• Post Before Registering
• Animated GIFs
• AdminCP Notification Center
• New Email Features:
  • Email Statistics
  • Email Advertisements
  • Unfollow Without Logging In
• SEO Improvements:
  • Improved pagination with page number now in path (rather than query string) and unique page titles for paginated pages.
  • Improved use of canonical tags.
  • Improved handling of empty containers and profiles to reduce soft 404s.
  • Improved JSON-LD markup, adding @id tags and fixing URLs for comments.
  • Removed page output hidden by JavaScript.
• Performance Improvements:
  • Added Lazy Loading for images, which will speed up page rendering.
  • Added HTTP/2 support with prefetch/preload.
  • Added support for Brotli compression.
  • Improved default profile photos to use inline SVGs rather than generated images, which will speed up page rendering.
  • Improved browser caching of pages served by the guest page cache, which will reduce the number of requests reaching the server.
  • Improved handing of session data for guests to reduce database reads for guests.
  • Optimized images to reduce file size for faster page rendering.
  • Other minor performance improvements to reduce database queries and fix unnecessary code execution.
• Commerce Store Filters allow customers to filter products by price, review, stock, or custom admin-defined filters.

Core

• Added setting to display user group formatting in more areas (see 6 New Micro Features).
• Added less intrusive browser notification prompt in Notifications menu (see 6 New Micro Features).
• Added ability to show sidebar blocks to only certain types of devices (see 6 New Micro Features).
• Added ability for club owners to reorder the navigation tabs (see 6 New Micro Features).
• Added ability for announcements to be linked to an URL or be a title only (see 6 New Micro Features), improved consistency in how announcements are shown in different areas.
• Improved UI for entering time intervals in AdminCP settings (see 6 New Micro Features).
• Added a new Icons & Logos section in the AdminCP which allows providing logos for use when sharing links from the community, adding the community as a home screen app on a mobile device (along with additional settings for a PWA manifest to control certain aspects the community’s behaviour when used in this way), and in Safari’s favourites menus and pinned tabs on macOS.
• Added a new UI for attachments, showing a box with some information about the file, rather than a plain line (see Turbo charging loading speeds).

Commerce

• Braintree Gateway including support for PayPal (with recurring payments), Venmo, and cards. Deprecates some PayPal features.
• Added ability to target bulk mails to members who have spent certain amounts.
• Added sidebar widgets for best sellers, latest products, product reviews and a featured product.

New Server Requirements: PHP 7.1.0 or higher required (7.3.x now supported). MySQL 5.5.3 or higher requires (5.6.2 recommended).

Removed Features

• Removed EmojiOne-style emojis due to licensing issues.
• Removed Gravatar support due to privacy concerns and performance issues.
• Removed password hashes when downloading a member list from the AdminCP. This is for security, to reduce the ease of obtaining sensitive data if the AdminCP is ever compromised.
• Removed the name of the content (e.g. topic) from the “Next Unread” link which could consume significant server resources on large communities.

This release also contains a critical security update for Commerce.

Learn more about GDPR compliance features in this release

• Promotes non-functional when "Our Picks" disabled.
• Various emoji fixes, including skintones and mobile issues. 
• Online stats. 
• Numerous IE11 fixes. 
• PayPal billing agreements failing due to lack of address.

**IMPORTANT UPGRADE NOTICE**
Please note that not all third party applications and themes are yet compatible with Invision Community 4.3. If you have customizations to your community, including SSO / custom login integration, third party modifications such as themes plugins and applications, please ensure they have been declared compatible with this update or your site may be non-functional after upgrade. There is a new compatibility field on all marketplace resource listings. If this field is missing or does not specifically list 4.3, it is likely not yet compatible.

This release brings numerous improvements and several new features, so be sure to read our announcement for everything new!

**IMPORTANT UPGRADE NOTICE**
Please note that not all third party applications and themes are yet compatible with Invision Community 4.3. If you utilize third party resources, including custom themes, please ensure they have been declared compatible by their respective authors or your site may be non-functional after upgrade. There is a new compatibility field on all marketplace resource listings. If this field is missing or does not specifically list 4.3, it is likely not yet compatible.

