Released XenForo 1.5.18 Released

Thảo luận trong 'XenForo Released' bắt đầu bởi THB, 16/03/2018.

  • Google checker:
  1. THB

    THB Admin - Founder Thành viên BQT

    Tham gia:
    25/02/2015
    Bài viết:
    6,162
    Đã được thích:
    3,450
    Điểm thành tích:
    113
    Giới tính:
    Nam
    Nghề nghiệp:
    CEO
    Nơi ở:
    Bình Dương
    XenForo 1.5.18 Released - Includes Security Fix
    XenForo 1.5.18 is now available for all licensed customers to download. This release fixes a number of bugs and issues that were found since the previous release. As this is a maintenance release, the vast majority of the focus was an increase in stability.

    Most importantly, this release includes a fix for a security issue that was reported to us by Julien from RCE Security. The issue was not found within XF code itself, but instead a file which we previously included with XF 1.5.x within the Video JS library. The issue is known as an "authentication phishing" exploit which involves posting a specially crafted URL pointed at the Video JS SWF file. This specially crafted URL, when clicked on or embedded in a page, can include another URL which returns a 401 response and display an authentication prompt. This authentication prompt may trick less experienced users into thinking that it is your site which is asking for authentication when in fact the authentication details entered may be submitted to the attacker instead.

    xenforo 00.jpg

    To solve this problem we are including a zero-byte file which will overwrite the problematic file.
    We recommend that all customers upgrade to the latest version of XF 1.5 or XF 2.0, but if you are unable to do this then you can simply delete the file which resides in the following location: js/videojs/video-js.swf.

    As a side note, there is potentially another exploit in some current browser versions which is similar. This involves a URL which points to a resource, such as an image, which returns a 401 response. This is an exploit which is being patched by most browser vendors. It is currently fixed in the latest stable Chrome release, and upcoming versions of Safari and Firefox. If you are concerned by such an exploit, please ensure you inform your users that a) they should be using the latest available version of their preferred browser and b) that login details should only be provided via your site's default login form.



    Some of the other changes in this release include:

    • In some cases, a Solve Media CAPTCHA challenge would erroneously pass if the HTML was tampered with (such as via a spam bot).
    • Better support for media embeds and user mentions in the IPS Forums 4.x importer.
    • Fix for missing likes on import from XF to XF.
    • Improve PHP 7.x compatibility in the SMF importer.
    • Add rel="canonical" to the quick navigation template to avoid indexing duplicate content.
    • Security: Disable use of js/videojs/video-js.swf and remove calling it from the template.
    • Recommend users upgrade to PHP 5.6 or above when installing or upgrading.
    See the Resolved Bug Reports forum for further information.

    The following templates have had changes:

    • quick_navigation_menu
    • video_js_setup
    Where necessary, the merge system within the "Outdated Templates" page should be used to integrate these changes.

    Please note that we are now formally recommending that you upgrade to PHP 7.2 or newer. XenForo 2.0 requires PHP 5.4 or newer. XenForo 2.1 will require PHP 5.6 or newer. If you are running a version below PHP 5.6, you will receive a warning when installing or upgrading XenForo.

    All customers with active licenses may now download the new version from the customer area.

    Download XenForo 1.5.18
    From the Licensed Customer Area

    More Stable

    This release follows our principle that third-point (x.x.X) releases should always be more stable than the preceding version, so for the most part you will not find new features in this release. Major new features will be reserved for second point versions (x.X.x).

    Installation and Upgrade Instructions

    Full details for how to install and upgrade XenForo can be found in the XenForo Manual.


    4share.vn
    1. Hãy đăng nhập hoặc đăng ký để xem được links
    2. Hãy đăng nhập hoặc đăng ký để xem được links
    pass: vnxf.vn

    Fshare.vn
    1. Hãy đăng nhập hoặc đăng ký để xem được links
    2. Hãy đăng nhập hoặc đăng ký để xem được links
    pass: vnxf.vn
     
    Bài viết mới
    XenForo 2.0.4 Released
    XenForo 2.0.4 Released bởi THB, 18/03/2018 lúc 04:43:44
    XenForo 2 2.0.4 - nullxf
    XenForo 2 2.0.4 - nullxf bởi duyhuanh, 17/03/2018 lúc 20:17:39
    f0rest, tpoclub and quick87 like this.
  2. xuantruong1519

    xuantruong1519 Thượng Đế

    Tham gia:
    14/03/2018
    Bài viết:
    3
    Đã được thích:
    1
    Điểm thành tích:
    3
    Giới tính:
    Nam
    Nơi ở:
    thai binh
    thanks
     
    THB thích bài này.
  3. BinSaker

    BinSaker Thượng Đế

    Tham gia:
    21/07/2016
    Bài viết:
    110
    Đã được thích:
    32
    Điểm thành tích:
    28
    Giới tính:
    Nam
    tưởng ra mắt xf2 bõ mặt 1 chứ :D
     
    THB thích bài này.
  4. cuongcongnghe

    cuongcongnghe Thượng Đế

    Tham gia:
    21/03/2018
    Bài viết:
    27
    Đã được thích:
    3
    Điểm thành tích:
    3
    Nơi ở:
    USA
    Bản chuẩn cuối của Xenforo 1 à Admin @THB để em quay về bản 1 chứ bản 2 không cài được Addons :=D
     
  5. BinSaker

    BinSaker Thượng Đế

    Tham gia:
    21/07/2016
    Bài viết:
    110
    Đã được thích:
    32
    Điểm thành tích:
    28
    Giới tính:
    Nam
    Haha. Xen2 khoảng 2 năm sau hã xài
     

Chia sẻ trang này