Mark

4.2.4 is a maintenance release that fixes issues identified in 4.2.3.

4.2.3 is a maintenance release that fixes issues identified in 4.2.2. Please note if you use https in the AdminCP, but not on the front-end, the auto-upgrade process may not work correctly. You should download this update from the client area and upgrade manually.

Version 4.2 is the next large release for Invision Community! We are very excited to introduce all the new features and improvements. Full information on 4.2.0 ... 4.2.1 is a maintenance release to fix minor issues.

All payment methods which support accepting credit card details directly (Stripe, and PayPal when in card mode) allow users to store their card details on file. This offers a number of benefits: When checking out in the future, the user will not have to enter their card details again. If the user purchases something with a renewal charge, that payment will be taken automatically when it is due. This can happen even if the renewal fee changes (for example, the user upgrades their package). Administrators can manually charge an invoice to a stored card. PayPal (in the mode which redirects the user to the PayPal site rather than accepts card payments directly) handles recurring payments differently, using Billing Agreements. With Billing Agreements, rather then your community contacting the payment method when payment is due, PayPal saves the details of the recurring payment on it's end and charges the user automatically. This has some significant downsides: Purchases which are tied to a Billing Agreement cannot be edited in any way. The customer cannot upgrade them, and administrators cannot change the expiry date or renewal terms. To make any changes, the Billing Agreement has to be cancelled, and then the user can create a new Billing Agreement the next time their renewal is due. Because PayPal takes the payments in batches, it will not come exactly when it is expected, and if there is an issue with the payment (for example, the user's card details on their PayPal account are out of date) it may take payment significantly later than the purchase's expiry date and the customer having access to the purchase for longer than they should. If a customer buys two items at the same time which have different renewal terms (for example one renews every month and the other renews every year) a Billing Agreement cannot be created at all. There is no benefit provided to subsequent unrelated purchases. The user will have to create a new Billing Agreement for each purchase. Because of these limitations, we strongly recommend using a payment method which supports storing card details for recurring payments. Learn more about the payment methods Commerce supports

Fixes a security issue related to importing profile photos from URL.

This entry is about our IPS Community Suite 4.2 release Top Members For 4.2 we made some improvements to the Top Members section of the Leaderboard. A new overview page tab shows a selection of the top members across different criteria. Top Members Overview Page showing members with Most Reputation and Most Content The filter menu allows you to view more members in any chosen category, and a new AdminCP setting controls which categories should be available. Top Members Categories In the AdminCP you can configure which categories are shown on the overview page, the filter menu, and how many results show for each. Top Members AdminCP Settings Popular Contributors Widget Another small change is the Popular Contributors widget now contains a link to the appropriate section of the Leaderboard. Popular Contributors Widget

This entry is about our IPS Community Suite 4.2 release IPS Community Suite has supported drag and drop uploading to the attachments area at the bottom of the editor since 4.0. In 4.2 we're pleased to add the ability to drag and drop right into the editor, so you can drop your attachment exactly where you want it to show without having to add it afterwards. Drag and drop into editor If your browser and OS supports it you can also copy and paste, either from the desktop or from other content on the web: Copy and Paste Naturally this works for ordinary files as well as images: Drag and drop a file

This entry is about our IPS Community Suite 4.2 release In 4.1.18 we added Two Factor Authentication. Already in 4.2 we have announced a new setting to trigger 2FA when logging in from a new device, and in 4.2 we are also adding Authy as an authentication handler. Authy can send a user a text message, make a phone call, or send a push notification to a smartphone app to authenticate the user. You can enable whichever of these options you like. Set Up To set up Two Factor Authentication with Authy, the user will enter their phone number. To verify their phone number they will then enter a code shown in the Auhy app or have a code sent by text message or phone call. The system will automatically show an appropriate interface based on what options you have enabled - for example, if you don't want to enable the app as an option, it will not reference Authy. Setting up Authy with the app available as an option Setting up Authy with just phone or text message options enabled Verification with Authy When the user needs to verify their account, the system will automatically show an appropriate interface. If you allow verification with the Authy app and either it is the only option you allow, or the system knows that the user has installed the Authy app, the system will prompt them to use the app. This can either be done using Authy's OneTouch option (where the user will receive a push notification to the app, and when they click approve, the screen will automatically refresh) or their SoftToken option (where the user will be instructed to open the Authy app and enter the code they see). If you allow authentication by text message and/or phone call as well, the user will also see options for using those instead. These screenshots show the process for OneTouch authentication: The user is shown a waiting screen Simultaneously they will receive a push notification and when opening it be able to approve Once the user has approved, the waiting screen will automatically refresh with the user authenticated. For SoftToken authentication, the user is prompted to enter the code shown in the Authy app: Authy SoftToken option Phone Verification If you have disabled the Authy app as an option, or the user does not have it installed, they will be prompted to choose from the available options how they want to authenticate. These screenshots show the process for authenticating by text message: The user is asked how they want to authenticate The user receives a text message or phone call with a code The user enters this code to authenticate Management If the user changes their phone number they can reconfigure the system in their account settings. The system automatically shows "Phone Verification" rather then "Authy" if the app is not available as an option. Account Settings showing Authy as Phone Verification

