This is a maintenance release for Invision Community 4.6.
- Increased the strength of the obfuscation hash appended to non-safe files and increased security on iFrame based embeds in posts.*
- Added support for Brightcove video embeds.
- Improved MySQL efficiency when deleting members.
- Set a default value for the search flood time when creating a member group.
- Improved logging for errors returned by Elastic Search.
- Added delete & merge logic for the logins log on member deletion and when 2 accounts are merged.
- Fixed an issue when upgrading to 4.5.0 with duplicate keys when consolidating the referrer tables.
- Fixed downloading files with non-latin character downloaded with corrupt characters in Edge and Chrome.
- Fixed broken links in the our picks widget.
- Fixed an issue where the Oauth1 Login Handler would use a not existing method to log any upcoming errors.
- Fixed the rank title not displaying correctly in new rank notification emails.
- Fixed an issue where it was not possible to alter file storage configurations in some circumstances.
- Fixed an issue where achievements would show in a hovercard for a member in a group that has achievements disabled.
- Fixed an issue where badge images could be uploaded with the same name, thus deleting one could delete many.
- Fixed an issue where ranks show on the AdminCP member list when Achievements are disabled.
- Fixed an issue where anonymous users may be cached in Who's Online blocks.
- Fixed an issue where a reserved keyword is used (specific to MySQL 8.0.17/18)
- Fixed an issue with Elastic Search not being able to index anonymous content.
- Fixed incorrect timezone detection for users in Argentina.
- Fixed an issue where the notifications page could throw an exception while trying to return notification data from plugins or not existing notification extensions.
- Fixed inability to upload WebP images to Group Icons and Ranks/Badges.
- Made a minor change to ensure the registration page is not cached by a web browser.
- Expired warning points are now differentiated between active warning points in member profiles for improved clarity.
- Fixed an issue when creating a record in the Admin CP and choosing another member as the author would not fire achievements for that author.
- Fixed an error attempting to copy a topic to a database that is not on a page.
- Fixed some missing language strings which would result in a failure while creating a review.
- Fixed an issue where Topics would not refresh when selecting Forums in Fluid view.
- Fixed malformed JSON-LD markup for archived topics.
- Fixed an issue where parent was required but not marked required when updating a forum via REST API.
- Fixed an issue where legacy deleted posts are not removed correctly when upgrading from Invision Community 3.x.
- Fixed an issue where copying a topic to a database would result in an IN_DEV CSRF key warning.
- Set a default value for the 'Time user must wait before download starts' group setting while creating a member group.
- Fixed an issue where a large file description may not save if it is larger than 64kb.
- Added Invision Community converters for Downloads & Gallery.
- Fixed some minor issues encountered during an Invision Community conversion.
- Fixed an issue where the Billing Agreements synchronisation task wouldn't check payments via PayPal Subscriptions API.
REST / OAuth
- Fixed the members/follows POST endpoint which would return an error when trying to follow some content.
- Fixed an issue where copying a calendar event with a broken cover image would result in an exception.
* An independent security researcher, Simon Scannell, has reported this vulnerability to the SSD Secure Disclosure program