xF1 Released - XenForo 1.5.10a (Includes Security Fix) - Upgrade Nulled By NulledTeam | NulledTeam UnderGround | The Best Scripts Site In The World
  • Read Our Rules

    Dont forget read our rules Nulled Team UnderGround Rules

  • You may not say thanks or replied bad language in a thread - Your reply will be removed and warning! You must be like us "overview" in the resource. You will be access to download in FREE SECTION ONLY! DO NOT PREMIUM SECTION! Is only upgrade to up account.
  • Please support our site and click on the advertised
  • Complete Installation Service

    Review Our XenForo Complete Installation Service
  • Multiple Accounts

    Dont forget we not allowed Multiple Accounts, so all of your accounts as well as your IP will ban

XenForo 1.5.10a (Includes Security Fix) - Upgrade Nulled By NulledTeam

xF1 Released XenForo 1.5.10a (Includes Security Fix) - Upgrade Nulled By NulledTeam 1.5.10a

No permission to download
Today, we are pleased to release XenForo 1.5.10. This release fixes several bugs and issues that were found since the release of 1.5.9.

Most importantly, this release includes a fix for a security issue that we found during internal testing. The issue is known as a server-side request forgery (SSRF). This could allow an attacker to use your server to bypass your server's firewall and make internal requests. Depending on the services found, this could lead to privilege escalation or remote code execution.

This is a potentially serious issue and we strongly recommend all customers follow one of the below methods to fix this security issue.

If you are running XenForo 1.4, please see the 1.4.13 announcement for a patch. If you are running XenForo 1.3 or older, you must upgrade to the latest 1.4 or 1.5 release to fix this issue.

If you are running XenForo Media Gallery 1.0, you must also follow the instructions in the XFMG 1.0.10 release announcement to fully patch this issue. If you are running XFMG 1.1.0 to 1.1.4, you must upgrade to a newer XFMG release. XFMG 1.1.5+ will be automatically fixed by following one of the steps below.

Method 1: Upgrade to the New Version (Recommended)

You may upgrade to XenForo 1.5.10 (or any subsequent version) to fix this issue. You should upgrade as you would to any other release. See further below in this announcement for more details on this release. If you take this approach, you should not apply the patch below.

Method 2: Install the Patch (for 1.5 Users)

Download the patch zip file attached to the end of this message. It contains 4 files:
  • library/XenForo/BbCode/Formatter/BbCode/AutoLink.php
  • library/XenForo/Helper/Http.php
  • library/XenForo/Helper/Url.php
  • library/XenForo/Model/ImageProxy.php
These 4 files should be uploaded to your server, overwriting the existing files of the same names.

Note that with this method there is no outward indication that the patch has been applied. We recommend upgrading if possible.

Other Changes in 1.5.10

Some of the bugs fixed in 1.5.10 include:
  • Add several language code/locale options for pages.
  • Fix a situation where white space may not be maintained 100% when pasting code/pre-formatted into the rich text editor.
  • Add a 1000 user limit to ignoring to prevent potential errors.
  • Ensure that poll resetting/deleting is logged correctly.
  • Automatically adjust uploaded image extensions to match their type (rather than throwing an error).
  • Change NoCaptcha requests to POST to prevent a possible regular expression failure.
  • Fix an issue with automatic vendor prefixing in the CSS when using @supports.
  • Fix a timezone related issue when displaying stats output.
  • Adjust the meta description of member profiles to handle missing components better.
  • Prevent an error in the phpBB 3.1 importer relating to timezones.

The following templates have had changes:
  • member_view
Where necessary, the merge system within the "Outdated Templates" page should be used to integrate these changes.

Please note that we are now formally recommending that you upgrade to PHP 5.4 or newer. Our intention with XenForo 2.0 is to require PHP 5.4 or newer. If you are running PHP 5.3 or 5.2, you will receive a warning when installing or upgrading XenForo.
Author
AnimeHaxor
Downloads
93
First release
Last update
Rating
5.00 star(s) 1 ratings

More resources from AnimeHaxor

Share this resource

Latest updates

  1. XenForo 1.5.10a Released

    We have identified a regression in 1.5.10 related to pasting content into the rich text editor...

Latest reviews

Works as Advertised (wink)

Dear User!

We found that you are blocking the display of ads on our site.

It looks like you're using an ad blocker. That's okay. Who doesn't?

But without advertising-income, we can't keep making this site awesome.

Thank you for understanding!