
Change: Updated macros to XF 2.3 format
Change: Updated fingerprinting library to a newer version
Change: Updated password rules functionality to XF 2.3
Change: Replace various references with class-string<T> equivalents
Change: Update code for PHP 8.0
Change: Add compatibility with new XenForo 2.3 Beta 6 feature
Change: Remove "XenForo" from copyright footer
Change: Necessary changes for the new XenForo 2.3 coding style
Change: Automatically clean up files on upgrade
Fix: Fixed template modifications
Fix: Fix inconsistent confirmUrl behaviour with deletion
Fix: Fix missing content type phrases
Fix: Improve performance of Security Session table lookup

Update highlights

!!!This version requires PHP 7.4+!!!

This version improves the display shown to users when reviewing their login sessions, as the user agent is now parsed to display more human-readable information such as browser/version and operating system.

There is also new options to exclude users with Two-Factor Authentication enabled when performing batch user update actions from DB Security.

This version also refactors some backend code and fixes a compatibility issue with PHP 8.2 / 8.4.


Complete Change Log

Feature: Improved session information display, now parses browser and OS
Feature: Optionally exclude TFA-enabled users from batch update actions
Change: Refactored backend code
Change: Bump minimum PHP version to 7.4 and recommended version to 8.2
Change: Update dependencies to the latest version(s)
Fix: User agent is now updated for login sessions
Fix: Bad Behavior would run on PHP versions newer than it supports
Fix: Fix PHP 8.2 compatibility issues
Fix: Fix PHP 8.4 compatibility issue

Update highlights

This version fixes an issue where certain custom entries in the config.php file would produce a server error if the "Config Tamper" security watcher was enabled.


Complete Change Log

Fix: Fix Config Tamper watcher producing a server error when running on XenForo Cloud / with certain config.php additions

Update highlights

This version fixes an issue where an old, unused block of code could be used to delete other users' "Remember Me" records.


Complete Change Log

Fix: Fixed an issue where it was possible to delete other users' "Remember Me" records

Update highlights

This version fixes an issue where a server setup using replication could experience performance degradation on a guest's first visit.

Furthermore, an issue where the BadBehavior integration could cause a server error has been addressed.


Complete Change Log

Change: Improve compatibility with databases setup for replication
Fix: Fix "Constant BB2_CORE already defined" error in the Bad Behavior logs

Update highlights

This version changes some internal functions to no longer rely on deprecated XenForo functions, and fixes a server error that could occur with certain maliciously crafted URLs.


Complete Change Log

Change: Change UTF-8 related functions
Fix: Certain URLs could cause a server error in dispatcherPostRender