Resource icon

Released 2x XenForo Released (Security Fix) 2.1.14 Security Patch

No permission to download

BattleKing

Spirit of darkness
Staff member
Administrator
Moderator
+Lifetime VIP+
S.V.I.P Member
Collaborate
Registered
Joined
May 24, 2020
Messages
3,497
Points
523

Reputation:

BattleKing submitted a new resource:

XenForo 2.1.13 Released (Security Fix) - XenForo 2.1.13 Released (Security Fix)

Today, we are releasing XenForo 2.1.13 to address a potential security vulnerability. We recommend that all customers still running XenForo 2.1 upgrade to 2.1.13 or use the attached patch file as soon as possible.

The issue relates to HTML attribute injection which can be triggered when rendering editor content, such as when a post is edited or quoted.

XenForo extends thanks to security researcher @PaulB, the team at @NamePros and @Xon for reporting the issues.

We...

Read more about this resource...
 

BattleKing

Spirit of darkness
Staff member
Administrator
Moderator
+Lifetime VIP+
S.V.I.P Member
Collaborate
Registered
Joined
May 24, 2020
Messages
3,497
Points
523

Reputation:

BattleKing updated XenForo Released (Security Fix) with a new update entry:

XenForo 2.1.14.

Due to a mistake made during the build process, rolling out the aforementioned fix for the [COLOR] tag, we inadvertently increased the version number to XenForo 2.1.14.
XenForo 2.1.14 now supersedes version 2.1.13 which is no longer available for download.
If you are using XenForo 2.1.13 we recommend upgrading to XenForo 2.1.14 to ensure you have the [COLOR] tag fix. If you already downloaded XenForo 2.1.13 and your admin control panel now lists the version as 2.1.14, you do not need...

Read the rest of this update entry...
 
Top