IPS IPS Community Suite 4.7.16 Nulled

Released 08/07/2017
We are well into development on IPS Community Suite 4.2.2 and are excited to start announcing all the new features and improvements.
Our next big release is focused on engagement with your members. You will see enhancements to our Reputation system, new ways to encourage people to register on your community, and enhancements to existing features to make them more interactive. There are also entirely new capabilities we cannot wait to show you ranging from new ways to organize content to tools to help promote your community.
Version 4.2.2 also features a refreshed AdminCP and default front-end design. Theme changes in 4.2.2 are mostly in the CSS framework so your existing themes will either work without issue or require minor changes to work in the new version.
Over the next several weeks we will be posting news entries with previews of upcoming features fairly often. Be sure to follow our News section, our Facebook, or Twitter to stay up to date.
We expect IPS Community Suite 4.2.2 to be out in mid-2017 with a public preview available sooner.
Everyone at IPS has worked very hard on this update and we think you will love it!

4.2.2 is a maintenance release that fixes issues identified in 4.2.1 and:

A new extraction process to make auto-upgrades more robust
The upgrade system will do a check of all files to ensure they are up to date before proceeding

Fixes upgrade issues in some server configurations (already silently patched).
Fixes some AdminCP settings showing the wrong value selected, especially in Spam Service settings/
Fixes an error when trying to split a topic.
Fixes missing images when setting up Google Authenticator, and an issue which may setup to fail.
Fixes broken links on the new Two-Factor Authentication setup page.
Fixes missing language string in AdminCP Dashboard warning when site is offline and in image sharer settings.
Fixes errors for some communities that have previously converted from other software.
Fixes an issue with grid layout on some pages.

We are well into development on IPS Community Suite 4.2 and are excited to start announcing all the new features and improvements.
Our next big release is focused on engagement with your members. You will see enhancements to our Reputation system, new ways to encourage people to register on your community, and enhancements to existing features to make them more interactive. There are also entirely new capabilities we cannot wait to show you ranging from new ways to organize content to tools to help promote your community.
Version 4.2 also features a refreshed AdminCP and default front-end design. Theme changes in 4.2 are mostly in the CSS framework so your existing themes will either work without issue or require minor changes to work in the new version.
Over the next several weeks we will be posting news entries with previews of upcoming features fairly often. Be sure to follow our News section, our Facebook, or Twitter to stay up to date.
We expect IPS Community Suite 4.2 to be out in mid-2017 with a public preview available sooner.
Everyone at IPS has worked very hard on this update and we think you will love it!

This is a security release and we recommend all clients upgrade as soon as possible.
We know security updates can be distracting but we take security very seriously and do not want to delay getting you the latest enhancements. As we continue to audit security hardening, we will do these focused update releases.
This release addresses two possible XSS scenarios.

This is a maintenance release to fix minor issues. As we prepare our 4.2 release we will continue to provide small maintenance updates to 4.1.

This is a maintenance release to fix minor issues. As we prepare our 4.2 release we will continue to provide small maintenance updates to 4.1.

Updated

This is a maintenance release to resolve the following issues:

• Permission matrix can show incorrect permissions when using the Member > Group permission tool.
• Using Authorize.Net Payment Gateway may result in an error.
• A logged in member without a valid timezone set will trigger exceptions any time another members age is checked.
• Where the upgrader can result in a fatal error due to an invalid class stored for a Pages record comment.
• An upgrade error where reports are loaded for Pages databases that no longer exist.
• Orphaned comments trigger an exception when search index is rebuilding.
• An exception can occur continued upgrades: DateTime::setTimestamp() expects parameter 1 to be long, object given.
• Recursion can occur if the core_log table doesn't exist yet (as happens during auto upgrade).
• An issue where importing a theme can break CSS.
• MySQL strict mode upgrade to 4.1.12 can fail.
• Installing a new plugin via theACPcan fail.

As part of our ongoing internal security audit, this release also improves security in the following areas:

• Possible XSS in the "hovercard" system.
• Further hardening to the insecure file upload code.

This is a small maintenance release to fix a few issues reported in 4.1.10. In addition to bug fixes and performance improvements, it includes following new/changed features:

• Integration with SparkPost replaces Mandrill for optional email service as Mandrill is stopping their current service toward the end of April.
• Questions in Question and Answer forums can now be sorted by most votes.
• The "All Activity" activity stream now has an RSS feed.
• The filter bar at the top of the activity stream no longer sticks to the stop of the screen when scrolling.
• If you receive a browser notification your notification menu will now reload to get the latest notification.
• More consistent visual feedback when a post submit or edit is processing to reduce duplicates.
• Sidebar widgets now how rounded corners to match rest of Suite.
• Recaptcha style is now a per-theme setting.
• You can now set which theme should be the default for the AdminCP separate to which should be the default for the front-end.

Important Note
This is the last release that will support PHP 5.4 as it is end of life and no longer supported by PHP.
Please also note that PHP 5.5 goes full end of life in July 2016 so you should look into upgrading if your web host is using outdated versions. We will not immediately stop supporting PHP 5.5 in July but it may follow soon after.
Additional Information

Important Fixes
In addition to many smaller bug fixes and performance improvements, the following important fixes are included:

• Guests were able to create streams.
• Logging into the AdminCP using Microsoft Sign In wasn't working.
• Pas were missing from the report center.
• In some circumstances, "0" would be removed from post content.
• MySQL 5.7 could throw an error when trying to clear out sessions.
• A recent Chrome update caused ACP search results to not display.
• Replying to support requests on an iPad wasn't working in some circumstances.

Security Fixes
We are engaging in a third-party security audit of IPS Community Suite so you can expect the next few releases to contain a lot of security hardening. Many of these issues are not critical but we do still want to get the updates to you. This release includes fixes for several security issues:

1. Several CSRF vulnerabilities - most importantly on the process for associating OAuth sign-ins (Facebook, Twitter, etc.) with an account, meaning a malicious user could associate their own OAuth sign-in with another user's account.
2. A session-hijacking vulnerability where after a login key is reset (such as after a password) since a new key is not immediately generated, the account was vulnerable to hijacking until they sign in again.
3. A bug which meant the names of forums or other nodes a user did not have permission to access may have been exposed by accessing a particular URL.
4. Several XSS vulnerabilities meaning if a malicious user could convince another user to perform particular steps, limited arbitrary JavaScript could be executed.
5. A vulnerability where if using the "Download Member List" feature and opening the file with certain applications, malicious user data could cause expressions to be evaluated.

And several security improvements:

1. Any existing sessions for a member are now cleared if they change their password, meaning users signed in on multiple devices will need to sign in again after a password change.
2. A more secure hash generation algorithm is now used for login keys.

Information for 3rd party developers

• ModCpMemberManagement can now return NULL to not display the tab.
• CKEditor has been updated to 4.5.8.

This is a maintenance release to fix reported issues.
Please note that in this release we have updated the copyright data in many source files. This means that if you are upgrading through the Admin CP the update will take slightly longer to download and extract than normal.
Additional Information
In addition to general bug fixes and performance improvements:
E_STRICT errors are now ignored.
Improvements to Easy Mode theme editing allowing navigation colours to be adjusted.
Added a setting to control if users creating an account as part of Commerce checkout should validate.
Minor UI improvements to AdminCP support request view in Commerce.
Updated the copyright data in source file headers.

A cross-site-scripting (XSS) issue was discovered related to image notes in Gallery and was patched in this release. We would like to thank newbie_LAC for responsibly reporting this issue to us.