This is our November security and maintenance release.
Key changes include:
Security
- Report Center updates.
- Email notification when dormant accounts sign in.
- SEO Improvements.
- Hot Topic updates for Cloud customers.
- Updated share link functionality (click to copy).
- Prepare for v5 - A new AdminCP page to ensure you will be able to use v5.
- Content Spam analysis enabled for all Cloud customers.
Core
- Fixed a potential stored XSS issue, thanks to Colonel_mortis for reporting.
Events
- Added a default timeout for the SMTP connection.
- Added Message-ID generation for SMTP emails, for compatibility with SMTP servers that do not follow the RFCs.
- Added email notification for users signing in to dormant accounts.
- Added a requirement for CAPTCHA to be enabled for guests to use post before registering.
- Improved IndexNow error logging.
- Improved consistency with share links popups and added click to copy URL.
- Improved the Report Center, adding new functionality and improving the user experience.
- Optimised deleting member content.
- Fixed an issue where changing a primary or secondary group for a member wouldn't reset the cached value.
- Fixed an issue where permanently deleting content from the ModCP-Report Center would fail. . Fixed a wrong path in the robots.txt file.
- Fixed an issue where deleting nodes could throw an error.
- Fixed an issue where some club containers could throw an error.
- Fixed an issue where member profiles could be broken if a member had an invalid group.
- Fixed an issue where search can be slow on very large communities.
- Fixed an issue where the member history may show a wrong "by" name.
- Fixed an issue where the diagnostics statistics settings wouldn't save successful.
- Fixed an issue with the admin stream settings, where the "Active Members" Setting wouldn't be saved.
- Fixed an issue where the clubs widget could throw an error when a custom field filter for a deleted field is being used.
- Fixed an issue where creating a stream in the ACP wouldn't show all available nodes.
- Fixed an issue where streams could not always be sorted correctly.
- Fixed an issue with Firefox, where one couldn't break out of the quote box by pressing enter twice.
- Fixed an issue in the core-webhooks documentation.
- Fixed an issue where automatic moderation rules couldn't be created if there were no report types.
- Fixed an issue where the s3 deletion task wouldn't be enabled.
- Fixed an issue where promoted Comments could not be removed from Promoted Content.
- Removed the deprecated hive task.
- Removed the ping call to the deprecated Google Sitemap Service.
Commerce
- Replaced the h2 header on the landing page with an h1 element.
Gallery
- Added Canonical URLs for /store and /subscriptions.
- Added robots.txt rule to block ?currency= (currency changer links).
- Updated the code to support the new MaxMind API version.
- Fixed an issue where subscriptions with no expiration threw an error when calculating upgrade cost.
- Fixed an issue where multiple currencies could be set as the default.
- Fixed an issue with reactivating purchases.
Downloads
- Fixed an issue where moving images from an album wouldn't rebuild the total images count.
Forums
- Fixed an issue where editing the member restrictions would throw an exception when downloads app was enabled.
Pages
- Optimised topic summary for busy communities.
- Fixed issues with JSON-LD/Schema.org markup in Q&A mode.
- Fixed an issue where publishing a future topic manually wouldn't update the topics publish date & time.
- Fixed an issue where approving a topic may not immediately update the number of topics pending approval.
- Fixed an issue where archived posts were not included in the post counts.
- Fixed an issue where topics you have posted in are not always marked with a star.
Courses
- Fixed an issue where creating comments via REST wouldn't show the comment when comments were synced with forum posts.
- Fixed an issue where records from club categories were showing in feeds incorrectly.
- Added a description field to the Club Category form.
- Fixed an issue where the club name was not displaying in feeds for club records and comments.
- Fixed an issue where Map fields were showing on the form for non-Address fields.
Platform
- Fixed an issue where the quiz questions were missing the formatting while taking the quiz.
Converters
- Enabled content Spam Analysis, can be disabled via AdminCP > Smart Community > Spam Analysis.
