xF1 Released - XenForo 1.5.2 (Security Fix) - Nulled By NulledTeam | NulledTeam UnderGround | The Best Scripts Site In The World
  • Read Our Rules

    Dont forget read our rules Nulled Team UnderGround Rules

  • You may not say thanks or replied bad language in a thread - Your reply will be removed and warning! You must be like us "overview" in the resource. You will be access to download in FREE SECTION ONLY! DO NOT PREMIUM SECTION! Is only upgrade to up account.
  • Please support our site and click on the advertised
  • Complete Installation Service

    Review Our XenForo Complete Installation Service
  • Multiple Accounts

    Dont forget we not allowed Multiple Accounts, so all of your accounts as well as your IP will ban

XenForo 1.5.2 (Security Fix) - Nulled By NulledTeam

xF1 Released XenForo 1.5.2 (Security Fix) - Nulled By NulledTeam 1.5.2

No permission to download
Today, we are pleased to release XenForo 1.5.2. This release fixes a number of bugs and issues that were found since the release of 1.5.1.

Importantly, this release includes a fix for a potential security issue discovered by
Miguel Ángel Jimeno

(
@migueljimeno96

). The issue employs a tactic known as "reverse tabnabbing" in which a link that opens in a new tab contains code that can redirect the original tab to another URL, which could be used as a phishing attempt.
We strongly recommend all customers follow one of the below methods to fix this security issue.

Method 1: Upgrade to the New Version

You may upgrade to XenForo 1.5.2 to fix this issue. You should upgrade as you would to any other release. See further below in this announcement for more details on this release.

Method 2: Install the Patch (for 1.5 Users)

Download the patch zip file attached to the end of this message. It contains 2 files:
  • js/xenforo/xenforo.js
  • js/xenforo/full/xenforo.js
These 2 files should be uploaded to your server, overwriting the existing files of the same names.

Note that with this method there is no outward indication that the patch has been applied. We recommend upgrading if possible.

Other Changes in 1.5.2

In addition to smaller bug fixes, 1.5.2 changes how the link proxy system works. It will no longer attempt to manipulate the URL of the target before it is clicked, instead using a background ajax request to log the click when it happens. This improves accuracy with logging, including successfully logging details that previously weren't logged, and reduces interference with systems that change URLs dynamically (such as inserting affiliate links). However, this may cause add-ons that manipulate the link proxy (such as to show intersitial pages) to no longer function. They will need to be updated to use their own technique for this.

Some of the bugs fixed in 1.5.2 include:
  • Add a "quiet zone" to the QR code shown when enabling two-step verification via an app.
  • Ensure that spam checking is run when editing a thread title.
  • Do not autolink across "[" to prevent problems when a URL is surrounded by something that looks like a BB code.
  • In PHP 5.4+, decode HTML5 entities when converting links to page titles.
  • Ensure that report threads are created even if the content would exceed the maximum message length.
  • Correctly identify a few additional patterns as bounced emails or challenge requests.
  • When sending messages (via conversations) to users, do the autolinking only at the beginning to avoid making unnecessary page title resolution requests.
  • Change the IPv6 information URL to a different, more complete service.
  • Add indication to various administrative user actions to make it clearer when an action has been taken.
See the
Resolved Bug Reports

forum for further information.

The following templates have had changes:
  • two_step_totp
  • xenforo.css
Where necessary, the merge system within the "Outdated Templates" page should be used to integrate these changes.

Please note that we are now formally recommending that you upgrade to PHP 5.4 or newer. Our intention with XenForo 2.0 is to require PHP 5.4 or newer. If you are running PHP 5.3 or 5.2, you will receive a warning when installing or upgrading XenForo.

All customers with active licenses may now download the new version from the customer area.


More Stable

This release follows our principle that third-point (x.x.X) releases should
always

be more stable than the preceding version, so for the most part you will not find new features in this release. Major new features will be reserved for second point versions (x.X.x).

Installation and Upgrade Instructions

Full details for how to
install

and
upgrade

XenForo can be found in the
XenForo Manual

.
Author
Admin
Downloads
130
First release
Last update
Rating
5.00 star(s) 1 ratings

More resources from Admin

Share this resource

Latest reviews

awesome works great

Dear User!

We found that you are blocking the display of ads on our site.

It looks like you're using an ad blocker. That's okay. Who doesn't?

But without advertising-income, we can't keep making this site awesome.

Thank you for understanding!