XenForo 1.4.8 (Includes Security Fix) - Nulled By NulledTeam

xF1 Released XenForo 1.4.8 (Includes Security Fix) - Nulled By NulledTeam 1.4.8 Nulled

No permission to download
Today, we are releasing XenForo 1.4.8. This release addresses two potential security vulnerabilities and fixes a number of bugs found since the release of 1.4.7. We recommend that all customers running XenForo 1.4 upgrade to 1.4.8 or use the attached patch file as soon as possible.

The two security issues are XSS vulnerabilities. XSS (Cross Site Scripting) issues allow scripts and malicious HTML to be injected into the page, potentially allowing data theft or unauthenticated access.
  • In the notices system, the name token was not escaped as expected. This could allow specially crafted requests to trigger an XSS for guests (or for a registered user to trigger an XSS on themselves).
  • In the filter list system in the admin control panel, dynamic highlighting when filtering did not escape output properly, potentially triggering an XSS against the user viewing the page.
Thanks to Diego Palacios for reporting these two issues.

In addition, some of the bugs fixed in 1.4.8 include:
  • Improved performance in the rich text editor.
  • Fixed trophies not being awarded at session creation as expected.
  • Fix certain cases where the image proxy would unexpectedly fail to detect a valid image.
  • Support downloading attachments with UTF-8 file names in IE.
  • Ensure a more correct following count is shown when viewing a member's profile in some cases.
  • Throw an error when sending a warning and only one of the conversation title or message box has been completed.
  • Fix an incorrect permission check over viewing the moderator actions taken against a thread.
  • Fix incorrect logic relating to the DNSBL cache used at registration.
  • Prune drafts hourly rather than daily.
  • Fix a situation where the spam cleaner would not remove replies by a spammer to their own thread.
  • Ensure that there is no default text decoration on <abbr> tags in Firefox.
  • Use a new "simple" BB code formatter when creating snippets for RSS feeds to prevent unexpected code from running.
  • Update the bundled version of jQuery Migrate to 1.2.1.
  • Copying from the template preview in template modifications did not maintain line breaks in Firefox.
  • Fix an issue importing older attachments from SMF.
  • Fix an issue where the vBulletin importer could infinitely loop.
See the Resolved Bug Reports forum for further information.

The following template has had changes:
  • xenforo_reset.css
Where necessary, the merge system within the "Outdated Templates" page should be used to integrate these changes
Author
Admin
Size
5.1 MB
Extension
rar
Downloads
86
Views
3,081
First release
Last update

More resources from Admin

Similar resources

XenForo 1.5.10a (Includes Security Fix) - Upgrade Nulled By NulledTeam AnimeHaxor
XenForo 1.5.10a (Includes Security Fix) - Upgrade Nulled By NulledTeam
XenForo 1.5.18 - Includes Security Fix - Full Nulled By NulledTeam AnimeHaxor
XenForo 1.5.18 - Includes Security Fix - Full Nulled By NulledTeam
XenForo 1.5.18 - Includes Security Fix - Upgrade Nulled By NulledTeam AnimeHaxor
XenForo 1.5.18 - Includes Security Fix - Upgrade Nulled By NulledTeam
729Threads
2,275Messages
61,816Members
nethelperLatest member
Back