Jump to content

Invision Community 4.6.2

Released 06/25/2021

This is a security release and we recommend all clients upgrade as soon as possible.

Key Changes

This new release brings many new features to Invision Community.

Additional Information

Security

  • Added a new Referrer-Policy setting to allow the admin to control whether a Referrer-Policy header of strict-origin-when-cross-origin is explicitly used.
  • Added recommendation through an AdminCP notification to disable display name logins to mitigate username enumeration + brute force attack attempts.
  • Improved handling of areas that may allow username or email address enumeration.
  • Improved image upload handling to strip sensitive EXIF data.
  • Fixed an issue where NULL byte sequences in uploaded filenames could be erroneously allowed.
  • Fixed an SQL error that could be triggered by manipulating certain requests.
  • Fixed an issue where moderators could potentially execute arbitrary PHP code if the Pages application is installed.
  • Fixed certain scenarios where the CSRF token could be captured by external parties.
  • Fixed an SSRF when generating class names dynamically. *
  • Fixed an issue where stream RSS keys could be easily predictable in certain cases.

Core

  • Fixed an issue where guests logging in may be inadvertently redirected to a page displaying javascript source code
  • Added logging to Member History when adding or removing a member from a club.
  • Fixed an issue where some communities may see an old test bulletin when upgrading.
  • Removed the ability to set poll vote counts directly
  • Fixed theme conflicting checking potentially throwing an error before upgrading on PHP 8.
  • Fixed an issue where using the browser's back button would not reload profile content. 
  • Fixed a niche issue where some widgets may show an error after deleting a member group.
  • Fixed an issue where clearing site caches on the Health Dashboard requires working Javascript.
  • Fixed an issue where the ACP-Support tools would show an error after Ticket Submission even if the ticket was submitted successfully.
  • Fixed an issue where the Achievement notification settings in the ACP and Frontend would be shown on systems where achievements were disabled globally.
  • Fixed an issue where a loading icon would appear in the top left pf profile views due to unneccessary URL requests being made.
  • Fixed an issue where a single image page builder widget did not honour the max-height setting.
  • Fixed an issue where the system would import achievement rules for not installed applications.
  • Fixed an issue involving a missing language string under the Storage Settings area in the AdminCP for badges.
  • Fixed an issue where a mobile menu template error may show if sub items are not links.
  • Fixed an issue where Admins were unable to view Club content when rules are required to be accepted.
  • Fixed an issue with outgoing SendGrid emails.
  • Fixed an issue where sending a request with the If-Modified-Since header set to an invalid timestamp causes an uncaught error
  • Fixed an issue where Admins were unable to view Club content when rules are required to be accepted.
  • Fixed an issue with outgoing SendGrid emails.
  • Fixed an issue with a mis-spelling of "achievement" in the achievement rebuild area in the AdmnCP.
  • Fixed an issue that caused legacy upgrades to error-out under certain circumstances when using PHP 8.
  • Fixed an issue where the active users widget may show the wrong information.
  • Fixed an issue with a mis-spelling of "achievement" in the achievement rebuild area in the AdminCP.
  • Fixed issues encountered when upgrading from a legacy version of IP.Board.
  • Fixed an issue with a mis-spelling of "achievement" in the achievement rebuild area in the AdmnCP.
  • Fixed an issue that caused legacy upgrades to error-out under certain circumstances when using PHP 8.
  • Fixed broken ACP Permission checks for the badges page.
  • Fixed an issue where webhook requests would be fired twice under certain circumstances.
  • Changed the Download for a Language to open as a modal when showing additional settings.
  • Fixed an issue where a member would see a 404 error when loading a comment that they didn't have access to
  • Fixed Third Party plugins not being included in the list of third party hooks in the Support Dashboard.
  • Added support for web push notifications.
  • Implemented a new AdminCP support Health Dashboard in place of the support tool.
  • Improved uploader UI across the suite.
  • Added support for Emoji 13.0 emojis.
  • Added support for WebShare API.
  • Added an option to disable relative dates.
  • Improved security of AdminCP member list.
  • Improved security of attachments for guests.
  • Improved performance of attachment lookups in the editor.
  • Improved performance of the Followed Content activity stream.
  • Improved performance of handling custom meta tags.
  • Improved randomization of randomly sorted content feed widgets.
  • Improved performance of session handling.
  • Improved upgrade error messages.
  • Added a simple offline page, displayed when users have no internet connection.
  • Improved performance of Emoji menu in the editor.
  • Added support for PHP 8.
  • Added support for uploaded webp images (if the server's image handling software supports webp).
  • Added incoming and outgoing email addresses to the new installation onboarding wizard.
  • Added additional options for handling media enclosures in imported RSS feeds.
  • Added support for anonymous posting.
  • Added a block to user profiles to show the number of solutions the member has submitted, and a page to view all solutions.
  • Added ability to search by email address when looking for members in the Moderator CP for moderators with permission to view email addresses.
  • Added a new notification when content is approved.
  • Added new option for \IPS\OUTPUT_CACHE_METHOD to disable output caching, but still send cache headers.
  • Added support for s-maxage, stale-if-error, stale-while-revalidate cache-control directives.
  • Added a link to re-enable a disabled messenger on mobile.
  • Added pruning of IP addresses for stored ratings based on the AdminCP IP address pruning configuration.
  • Added some AdminCP search keywords. Added ability to pay renewal invoices in the AdminCP Marketplace.
  • Added native lazy loading attribute for user profile images and reactions.
  • Added canonical tag for Leaderboard > Past Leaders page.
  • Added a missing language string for the administrators permissions.
  • Separated "Reaction" and "My Stuff" notification preferences so that reaction notifications can be controlled separately.
  • Improved page performance metrics by adding font-display style to FontAwesome and preloading woff2 font file.