As we prepare for our next large release, version 4.3, we do large security audits. We decided to apply those security enhancements to the 4.2 series so you can get them now if you prefer to not upgrade to 4.3 yet.

We would like to thank @newbie LAC for his assistance.

As we prepare for our next large release, version 4.3, we do large security audits. We decided to apply those security enhancements to the 4.2 series so you can get them now while we begin public betas of 4.3.

We would like to thank @newbie LAC for his assistance.

This release also contains several security updates.

• RSS feeds now use guest page caching system
• Analytic tracking code has been moved to inside head tag
• Ad code placement has a new setting to clarify how sidebar display should be handled
• Various enhancements to Redis engine including data stored encrypted at rest
• Search result improvements 

Please note if you use https in the AdminCP, but not on the front-end, the auto-upgrade process may not work correctly. You should download this update from the client area and upgrade manually.

• A new extraction process to make auto-upgrades more robust
• The upgrade system will do a check of all files to ensure they are up to date before proceeding

Security Notice

This release also contains security enhancements to prevent possible XSS and increase protections on account management functions. It is recommended you upgrade to ensure the security on your Community.

Thanks to @newbie LAC  and Raja uzair Abdullah for reporting security issues.

Version 4.2 is the next large release for Invision Community! We are very excited to introduce all the new features and improvements.

Full information on 4.2.0 ...

Full information on 4.2.0 ...

4.2.1 is a maintenance release to fix minor issues.

Full information on 4.2.0 ...

This release addresses two possible XSS scenarios.

• A new moderator setting to restrict users from ignoring moderators.
• A new group setting to allow members to lock their own content.
• A new group setting to hide a group from filters in search.
• When moving content moderators are now prompted for where you want to be redirected after the action.
• Activity Streams can be created with condensed view as default.
• An email is now sent when an account is locked for too many bad login attempts.
• When editing a member in the AdminCP, it will now show how much of their messenger storage quota is being used.

• SQL error when adding Commerce package or customer field.
• SQL error when setting up topic archiving.
• The ‘show reply’ button in notification popup reloads the page instead of loading content inline.
• Opting out of security questions may not work.
• Word filters not applying correctly.
• Reordering custom profile fields may not work properly.
• Draft or future blog entries may be included in the sitemap.
• Rounding issue with half-percentage tax rates in Commerce.

Adds a "More Colors" option to the color dropdown in the editor.

• Pinterest share link has been added
• Converters are now included as a Suite-level application you can download with your package in the Client Area
• Running a conversion will now skip steps that do not have anything to convert
• Two Factor Authentication
• Images embedded in the editor can now have an alternative title set for accessibility
• Users signing in through social services, such as Facebook, will no longer be required to validate their email address
• When a location is specified for a Calendar Event, the address will be shown underneath the map. The map itself should also be more accurate now.
• The Approval Queue page now has a "Hide" button to hide content (rather than only being able to approve / delete)
• Disabling Profile Photo uploads will now also disable importing from a URL
• An issue has been fixed where adding tags using other languages may not work properly
• Cropping Animated GIF's for photos is now supported when ImageMagick is in use
• Files purchased in Downloads will now have a link back to the file from their purchase page in the Manage Purchases section
• The Admin CP will now display more information for a user who has been banned
• imgur embedded is now supported
• Errors caused by third party applications / plugins will now be clearer
• Option to report fatal errors automatically to IPS so we can fix common issues

