此版本进行了许多更改,以提高与PHP 7.3.0的兼容性。然而,在这个时候,我们不建议在生产中使用PHP 7.3.0由于一个错误,可能会导致代码执行错误,可能导致数据丢失。我们相信这个bug将在PHP 7.3.1发布时解决。
XF 1.5.23中的一些更改包括:
以下公共模板已进行更改:
- 改善PHP 7.3的兼容性。
- 修复了不使用预期HTTP版本的cURL请求的问题。
- 记录异常时应用限制以确保不会以静默方式忽略它们。
- 删除自动完成结果中显示的头像URL中的意外HTML编码
- 删除message_user_info中的Person标记,因为有证据表明Google可能对此不满意。(XF2已采用不同的方法。)
- 在IE中,打开表情符号抽屉时禁用第一个幻灯片动画以防止渲染故障。
- 修复Safari cookie管理页面的错误链接。
- member_view
- message_user_info
Some of the changes in XF 1.5.22 include:
- Improve compatibility with MySQL 8.0.
- Improve support for newer TLS versions in emails for PHP versions >= PHP 5.6.
- In the spam cleaner only show email addresses to admin users who have the users permission.
- Use deconstructImages on GIFs (where available) in order to reduce the resulting file size.
- Bypass username validation when renaming a user on delete.
- Ensure registration defaults do not override receive_admin_email settings specified on registration.
- Prevent a redirect loop in some cases when accepting terms/privacy policy when the request originates from those pages.
- Fix missing phrase param on the accept_terms page.
- Fix URL typo in Help controller.
- Ensure the thread redirect key is correctly rebuilt when moving a redirect thread.
The following public templates have had changes:
- accept_terms
- register_form
- spam_cleaner
在我们以前的以GDPR为中心的发布测试版之后,今天我们很高兴地宣布XenForo 1.5.21和XenForo 2.0.7的正式版发布,旨在解决自发布以前版本以来发现的一些问题,调整,以提高您的论坛上的GDPR合规性。
此版本中的更改摘要如下所示:
更多详细信息可以在已解决的错误报告类别中找到。
- 确保服务器端验证隐私政策/条款和规则接受表格(XF1和XF2)
- 确保数据可移植性输出中的某些字段输出已转义(XF1和XF2)
- 一些小的词组调整(XF1和XF2)
- 尝试确保新的cookie通知不会隐藏页脚链接(XF1和XF2)
- 确保数据可移植性功能仅适用于具有“管理用户”权限的管理员(XF1和XF2)
- 如果该geoLocationUrl选项为空,则不再尝试链接用户的位置(XF1和XF2)
- 如果用户的位置链接,确保noreferrer和nofollow值设置(XF1和XF2)
- 实施向管理员发送的电子邮件添加取消订阅链接(XF1)的功能
- 修复选择新的底部修补程序通知类型(XF1)的问题
- 修复无效的CSS(XF1)
- 修复破损的register_twitter模板(XF1)
- 不与GDPR相关,但解决Q&A CAPTCHA问题(XF2)问题
- 使用一致性变量显示帮助页面上的隐私政策和条款及规则URL(XF2)
- 确保在设置自定义网址(XF2)时,默认隐私策略以及条款和规则帮助页面被适当地重定向
- 不要在用户审批队列(XF2)中显示潜在垃圾邮件发送者的受保护更改日志条目(如策略接受日期)
本版本中更改了以下模板:
- account_contact_details(XF1)
- account_privacy(XF1)
- help_index(XF2)
- help_wrapper(XF2)
- helper_account(XF2)
- member_about(XF2)
- member_view(XF1)
- message_macros(XF2)
- message_user_info(XF1)
- public.css(XF1)
- register_twitter(XF1)
As promised, we are today releasing both XenForo 1.5.20 Beta 1 which implements some new functionality to aid compliance with the GDPR.
For a much more detailed overview of what GDPR is and what new features have been added, please read the following thread Upcoming changes for GDPR compliance in XF1 and XF2.
This is beta software. It is not officially supported. We do not recommend running it in production.
A summary of the changes in this release for XF1:
Installation and Upgrade Instructions for XenForo 1.5
- New notice position "Fixed" which fixes notices to the bottom of the page.
