Charles

I believe @Kjell Iver Johansenis right. The 2MB limit is a PHP default. You can ask your host to increase it.

Actually yes I think that is something we overlooked 😊

For our support to help you even a little we will need to login. As @Lindy always says: if you take your car to get serviced, they are going to have to open the hood.

I would suggest using AWS S3 storage in that case. It's designed for storage and very CDN friendly.

In 4.5 we have the following security updates: Improved password strength checks to detect password values set identically to the account username or email address and to consider them weak. Improved method of encrypting certain text. Improved AdminCP session handling, removing the session ID from URLs and introducing alternate CSRF protections. Improved email change process to invalidate any pending password reset requests. Fixed user not being prompted for two-factor authentication when signing in from a new device. Fixed an issue where it was possible to bypass the messenger recipient count limit. Fixed a niche issue where it was possible in certain configurations to view others profile field attachments on the registration page. Fixed a race condition issue where it was possible to artificially inflate or reduce a user's reputation score. Limited password inputs to 72 characters max to reduce the chance of a malicious user forcing unnecessary computationally expensive operations on the server. Fixed an issue where AdminCP sessions may be usable longer than expected if a community receives little activity. Fixes an XSS vulnerability when quoting posts and comments. This release also contains the patch from 4.5.4 that resolves a security issue with the Downloads REST API Then of course beyond security there are countless performance, usability, and capability improvements since 4.4.

4.6 has improvements to load time for emoji menu, particularly on mobile.

I would personally be wary to implement this. It is a security feature. I get those sorts of emails all the time from various sites I login to. Yes, they can be redundant but I would rather know the check is happening than not.

We will soon post this on our blog too.

Invision Community has an exciting opportunity for an experienced PHP developer to join our team. The Role As a back end PHP developer, you will be working closely within a tight nimble team. You are a clear thinking problem solver and are able to demonstrate skills in creativity and innovation with the ability to meet deadlines. You thrive when given a brief and create well structured efficient code. Key Responsibilities Write well designed testable efficient code by using sound development processes Cooperate with other team members to develop new features Gather and refine specifications are requirements based on technical needs Create and maintain software documentation Skills & Experience Significant experience as a PHP developer in a commercial environment Experience with MySQL Experience with github Experience with various web services such as OAuth, SAML, REST, SOAP, etc. Experience working within a team with a strong culture Some experience with HTML, CSS and JS. Location Remote but must be available for a significant portion of 9-5 EST working day Application Form

We do 🙂 ... you are using it right now.

It is extra-odd that desktop is doing HTTP 2 and mobile is not. I dunno 🤷‍♂️

I have no idea what to tell you 🙂 It's set to allow HTTP 2 on our side. Why the tool is not using HTTP 2 is unknown to me.

You often post results from random "speed test" tools but I am not sure what you are suggesting. Those are static CSS files that are not served via Invision Community's code. They are just a text file on an S3 bucket served via CloudFront. Our software has zero control over what happens once it uploads them. I can confirm our CloudFront distribution is set to allow HTTP 2. I have no idea why your testing tool is choosing not to use it.

I am not sure what you are referring to. Those are static CSS files served outside of our software's framework.

If you do not understand security flaws then that would be the exact reason we review Marketplace submissions.

I fear you may be violating the very rules you are trying to get your own members to follow.

I think you must have REST API logs enabled to log all activity. You should have a look at those. I pruned it for you.

Your REST API logs are using 9GB of space. Do you want me to delete them all and turn on pruning?

I will have a look at your account and get back to you. That does seem abnormally high. I can see on the backend what is specifically using space.

Our email stats track numbers of emails sent and clicks. It does not have a tracking "pixel" to track views/opens.

We basically have email-based support now. Don't think of them as tickets but conversations 🙂 Much like if you email anyone else you would keep your own copy of the conversation in your email. I actually find it easier since I do not have to to a web site and email threads are how I communicate with every other person and company I interact with.

Yes, the Support button is on every page in the client area in the lower right.

You can click support on your purchase page or just email us.