  • Reintroduced the ability to automatically embed Facebook and Instagram links in posts.
  • Changed AdminCP sessions to be valid for up to 1 hour by default.
  • Changed most multi-select form inputs in the AdminCP to checkbox sets.
  • Changed IP banning to not be run for guests.
  • Changed warning point verbiage to use numeric pluralization to better support non-English languages.
  • Changed the way how the widget manager send the data to resolve an error when too many widgets are placed on the page.
  • Changed file storage configuration manager to prevent Community In The Cloud clients from selecting filesystem storage handlers.
  • Changed the email in the profile hovercard into a mailto link
  • Improved 304 response caching removing database connection.
  • Improved pluralized verbiage for automatic moderation.
  • Implemented caching for "Active Users" and "Who's Online" blocks.
  • Implemented a minor performance improvement when fetching groups.
  • Improved performance of staff directory page by removing unnecessary queries.
  • Improved performance of the ModeratorCP where hidden posts are listed.
  • Improved performance of multi-moderation actions.
  • Improved performance of sending emails to multiple recipients when there are promote items to be included.
  • Improved inline quoting to account for text copied from code blocks.
  • Updated WordPress login handler to use new Miniorange OAuth server endpoints.
  • Moved the "Tags" text color theme setting to the "Front End Colors" tab.
  • Adjusted guest posts that require approval to not show the post pending approval.
  • Adjusted caching headers for guests in some areas.
  • Improved reliability of address autocomplete.
  • Improved WordPress OAuth for WordPress servers that do not allow the authorization HTTP header.
  • Improved speed of re-indexing some content items after moderation.
  • Improved performance of marking something as read in some cases.
  • Improved soft deleting comments/reviews to remove code duplication.
  • Improved rich embedding to support embedding of short links provided by the TikTok app (vm.tiktok.com links).
  • Improved the appearance of the Notification Settings screen.
  • Clarified the purpose of the Date field when configuring an Activity Stream block.
  • Fixed a long-standing issue where pagination would not show on tables after AJAX requests where the page did not contain pagination when first loaded.
  • Fixed "Post Before Registering" + word filters set to hold the content for moderator approval working together.
  • Fixed “Unlimited” not working for “Maximum image dimensions to save” setting.
  • Fixed an issue where the wrong author may be notified when a comment or review is embedded.
  • Fixed an issue specify dimensions for images in posts manually.
  • Fixed an issue where items to be moderated are not reflected in the interface when moving to other pages.
  • Fixed a potential javascript error when a broken video is posted.
  • Fixed unhiding topics from edit screen.
  • Fixed bad admin logs when managing group administrators and moderators in the AdminCP.
  • Fixed an issue where pruning members or mass moving members to a new group can result in an old cached group count still displaying in the AdminCP.
  • Fixed exact word filters requiring moderator approval resulting in the word being stripped from the title instead of triggering moderator approval.
  • Fixed posting a status update taking a long time if the user has a lot of followers.
  • Fixed Authy setup on Firefox.
  • Fixed web manifest not working when the site is in offline mode.
  • Fixed an issue where the "Can login anonymously" group setting may not apply as expected when a user belongs to more than one group.
  • Fixed incorrect timezone detection for users in Argentina.
  • Fixed an issue where certain custom profile fields would not be formatted when exporting the member list from the AdminCP.
  • Fixed some UI issues with right-to-left languages.
  • Fixed an issue where moving a read content item to a new container results in it becoming unread.
  • Fixed pressing ctrl/cmd+enter multiple times causing duplicate posts.
  • Fixed image dialog in editor not showing correctly on iOS.
  • Fixed an issue where profanity filters set to hold content for moderator approval may apply against the previous content instead of the new content when editing a content item.
  • Fixed an issue with specific CKEditor plugins for Community In The Cloud clients.
  • Fixed orphaned files being left over when deleting custom fields throughout the Suite.
  • Fixed orphaned files being left over in some cases when uninstalling applications.
  • Fixed a performance issue viewing "Unread Content" activity streams in some configurations.
  • Fixed an issue handling dates associated with ratings for content.
  • Fixed images pasted into editor sometimes being inserted in wrong location.
  • Fixed an RTL display issue with the caret arrow connecting an editor with a profile photo.
  • Fixed an RTL display issue with the attachment box in posts.
  • Fixed an issue where pasting links in Microsoft Edge may not allow them to embed.
  • Fixed an issue where the link to disable your messenger was not displaying.
  • Fixed opacity of button after repositining cover image.
  • Fixed a minor issue where Community in the Cloud clients could see a countdown timer that says "You may continue in 0:010 seconds".
  • Fixed the not translatable enabled/disabled string in the moderator history for comment approval enabled/disabled log entries.
  • Fixed the "Preview" button in an editor potentially causing attachments to be associated with the wrong post.
  • Fixed an issue where the UTF-8 converter "Fix collations" process may get stuck if it times out on a large table.
  • Fixed an issue where the DeleteImageProxyFiles task would never finish or not update its progress appropriately .
  • Fixed some invalid CSS syntax.
  • Fixed an issue with the deletecontent task that can cause the task to lock when ran via cron.
  • Fixed an issue moving Icons & Logos to a new storage handler when one or more of the images is broken.
  • Fixed certain activity statistics showing inaccurate previous period values.
  • Fixed an issue where users may be able to bypass image restrictions in signatures.
  • Fixed a bug where exact profanity filters were treated case sensitive.
  • Fixed an issue where status update pagination may not work correctly.
  • Fixed an issue where URLs in editor fields may be corrupted when exporting member lists.
  • Fixed an issue where attachments may inadvertently force a post into moderation when Link Moderation is enabled.
  • Fixed an issue where Plugins & Languages may not show an update is available.
