Jump to content

Invision Community 4.7.16

Released 03/12/2024

This is a security release and we recommend all clients upgrade as soon as possible.

Key Changes

This is our March maintenance release. This release also includes an important security related fix for Commerce users.

New features:

Additional Information

Security

  • Resolves an issue in Commerce when tampering with filters could cause errors.

Core

  • Improved the efficiency when getting attachments for topic statistics.
  • Improved the efficiency of streams when "Content I posted in" is selected.
  • Improved the Internal Embeds system to show better error messages for deleted comments & reviews.
  • Improved performance of invalidating member sessions when using Redis.
  • Added new Moderator actions by action statistics section.
  • Fixed Checkbox Overview Statistics not working properly.
  • Fixed Moderator Activity statistics table not displaying properly.
  • Fixed Warnings over time statistics table not displaying properly.
  • Fixed Suspended users over time statistics table not displaying properly.
  • Fixed saved charts not displaying data correctly when custom form filters are used.
  • Fixed Geographical Charts CSV download not generating properly.
  • Fixed an issue where creating an activity stream in the ACP could be missing the clubs filter.
  • Fixed an issue where the badge title would be shown as hash value in translated notification emails.
  • Fixed an issue where the Posts Per Day Limit was also used for private messages.
  • Fixed an issue in the members/warnings endpoint where the POST request could fail while giving a member a warning if warning actions were present.
  • Fixed an issue where deleting content may send a delete request to Community Hive, even if it was not enabled.
  • Fixed an issue where 3rd party applications with a broken/missing versions file would break the upgrader.
  • Fixed an issue where members with a false validation flag would be unable to login.
  • Fixed an issue where the Google Maps Autocomplete Integration could display an error message.
  • Fixed an issue where not all clubs may be shown on the member profile clubs page.
  • Replaced the hardcoded forum_id in the promotion achievement extension.
  • Fixed an issue where the Signature Settings page couldn't be accessed to change the signature visibility, without permissions to edit signatures.
  • Fixed an issue where new comment notifications posted in anonymous topics were showed as posted by an anonymous member.
  • Fixed an issue with the post count value for the Mass Move /Mass Delete action.
  • Fixed an issue where delayed deleted content from private clubs isn't shown in the ModCP - Deleted Content area.
  • Fixed the default value for the Manifest related manifest_details setting.
  • Fixed an issue where the guest group settings couldn't be edited.
  • Fixed an issue where YouTube embeds may not lazy-load.
  • Fixed an issue where the guest group settings couldn't be edited.
  • Fixed an issue where admins with permission to manage stored replies could still not manage these.
  • Fixed an issue where the club filters could cause an EX0 error when a not existing field was used.
  • Fixed an issue where IP address pruning may not prune all IP addresses.

Blogs

  • Fixed an issue where moving a blog entry and sending a moderation alert may cause an error.

Forums

  • Added new Solved Topics by Group statistics section.
  • Added new Unsolved Topics statistics section.
  • Added Top Solvers statistics section.

Courses

  • Fixed Enrollments statistics table not displaying status correctly.
  • Fixed an issue where sorting the enrollments in the ACP by name would throw an error.
  • Fixed a missing language string.
  • Fixed not translatable module titles.

Pages

  • Added ability for database categories to be added to Clubs.
  • Views are now tracked for Pages.
  • Fixed an issue where pages were not reindexed after WYSIWYG blocks were added/edited.
  • Fixed an issue where record thumbnails which were created via the REST API hadn't the proper thumbnail size.

Platform

  • Page views for pages will now be included in analytics reports.
  • Fixed an issue with the post before registering flow when content was identified as spam.

Commerce

  • Fixed an issue with the subscriptions member filter.
  • Fixed a broken default value in the businessAddress.
  • Fixed an issue in the commerce categorySidebar template.

Events

  • Added organizer, eventAttendanceMode, and VirtualLocation to events JSON_LD.
  • Fixed an issue where guests searching for events could see an error.

Downloads

  • Fixed an issue in the Downloads File Embed Template where the comment count was shown for files in categories without comments.

Gallery

  • Fixed an issue where the vertical image widget wouldn't show the image in Chrome.
  • Fixed missing alt texts for event cover images.

Converters

  • Improved conversion of attachments in WordPress, Attachments will now be converted inside posts instead of converting to media files.

Changes affecting third-party developers and designers

  • Added new core/admin/global template userLinkWithPhoto.
  • Added new tableLangPrefix property for Dynamic Charts.
  • Fixed adding new warning reason throwing an error while IN_DEV.
  • Fixed an issue where the radio form template would result in an error if no htmlID was set.
  • Fixed an issue where clean IN_DEV installations have a broken serviceworker if no manifest details were set.
  • Updated HTMLPurifier to 4.17.0.
  • Replaced JShrink with JS-minify for better Javascript compatibility.
  • Removed jQuery History, removing deprecated 'onunload' handler.

Our thanks to Egidio Romano, an independent security researcher, from Karma(In)Security, working with SSD Secure Disclosure for reporting the security issue to us.



×
×
  • Create New...