- Improved hot/popular topics for Cloud customers; Added ability to disable.
- Added ability add Live Topics to Club Calendars and convert to Club Forums.
- Fixed an issue where Polls are not converted correctly during SMF conversions.
Changes affecting third-party developers and designers
- Updated PHPUserAgent to 1.0.9.
- JSON-LD BreadcrumbList now includes the breadcrumb for the page being viewed.
- Redis now uses a reader for lRange.
- Optimised fetching online user list when using Redis.
This is the latest version of Invision Community 5.
#2442: Fixes an issue where Database widgets dropped into a header or footer break after upgrading to v5
#2457: Fixes an issue where custom templates were not working
#2434: Added new settings to Theme Editor and improved keyboard accessibility
#2464: Fix issues with importing pages databases
#2465: Fixed error when editing a pages record with an editor field
#2466: Remove debug code from languages controller
#2467: Fixed issues with viewing poll results
#2468: Fixed issue with PMs not updating the last reply date
#2472: Removed call to topic->averageRating() from digest emails
#2473: Fix error on profilesync task
#2475: Various Editor Bugs
- Issue #2379: Pages - Blocks character set issue
- Issue #2393: Tiptap: Can't add URL to image
- Issue #2412: Tiptap: Resizing video in Firefox
#2476: Fix display of upload fields in pages databases
#2478: Improved the UI of the Tags ACP Tree
#2480: Improved the rendering of X/Twitter embeds
#2481: Dropdown menus in the Calendar header are no longer covered by content
#2484: Polished the "minimal" and "forum feed view" layouts
#2479: Make minimal carousel separate from mini-grid carousel
#2469: Reworked the staff directory templates to allow for more useful hooking
#2477: Return all matching Font Awesome Icons in Icon Picker Search
#2449: Fix issues with adding and editing theme editor categories and settings
#2411: Fix issue where multiple menu items are marked active
#2458: Fixes an issue where titles can be missing from Featured Content/Promoted widgets
#2450: Set icons for our default navigation menu
#2443: Adds pagination to the ACP tags page for those with thousands of tags
#2427: Fix Number fields not properly validating min/max settings with decimals
#2428: Fix exception on upgraded editor widgets with attachments
#2429: Fix broken Percentage Solved statistics widget
#2430: Fixed issues with calculating upgrade cost between subscriptions
#2436: Fixed UI of Popular Contributors widget
#2437: The joined/visited dates in hovercards now wrap if there isn't enough room for both on a single line.
#2438: Removed small gap under videos in the Media Embed widget
#2421: Fixes an error when a trial license key contains a disabled_apps key
no change log for this version
Key Changes
This is our August maintenance release.
Additional Information
Core
Added new prune setting for failed requests in API logs.
Improved the efficiency of unread content streams when using MySQL 8.
Improved performance when replying to a content item or create a content item.
Fixed possible error when using the DataLayer with PII as well as Single Sign on.
Fixed issue with deleting secondary group using the REST API.
Fixed an issue where Censor Block may allow HTML tags to be used in the preview even though they are not stored in the database.
Fixed an issue where group promotion may move the member back to the default group if MySQL is temporarily unavailable.
Fixed an issue where the results count was always 0 for Hidden Content in the ModCP
Fixed an issue where certain saved charts were not showing.
Fixed an issue where broken modlog data could break the topic view page.
Fixed an issue where it was possible to toggle online status without multi-factor authentication.
Fixed an issue where OAuth PKCE values may not persist in some situations.
Fixed an issue where some very old topics would not show the "I posted in this" star.
Fixed an issue with notifications on comments that did not account for anonymous posting.
Fixed an error on the Manage Promoted Items page when an application is disabled.
Fixed an issue which happened while warning a member.
Fixed an issue where the content widget was showing the tags option for all content types, even if they weren't implementing tags.
Fixed an issue where a service worker may not work if your site is not accessible to guests.
Fixed an issue where deleted an application wouldn't remove the data from the core_javascript db table.