  • Fixed an issue where updating plugins will leave deleted or renamed javascript files behind.
  • Fixed an issue where the core_output_cache table size could get very large.
  • Fixed a bug with pagination links when viewing a member's list of ignored members.
  • Fixed a bug where the member list export process may show a percentage complete greater than 100.
  • Fixed an issue where unbroken words can break email layouts.
  • Fixed an issue where customized email templates do not inherit template parameter changes during upgrade.
  • Fixed an issue specify dimensions for images in posts manually.
  • Fixed an error upgrading third party applications on Community In The Cloud accounts in some cases.
  • Fixed an issue where it was not possible to login through OAuth if the OAuth server had guest access disabled.
  • Fixed an RTL display issue with the caret arrow connecting an editor with a profile photo.
  • Fixed an issue where numeric fields could be incorrectly treated as incomplete during profile completion.
  • Fixed an issue where too many cookies could be set when using custom profile fields with editors in them.
  • Fixed an issue where the email failure AdminCP notification may mistakingly be sent even when other emails are sending correctly.
  • Fixed an issue where creating a ban filter would break with IN_DEV being enabled.
  • Fixed an issue where the login form may not redirect the user to their original location in some situations.
  • Fixed an error that can occur when a Marketplace login expires.
  • Fixed a bug where RSS imports may create a broken image depending upon the "Maximum image dimensions to save" configuration.
  • Fixed a bug where the fontsize template plugin may return an invalid value when certain language packs are used.
  • Fixed an error with the REST API reference page when a referenced application is not installed.
  • Fixed a potential issue that can occur when the Sitemap generator runs via cron.
  • Fixed a javascript error that can occur in the AdminCP when using custom analytics tracking codes.
  • Fixed an issue where item counts could be unreadable in the moderator control panel IP tools on small displays.
  • Fixed an issue where the layout for the move dialog could be broken with long container names.
  • Fixed an issue where the move members task could stop working when the target group doesn't exist.
  • Fixed moderator permission checks in report center.
  • Fixed an issue with structured data throughout the Suite for users with automatically generated letter photos.
  • Fixed an error viewing reports that had comments.
  • Fixed a display issue that can occur when a spoiler is found inside a quote.
  • Fixed a bug where comments from ignored users may display incorrectly when added to a comment stream from an inline notification (i.e. "View new post" within a topic you are viewing).
  • Fixed editing code blocks inside certain other elements (such as spoilers) adding extra line breaks.
  • Fixed club cover photos becoming orphaned when the club is deleted.
  • Fixed member cover photos becoming orphaned when the member is deleted.
  • Fixed an issue where it was not possible to report content items unless the member group was set to be able to report all content types.
  • Fixed an issue where meta descriptions could have quotes stripped.
  • Fixed an issue dismissing upgrade notifications if the page has not finished loading yet.
  • Fixed an issue that can occur if a license check fails.
  • Fixed an issue where sub-nodes would not load on a chart's custom form.
  • Fixed an issue where comments may be added to a comment feed (such as posts within a topic) more than once when clicking the link to show new replies.
  • Fixed a bug where code syntax highlighting in a post may incorrectly highlight code in a language other than the chosen one.
  • Fixed the Warning Action form throwing an error while IN_DEV.
  • Fixed an issue where some status update functionality may still show if the status module is disabled.
  • Fixed streams showing read content when they should only show unread content on occasion.
  • Fixed streams allowing "all" to be specified for date range when using MySQL search, which is restricted to the last 365 days.
  • Fixed automatic linking of URLs in posts not working after emptying browser storage.
  • Fixed an issue where the moderator control panel could throw an error if status update reports were present.
  • Fixed share link not being auto-selected for easy copying when the dialog to share a comment is opened.
  • Fixed a link that can cause the page title to be removed resulting in the current URL displaying as the page title in the browser.
  • Fixed a javascript error that can occur upon selecting a Pixabay image from the "Choose stock photo" selector.
  • Fixed an issue where the 'Expand' link on collapsed quotes could appear twice when a comment is added to the page.
  • Fixed an issue where icons overlap on blocks in the Admin CP statistics areas.
  • Fixed an issue where quotes split in the editor with a double-enter keystroke would not retain quote data or notify original author correctly.
  • Fixed an issue when logging in with LinkedIn.
  • Fixed certain hidden content such as empty widgets not always being hidden.
  • Fixed an issue where the Tag autocomplete field in certain situations (e.g. Gallery submission screen) would have a misplaced results dropdown.
  • Fixed an issue where search result snippets may not have shown the relevant text containing the matched search term.
  • Fixed an issue where quoting a user whose username has a leading zero would cause the zero to be dropped when the quote is displayed.
  • Fixed an issue where spacing around embedded images in an email may not accurately reflect how it appeared in the editor.
  • Fixed an issue where the AdminCP upgrader would not update the versions of disabled applications.
  • Fixed an issue where Mapbox maps could show both a clustered group of markers and single items in the same view.
  • Fixed a bug where viewing streams with custom parameters to adjust the filters will not display the correct results when clicking the "Load More" button.
  • Fixed an error when attempting to force a password reset for a member with no current password.
  • Fixed an issue displaying the current notification preferences overview when MySQL read/write separation is used.
  • Fixed an issue when viewing/updating legacy 3.x applications via Marketplace.
  • Fixed report center comments not having the image proxy stripped when upgrading from previous versions.
  • Fixed Google Adsense code being stripped from posts even if submitted with HTML posting allowed.
  • Fixed an error when disabling languages in some circumstances.
  • Fixed guests not able to report content if using Keycaptcha.
  • Fixed attachments in translatable fields.
