In addition to the usual array of fixes and improvements to XenForo 1.5, we have also released XenForo Media Gallery 1.1.17 and XenForo Resource Manager 1.2.5.

Significantly, these three releases solve a potential "authentication phishing" exploit inside the SWFUpload library that was reported to us by Julien from RCE Security. Most browsers either no longer have Flash by default, or mitigate this issue sufficiently, therefore the issue is fairly low risk. However, as a precaution, it is recommended to upgrade.

By upgrading you will be entirely removing SWFUpload from your XF installation. You may remember that over a year ago we released XenForo 1.5.12 to introduce a new HTML 5 uploader. This may have required add-on developers to update their code to support the new uploader, otherwise SWFUpload would have continued to be used for file uploads in that add-on. In the event that you have add-ons installed which were not updated to use the new uploader, as of this release, these add-ons will no longer support multiple file uploads and instead will only support uploading a single file at a time.

XenForo Resource Manager 1.2.4 is a maintenance release for our resource manager add-on. We recommend all customers running XenForo Resource Manager 1.2 upgrade to this release to benefit from increased stability and compatibility with the latest XenForo release.

This release fixes several issues:

• Changes to support the new HTML5 uploader in XenForo 1.5.12.
• Fix ignored users still receiving alerts when mentioned in a resource update or if a resource was posted/updated by an ignored user while watched.
• Fix a specific situation where an option to delete an author's review response would appear incorrectly (display issue only; the response could not be removed).
• Add a placeholder username if a review was left by a since deleted account.
• Do not apply force enabled download permissions for your own resource when the resource was posted by a since deleted account.
• When selecting a category to add a resource to, do not let the chooser be submitted until the user selects a valid category.
• Fix unexpected model instantiation in the category watch data writer.

The following templates have had changes:

• file_uploader
• resource_choose_category
• resource_review

Where necessary, the merge system within the "Outdated Templates" page should be used to integrate these changes.

XenForo Resource Manager 1.2 requires XenForo 1.5.0 or later.

XenForo Resource Manager 1.2.3 is a maintenance release for our resource manager add-on. We recommend all customers running XenForo Resource Manager 1.2 upgrade to 1.2.3 to benefit from increased stability.

This release fixes several bugs that were reported following the release of XenForo Resource Manager 1.2.2:

• Fix an issue where clicking the "Updated Resource File" label focuses the wrong input while adding a new version.
• Fix for an 'Undefined index error' in XenResource_Listener_Proxy_ControllerFindNew
• Implement URL canonicalization for the Resource Author view.
• Merge the resource_count field in the xf_user table when merging users.
• Replaced the now unsupported ReviewAggregate data-vocabulary.org structured data with schema.org for resource reviews.
• Fix issues that may have prevented deleting resources by deleted users.

For the full list of bug fixes, see the Resolved Resource Manager Bugs forum.

The following templates have had changes:

• resource_version_add
• resource_view

Where necessary, the merge system within the "Outdated Templates" page should be used to integrate these changes.

XenForo Resource Manager 1.2 requires XenForo 1.5.0 or later.

Updated