กรุณาปิด โปรแกรมบล๊อกโฆษณา เพราะเราอยู่ได้ด้วยโฆษณาที่ท่านเห็น
Please close the adblock program. Because we can live with the ads you see


thxf.org

news XenForo 2.0.9 Released (Security Fix)

No, you're not imagining it - we are doing another release, just a day after the release of 2.0.8.

XenForo 2.0.9 fixes a flaw that could potentially be exploited to create a cross-site scripting vulnerability. We recommend that all customers running XenForo 2.0 upgrade to 2.0.9 or use the attached patch file as soon as possible. Note that if you are applying the patch rather than doing a full upgrade to 2.0.9, you will need to apply the 2.0.8 patch too.

XenForo extends thanks to Thomas Schneider for identifying the issue.

The issue is a XSS vulnerability. XSS (Cross Site Scripting) issues allow scripts and malicious HTML to be injected into the page, potentially allowing data theft or unauthenticated access.

Applying a Fix: Upgrading
You may upgrade to 2.0.9 to fix this issue. You should upgrade as you would to any other release.

Customers with an active license may download 2.0.9 from their customer area. Full details for how to install and upgrade XenForo can be found in the XenForo Manual.

Applying a Fix: Patching
Alternatively, this issue can be fixed by applying the patch in the attached file. You should simply overwrite the following file with the version attached to this message:
  • src/XF/Template/Templater.php
The file can be found at the same path within the attachment.
 

Attachments



Similar threads

  • Article Article
Today, we are releasing XenForo 2.2.17 to address a potential security vulnerability. We recommend that all customers running XenForo 2.2 upgrade to 2.2.17 or use the patch instructions below as...
Replies
0
Views
627
thxf.org 
  • Article Article
XenForo 2.3.5 is now available for all licensed customers to download. We strongly recommend that all customers running previous versions of XenForo 2.3 upgrade to this release to benefit from...
Replies
0
Views
312
thxf.org 
  • Article Article
Security Fix Today we are advising all customers running XenForo that a potential security vulnerability has been identified. All affected customers should either upgrade to XenForo 2.1.15 or...
Replies
1
Views
423
thxf.org 
  • Article Article
Security Fix Today we are advising all customers running XenForo that a potential security vulnerability has been identified. All affected customers running XenForo 2.3.0 should upgrade to XenForo...
Replies
0
Views
289
thxf.org 
  • Article Article
XenForo 2.3.6 is now available for all licensed customers to download. We strongly recommend that all customers running previous versions of XenForo 2.3 upgrade to this release to benefit from...
Replies
0
Views
925
thxf.org 

กรุณาปิด โปรแกรมบล๊อกโฆษณา เพราะเราอยู่ได้ด้วยโฆษณาที่ท่านเห็น
Please close the adblock program. Because we can live with the ads you see
Back
Top Bottom