  • Fixed an issue with lazy loading in certain situations and certain locales.
  • Fixed an issue with the mobile navigation menu where parent items with unique links would not show as clickable sub-items.
  • Fixed "Stop all email notifications" not disabling digests.
  • Optimized the staff directory to reduce page loading times.
  • Fixed some broken AdminCP live search results on CiC.
  • Fixed the background color of ACP Drop Areas and the color of treelist links for the AdminCP dark theme.
  • Fixed an issue where radio form element descriptions may be misaligned.
  • Fixed an issue with an error message not showing the folder name when plugin installation fails.
  • Fixed an issue where some external links did not open in a new window despite the relevant setting being enabled.
  • Fixed an invalid Open Graph type tag being specified.
  • Fixed a missing confirmation when deleting content via the moderator approval queue.
  • Fixed an issue where status update notification text could be inaccurate.
  • Fixed certain options available for custom streams not working as expected.
  • Fixed an issue where status update notification text could be inaccurate.
  • Fixed a false positive report that images raise security exceptions in some cases.
  • Fixed the "•••" button in the author response being always displayed, even if the logged in member can't edit or delete the response.
  • Fixed Search Activity Statistics resulting in an error due to a MySQL issue in some cases.
  • Fixed content pagination not populating correctly in some applications with restricted moderators.
  • Fixed a bug where resizing a window could result in a horizontal scrollbar when an upload widget exists on the page.
  • Fixed a DB error happening when somebody tries to post too many data to a textarea field.
  • Fixed an issue where Safari may reload each page after the user logs out.
  • Fixed messenger link still displaying on profiles on mobile devices if the user does not have permission to access the messenger module.
  • Fixed an issue where the number short format wouldn't work after a language import.
  • Fixed an issue where club custom fields would show autosave values for different clubs.
  • Fixed an uncaught exception when following a malformed "follow" URL.
  • Fixed inline moderator actions in content items showing the wrong moderator name in some circumstances.
  • Fixed an issue where referral cookies may not be set when guests view a page served from the cache.
  • Fixed an issue where referrals from deleted members could cause an error.
  • Fixed an issue where member exports can contain html for profile fields.
  • Fixed chunk uploading when using Amazon S3 with some S3-compatible providers.
  • Fixed broken 3rd party ACP permissions on CiC.
  • Fixed a typo when flagging a member as a spammer.
  • Fixed an issue where editor contents may be lost or incorrect when paginating through a topic and using the editor on different pages.
  • Fixed an issue where font-awesome <i> tags submitted in source mode are stripped by CKEditor.
  • Fixed an issue where AdminCP theme resource may continously be written to disk.
  • Fixed statistical charts not working in some locales.
  • Fixed sitemaps not generating properly.
  • Upgraded CKEditor to 4.16.
  • Optimized Redis when storing data and sessions.
  • Removed the mobile "hamburger" menu on mobile pages, which was inadvertently added on 4.5.
  • Removed unnecessary Pragma header where used.
  • Removed HTML5 shiv in AdminCP.
  • Removed view options for guests in clubs.
  • Removed support for Twitch embeds as Twitch has removed their oembed endpoint with no plans to introduce a new one.
  • Removed notification sounds.
  • Removed orphaned 'Activity/Content Discovery' module.
  • Fixed incorrect css variable names affecting .ipsMenu children.
  • Fixed the background color of selected text in ACP Code Editors while using dark mode.
  • Fixed the caret color in ACP Code Editors while using dark mode.
  • Fixed various minor issues with the AdminCP Marketplace.
  • Changed the color css variable on #elRegisterButton so it uses the correct variable.
  • Removed an excess closing anchor tag from the coppa template file.
  • Fixed an issue where the width of the layout would stretch, caused by long strings of content.
  • Removed support for Memcache, APC, XCache, WinCache. Use Redis instead.
  • Made the 404/403 error pages more friendly.
  • Added a new Spam Defense option to allow registration but require moderator approval of all new posts.
  • Added an option to the profanity word filters to hold for moderation when a member has less than a set number of posts.
  • Fixed an issue where Member Sync onEmailChange may be called before validation when changing email via validating screen.
  • Fixed importing members from CSV to Date custom fields not importing properly.
  • Fixed an issue where font-sizes on mobiles weren't following the Font Scale setting.
  • Fixed an issue where tags associated with hidden content were included when generating statistics.
  • Fixed an issue with the Easy Mode theme editor in Safari which caused the "Select" tool to return incorrect styles.
  • Fixed an separate issue with the Easy Mode theme editor where a JS could be thrown due to a race condition.
  • Fixed an issue where review ratings are not recalculated properly when a review is deleted.
  • Fixed a potential redirect loop when re-accepting Terms of Service and / or Privacy Policy changes.
  • Fixed an issue where content was missing the proper share logo.
  • Fixed an issue where post attachments sometimes used different styles within a list. Attachments in a list will always use a smaller 'inline' style now.
  • Worked around a bug in MySQL when viewing statistics in the AdminCP.
  • Fixed some HTML validation errors.
  • Fixed an issue where uninstalling an application wouldn't delete the associated rss feed import data.
  • Fixed an issue where changing table filters could cause the table to be stuck in loading state due to an underlying error.
  • Fixed an issue where a cached Widget returned the wrong timezone based time.
  • Fixed an issue where banned members could see that there are announcements, but could not read the announcement.
  • Fixed issue where poll choices are cleared because poll question title is empty on Edit Topic submit.
  • Advert impression counters are incremented via Redis to reduce MySQL write queries where Redis is available.
  • Fixed an issue where some SMTP servers may fail to generate valid DKIM hashes.
  • Removed browser caching for "upgrade in progress" page.
  • Fixed an issue where the Privacy Page does not redirect to an external link.
  • Fixed an issue when an anonymmous online status doesn't persist across logins when using button log in methods