This entry is about our IPS Community Suite 4.2 release Improved Stripe Integration Stripe is a popular payment gateway that supports card payments. In IPS Community Suite 4.2 we have made some improvements to our integration: When viewing a transaction in the AdminCP, it will show the last 4 digits of the card used, and the result of Stripe's risk evaluation. More information is sent to Stripe for easier cross-reference between Stripe's control panel and your AdminCP. This includes the customer's name, billing and shipping addresses, email address, associated transaction/invoice/customer IDs, and the invoice title. Stripe Transaction in the AdminCP showing risk evaluation and card details Transaction in Stripe's control panel showing customer and invoice details Anti-Fraud Improvements Anti-Fraud Rules now have some additional filters: Products being purchases includes... Account was registered more/less than [x days] ago Customer is/isn't in group Customer has previously spent more/less than Time since last purchase is more/less than [x days] ago Custom profile fields (both at member and customer level) IP address is x (exactly, contains or matches regular expression) Customer has previously made transactions that failed (opposed to "were blocked by fraud rules") Email address matches regular expression Some of the new Anti-Fraud Rule options MaxMind per gateway A new setting has been added that allows you to run MaxMind only against transactions using particular payment gateways. New MaxMind gateways setting Transaction Search You can now enter the transaction ID provided by the payment gateway in the AdminCP search box to find a transaction. Looking up a transaction by gateway ID Renewal Savings If you have a product with multiple renewal terms, a new setting allows you to show alongside each option how much is saved. This can be shown either as a monetary value, or as a percentage. Product showing savings for different renewal options

This is a maintenance release to fix minor issues. As we prepare our 4.2 release we will continue to provide small maintenance updates to 4.1.

This is a maintenance release to fix minor issues.

This entry is about our IPS Community Suite 4.2 release. One of our more technically-oriented features for 4.2, we have added more detailed logs of user logins, and the devices and IP addresses used. This brings several new features: Notification of a new device sign in If enabled, users can receive an email notification when a new device is used to log into their account: Email sent when a login from a new device is detected When a user signs in for the first time, a special key is set to recognise the browser on subsequent logins. This mean the notification email does not trigger on a new IP address, which would be annoying when travelling or if using a network where the IP address changes regularly. Instead, the notification is only triggered if someone signs into your account from a new physical device or web browser. UserCP Device Management If enabled, a new page will show in the user's settings page showing all the devices which have been used to log into their within the last 90 days (which is recent enough that could still be logged in if "Remember Me" was checked). Recently Used Devices Users can see the device, browser, physical location (obtained by a GeoIP lookup) and if applicable, how the login was processed (for example, if the sign in was with Facebook or Twitter, this will show). If they chose "Remember Me" when logging in, they can undo that (handy if you realise you accidentally left yourself signed in on a public computer). If they see anything they don't recognise, a page to walk them through the necessary steps to re-secure their account is available. Secure Account Information New Two-Factor Authentication Setting "Logging into the front-end" is one of the options of when to prompt for Two Factor Authentication. In 4.2, this has been separated into two distinct settings: Logging into the front-end from a new device Logging into the front-end from a known device If you enable the former, but not the latter, and the user has previously logged in devices, the system will automatically show an explanation to users alongside the other available recovery option. This can be useful especially if you do not want to offer other recovery options. AdminCP Device Management In the AdminCP, administrators can see all the device and IPs a member has used. They can also disable automatic login for any device. Edit member page shows most recently used device and IP address Viewing a device's details The system can also detect if another user is using the same device and will show this in the list of devices. Users sharing the same device

This release focuses on bug fixes and performance. You should see speed improvements. New features include: A new moderator setting to restrict users from ignoring moderators. A new group setting to allow members to lock their own content. A new group setting to hide a group from filters in search. When moving content moderators are now prompted for where you want to be redirected after the action. Activity Streams can be created with condensed view as default. An email is now sent when an account is locked for too many bad login attempts. When editing a member in the AdminCP, it will now show how much of their messenger storage quota is being used.

Fixes the following issues: SQL error when adding Commerce package or customer field. SQL error when setting up topic archiving. The ‘show reply’ button in notification popup reloads the page instead of loading content inline. Opting out of security questions may not work. Word filters not applying correctly. Reordering custom profile fields may not work properly. Draft or future blog entries may be included in the sitemap. Rounding issue with half-percentage tax rates in Commerce. Adds a "More Colors" option to the color dropdown in the editor.

Fixes upgrade issues in some server configurations (already silently patched). Fixes some AdminCP settings showing the wrong value selected, especially in Spam Service settings/ Fixes an error when trying to split a topic. Fixes missing images when setting up Google Authenticator, and an issue which may setup to fail. Fixes broken links on the new Two-Factor Authentication setup page. Fixes missing language string in AdminCP Dashboard warning when site is offline and in image sharer settings. Fixes errors for some communities that have previously converted from other software. Fixes an issue with grid layout on some pages.

This is a maintenance release to fix minor issues.

