[DBTech] DragonByte Security 5.1.0.1

Update highlights

This version fixes a couple bugs reported by the community.


Complete Change Log

Fix: Fixed a race condition where the same fingerprint could be inserted twice, generating a server error
Fix: Fix a few server errors in the Watcher service

Update highlights

!!! THIS VERSION REQUIRES XENFORO 2.2.0 AND PHP 7.2.0 !!!

Coinciding with the release of XenForo 2.2.0, all XenForo 2.2 versions are now Gold This is also the last version that will contain the XF 2.2 / PHP 7.2 warning in the release notes.


Complete Change Log

Fix: Fix typo in the "Reset password" watcher action

Update highlights

!!! THIS VERSION REQUIRES XENFORO 2.2.0 AND PHP 7.2.0 !!!

This version contains coding style updates and changes for XenForo 2.2.0 / PHP 7.2.0.

XenForo 2.2 features two new "Security lock" features that function slightly differently than the account locks already present in DragonByte Security. These two new features can now be used as Watcher actions where possible.

Furthermore, a couple bugs have been resolved.

This version is flagged as a Beta version, although it has been tested on a live site.


Complete Change Log

Feature: The two new "Security lock" features in XenForo 2.2 can now be used as Watcher actions where this makes sense
Fix: Fix TOR exit node handling
Fix: Handle a 404 response from HIBP

Update highlights

This is a quick update to fix a logged error stemming from incorrect handling of a 404 error when calling the Have I Been Pwned? API.

Did you know that there are actual email accounts out there that have never been a victim of a data breach? Neither did I. How long ago was this feature implemented, 1-2 years ago? Crazy.

PS: For those waiting for a XenForo 2.2 version, it's still in testing @ DBTech.


Complete Change Log

Fix: Handle a 404 response from HIBP

Update highlights

This version brings the return of the login session management feature from the XenForo 1.5 version. The previous session management version had some issues, namely in that deleted sessions would be re-generated if the other browser instance wasn't already being logged out.

With v4.4.0, deleting a login session will force the other session to end, as was always intended.


Complete Change Log

Feature: Login session management - Log out of other devices via your Password & Security page

Update highlights

This version fixes a few bugs reported by the community.


Complete Change Log

Fix: "The following sub-option(s) are unknown: includeWebGL" when saving settings
Fix: Fix regression from 4.3.3 affecting fingerprints

Update highlights

This version fixes a few bugs related to the "account lock" feature reported by the community.


Complete Change Log

Fix: Corrected the log phrase for locked accounts (not retroactive)
Fix: Ensure the "resend" and "unlock" actions are also excluded from force redirects
Fix: Ensure all redirects use the public route (prevents race condition where admin accounts are redirected)

Update highlights

This version updates the "Account locked" function to log its state changes in the user change log, similar to other flags in the core XenForo product.

It also resolves a potential server error on install, if the API that fetches the country list is inaccessible.


Complete Change Log

Feature: Log "account locked" status in the User Change Log
Fix: Fix a potential server during install

Update highlights

This version is a quick maintenance update to fix some reported bugs, as well as improved compliance with the XenForo Resource Guidelines.

The most important fix is PHP 7.4 compatibility; PHP 7.4 is now officially supported.


Complete Change Log

Change: Updated internal data path references to better support CDNs
Fix: Fix curly brace syntax for PHP 7.4
Fix: Fixed an issue where adding a closure / anonymous function to config.php could cause issues with the config tamper detection

Update highlights

This version is a major upgrade, adding support for various kinds of security keys (such as a YubiKey) to the Two-Step Authentication feature, as well as the password confirmation screen.

Setting up a security key as a two-step authentication method is as easy as it is on any other site; navigate to the Two-Step screen in XenForo, and click "Enable" next to "Verification via security key". Once enabled, repeat visits to the Two-Step screen can also take advantage of your security key to bypass needing to enter your password.

This feature even works with "Windows Hello", found in the Microsoft Edge browser for Windows 10. You don't even need a physical security key!
(The computer needs to support the Trusted Platform Module to enable this feature.)

You can see this in action @ www.DragonByte-Tech.com if you own a FIDO-U2F or FIDO2 compatible security key.

Please be aware that this feature requires PHP 7.2.0 or newer. It will not appear for users on your site if you are running PHP 7.1 or older.


Complete Change Log

Feature: Security keys can now be used as a two-step authentication method [!!!REQUIRES PHP 7.2 OR HIGHER!!!]
Feature: Security keys can now be integrated with password confirm screens [!!!REQUIRES PHP 7.2 OR HIGHER!!!]
Change: Rename a couple of database columns to ensure they comply with the resource guidelines
Fix: Fix a regression with the HIBP API