XenForo 1.5.19 & Add-ons Released

XenForo 1.5.19 is now available for all licensed customers to download. This release fixes a number of bugs and issues that were found since the previous release. As this is a maintenance release, the vast majority of the focus was an increase in stability.

In addition to the usual array of fixes and improvements to XenForo 1.5, we have also released XenForo Media Gallery 1.1.17 and XenForo Resource Manager 1.2.5.

Significantly, these three releases solve a potential "authentication phishing" exploit inside the SWFUpload library that was reported to us by Julien from RCE Security. Most browsers either no longer have Flash by default, or mitigate this issue sufficiently, therefore the issue is fairly low risk. However, as a precaution, it is recommended to upgrade.

By upgrading you will be entirely removing SWFUpload from your XF installation. You may remember that over a year ago we released XenForo 1.5.12 to introduce a new HTML 5 uploader. This may have required add-on developers to update their code to support the new uploader, otherwise SWFUpload would have continued to be used for file uploads in that add-on. In the event that you have add-ons installed which were not updated to use the new uploader, as of this release, these add-ons will no longer support multiple file uploads and instead will only support uploading a single file at a time.

Some of the other changes in this release include:
  • Remove swfupload support.
  • Ensure the _xfToken value is retrieved from the request as a string.
  • Remove the supposedly invalid "gender" property from the member view structured data.
  • No longer import a few social media identities from PHPBB due to reports of those fields no longer existing (and they no longer exist in XF2 anyway).
  • Ensure overlays are not de-cached too early when animations are disabled.
  • Resolve an issue which could strangely modify the message text when using select-to-quote.
See the Resolved Bug Reports forum for further information.

The following templates have had changes:
  • account_preferences
  • attachment_upload_button
  • member_view
Where necessary, the merge system within the "Outdated Templates" page should be used to integrate these changes.

Please note that we are now formally recommending that you upgrade to PHP 7.2 or newer. XenForo 2.0 requires PHP 5.4 or newer. XenForo 2.1 will require PHP 5.6 or newer. If you are running a version below PHP 5.6, you will receive a warning when installing or upgrading XenForo.

All customers with active licenses may now download the new version from the customer area.


More Stable

This release follows our principle that third-point (x.x.X) releases should always be more stable than the preceding version, so for the most part you will not find new features in this release. Major new features will be reserved for second point versions (x.X.x).

Installation and Upgrade Instructions

Full details for how to install and upgrade XenForo can be found in the XenForo Manual.
 
Back
Top Bottom