Most importantly, this release fixes two potential security vulnerabilities in XenForo.
The issues are XSS vulnerabilities. XSS (Cross Site Scripting) issues allow scripts and malicious HTML to be injected into the page, potentially allowing data theft or unauthenticated access.
XenForo extends thanks to security researcher
for reporting the issues.
We recommend doing a full upgrade to resolve the issues, but a patch can be applied manually. See below for further details.
Applying a patch manually
Download the
file attached to this message. It will contain the following file:
Note: If you decide to patch the files instead of doing a full upgrade, your "File health check" will report these three files as having "Unexpected contents". Because these files no longer contain the same contents your version of XF was shipped with, this is expected and can be safely ignored.
Скачать -
The issues are XSS vulnerabilities. XSS (Cross Site Scripting) issues allow scripts and malicious HTML to be injected into the page, potentially allowing data theft or unauthenticated access.
XenForo extends thanks to security researcher
У вас нет разрешения на просмотр ссылки, пожалуйста Вход или Регистрация
We recommend doing a full upgrade to resolve the issues, but a patch can be applied manually. See below for further details.
Applying a patch manually
Download the
У вас нет разрешения на просмотр ссылки, пожалуйста Вход или Регистрация
- src/XF/BbCode/Renderer/Html.php
Note: If you decide to patch the files instead of doing a full upgrade, your "File health check" will report these three files as having "Unexpected contents". Because these files no longer contain the same contents your version of XF was shipped with, this is expected and can be safely ignored.
Скачать -
Для просмотра скрытого содержимого вы должны войти или зарегистрироваться.