กรุณาปิด โปรแกรมบล๊อกโฆษณา เพราะเราอยู่ได้ด้วยโฆษณาที่ท่านเห็น
Please close the adblock program. Because we can live with the ads you see


thxf.org

news XenForo Security Releases: 1.2.7 - 1.3.6 and 1.4.1 (Includes Patch)

A cross site request forgery (CSRF) issue has been identified in the SWFUpload library that XenForo uses. This issue may allow an attacker to make requests and carry out actions as you or one of your members.

This issue affects all versions of XenForo available prior to this announcement. We recommend all customers take steps to apply a fix as soon as possible. If you have any questions about applying a fix, please post in the appropriate forum or submit a ticket.

Applying a Fix: Upgrading
XenForo versions 1.2.7, 1.3.6 and 1.4.1 include a fix for this issue. To apply the fix, you may upgrade in the standard way to the appropriate version:
  • Customers running 1.2 or earlier should upgrade to 1.2.7, 1.3.6 or 1.4.1.
  • Customers running 1.3 should upgrade to 1.3.6 or 1.4.1.
  • Customers running 1.4 should upgrade to 1.4.1.
Customers with an active license may download these versions from their customer area. Full details for how to install and upgrade XenForo can be found in the XenForo Manual.

Applying a Fix: Patching
Alternatively, this issue can be fixed by applying the patch in the attached file. You should simply overwrite the existing js/swfupload/Flash/swfupload.swffile with the version attached to this message. The file can be found at the same path within the attachment.
 

Attachments



Similar threads

  • Article Article
Security Fix Today we are advising all customers running XenForo that a potential security vulnerability has been identified. All affected customers should either upgrade to XenForo 2.1.15 or...
Replies
1
Views
422
thxf.org 
  • Article Article
XenForo 2.2.1 is now available for all licensed customers to download. We strongly recommend that all customers running previous versions of XenForo 2.2 upgrade to this release to benefit from...
Replies
0
Views
2K
thxf.org 
  • Article Article
Today, we are releasing XenForo 2.1.9 and XenForo 2.0.13 to address a potential security vulnerability that may affect any customer who makes use of our PayPal payment handler. As well as user...
Replies
1
Views
2K
thxf.org 
  • Article Article
XenForo 2.1.7 is now available for all licensed customers to download. We recommend that all customers running previous versions of XenForo 2.1 upgrade to this release to benefit from increased...
Replies
0
Views
1K
thxf.org 
  • Article Article
XenForo 1.5.18 is now available for all licensed customers to download. This release fixes a number of bugs and issues that were found since the previous release. As this is a maintenance release...
Replies
0
Views
3K
thxf.org 

กรุณาปิด โปรแกรมบล๊อกโฆษณา เพราะเราอยู่ได้ด้วยโฆษณาที่ท่านเห็น
Please close the adblock program. Because we can live with the ads you see
Back
Top Bottom