XenForo 1.5.2 (Security Fix) - Nulled By NulledTeam

xF1 Released XenForo 1.5.2 (Security Fix) - Nulled By NulledTeam 1.5.2 Nulled

No permission to download
Today, we are pleased to release XenForo 1.5.2. This release fixes a number of bugs and issues that were found since the release of 1.5.1.

Importantly, this release includes a fix for a potential security issue discovered by
Miguel Ángel Jimeno

(
@migueljimeno96

). The issue employs a tactic known as "reverse tabnabbing" in which a link that opens in a new tab contains code that can redirect the original tab to another URL, which could be used as a phishing attempt.
We strongly recommend all customers follow one of the below methods to fix this security issue.

Method 1: Upgrade to the New Version

You may upgrade to XenForo 1.5.2 to fix this issue. You should upgrade as you would to any other release. See further below in this announcement for more details on this release.

Method 2: Install the Patch (for 1.5 Users)

Download the patch zip file attached to the end of this message. It contains 2 files:
  • js/xenforo/xenforo.js
  • js/xenforo/full/xenforo.js
These 2 files should be uploaded to your server, overwriting the existing files of the same names.

Note that with this method there is no outward indication that the patch has been applied. We recommend upgrading if possible.

Other Changes in 1.5.2

In addition to smaller bug fixes, 1.5.2 changes how the link proxy system works. It will no longer attempt to manipulate the URL of the target before it is clicked, instead using a background ajax request to log the click when it happens. This improves accuracy with logging, including successfully logging details that previously weren't logged, and reduces interference with systems that change URLs dynamically (such as inserting affiliate links). However, this may cause add-ons that manipulate the link proxy (such as to show intersitial pages) to no longer function. They will need to be updated to use their own technique for this.

Some of the bugs fixed in 1.5.2 include:
  • Add a "quiet zone" to the QR code shown when enabling two-step verification via an app.
  • Ensure that spam checking is run when editing a thread title.
  • Do not autolink across "[" to prevent problems when a URL is surrounded by something that looks like a BB code.
  • In PHP 5.4+, decode HTML5 entities when converting links to page titles.
  • Ensure that report threads are created even if the content would exceed the maximum message length.
  • Correctly identify a few additional patterns as bounced emails or challenge requests.
  • When sending messages (via conversations) to users, do the autolinking only at the beginning to avoid making unnecessary page title resolution requests.
  • Change the IPv6 information URL to a different, more complete service.
  • Add indication to various administrative user actions to make it clearer when an action has been taken.
See the
Resolved Bug Reports

forum for further information.

The following templates have had changes:
  • two_step_totp
  • xenforo.css
Where necessary, the merge system within the "Outdated Templates" page should be used to integrate these changes.

Please note that we are now formally recommending that you upgrade to PHP 5.4 or newer. Our intention with XenForo 2.0 is to require PHP 5.4 or newer. If you are running PHP 5.3 or 5.2, you will receive a warning when installing or upgrading XenForo.

All customers with active licenses may now download the new version from the customer area.


More Stable

This release follows our principle that third-point (x.x.X) releases should
always

be more stable than the preceding version, so for the most part you will not find new features in this release. Major new features will be reserved for second point versions (x.X.x).

Installation and Upgrade Instructions

Full details for how to
install

and
upgrade

XenForo can be found in the
XenForo Manual

.
Author
Admin
Size
5.9 MB
Extension
zip
Downloads
138
Views
3,183
First release
Last update

More resources from Admin

Latest reviews

D
  • Deleted member
  • 5.00 star(s)
  • Version: 1.5.2
awesome works great

Similar resources

XenForo 1.4.10 (Security Fix) - Nulled By NulledTeam Admin
XenForo 1.4.10 (Security Fix) - Nulled By NulledTeam
XenForo 1.4.8 (Includes Security Fix) - Nulled By NulledTeam Admin
XenForo 1.4.8 (Includes Security Fix) - Nulled By NulledTeam
XenForo 1.5.10a (Includes Security Fix) - Upgrade Nulled By NulledTeam AnimeHaxor
XenForo 1.5.10a (Includes Security Fix) - Upgrade Nulled By NulledTeam
XenForo 1.5.18 - Includes Security Fix - Full Nulled By NulledTeam AnimeHaxor
XenForo 1.5.18 - Includes Security Fix - Full Nulled By NulledTeam
XenForo 1.5.18 - Includes Security Fix - Upgrade Nulled By NulledTeam AnimeHaxor
XenForo 1.5.18 - Includes Security Fix - Upgrade Nulled By NulledTeam
731Threads
2,285Messages
63,695Members
thomasLatest member
Back