Forums

  • Fixed an issue where language string instead of the final parsed strings were used for Webhook Requests.
  • Fixed an issue where the member's "solved count" would not show in QA forums.
  • Fixed a bug that caused the wrong database table to be indexed when loading number of archived posts made by a given user
  • Implemented notifications to the topic author when a question or topic is marked as solved.
  • Implemented notifications to the poster when their post is marked as the solution to a topic or the best reply to a question.
  • Implemented maximum dimensions of 800px x 800px for forum grid images to allow the software to reduce the size of extremely large images.
  • Changed "popular posts" in the topic statistics area to make each displayed post a link to the post.
  • Changed "posted images" in the topic statistics area to link attached images to the post they were attached to.
  • Changed the unarchiving task to process quicker.
  • Changed digest emails to honor the email truncation option.
  • Changed the "Unsolved" option for topic feed widgets to restrict results to Question and Answer forums or forums with "Mark as solved" enabled.
  • Added option to display inline moderation actions in between posts (if enabled) without the moderator name to non-moderators.
  • Added per-group option to hide inline moderation actions shown in between posts.
  • Added statistic block to show "Percentage of topics solved" to compare topics posted vs those marked solved within question and answer forums, or forums that allow a solution to be marked.
  • Added statistic block to show "Average time to solved" for question and answer forums, or forums that allow a solution to be marked.
  • Added the missing 'features' color field to forums categories.
  • Added lazy load support to preview images in Topic Summary sidebar.
  • Added lazy load support to forums when in grid view.
  • Added support for the expanded topic view display within the fluid topic listing interface.
  • Fixed an issue changing time periods when viewing new topic and post statistic charts.
  • Fixed issues setting and unsetting best answers on topics.
  • Fixed "solved" interface elements displaying for topics within forums where the ability to mark topic solutions has been disabled.
  • Fixed an issue where viewing a topic when the last post is hidden does not mark the topic as read.
  • Fixed reaction count showing incorrectly when viewing whole topic’s reactions (i.e. from expanded view).
  • Fixed a bad id attribute in the post template.
  • Optimized queries when all forums do not use a password.
  • Improved performance of topic embeds.
  • Improved performance of very large topics.
  • Improved performance of the Forum Statistics widget on large forums.
  • Improved performance of topic statistics.
  • Improved performance of expanded forum view for large forums.
  • Added the ability to show when specific group(s) have replied to a topic when viewing a list of topics
  • Added filters to the topic list view to quickly isolate hidden topics and topics with hidden posts.
  • Fixed an issue where the border-radius was incorrectly 0px in Q&A Forums.
  • Improved results for "Popular Questions This Month" tab for Q&A Forums.
  • Fixed an issue where club forums wouldn't show in Fluid View if only one root category exists.
  • Fixed an issue where topic feeds could show cached read/unread status.
  • Fixed an issue where Grid Card Images could show lost links.
  • Fixed an issue where Youtube Shorts URLs would not embed.
  • Fixed the position of the queued content badge in fluid view, which was overlapping the topic stats.
  • Fixed an issue where topics marked manually for unarchiving would not be processed.

REST / OAuth

  • Fixed OAuth login if guests cannot access site.
  • Fixed creating a content item by the REST API not triggering a webhook.
  • Fixed Zapier's API calls showing in logs without a name for the key.
  • Fixed some duplicated error codes.