• Accounts flagged as spammers are now more visibly different on the member list in AdminCP
• Added quite a few new embed providers
  • codepen.io
  • coub.com
  • deviantart.com
  • docs.com
  • funnyordie.com
  • gettyimages.com
  • iFixit.com
  • kickstarter.com
  • meetup.com
  • mixcloud.com
  • mix.office.com
  • on.aol.com
  • reddit.com
  • reverbnation.com
  • screencast.com
  • screenr.com
  • slideshare.net
  • smugmug.com
  • ustream.tv
  • Google Maps (requires free Google API key)
• Default location for an AdminCP tab honors the admin's ordering
• Staff notification emails for tickets in Commerce now include the ticket ID
• Auto-saved content in the editor will now expire after 48 hours
• If you load an editor that has previous auto-saved content you will now be prompted to keep or remove it
• You can now set pre-filled reasons for Warning actions that will automatically populate the member notes editor when a moderator warns a user
• Escape key will now cancel quick-edit on titles
• Adds a setting to restrict member birthday view to admins only or to completely disable prompting for birthday to member
• There are now more "save and reload" options in various places to keep your place when editing content or settings
• New check all box when viewing activity on a member profile for easier moderation
• You can now hide posts that are unapproved rather than just approve or delete
• When a moderator changes the status of a report in the ModCP the system now puts a reply in moderator comments noting the change
• When you see a "could not write file" error the file it was trying to write now shows in the error logs
• You can now quickly edit tags when viewing an item without having to edit it if you have permission
• If you are using multiple devices to login to a site you will be less likely to be logged out
• Tags can now be quickly edited when viewing an item
• Administrators can now create custom RSS feeds for various content
• Enhancements to IP discovery tools for moderators
• Actions for reports in ModCP now show when status is changed as a comment
• Redesigned support tool
• More REST API methods
• Password strength rating and requirement option
• Guest terms of service alert
• Minimum age requirement
• Ban Filters are now Word Filters and can set words to automatically moderate
• Display name history is now available on profile view
• Better analytics integration
• Leaderboard

More release information...

• Large number of bugs fixed in focus areas: Commerce, Pages databases, and IPS Connect
• Performance improvements in: profile view, sitemap generator, posting replies, and Activity Streams
• We now try to more reliably detect the AWS S3 endpoint for those using S3 file storage
• More efficient license key checking to keep the keys from being checked too often which can slow your site down
• There is now a column in tasks view to show the last time it ran to help diagnostics
• When a member changes their email or password they now get an email confirmation
• If group promotion based on date is enable the system will now auto-promote even if a member does not login
• There is now a setting to change the number of topics per page in the forum view
• If you move your site to a new URL you no longer have to update a constant if using the image proxy
• You can now press ctrl/cmd+enter in any editor window to submit the reply
• In Commerce ticket view there are keyboard shortcuts to perform common actions (such as press 'r' to open reply box or 'n' for note)
• There is now logic to prevent double-posting when the initial post encounters an error on submit
• Moderators can now remove all followers from an item
• Contact Us is now configurable with various options
• Announcements can now be restricted by member group
• Admins now have a setting to have members automatically follow content they start or reply to. Members can optionally override this.
• The editor will now show a message if a link that can be embedded (image, video, etc.) failed to embed for some reason. Admins get more detailed error reasons.
• If your datastore (cache system) is not working properly the AdminCP will now show you a warning telling you that it needs attention.
• When a member is banned/suspended the system now shows a more friendly page with information on their ban. Previously it showed a permission denied page.
• Redesigned ticket listing in Commerce
• New My History view in Commerce
• Security Questions for account security

Please view the 4.1.16 announcement for full details and screenshots.

• Commerce Customer Standing Data now loads via AJAX for faster loading
• Lots of Commerce related bug fixes
• Passwords on new hosting accounts are now more secure
• REST API now supports adding Staff Notes to support requests
• REST API now supports editing purchases
• Remember me cookie is now 90 days rather than 7 days
• A race condition is fixed where the site may call to check the license way more often than needed
• Performance improvements on activity streams
• Performance improvement to online list widgets

It is recommended this release is installed as soon as possible.