Fixed an issue on the moderators permission page.
Fixed an issue where the REST API (with API key) would not return a last activity date for anonymous members.
Fixed an issue on Cloud where large Member CSV imports would inadvertently trigger human verification.
Removed CommunityHive integration.
Removed ability for pending-validation registrations changing their email address to avoid a race condition.
Forums
Improved performance when rebuilding statistical data for forum topics.
Commerce
Added a new prune settings for Commerce related member history.
Fixed an issue where upgrading subscriptions did not always update the expiration date.
Fixed an issue where support request URLs would be sent to IndexNow.
Fixed an issue where some support requests were not properly linked to a member account.
Fixed an issue where some billing agreements were not properly linked to purchases.
Fixed an issue where changing the club owner could fail for paid clubs.
Courses
Fixed an error that could occur when viewing badges that had been assigned for completing a course.
Calendar
Fixe dan issue in the upcoming events widget where club events would be shown even if they shouldn't.
Pages
Fixed an issue with the RSS Feed widget, where the cache expiration time would be overwriten by the custom rss widget cache time.
Platform
Removed the 'Popular Now' widget, use 'Trending Content' instead.
Changes affecting third-party developers and designers
Added new _setLastComment() method to nodes.
Added new \IPS\Node\DelayedCount trait.
Other performance improvements included related to search index and content statistics.
Core
Blogs
- Added a maximum recommended PHP version warning.
- Removed the club join button from the clubs rules page.
- Improved the club overview and member page to include a page title.
- Improved the handling of the custom upgrade page to prevent errors.
- Improved bruteforce login protection across login attempts for multiple accounts.
- Fixed an issue on the profile where the solutions section would return an error if there's no class which utilizes solutions.
- Fixed alignment of club names in cover photos.
- Fixed an issue where embedding images could fail.
- Fixed an issue where the s3Delete task may not be enabled.
- Fixed alignment of club names in cover photos.
- Fixed an issue where unapproved content notifications did not use the item read status.
- Fixed an issue where the Device Usage block was displaying incorrectly.
- Fixed an issue where saved Points charts were not showing.
- Fixed an issue where announcements could be created with an end date in the past.
- Fixed an issuer where the timescale for saved charts would not change.
- Fixed an issue where the background task to move/delete content items could fail if the first comment was missing.
- Fixed the hardcoded content type name in the recognized content block.
- Fixed an issue where Moderator Activity charts were using the same date range.
- Fixed an issue where a not available item from the search index could break the daily stream subscriptions mail.
Commerce
- Fixed an issue where the blog seo name wasn't updated when the blog name was changed.
- Fixed an issue where the blog grid view could have a broken pagination.
Events
- Fixed an issue where hiding a subscription package in the ACP would throw an error.
- Fixed an issue where duplicate records could be generated for PayPal billing agreements.
- Fixed an issue where some stripe payments were processed twice.
- Fixed an issue where users could upgrade subscription plans at no charge if the expiration date had passed but the purchase was not marked as expired.
- Stripe non-card payments now use the updated version of the Stripe API.
Forums
- Fixed an issue where the offset wasn't casted to an integer which could have caused an error on the events overview page.
Pages
- Improved the efficiency when viewing very large archived topics.
- Fixed an issue where forum post counts may not be accurate.
- Fixed an issue where moving the file storage location would not update the file path in the database.
Platform
- Improved the php block code validation while saving the custom blocks content.
- Fixed an issue where club categories did not show in the list when club content is visible throughout the community.
- Fixed an issue where page template names could have a space in the title.
- Fixed an issue where creating new records via REST would fail when revision history is enabled.
- Fixed an issue where deleting a database wouldn't delete all it's categories.
- Fixed an issue where club category menu entries would be shown even if the visitor has no permissions to view the page.
- Fixed an issue where guests couldn't open the club categories page.
- Fixed an issue where live topic notifications would be shown to for hidden/deleted topics.
