Released XenForo 1.5.10 Released full and upgrade.

[THB]

Today, we are pleased to release XenForo 1.5.10. This release fixes several bugs and issues that were found since the release of 1.5.9.

Most importantly, this release includes a fix for a security issue that we found during internal testing. The issue is known as a server-side request forgery (SSRF). This could allow an attacker to use your server to bypass your server's firewall and make internal requests. Depending on the services found, this could lead to privilege escalation or remote code execution.

This is a potentially serious issue and we strongly recommend all customers follow one of the below methods to fix this security issue.
If you are running XenForo 1.4, please see the 1.4.13 announcement for a patch. If you are running XenForo 1.3 or older, you must upgrade to the latest 1.4 or 1.5 release to fix this issue.

If you are running XenForo Media Gallery 1.0, you must also follow the instructions in the XFMG 1.0.10 release announcement to fully patch this issue. If you are running XFMG 1.1.0 to 1.1.4, you must upgrade to a newer XFMG release. XFMG 1.1.5+ will be automatically fixed by following one of the steps below.

Method 1: Upgrade to the New Version (Recommended)
You may upgrade to XenForo 1.5.10 (or any subsequent version) to fix this issue. You should upgrade as you would to any other release. See further below in this announcement for more details on this release. If you take this approach, you should not apply the patch below.

Method 2: Install the Patch (for 1.5 Users)

Download the patch zip file attached to the end of this message. It contains 4 files:

• 
  
  
  • library/XenForo/BbCode/Formatter/BbCode/AutoLink.php
  • library/XenForo/Helper/Http.php
  • library/XenForo/Helper/Url.php
  • library/XenForo/Model/ImageProxy.php

These 4 files should be uploaded to your server, overwriting the existing files of the same names.

Note that with this method there is no outward indication that the patch has been applied. We recommend upgrading if possible.

Other Changes in 1.5.10

Some of the bugs fixed in 1.5.10 include:

• 
  
  
  • Add several language code/locale options for pages.
  • Fix a situation where white space may not be maintained 100% when pasting code/pre-formatted into the rich text editor.
  • Add a 1000 user limit to ignoring to prevent potential errors.
  • Ensure that poll resetting/deleting is logged correctly.
  • Automatically adjust uploaded image extensions to match their type (rather than throwing an error).
  • Change NoCaptcha requests to POST to prevent a possible regular expression failure.
  • Fix an issue with automatic vendor prefixing in the CSS when using @supports.
  • Fix a timezone related issue when displaying stats output.
  • Adjust the meta description of member profiles to handle missing components better.
  • Prevent an error in the phpBB 3.1 importer relating to timezones.

See the Resolved Bug Reports forum for further information.

The following templates have had changes:

• 
  
  
  • member_view

Where necessary, the merge system within the "Outdated Templates" page should be used to integrate these changes.

Please note that we are now formally recommending that you upgrade to PHP 5.4 or newer. Our intention with XenForo 2.0 is to require PHP 5.4 or newer. If you are running PHP 5.3 or 5.2, you will receive a warning when installing or upgrading XenForo.

All customers with active licenses may now download the new version from the customer area.


P/S: tình hình là lễ nên hơi chậm trễ, do nhiều kèo ăn nhậu quá. sr ae nhé. Ae nào test giúp mình nhé.
có kèm bản vá lỗi cho ae nào ko muốn nâng cấp nhé.

Pass giải nén: vnxf.vn

 

[Death Aloha]

đã lên và chưa phát hiện lỗi, thanks

 

[KHUCTHUYDU]

http://freetuts.net/ky-thuat-tan-cong-csrf-va-cach-chong-csrf-106.html

kiếm ko ra bản 1.1.5 +

If you are running XenForo Media Gallery 1.0, you must also follow the instructions in the XFMG 1.0.10 release announcement to fully patch this issue. If you are running XFMG 1.1.0 to 1.1.4, you must upgrade to a newer XFMG release. XFMG 1.1.5+ will be automatically fixed by following one of the steps below.

 

[THB]

lên ok nhé. ko có lỗi lầm gì nhé.
làm biếng tắt addon luôn. lên từng bước nhé. còn nhảy cóc thì ko biết có lỗi gì ko nhé.

 

[2-tek]

Good, up điều điều, chạy phà phà

 

[WOWLivex]

Nghe nói XenForo 1.5.10 còn lỗi mà nhỉ nên đã tung ra XenForo 1.5.10a, bên mình sao không có bản này ta.

 

[eBin]

Hình như có bản mới 1.5.10a

 

[KHUCTHUYDU]

Hình như có bản mới 1.5.10a

If you downloaded 1.5.10a from your customer area, you do not need to take any other steps. If you are running 1.5.10 and wish to fix this bug, you may either:

1. Download 1.5.10a from your customer area and reupload the files as if you were upgrading.
2. Change the patched files manually with the versions from this bug report. Note that this approach will show these files as not containing the expected contents in the file health check.

 

[zing4u]

forum mới tạo dùng bản nào vậy các bác?

 

[THB]

nào cũng đc

 

[zing4u]

nào cũng đc

Released Full với Released Update có gì khác nhau không bác, bác làm em bối rối quá

 

[THB]

Released Full với Released Update có gì khác nhau không bác, bác làm em bối rối quá

full là đầy đủ. còn update là thừa kế. vì thế nếu host mới tinh chưa cài thì dùng full, còn cài rồi thì update. hii

 

[lbdh]

phiên bản này đã ổn định chưa có lỗi gì ko mọi người?

 

[THB]

dùng bản 1.5.10a nhé. ko gì là hoàn hảo nhé.

 

[hhanh28]

Up sao mấy chế ?

Cái này
xf_patch_1510.zip
dùng để làm gì ?

 

[THB]

dùng cho những người ko nâng cấp. nó vá lỗi thôi.

 

[kim102]

thanks for share

 

[CraftVN]

Thanks bác
(y)

 

[THB]

Hiện mình đang dùng bản 1.5.0 full rồi có cần nâng cấp lên bản này nữa ko nhỉ

thích thì nâng thôi bác. Ko thì dùng hoài cũng đc. mà nâng lên nó vỡ styles đấy nhé.

 

[Ghinlop]

Thắc mắc một điều là không thấy cái link download ở đâu kể cả kiếm file upload lên forum cũng ko có : hay admin hết yêu em rồi nên banned mợ nó cái quyền show và download file rồi