Amongst the bug fixes, there are several minor security improvements:
- Images are checked for certain content to ensure that the image does not contain code that could be executed with incorrect server configuration (such as in Nginx). Thanks to Chris Deeming for reporting this.
- 1.1.4 now mitigates clickjacking attacks using X-Frame-Options. Thanks to Vikram Pawar (w4rl0ck_d0wn) for reporting this.
- Server error logs now more aggressively filter out passwords before logging. Thanks to Slink for reporting this.
Some of the feature improvements in 1.1.4 include:
- Stronger spam prevention
- Ability to see if there are any registrations that need to be approved from the moderator bar
- Spam cleaning a user will automatically close any pending reports for their content
- Read only access to registration date and last activity on profiles in the admin CP
- Item count support for navigation tabs
- Additional admin-only links on the front-end profile page
Some of the bugs fixed for 1.1.4 include:
- No more blank pages when rebuilding templates
- Improved PHP 5.4/5.5 compatibility
- User group changes can be orphaned, leading to situations where automatic group changes fail
- CSS arrows do not display nicely in Firefox in some situations
- Added phrases used by the rating template
- Incorrect/inconsistent CSS parsing for style properties
- Improved handling of unknown CSS constructs for style properties
- User confirmation records not pruned
- Adjusted the Skype custom field to support Windows Live addresses (since they merged)
- Conversation recipient_counts being changed in incorrect scenarios
- Improved HTML parsing in RSS feed imports
- Improved performance in calculating banned/discouraged IPs
- Spam cleaner did not work correctly when used multiple times without reloading
- Spam cleaner did not delete soft deleted posts
- Performance improvements updating thread/attachment view counts
- Improved performance when loading the style property editor
- Required profile fields may be able to be skipped on registration
All licensed customers may now download XenForo 1.1.4 from the customer area.
This release of XenForo 1.1.4 follows our principle that third-point (x.x.X) releases should always be more stable than the preceding version, so for the most part you will not find new features in 1.1.4. Major new features will be reserved for second point versions (x.X.x).
Installation and Upgrade Instructions
Full details for how to install and upgrade XenForo can be found in the XenForo Manual.