Pages

  • Fixed an issue where the page builder widgets did not have the correct data attributes when used in a Pages page.
  • Fixed an issue that may occur during upgrade when Database file storage is used.
  • Added a data-pageName parameter for the body tag with the page path (folder/name) for better CSS targeting.
  • Changed two column page builder pages to use vertical widget layouts.
  • Changed category fiters in databases to not require CSRF keys in order to apply filtering.
  • Improved AdminCP logging of certain actions.
  • .well-known can now be used as a folder name for Apple Pay verification in Commerce.
  • Fixed an error that can occur after a database is deleted if there are pending review or comment deletions for the database.
  • Fixed an error when creating a new block in the "Custom" block category has been deleted.
  • Fixed orphaned files being left over when deleting fields, records and databases in the AdminCP.
  • Fixed an error where saving templates for similar blocks with the same template name can result in an error.
  • Fixed an issue where deleting a page may delete all pages within an unrelated subfolder.
  • Fixed an issue when hiding a comment on a database with forum syncing using multi-moderation triggers a page not found error.
  • Fixed an error attempting to use the advanced search for a Pages database in the AdminCP.
  • Fixed unclear AdminCP logs when performing actions such as copying, editing or deleting a database.
  • Fixed an issue where record authors couldn't respond to reviews.
  • Fixed a PHP notice for certain reciprocal database link fields.
  • Fixed orphaned review records being left behind when a database is deleted.
  • Fixed an issue where automatically-generated topics did not trigger notifications for followers of the forum.
  • Fixed an issue where "Publish Date" may not show correctly in record feed sort options.
  • Fixed an issue where deleting a database which was used as reciprocal field in another database would result in error.
  • Fixed an issue where importing RSS feeds to Pages could set the wrong author.
  • Fixed an issue where article images would float outside of their content box if the article only contained a few lines of text.
  • Fixed an issue with attachments not properly associating with comments on a record and not being deleted if the comment is deleted when syncing comments with the forums.
  • Fixed an issue where copying blocks could result in lost attachments or languages strings.
  • Fixed an issue where HTML logic of a page may be stored in the search index.
  • Fixed and issue where inline editing an item field wouldn't update the reciprocal map.
  • Fixed an issue with the REST API where a GET request to records with a category parameter would result in a DB error.
  • Fixed an issue where it's possible to create two Folders with the same name, causing conflicts.
  • Fixed an issue where the API can delete a forum even if a database posts topics to that forum.
  • Fixed an issue where deleting a database wouldn't delete the associated rss feed import data.
  • Fixed a niche issue where it was possible for a record name to show on the online list when the viewer does not have permission to view it.

Commerce

  • Fixed an error occurring when checking out as a guest after following a referral link.
  • Fixed an issue where a refund may not automatically happen if a payment is made via PayPal Subscriptions and refused by a fraud rule.
  • Fixed an issue where refunding/cancelling an invoice with a referral commission would not revoke the commission.
  • Fixed an issue where the AdminCP invoice view may not show all of the commissions on the invoice.
  • Fixed an error during checkout due to renewals when performing stock checks.
  • Added a confirmation pop-up when mass approving account withdrawals.
  • Added an option to limit Withdrawal requests to one per currency at any time.
  • Added a missing language string for the review widgets.
  • Renewal invoice warning emails will now show tax included, if applicable.
  • Improved email normalization for MaxMind fraud detection.
  • Subscriptions Grace Period setting will now allow a value of 0.
  • Fixed Commerce generating incomplete accounts when the "Ask to provide a display name?" setting is off.
  • Fixed an issue where you may be able to purchase more than the number of items in stock.
  • Fixed race-condition potentially causing duplicate purchase records or transactions.
  • Fixed interactions on invoice table when viewing a purchase in AdminCP.
  • Fixed error trying to access a customer's support request history from the sidebar when viewing a support request.
  • Fixed error trying to approve a transaction from a Stripe dispute page.
  • Fixed some countries not showing in Markets statistics page.
  • Fixed an error attempting to delete support replies in the AdminCP.
  • Fixed error reporting when checking out with Stripe on a free trial with incorrect card details.
  • Fixed billing name not being passed to Stripe when paying with card.
  • Fixed an error when running PHP 7.4 and adding items with certain configurations to the cart.
  • Fixed an issue with certain email notifications generated by Commerce resulting in errors or potentially incorrectly formatted amounts.
  • Fixed an issue where editing a purchase's grace period would enable renewals on the purchase even if there are none specified.
  • Fixed an issue where guest location tracking via cookie did not work correctly.
  • Fixed an issue where replying to a support request and returning to the list of requests does not mark the request as read.
  • Fixed an issue where customers could not reactivate subscriptions where an existing subscription was cancelled but allowed the customer to reactivate.
  • Fixed an issue where checking out with an item without a renewal charge could in some circumstances cause an error.
  • Fixed some missing friendly URLs on various pages of Commerce.
  • Fixed an issue where disabled subscriptions couldn't be canceled.
  • Fixed an issue where renewal terms were not presented on the front end in the order they are specified in the AdminCP.
  • Fixed an issue where support tabs in the AdminCP would not wrap and could cause the page to stretch.
  • Fixed an error when running PHP 7.4 when creating new support streams in the Admin CP.
  • Fixed an issue where if a customer cancels a PayPal billing agreement immediately after the initial payment before the webhook for that payment is received, the payment becomes associated with a blank invoice.
  • Fixed an issue where a user may be prompted to provide card details when purchasing a free trial, even if the product being purchased is restricted to non-card payment methods.
  • Fixed an issue with Member Filters happening when members where filtered by subscriptions and purchases.
  • Fixed an issue where copying a donation goal would not copy the donation goal description.
  • Fixed an issue where copying a support department would not copy the support department submission screen text.
  • Fixed an issue where copying a support severity would not copy the support severity description.
  • Fixed an issue where deleting a support status would not remove the custom language strings in the database.
  • Fixed an issue where copying or deleting a shipping rate did not copy or delete the delivery estimate text.
  • Fixed an issue where copying or deleting a product filter did not copy or delete the public name.
  • Fixed an issue where copying or deleting a product did not copy or delete various translatable fields, such as the client area page content and email notification subjects.
  • Fixed an issue where canceling an ad purchase would result in an error.
  • Fixed an issue where users may not see the correct page after checkout if email validation is in use.
  • Fixed an IN_DEV error editing Pages templates that was thrown for applications without any Pages Templates.
  • Fixed an error that can occur in some situations when allowing upgrading purchases between renewals pro-rata.
  • Fixed an issue where Stripe webhook events may fail in some circumstances.
  • Fixed an issue where API requests may cause an error if referencing transactions from deleted members.
  • Fixed an issue where merging members could leave members as alternative contacts for themselves.
  • Fixed an issue where the first step may be skipped during checkout even if custom fields are required.