This is a maintenance release to fix reported issues. In addition to a strong focus on overall stability, this release contains: Official PHP 7 support Major performance improvements to Activity Streams Version 4.1.14.1 / 4.1.14.2: This is a small maintenance update to address issues some clients had with certain URLs. We have also seen clients having issues with many third-party plugins and this update will attempt to better capture those errors. Important This is the last release to officially support PHP 5.5 which is now completely unsupported by PHP. If your web host is still using PHP 5.5 you should contact them to upgrade to either PHP 5.6 or PHP 7.0.

Enabling integration with Google Maps provides autocomplete functionality when a user enters an address (which is particularly useful if you are using the Commerce application) and can display maps when looking at IP addresses and elsewhere. Warning You need to enable three different API services. Make sure you follow all of the following instructions carefully. To enable Google Maps integration: Go to the Google Developers Console and sign in if you are not signed in already. In the top-left corner is the project selector. You may already have a project if you have previously integrated Google login on your community. If you do not have project, click the dropdown and create one. Select "Enable API's and Services" in the top left of the screen Click the "Google Maps JavaScript API" link and then click the "Enable" button. Click "Credentials" from the left menu, and select "Create Credentials". Choose the API Key option. You will be presented with an API key. Please keep hold of this key for the next step. On your community, to AdminCP > System > Community Enhancements > Google Maps. Here you need to select which items you wish to use. Here we have selected "Show Google Maps?" Important: You will see it then shows at the bottom which APIs you need to enable within 'Enable API's and Services' in your Google Developer Console. We just enabled one already in the previous steps, however you will need to enable any others showing. These will be different, depending on your selections Click on Continue, and in the API key given above here, then follow the instructions given on this page to restrict your API key, and create another secret key.

This release fixes a single issue where bulk mails may send duplicates, especially on sites with multiple languages.

This is a minor release to fix a small number of bugs: Broken @mention links. Merging members could cause follow records to be lost. Email digests. Incoming emails to Commerce. Announcements expiring at the wrong time. Error when editing database records or sidebar widget. Error trying to establish external connection to certain servers. Error redirecting from http to https.

This is a maintenance release to fix reported issues and add refinement to existing features. This release also contains a security improvement for older versions of PHP. In a recent change to their API, Google now requires an API Key to access their Maps API. After upgrading to 4.1.13, follow our Google Maps guide to restore this integration. This is especially recommended if you are using Commerce which uses the API for address input autocompletion. In addition to bug fixes and performance improvements, this release also includes following enhancements New per-group setting to highlight posts made by certain groups. 2 theme settings control the color and border, which are editable in the easy theme editor. New setting to make providing a billing address optional for purchases in Commerce. Personal conversation management improvements: Can now filter personal conversations to just read/unread. Can now move multiple personal conversations into a different folder at once. Can search by recipient/sender name. Notifications about Calendar events now include the event date. New setting to control which images sizes should have a watermark applied in Gallery. New setting to control which IP pool to use for SparkPost if you have purchased dedicated IP addresses. Better handling of upgrades if files have been modified. The sidebar widget for showing Downloads files can now show just free or paid files. When searching templates or CSS files in the AdminCP template editor, it will search for templates or CSS files with a name matching the term provided, in addition to searching the content of them. When viewing a log in the AdminCP, it will now show you on which page the log occurred and by which member. When the search index is being rebuilt, a message is now shown on the search results page to indicate why results may not be complete. The "details" modal for applications and plugins now has a tab which shows the hooks associated with that application or plugin. The placeholders that display on date/time inputs (e.g. "HH:MM") can now be translated. Rebuilding the search index, and rebuilding posts after a 3.x upgrade now processes newest posts first for a more user-friendly experience after upgrading. When a file is deleted, a log is created and a new setting controls how to keep these logs for. The following Pages features are also included: HTML pages are now editable via Designer's mode. Ability to rename, or delete a group of Database templates Ability to ensure the Page's title remains in all database generated links (categories, records, forms, etc) Reciprocal linking when using relational fields Date and time fields, and Yes/No fields are now filterable. Filterable custom fields now available when creating a record feed block Ability to make some custom fields unique, so that only one record per database can have the same value. Ability to delete a folder in the media manager Ability to use $record->field_key_name_here programatically to get and set values, instead of relying on $record->field_11 which may change when you export and import databases.

This is a security release to fix a number of security related issues. A vulnerability was recently discovered in ImageMagick, which, depending on your configuration, IPS Community Suite may use manipulate images. This update verifies that images sent to ImageMagick begin with the expected "magic bytes" corresponding to the image file type. We are engaging in a third-party security audit of IPS Community Suite and this update contains a lot of security hardening. Many of these issues are not critical but we do still want to get the updates to you. This release only contains security fixes only. 4.1.12 will be our next general maintenance release.

If a log needs to be written and logging to the database fails, the log is written to disk instead. For example, this might occur if the database is completely inaccessible. By default, logs are written to the /uploads/logs directory. To change this, add the following line to your constants.php file: define( 'LOG_FALLBACK_DIR', '{root}/directory' ); Changing the "{root}/directory" place to be the location on your server where the logs should be written. If you include {root} then that will be replaced with the directory to where IPS Community Suite is installed.