This new version improves the security of the .htaccess protection for the /uploads folder on your site. If you have already enabled the security feature "Protect Writeable Folders From Dangerous Files", then you will need to manually update the .htaccess file which you can do simply by opening "uploads/.htaccess" in a text editor and replacing its contents with:

#<ipb-protection>
<Files ~ "^.*\.(php|cgi|pl|php3|php4|php5|php6|phtml|shtml|([a-z0-9]{32}))$">
    Order allow,deny
    Deny from all
</Files>
#</ipb-protection>

In addition to a strong focus on overall stability, this release contains:

• Official PHP 7 support
• Major performance improvements to Activity Streams

Version 4.1.14.1 / 4.1.14.2: This is a small maintenance update to address issues some clients had with certain URLs. We have also seen clients having issues with many third-party plugins and this update will attempt to better capture those errors.

Important

This is the last release to officially support PHP 5.5 which is now completely unsupported by PHP. If your web host is still using PHP 5.5 you should contact them to upgrade to either PHP 5.6 or PHP 7.0.

• Database checker can sometimes cause database issues with incorrect index length
• Performance update for Activity Streams
• Performance update for sidebar widgets/blocks

This release also contains a security update specifically for those using IPS Connect that is regarding password hash comparison. If you use the IPS Connect system please update without delay.

• Uninstalling an application can create errors
• Commerce custom fields may not work
• Calendar repeating events can loop indefinitely
• Query performance improvement on fetching topics

In a recent change to their API, Google now requires an API Key to access their Maps API. After upgrading to 4.1.13, follow our Google Maps guide to restore this integration. This is especially recommended if you are using Commerce which uses the API for address input autocompletion.

In addition to bug fixes and performance improvements, this release also includes following enhancements

• New per-group setting to highlight posts made by certain groups. 2 theme settings control the color and border, which are editable in the easy theme editor.
• New setting to make providing a billing address optional for purchases in Commerce.
• Personal conversation management improvements:
  • Can now filter personal conversations to just read/unread.
  • Can now move multiple personal conversations into a different folder at once.
  • Can search by recipient/sender name.
• Notifications about Calendar events now include the event date.
• New setting to control which images sizes should have a watermark applied in Gallery.
• New setting to control which IP pool to use for SparkPost if you have purchased dedicated IP addresses.
• Better handling of upgrades if files have been modified.
• The sidebar widget for showing Downloads files can now show just free or paid files.
• When searching templates or CSS files in the AdminCP template editor, it will search for templates or CSS files with a name matching the term provided, in addition to searching the content of them.
• When viewing a log in the AdminCP, it will now show you on which page the log occurred and by which member.
• When the search index is being rebuilt, a message is now shown on the search results page to indicate why results may not be complete.
• The "details" modal for applications and plugins now has a tab which shows the hooks associated with that application or plugin.
• The placeholders that display on date/time inputs (e.g. "HH:MM") can now be translated.
• Rebuilding the search index, and rebuilding posts after a 3.x upgrade now processes newest posts first for a more user-friendly experience after upgrading.
• When a file is deleted, a log is created and a new setting controls how to keep these logs for.

The following Pages features are also included:

• HTML pages are now editable via Designer's mode.
• Ability to rename, or delete a group of Database templates
• Ability to ensure the Page's title remains in all database generated links (categories, records, forms, etc)
• Reciprocal linking when using relational fields
• Date and time fields, and Yes/No fields are now filterable.
• Filterable custom fields now available when creating a record feed block
• Ability to make some custom fields unique, so that only one record per database can have the same value.
• Ability to delete a folder in the media manager
• Ability to use $record->field_key_name_here programatically to get and set values, instead of relying on $record->field_11 which may change when you export and import databases.

• Broken @mention links.
• Merging members could cause follow records to be lost.
• Email digests.
• Incoming emails to Commerce.
• Announcements expiring at the wrong time.
• Error when editing database records or sidebar widget.
• Error trying to establish external connection to certain servers.
• Error redirecting from http to https.