Changes affecting third-party developers and designers
- Removed a MySQL 5.7 specific optimisation for loading content item with lots of comments.
This is our March maintenance release. This release also includes an important security related fix for Commerce users.
New features:
Security
- Pages Databases in Clubs
Core
- Resolves an issue in Commerce when tampering with filters could cause errors.
Blogs
- Improved the efficiency when getting attachments for topic statistics.
- Improved the efficiency of streams when "Content I posted in" is selected.
- Improved the Internal Embeds system to show better error messages for deleted comments & reviews.
- Improved performance of invalidating member sessions when using Redis.
- Added new Moderator actions by action statistics section.
- Fixed Checkbox Overview Statistics not working properly.
- Fixed Moderator Activity statistics table not displaying properly.
- Fixed Warnings over time statistics table not displaying properly.
- Fixed Suspended users over time statistics table not displaying properly.
- Fixed saved charts not displaying data correctly when custom form filters are used.
- Fixed Geographical Charts CSV download not generating properly.
- Fixed an issue where creating an activity stream in the ACP could be missing the clubs filter.
- Fixed an issue where the badge title would be shown as hash value in translated notification emails.
- Fixed an issue where the Posts Per Day Limit was also used for private messages.
- Fixed an issue in the members/warnings endpoint where the POST request could fail while giving a member a warning if warning actions were present.
- Fixed an issue where deleting content may send a delete request to Community Hive, even if it was not enabled.
- Fixed an issue where 3rd party applications with a broken/missing versions file would break the upgrader.
- Fixed an issue where members with a false validation flag would be unable to login.
- Fixed an issue where the Google Maps Autocomplete Integration could display an error message.
- Fixed an issue where not all clubs may be shown on the member profile clubs page.
- Replaced the hardcoded forum_id in the promotion achievement extension.
- Fixed an issue where the Signature Settings page couldn't be accessed to change the signature visibility, without permissions to edit signatures.
- Fixed an issue where new comment notifications posted in anonymous topics were showed as posted by an anonymous member.
- Fixed an issue with the post count value for the Mass Move /Mass Delete action.
- Fixed an issue where delayed deleted content from private clubs isn't shown in the ModCP - Deleted Content area.
- Fixed the default value for the Manifest related manifest_details setting.
- Fixed an issue where the guest group settings couldn't be edited.
- Fixed an issue where YouTube embeds may not lazy-load.
- Fixed an issue where the guest group settings couldn't be edited.
- Fixed an issue where admins with permission to manage stored replies could still not manage these.
- Fixed an issue where the club filters could cause an EX0 error when a not existing field was used.
Forums
- Fixed an issue where moving a blog entry and sending a moderation alert may cause an error.
Courses
- Added new Solved Topics by Group statistics section.
- Added new Unsolved Topics statistics section.
- Added Top Solvers statistics section.
Pages
- Fixed Enrollments statistics table not displaying status correctly.
- Fixed an issue where sorting the enrollments in the ACP by name would throw an error.
- Fixed a missing language string.
- Fixed not translatable module titles.
Platform
- Added ability for database categories to be added to Clubs.
- Views are now tracked for Pages.
- Fixed an issue where pages were not reindexed after WYSIWYG blocks were added/edited.
- Fixed an issue where record thumbnails which were created via the REST API hadn't the proper thumbnail size.
Commerce
- Page views for pages will now be included in analytics reports.
- Fixed an issue with the post before registering flow when content was identified as spam.
Events
- Fixed an issue with the subscriptions member filter.
- Fixed a broken default value in the businessAddress.
- Fixed an issue in the commerce categorySidebar template.
Downloads
- Added organizer, eventAttendanceMode, and VirtualLocation to events JSON_LD.
- Fixed an issue where guests searching for events could see an error.
Gallery
- Fixed an issue in the Downloads File Embed Template where the comment count was shown for files in categories without comments.
