In addition to the usual array of fixes and improvements to XenForo 1.5, we have also released XenForo Media Gallery 1.1.17 and XenForo Resource Manager 1.2.5.
Significantly, these three releases solve a potential "authentication phishing" exploit inside the SWFUpload library that was reported to us by Julien from RCE Security. Most browsers either no longer have Flash by default, or mitigate this issue sufficiently, therefore the issue is fairly low risk. However, as a precaution, it is recommended to upgrade.
By upgrading you will be entirely removing SWFUpload from your XF installation. You may remember that over a year ago we released XenForo 1.5.12 to introduce a new HTML 5 uploader. This may have required add-on developers to update their code to support the new uploader, otherwise SWFUpload would have continued to be used for file uploads in that add-on. In the event that you have add-ons installed which were not updated to use the new uploader, as of this release, these add-ons will no longer support multiple file uploads and instead will only support uploading a single file at a time.
Some of the other changes in this release include:
- Remove swfupload support.
- Ensure the _xfToken value is retrieved from the request as a string.
- Remove the supposedly invalid "gender" property from the member view structured data.
- No longer import a few social media identities from PHPBB due to reports of those fields no longer existing (and they no longer exist in XF2 anyway).
- Ensure overlays are not de-cached too early when animations are disabled.
- Resolve an issue which could strangely modify the message text when using select-to-quote.
The following templates have had changes:
Please note that we are now formally recommending that you upgrade to PHP 7.2 or newer. XenForo 2.0 requires PHP 5.4 or newer. XenForo 2.1 will require PHP 5.6 or newer. If you are running a version below PHP 5.6, you will receive a warning when installing or upgrading XenForo.
This release follows our principle that third-point (x.x.X) releases should always be more stable than the preceding version, so for the most part you will not find new features in this release. Major new features will be reserved for second point versions (x.X.x).