Jump to content

Invision Community

Released 05/27/2016

This is a security release and we recommend all clients upgrade as soon as possible.

Key Changes

This is a maintenance release to resolve the following issues:

  • Permission matrix can show incorrect permissions when using the Member > Group permission tool.
  • Using Authorize.Net Payment Gateway may result in an error.
  • A logged in member without a valid timezone set will trigger exceptions any time another members age is checked.
  • Where the upgrader can result in a fatal error due to an invalid class stored for a Pages record comment.
  • An upgrade error where reports are loaded for Pages databases that no longer exist.
  • Orphaned comments trigger an exception when search index is rebuilding.
  • An exception can occur continued upgrades: DateTime::setTimestamp() expects parameter 1 to be long, object given.
  • Recursion can occur if the core_log table doesn't exist yet (as happens during auto upgrade).
  • An issue where importing a theme can break CSS.
  • MySQL strict mode upgrade to 4.1.12 can fail.
  • Installing a new plugin via the ACP can fail.

As part of our ongoing internal security audit, this release also improves security in the following areas:

  • Possible XSS in the "hovercard" system.
  • Further hardening to the insecure file upload code.

  • Create New...