Gallery

  • Added ability to remove category and album cover photos.
  • Adjusted default Gallery bandwidth retention period from unlimited to 1 year.
  • Improved performance of certain areas of Gallery.
  • Improved performance of the Gallery Statistics widget on large galleries.
  • Fixed not being able to upload to Gallery if albums are required, and the member had previously created an album, but the member can no longer create new albums.
  • Fixed not being able to toggle "Enable maps by default" on in the Gallery settings.
  • Fixed multiquoting comments.
  • Fixed an issue where maximum allowed file sizes for images or movies may not be applied as expected in certain configurations.
  • Fixed a CSRF error when mass-managing Gallery category content (moving to another category or deleting).
  • Fixed an issue toggling maps enabled for images in certain cases.
  • Fixed albums not being hidden when a user is flagged as a spammer.
  • Fixed an issue with the submission progress bar for some locales.

Downloads

  • Added an option to require a change log to be submitted with new version updates.
  • Added the ability for files to be re-activated after renewals are cancelled.
  • Added statistics pertaining to the most downloaded files
  • Changed the "Upload a new version" process to also verify the user can add to the category, in addition to being able to edit the file.
  • Fixed an issue where downloading small files can fail.
  • Fixed several issues handling watermarks and original non-watermarked screenshots.
  • Fixed an issue where group limitations on maximum file submission size may not apply correctly when a member belongs to more than one group.
  • Fixed an issue with submit buttons showing for club Downloads categories that a user does not have permission to submit to.
  • Fixed an issue in the logic that determines whether a renewal invoice should be generated.
  • Fixed an issue where downloads digest emails can contain broken thumbnails.
  • Fixed an issue where rejected pending versions could leave screenshots and thumbnails orphaned on disk.
  • Fixed an issue where a lot of files submitted that were queued as pending files could cause an error.
  • Fixed the hardcoded "Change how the notification is sent" text when the notification blurb.
  • Fixed an issue where the API can delete a forum even if a downloads category posts topics to that forum.
  • Removed the not working search options from the custom fields edit form.

Blogs

  • Added ability to manage entry categories for group blogs when viewing the blog on the front end.
  • Fixed a bug where flagging a user as a spammer will disable all group blogs the user has access to submit entries to.
  • Fixed pagination when showing blog entries in a particular category.
  • Fixed an issue where creating a blog in the frontend would show the previous created blogs description.
  • Fixed entry cover photos becoming orphaned when the entry is deleted.
  • Fixed some breadcrumb links not using friendly URLs.
  • Fixed some broken language phrases when Forums and Pages are not installed.
  • Fixed an issue where some members couldn't report specific blog entries.
  • Fixed an issue where the AdminCP livesearch results link to categories instead of blogs.
  • Removed view options for guests in blogs.
  • Removed Aggregate rating from JSON-LD structured data
  • Added a warning message when deleting a blog that this action will permanently delete the blog and all its entries. 

Calendar

  • Fixed an issue where the cover photo may be deleted when duplicating an event.
  • Fixed an error when editing iCalendar feed imports in the AdminCP.
  • Fixed a bug where recurring events in upcoming event widgets may display the wrong date.
  • Fixed a bug where events may show on the daily view in calendar on days the event does not occur.
  • Fixed event cover photos becoming orphaned when the event is deleted.
  • Fixed a minor bug where ranged events crossing from one week into another may not be visually represented as doing so.
  • Fixed a bug where iCalendar feeds that are imported into Calendar may cause previously viewed events to show as unread.
  • Fixed events occurring on the same day not ordering properly in the Upcoming Events widget.

REST / OAuth

  • Fixed creating a content item by the REST API not triggering a webhook.
  • Fixed creating a topic in a category (i.e. a container which cannot have topics posted to it) not reporting an error.

Converter

  • Added support for wpForo 1.9.x.
  • Added support for converting Markdown formatted posts in Vanilla.
  • Improved converters to skip invalid child applications that do not exist.
  • Improved performance of the Vanilla converter.
  • Fixed an issue where large filenames could cause a logging error.
  • Fixed an issue where pre-configured CMS Category permissions may not be correct.
  • Fixed custom fields not converting properly from WordPress.
  • Fixed an issue where acronyms may not convert from Invision Community.
  • Fixed a niche issue where a temporary database column may be missing.
  • Fixed an issue converting checkbox set custom fields in some cases.
  • Fixed an issue where legacy SMF attachments may not be converted.
  • Fixed an issue converting some types of SMF profile photos.
  • Fixed an issue where emoticons in content may not get converted properly.
  • Fixed an issue where a conversion from IPS forums would fail.
  • Fixed an issue where long topic titles in 3rd party applications could cause forum conversions to fail.
  • Fixed some issues when converting from Vanilla and your files used to be in S3.
  • Fixed a niche issue where really old vBulletin avatars may not be converted.

