• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Duplicate Remove Flash from XF: security warning on XenForo.com

HWS

Well-known member
#2
I'm almost sure this is a duplicate. But I am supporting it.

However the browsers just show this message if you've installed an old version of Flash. You just neeed to upgrade it and the warning will be gone. This is not XF related.
 

Chris D

XenForo developer
Staff member
#3
There is a duplicate suggestion relating to this.

I believe the vulnerability has been patched in recent Flash updates. Otherwise you can disable the flash uploader in your preferences for now.
 

Amaury

Well-known member
#4
I believe the vulnerability has been patched in recent Flash updates. Otherwise you can disable the flash uploader in your preferences for now.
So 18.0.0.203, the latest version, is still safe, they're just blocking Flash in general by default and it's therefore safe to allow Flash on trusted sites like XF? They made it sound like even the patch was vulnerable.
 

Chris D

XenForo developer
Staff member
#5
I may have been behind on my news earlier. It looks like this is a new vulnerability.

Doesn't change anything, though. If it's blocked or you don't want to use it, it can be switched off in your preferences.
 

Alfa1

Well-known member
#6
That's true. But by now the question needs to be asked: shouldn't XenForo ditch Flash now?
I mean, the browser warning makes the site (and any site running xenforo with flash) look bad. Its easy for the user to misunderstand and perceive it as if the site itself is infected as it tried to load a dangerous script.
 

Chris D

XenForo developer
Staff member
#7
It's easier said than done, of course.

It's only the current Flash version and Firefox that is displaying this warning to users. I'm sure it will get fixed and, which to be fair to Adobe it often is the case, in a timely fashion.
 

Amaury

Well-known member
#11
It's only the current Flash version and Firefox that is displaying this warning to users. I'm sure it will get fixed and, which to be fair to Adobe it often is the case, in a timely fashion.
I assume a popup box like normal will appear on your desktop asking you to update Flash. :D I was going to keep an eye on the plugins page, but I realized it'll probably still say vulnerable because that version and version below are affected.

Flash.PNG

I also updated Java (TM) Platform from 11.31.2. I must have missed it earlier, but it said it was vulnerable. I also updated Adobe Acrobat Reader, but it was only outdated, not vulnerable. Plugins and plugin updating are fun! :D
 

Snog

Well-known member
#12
With all of the hullabaloo about flash on facebook, etc. I don't see anyone dropping flash any time soon.

If and when it happens, it would be a slow change. Do it too quickly and YouTube would die a quick death. I don't think it's parent company would let that happen. ;)
 

Chris D

XenForo developer
Staff member
#13
Bear in mind most big sites, especially YouTube, work perfectly fine without Flash. So no one is going to suffer as a result of the demise of Flash.

In theory, any site whose service already runs fine on iOS which has never had Flash support, is already geared up to drop Flash on all their platforms. If 1 billion iOS devices have successfully managed to live without Flash for 8 years, I'm sure it won't do any one any harm if it happened as quickly as possible.
 

Sheldon

Well-known member
#15
If and when it happens, it would be a slow change. Do it too quickly and YouTube would die a quick death. I don't think it's parent company would let that happen. ;)
Default is already HTML5, so it won't be too long before Flash is completely removed.

I don't see your average user jumping in and changing the default behavior of the browser, and most don't notice nor care. I'd say most have no idea what player they are using for YouTube at the moment, and again, not sure they care either way. As long as it plays, they are happy.
 

Kevin

Well-known member
#16
With all of the hullabaloo about flash on facebook, etc. I don't see anyone dropping flash any time soon.

If and when it happens, it would be a slow change. Do it too quickly and YouTube would die a quick death. I don't think it's parent company would let that happen. ;)
Considering that Facebook's head of security wants to see a sunset date for Flash and Google (YouTube's parent company) recommends using an iframe (which could render an HTML5 player) instead of using direct object tags, I think YouTube will do just fine in a post-Flash world.
 

Martok

Well-known member
#17
Both Amazon and Twitch (which Amazon own) need to pull out their fingers if Flash support is dropped. Twitch still uses it extensively for its videos/streams and Amazon use it for Prime Instant Videos (or Silverlight if you're on Windows).
 

Amaury

Well-known member
#19
What browser are you using? The HTML5 player has been default on Chrome for a long time and not too long ago became default on Firefox.