XenForo 2.0.4 and 1.5.18 Released
Security Fix
Following the identification of a security issue in the Video JS library, which was distributed with XenForo 1.5, we have released new versions of XenForo 1.5.x and 2.0.x to work around the problem. The issue does not lie within XenForo itself, but within a third-party library that was distributed with XenForo 1.5.
XenForo 2 is not directly affected at all, but it is possible that the vulnerable js/videojs/video-js.swf file may have been left in place if the XenForo installation originated on version 1.x.
The new versions include a dummy video-js.swf file, which will overwrite the existing, vulnerable version if it exists on your server.
Other Changes
Both 1.5.18 and 2.0.4 are bug-fixing releases, so their changes are mostly limited to improving stability and performance. Full details are available in the release announcement threads at XenForo.com:
XenForo 2 Importers
In order to allow us to update our importer suite independently of XenForo itself, we have decided to separate the importers from the XenForo core. As a result, you will no longer find the importers in the installation package for vBulletin, but instead you will find them as
a separate download in your customer area.
If you have not upgraded to XenForo 2 yet, learn more about
what's new in XenForo 2.0. Please be aware that XenForo 2 is a major upgrade from XenForo 1. Existing add-ons and customizations are not compatible.
This email was sent to *****
@gmail.com. You are receiving this because you chose to receive updates about XenForo. You may
unsubscribe if you do not want to receive any more XenForo updates.
Please do not reply to this email.
Contact us.
XenForo Ltd. is registered in England and Wales with company number 07294282.
