• We've added extra Spam Protection. if you get problem with account registration / registration rejected. please contact us
Sofia

XenForo 2.0.8 Released (Security Fix) Upgrade

No permission to download
  • Author Sofia
  • Creation date
  • Report Something, if you find anything unusual.
XenForo 2.0.8 to address a potential security vulnerability. We recommend that all customers running XenForo 2.0 upgrade to 2.0.8 or use the attached patch file as soon as possible.

The issue is a XSS vulnerability. XSS (Cross Site Scripting) issues allow scripts and malicious HTML to be injected into the page, potentially allowing data theft or unauthenticated access.

Specifically, the issue relates to specially crafted text entered into messages and output using the structured text system (used in profile posts and comments).

Thank you to @batpool52! for identifying the issue and reporting it to us.

There are no other fixes included in this version. There will be a further maintenance release in the coming weeks.

Applying a Fix: Upgrading

You may upgrade to 2.0.8 to fix this issue. You should upgrade as you would to any other release.

Applying a Fix: Patching

Alternatively, this issue can be fixed by applying the patch in the attached file. You should simply overwrite the following file with the version attached to this message:
  • src/XF/Str/Formatter.php
The file can be found at the same path within the attachment.
Author
Sofia
Downloads
1
Views
38
First release
Last update
Rating
4.00 star(s) 1 ratings

More resources from Sofia

Resource Tags

  • Tags
    xenforo 2.0.8 released
  • Top

    AdBlock Detected

    We get it, advertisements are annoying!

    Sure, ad-blocking software does a great job at blocking ads, but it also blocks useful features of our website. For the best site experience please disable your AdBlocker.

    I've Disabled AdBlock