Update! Website updated to 1.4.8

Status
Not open for further replies.

Barney

Management
Joined
Apr 11, 2013
Messages
10,645
Reaction score
7,041
Level
2
Awards
5

Today, we are upgrading to XenForo 1.4.8. This release addresses two potential security vulnerabilities and fixes a number of bugs found since the release of 1.4.7.

The two security issues are XSS vulnerabilities. XSS (Cross Site Scripting) issues allow scripts and malicious HTML to be injected into the page, potentially allowing data theft or unauthenticated access. In the notices system, the name token was not escaped as expected. This could allow specially crafted requests to trigger an XSS for guests (or for a registered user to trigger an XSS on themselves). In the filter list system in the admin control panel, dynamic highlighting when filtering did not escape output properly, potentially triggering an XSS against the user viewing the page.

In addition, some of the bugs fixed in 1.4.8 include:
  • Improved performance in the rich text editor.
  • Fixed trophies not being awarded at session creation as expected.
  • Fix certain cases where the image proxy would unexpectedly fail to detect a valid image.
  • Support downloading attachments with UTF-8 file names in IE.
  • Ensure a more correct following count is shown when viewing a member's profile in some cases.
  • Throw an error when sending a warning and only one of the conversation title or message box has been completed.
  • Fix an incorrect permission check over viewing the moderator actions taken against a thread.
  • Fix incorrect logic relating to the DNSBL cache used at registration.
  • Prune drafts hourly rather than daily.
  • Fix a situation where the spam cleaner would not remove replies by a spammer to their own thread.
  • Ensure that there is no default text decoration on <abbr> tags in Firefox.
  • Use a new "simple" BB code formatter when creating snippets for RSS feeds to prevent unexpected code from running.
  • Update the bundled version of jQuery Migrate to 1.2.1.
  • Copying from the template preview in template modifications did not maintain line breaks in Firefox.
  • Fix an issue importing older attachments from SMF.
  • Fix an issue where the vBulletin importer could infinitely loop.
 
Last edited:
  • Like
Reactions: 8 people

Lui

Lusty Soul
Head Administrator
Joined
Apr 30, 2014
Messages
7,180
Reaction score
2,008
Level
1
Awards
3
Second fok Ye
 
Joined
May 23, 2014
Messages
976
Reaction score
380
Great, now we're waiting for sync!!!!!!!!!!!!!!!!!!!!
 
Joined
Sep 15, 2013
Messages
2,729
Reaction score
1,702
After moving a thread, I had to refresh the page multiple times to see that I moved it correctly.

Is that fixed now?
 
  • Like
Reactions: 5 people

Madrazo

Good Fella
Joined
Jun 15, 2015
Messages
200
Reaction score
26
participate happy, but I am hit by disappointment :brb::brb::brb:
 

bxni

Buster
Joined
Feb 2, 2015
Messages
425
Reaction score
254
Nice nice nice nice.

Next is Sync :3
 
Status
Not open for further replies.