• Permission matrix can show incorrect permissions when using the Member > Group permission tool.
• Using Authorize.Net Payment Gateway may result in an error.
• A logged in member without a valid timezone set will trigger exceptions any time another members age is checked.
• Where the upgrader can result in a fatal error due to an invalid class stored for a Pages record comment.
• An upgrade error where reports are loaded for Pages databases that no longer exist.
• Orphaned comments trigger an exception when search index is rebuilding.
• An exception can occur continued upgrades: DateTime::setTimestamp() expects parameter 1 to be long, object given.
• Recursion can occur if the core_log table doesn't exist yet (as happens during auto upgrade).
• An issue where importing a theme can break CSS.
• MySQL strict mode upgrade to 4.1.12 can fail.
• Installing a new plugin via the ACP can fail.

As part of our ongoing internal security audit, this release also improves security in the following areas:

• Possible XSS in the "hovercard" system.
• Further hardening to the insecure file upload code.

New Features:

• When you mouseover the badge showing who liked a post, you will now see a larger list of who liked that post. You can still click to get the full list.
• Ratings now show half-stars for the average (for example, if one user votes 3 stars and another 4, it will show 3 and a half stars) and there is now an indication if you have rated something.
• A "Preview" button has been added to the post editor which shows how the post will appear after BBCode processing. Tabs show how the post will appear on desktop, tablet and mobile.
• Users can now choose to ignore notifications for being mentioned in posts by particular users.
• You can now filter searches by specific forums/categories.
• You can now control whether open and click tracking should be used for emails sent by SparkPost.

Activity Stream enhancements:

• The filter dropdowns now have an "Apply" button for better usability (previously you had to click outside the dropdown).
• The "Expanded/Collapsed" toggles are now clearer.
• Hitting back from a clicked item in any activity stream now remembers your position and loaded results.

Other enhancements and improvements:

• The way dates are formatted can now be customised by language strings. For example, if you want to change the date format to "DD-MM-YYYY" that is now possible. With this change, the new default is US-style ("March 4, 1992") rather than the previous European-style ("4 March 1992").
• Advertisements no longer have padding which makes them easier to position in other areas such as headers.
• When comparing revisions of articles in Pages databases, a new browser-based diff tool is used which is more user-friendly and moves the computation from the server to the user's browser for greater performance.
• Better indication of files pending approval in Downloads.
• The version number for themes now displays in the AdminCP list.

Technical features:

• If you are using the utf8 rather than utf8mb4 character set (which will mean you can't post Emoji) there is a new tool in the AdminCP to upgrade to utf8mb4.
• System logs have been rewritten to use the database for logging where possible with a more user-friendly interface in the AdminCP.
• Downloading files from Amazon S3 has been changed to redirect the user to a temporary download URL rather than serve the file through your server for significantly improved performance and reliability, especially with large files.
• If it is available on the server, ImageMagick will now be used rather than GD by default. ImageMagick also has a new setting to control JPG quality.
• APC User Cache is now supported in addition to APC.

• A vulnerability was recently discovered in ImageMagick, which, depending on your configuration, IPS Community Suite may use manipulate images. This update verifies that images sent to ImageMagick begin with the expected "magic bytes" corresponding to the image file type.
• We are engaging in a third-party security audit of IPS Community Suite and this update contains a lot of security hardening. Many of these issues are not critical but we do still want to get the updates to you. 

This release only contains security fixes only. 4.1.12 will be our next general maintenance release.

• Integration with SparkPost replaces Mandrill for optional email service as Mandrill is stopping their current service toward the end of April.
• Questions in Question and Answer forums can now be sorted by most votes.
• The "All Activity" activity stream now has an RSS feed.
• The filter bar at the top of the activity stream no longer sticks to the stop of the screen when scrolling.
• If you receive a browser notification your notification menu will now reload to get the latest notification.
• More consistent visual feedback when a post submit or edit is processing to reduce duplicates.
• Sidebar widgets now how rounded corners to match rest of Suite.
• Recaptcha style is now a per-theme setting.
• You can now set which theme should be the default for the AdminCP separate to which should be the default for the front-end.

Important Note

This is the last release that will support PHP 5.4 as it is end of life and no longer supported by PHP.