- GDPR: New default privacy policy help page
- GDPR: Ability to mark change log entries as "protected" so they will never be pruned
- GDPR: New fields to log the date and time that the privacy policy / terms and rules were last accepted (logged as protected in the user change log)
- GDPR: Now possible to force all members to accept privacy policy / terms and rues before continuing using the site
- GDPR: More detailed cookie notice which has to be explicitly acknowledged. It will appear in the new "Fixed" notice position.
- GDPR: Updated default Cookie help page text.
- GDPR: When deleting a user, give an option to change their name in order to anonymize content they have created.
- GDPR: Functionality to allow very basic personal details to be exported in XML format on one forum and imported into another to comply with data portability.
- GDPR: Require explict consent when registering and only log acceptance if consent was given.
- GDPR: New option to show "Require site email" option to be filled in during registration (with consent date being logged if appropriate).
- GPDR: Add a new option to anonymise IP addresses for Google Analytics.
Full details for how to install and upgrade XenForo can be found in the XenForo Manual.
Note that when upgrading from XenForo 1.x, all add-ons will be disabled and style customizations will not be maintained. New versions of add-ons will need to be installed and customizations will need to be redone. We strongly recommended that you make a backup before attempting an upgrade. Once upgraded, you will not be able to downgrade without restoring from a backup.
XenForo 1.5.18 is now available for all licensed customers to download. This release fixes a number of bugs and issues that were found since the previous release. As this is a maintenance release, the vast majority of the focus was an increase in stability.
Most importantly, this release includes a fix for a security issue that was reported to us by Julien from RCE Security. The issue was not found within XF code itself, but instead a file which we previously included with XF 1.5.x within the Video JS library. The issue is known as an "authentication phishing" exploit which involves posting a specially crafted URL pointed at the Video JS SWF file. This specially crafted URL, when clicked on or embedded in a page, can include another URL which returns a 401 response and display an authentication prompt. This authentication prompt may trick less experienced users into thinking that it is your site which is asking for authentication when in fact the authentication details entered may be submitted to the attacker instead.
To solve this problem we are including a zero-byte file which will overwrite the problematic file.
We recommend that all customers upgrade to the latest version of XF 1.5 or XF 2.0, but if you are unable to do this then you can simply delete the file which resides in the following location: js/videojs/video-js.swf.
As a side note, there is potentially another exploit in some current browser versions which is similar. This involves a URL which points to a resource, such as an image, which returns a 401 response. This is an exploit which is being patched by most browser vendors. It is currently fixed in the latest stable Chrome release, and upcoming versions of Safari and Firefox. If you are concerned by such an exploit, please ensure you inform your users that a) they should be using the latest available version of their preferred browser and b) that login details should only be provided via your site's default login form.
Some of the other changes in this release include:
See the Resolved Bug Reports forum for further information.
- In some cases, a Solve Media CAPTCHA challenge would erroneously pass if the HTML was tampered with (such as via a spam bot).
- Better support for media embeds and user mentions in the IPS Forums 4.x importer.
- Fix for missing likes on import from XF to XF.
- Improve PHP 7.x compatibility in the SMF importer.
- Add rel="canonical" to the quick navigation template to avoid indexing duplicate content.
- Security: Disable use of js/videojs/video-js.swf and remove calling it from the template.
- Recommend users upgrade to PHP 5.6 or above when installing or upgrading.
The following templates have had changes:
Where necessary, the merge system within the "Outdated Templates" page should be used to integrate these changes.
- quick_navigation_menu
- video_js_setup
Please note that we are now formally recommending that you upgrade to PHP 7.2 or newer. XenForo 2.0 requires PHP 5.4 or newer. XenForo 2.1 will require PHP 5.6 or newer. If you are running a version below PHP 5.6, you will receive a warning when installing or upgrading XenForo.
All customers with active licenses may now download the new version from the customer area.
More Stable
This release follows our principle that third-point (x.x.X) releases should always be more stable than the preceding version, so for the most part you will not find new features in this release. Major new features will be reserved for second point versions (x.X.x).
Installation and Upgrade Instructions