[DBTech] DragonByte Security 4.6.5

Update highlights

This version changes some internal functions to no longer rely on deprecated XenForo functions, and fixes a server error that could occur with certain maliciously crafted URLs.


Complete Change Log

Change: Change UTF-8 related functions
Fix: Certain URLs could cause a server error in dispatcherPostRender

Update highlights

This version fixes an issue with "Always show CAPTCHA when logging in to: front-end" option if the login form was loaded via AJAX (i.e. in an overlay).


Complete Change Log

Fix: The "Always show CAPTCHA when logging in to: front-end" option would not function correctly if the login form was loaded via AJAX

Update highlights

This version fixes an issue wherein modifying the "Master Style", such as while upgrading add-ons, would attempt to send invalid emails when the "Email webmaster on template changes" option is turned on.

"Master Style" changes are no longer subject to email notifications.


Complete Change Log

Fix: Fix potential server error while upgrading other add-ons

Update highlights

This version fixes a couple of issues with the new Login Captcha feature, as well as an issue with the new Security Lock feature in XenForo 2.2.


Complete Change Log

Fix: "You must be logged in to do that" pages did not have captcha properly applied on first load
Fix: Fix incompatibility with 3rd party add-ons that also extend certain View classes
Fix: Using the new XF2 security locking feature in a Security Watcher could fail to apply the lock in certain scenarios

Update highlights

This version fixes an issue wherein the new Login Captcha feature could be enabled on pages that did not support it.


Complete Change Log

Fix: Login captcha no longer applies to password confirmation screens

Feature: Account unlocks now add an entry to the IP log
Feature: Batch update: Account lock (user unlock)
Feature: Optional forced CAPTCHA for front-end and AdminCP logins
Change: Account locks (user unlock or admin unlock) are now logged in the User Change Log
Fix: Fix potential server errors when viewing certain pages
Fix: Fix an issue where the User Information watcher wasn't correctly limiting to the field described in the Watcher Rules

Update highlights

This version updates the country fetching code to be more reliable, and no longer requires an API key. If you previously had problems fetching the country list, please run the "Update country list" cron job one more time manually, after which the list should populate itself correctly.

Furthermore, since no API key is needed, fresh installation should once again find the country list pre-populated.


Complete Change Log

Change: Switch to a more stable method of updating the country list

Update highlights

This version contains an update to support the new API for fetching the list of countries. You now require a (free) API key in order to fetch this data, added via the new setting.


Complete Change Log

Fix: Updated the Country API to account for changes in 3rd party services (now requires an API key)

Update highlights

This version resolves an issue when loading options on certain pages other than the main AdminCP settings page.


Complete Change Log

Fix: When viewing options from pages other than the "Settings" page, a server error could be generated

Update highlights

This version changes the way sessions are handled in order to improve performance.

DB Security stores a copy of some session information in order to support the ability to disconnect sessions via the "Privacy & Security" settings, as well as some other features.

In prior versions, old DB Security sessions would be deleted any time a user started a new session. This was done in order to ensure that no-one could hijack a session or no-one could still be logged in with an expired session.
However, this doesn't scale well for large forums with a large amount of sessions. In this version, old DB Security sessions are now expired using a hourly cron job, and any code that previously looked for DB Security sessions has been updated to also check for expiry.

None of these changes affect the built-in XenForo session system.


Complete Change Log

Change: Expired sessions are now deleted via a Cron job instead of on session start