Please also note that PHP 5.5 goes full end of life in July 2016 so you should look into upgrading if your web host is using outdated versions. We will not immediately stop supporting PHP 5.5 in July but it may follow soon after.

• Instant notifications are now dismissible.
• The sidebar has been added back to the stream pages.
• You can now sort by most downloaded in Downloads app.
• The ModeratorCP and AdminCP IP Address Tools now allow you to track the IP addresses used to vote in polls.
• A new setting has been added to disable the RSS feed for activity streams.
• A new setting has been added to specify the minimum display name length.
• Adds a new "can unban" moderator permission separate to the "can edit profiles" permission being used previously.
• IP addresses now show in reports.
• There is now a constant-level setting to disable the ACP IP address check in case of being locked out of the ACP.
• Several improvements to Commerce to make some features clearer: the Shipping Rates configuration pages now indicate to the admin if a potential mistake has been made, the front-end indicates to admins if no support departments have been set up, and the renewal settings wording has been clarified.

Important: If you are running PHP 5.4 you will need to download this patch and apply it after you upgrade to 4.1.10. Version 4.1.11 will include the patch. Note that PHP 5.4 is very out of date and you should ask your web host to upgrade to a supported version of PHP.

New or Changed Features

• When your link auto-embeds in a post such as with an image, YouTube video, Twitter link, etc. an option will now display to revert the embed back to a plain text link if you do not want the embed.
• New setting to disable embedding.
• Facebook/Twitter integration improvements
• If you are an administrator and encounter a system error, additional debug output will now display. Regular members will see the normal error message.
• Custom Fields for Support Requests in Commerce now show on the front-end.
• If an advertisement is set up with a main image, but not smaller images for tablets/mobiles, the ad would not show at all on tablets/mobiles. This has changed so the main image will display on all devices unless smaller images are provided.
• Topics scheduled to automatically lock or unlock will now reflect this in the topic listing and when viewing the topic.
• Placing a link to a Facebook status will embed when possible.
• When viewing a report, the container (for example, the forum) the content is from is displayed.
• Three character searches are now allowed in the Admin CP Live Search.
• The Account Settings page now uses vertical rather than horizontal tabs to prevent overflow.
• If Gravatar is enabled, and a user has not defined an profile photo, then their email address will be used to fetch from Gravatar unless explicitly set not to.
• Gfycat embeds now use their oEmbed endpoint rather than their JS API.
• Using Amazon CloudFront as https provider will now be recognized as valid secure connection.
• The member REST API endpoint will now return custom fields.
• The Developer Center for Plugins now shows the filename in the list of hooks, and when editing a hook, a breadcrumb includes a link back to the list.
• Inline notifications can now be dismissed
• Efficiency improvements to the search index
• You can now close a poll independently of the topic

Important Fixes

In addition to dozens of smaller fixes this release includes fixes for the follow items that impacted many clients:

• Several security enhancements.
• The posting parser has been made more efficient.
• Some BBCode does not parse correctly in version 4 and we have applied some fixes for this. In general BBCode is deprecated so we only provide basic support.
• Sitemaps could sometimes be blank if there was no content in a specific section.
• Certain URLs from version 3 were not redirecting properly to the new version 4 format.
• The timezone detection is now more robust and will more gracefully fail if it cannot determine a visitor's timezone.
• Permission matrices have been reworked to send less data to prevent exceeding server limitations.
• Decimal handling has been reworked in Commerce for more precise calculations.
• The database class now handles InnoDB deadlocks more gracefully, and some queries have been changed to reduce the likeliness of deadlocks.
• Performance improvements to areas which perform large updates on the members table (for example, when editing permissions).
• Pages 'number' custom fields previously had an upper limit for submitted values around 2 billion.
• Multiple fixes for tag searching

• Fixes an issue where incoming emails were not being received correctly.
• Fixes an issue where guests could do a partial account registration which could cause some confusion to the administrator when editing.
• Fixes an issue where the AdminCP dashboard may incorrectly report tasks aren't running when they actually are.