Changes affecting third-party developers and designers

  • Upgraded Whoops to version 2.9.1.
  • Added support for web push notifications. To support these kinds of notifications, you will need to add parsemobile* methods in your Notification extensions.
  • Added a $count parameter to \IPS\Content::definiteArticle/_definiteArticle(). If an integer is passed, a pluralized phrase will be used, if available. You should add pluralized strings for any __defart_* strings you've already created. The key should be in the format __defart_*_plural.
  • Added constant ACP_SESSION_TIMEOUT to allow administrators to control how long AdminCP sessions are valid for.
  • Added a per-application setting to hide the application on the announcement creation form (this setting's use may be expanded in the future).
  • Added theme settings to control header height (desktop & mobile sizes), which are used in the existing CSS variables.
  • Added version to the filename of exported apps/plugins/themes/languages.
  • Added \IPS\DateTime::roundedDiff() and \IPS\DateTime::roundedDiffFromSeconds() to return a human-readable rounded diff of two datetime objects, or a diff based on a supplied number of seconds, respectively.
  • Added a new 'enforceMaxLimit' option for \IPS\Form\Helper\Password elements to bypass the max 72 character limit.
  • Added an option to set orderResults to FALSE for \IPS\Helpers\Form\Item instances to return results in the order the user specified.
  • Added a new javascript utility method to adjust external links to force them to open in a new window: ips.utils.links.updateExternalLinks. This is called automatically on the contentChange event, but may also be called manually in situations where the contentChange event is not fired.
  • Improved the extensibility of Cache/DataStore methods.
  • Updated some uses of border-radius to use existing CSS variables.
  • Changed template groups and locations to be case-sensitive, which fixes an issue enabling designers mode on a server using a case-sensitive file system.
  • Changed the logic that controls how pagination is shown in templates. The data-role="tablePagination" element should now always exist in the table DOM; it will be shown/hidden dynamically if pagination is required after AJAX requests.
  • Fixed an error that can occur when dev sync runs if you are not logged in and the application has a whatsnew.json file in its latest version folder.
  • Fixed broken progress bar when enabling designers mode.
  • Fixed numeric values passed to the REST API /core/members/{id} endpoint not always adjusting the property, and sometimes causing an SQL error.
  • Fixed the "Upcoming Events" widget not showing when developer mode is enabled.
  • Fixed an issue using the hide option for contentAction when deleting a member via the REST API.
  • Fixed eq() pseudo-selector no longer being supported in theme hooks.
  • Fixed required() pseudo-selector not working in theme hooks.
  • Fixed \IPS\Content\Statistics not working for applications that use a database column prefix.
  • Fixed theme hooks on Forums > index > forumGridItem not working as expected.
  • Fixed a missing redirect when hiding comments using multi-moderation on classes that do not define a $hideLogKey property.
  • Fixed the constructor for \IPS\nexus\DomainLookup not honoring the $performWhoisLookup parameter.
  • Fixed some inconsistent HTML with building the quick search menu options.
  • Fixed an error that can occur when sessions are cleared.
  • Fixed a bug where a notification flash instance without an image passed (i.e. a notification with no author) results in a broken image.
  • Fixed an issue where it was not possible to use form headers in widget configuration forms.
  • Fixed installing plugins generating an invalid widgets.json file.
  • Fixed an error deleting Pages templates in the AdminCP when developer mode is enabled.
  • Fixed issues adding/editing database indexes for applications.
  • Fixed an issue where you could not hook into \IPS\Redis.
  • Fixed an undefined index notice parsing valid ICS feeds with no events in them.
  • Fixed an inaccurate Redis log entry indicating read server used instead of write server.
  • Abstracted code in \IPS\core\modules\admin\members\members::export() to make it easier to apply hooks to member list exports.
  • Removed ability to reorder queries for upgrader in the developer center. Developers should manually reorder the JSON file if necessary.
  • Removed the onOtherAppUninstall() method from application Uninstall extensions in favor of onOtherUninstall().
  • Removed several deprecated methods and properties throughout the Suite and verified core code no longer references those methods and properties.
  • Enforced the $type parameter for \IPS\Email::buildFromContent() and \IPS\Email::buildFromTemplate() with an error if the type is not specified.
  • The markRead() method will no longer consider an updated column if last_comment or last_review is defined.
  • A number of caching improvements have been implemented, please make sure your pages are sending no-cache headers if you do not want them cached.
  • Non-AJAX requests that retain a CSRF token in the URL with a 200 response code will now trigger a development error recommending to redirect the request or otherwise remove the CSRF token. Leaving a CSRF token in the URL while generating a page can represent a security risk if remote images (for example) are embedded on the page, as the CSRF token could be susceptible to interception by the remote party.
  • Support for notification sounds in the browser has been removed. If you rely on playing sounds, you will need to implement this functionality in your application.
  • Add new method was added to the IPS\Content\Item class which is called when an item is deleted. It's receiving the comment/review ids which are going to be deleted, allowing you to remove any additional cleanup calls based on the comments and reviews in this item.
  • Updated the ModCP content restore (soft delete) to use the built in restore() method instead of using its own code.
  • Account settings will no longer prompt for re-authentication if the account does not have a way of re-authenticating. Applies mostly to custom SSO integrations.

Important Method Changes:

  • Added a $seperator parameter to \IPS\CustomField::displayValues which can be used to define a custom seperator when displaying multiple values .
  • Updated method signature for \IPS\Node\Model::getLastCommentTime().
  • Added a $count parameter to \IPS\Content::definiteArticle/_definiteArticle(). If an integer is passed, a pluralized phrase will be used, if available. You should add pluralized strings for any __defart_* strings you've already created. The key should be in the format __defart_*_plural.

* Thanks to Mikhail Klyuchnikov of Positive Technologies Offensive Team (https://swarm.ptsecurity.com/) for this report.



×
×
  • Create New...