XenForo 1.1.3 Released (Includes Security Fix)

XenForo 1.1.3 is the third maintenance release in the 1.1 series. It contains numerous bug fixes and stability improvements. It includes the SWFUpload security fix as well. We recommend all customers upgrade to 1.1.3 to benefit from the increased stability and security.

1.1.3 also introduces a new "Cookie Usage" page and option to display a notice about cookies on a user's first visit (only when they have no cookies). This is in response to recent EU regulation changes.

The cookie notice option is disabled by default. It can be enabled via Options > Basic Board Information > Show Cookie Notice on First Visit.

Some of the bug fixes in 1.1.3 include:

• Flood check multiplier did not work on discouraged users
• AddThis publisher ID not sent through correctly
• Plain BB codes didn't always work correctly when nested
• PHP 5.4 incompatibilities
• Missing forum info when merging posts
• Dots are not removed from integer params in URLs in all situations where necessary
• In-page navigation with quote attribution links does not change browser history correctly

See the Resolved Bug Reports forum for the full list.

All licensed customers may now download XenForo 1.1.3 from the customer area.

Download XenForo 1.1.3​

From the Licensed Customer Area​

More Stable

This release of XenForo 1.1.3 follows our principle that third-point (x.x.X) releases should always be more stable than the preceding version, so for the most part you will not find new features in 1.1.3. Major new features will be reserved for second point versions (x.X.x).

Installation and Upgrade Instructions

Full details for how to install and upgrade XenForo can be found in the XenForo Manual.

 

[XenForo]

Templates Changed Since 1.1.2

The following templates have been modified since their release in XenForo 1.1.2.

General Template Changes
The following changes provide functional improvements and fixes or cosmetic enhancements. We recommend that all users integrate these changes into their own templates if they have previously customized them by using the 'revert' controls. If you have not customized these templates, the changes will be automatically integrated when you upgrade to 1.1.3:

account_ignored​

Hook name changed.​

addthis_ajax​

Changed JS protocol to work with HTTP or HTTPS.​

attached_files.css​

Removed reference to a style property embedded in a comment​

attachment_upload​

Added "key" hidden input.​

attachment_upload_button​

Added "key" references.​

attachment_upload_overlay​

Added "key" hidden input.​

editor_dialog_code​

Minor HTML changes for consistency with other overlays.​

form.css​

CSS to avoid column breaking inside columnar checkboxes.​

help_index​

Added link to cookie usage page.​

help_wrapper​

Added link to cookie usage page.​

navigation​

Added link to cookie usage page.​

page_nav​

Add rel=prev/rel=next link tags as needed.​