Converters
- Fixed an issue where the vertical image widget wouldn't show the image in Chrome.
- Fixed missing alt texts for event cover images.
- Improved conversion of attachments in WordPress, Attachments will now be converted inside posts instead of converting to media files.
Changes affecting third-party developers and designers
- Added new core/admin/global template userLinkWithPhoto.
- Added new tableLangPrefix property for Dynamic Charts.
- Fixed adding new warning reason throwing an error while IN_DEV.
- Fixed an issue where the radio form template would result in an error if no htmlID was set.
- Fixed an issue where clean IN_DEV installations have a broken serviceworker if no manifest details were set.
- Updated HTMLPurifier to 4.17.0.
- Replaced JShrink with JS-minify for better Javascript compatibility.
- Removed jQuery History, removing deprecated 'onunload' handler.
January maintenance released --01/23/2024
##############
Core
Blogs
- Added the embed.php controller to the robots.txt file and added a noindex tag so that search engines don't index the content.
- Added the referring URL to the content of the Contact Form.
- Changed PHP recommendation to 8.1.
- Changed MySQL recommendation to 8.0.13.
- Improved the contact us form UX for guests.
- Improved the queued comments count handling.
- Improved the description for the similar content widget to highlight the different flow when ES is used.
- Improved the thumbImage template to add an alt tag and optimize lazy loading.
- Fixed a design issue on the error page.
- Fixed an issue in the DELETE /core/members/{id}/secgroup/{groupId} REST endpoint, where members could lose a secondary member group.
- Fixed an issue where calling the GraphQL API without a query would throw an EX0 exception.
- Fixed an issue with the x hashtag not being set.
- Fixed an issue where members with a false validation flag would be unable to login.
- Fixed an issue with reliability of logging early in the boot process.
- Fixed an issue with invalid page URL parameters.
- Fixed an issue where profile fields weren't shown on content submissions.
- Fixed a typo in siteSocialLinks template.
- Fixed an issue on the registration form, where one could submit any coppaa/birthday combination.
- Fixed an issue where tags were not showing in alphabetical order (when enabled) for search results.
- Fixed an issue where the webhook payload from Status Posts wasn't properly formatted.
- Fixed Member List Exports not properly formatting Yes / No and Checkbox profile fields.
- Fixed an issue where disabled login handlers would still be accessible in the UCP.
- Fixed an issue where the member webhook payload contained a false value for the allowAdminEmails key.
- Fixed an issue parsing <video> elements with multiple <source> elements when lazy-load is enabled.
- Fixed an issue inthe follower template where we didn't cast the page as integer.
- Fixed an issue where giving cookie consent to the IPS cookies would result in an empty page.
- Fixed an issue where web app icons may be cached by a CDN and show older versions.
- Fixed a regression when copy & pasting files in an editor by reverting a previous fix.
- Deleting a webhook will now also delete the data from core_api_webhook_fires.
- Removed the deprecated twitter_hashtag` setting.
- Removed the profile blocking from the default robots.txt file.
- Fixed an issue where Status Feeds don't update after saving statuses and replies.
Courses
- Fixed an IN_DEV issue where the Blog Edit form would result in an error.
- Fixed protocol relative URL's showing in Blog RSS Feeds.
- Fixed an issue where the "Content Approval Hint" wasn't shown while creating blog entries.
Events
- Fixed an issue on the courses quiz form, where images wouldn't be shown.
Downloads
- Fixed protocol relative URL's showing in Blog RSS Feeds.
Forums
- Fixed protocol relative URL's showing in Blog RSS Feeds.
- Fixed an issue with the downloads/files/{id}/history endpoint where the update time wouldn't be changed.
- Fixed an issue where the search custom fields form showed a search related field.
- Fixed an issue where the file screenshots were not sorted correctly.
Commerce
- Improved the efficiency of the "Time to solved" chart.
- Improved the JSON-LD for Question Topics to show replies as suggested answers.
- Fixed an issue with the fluid view, where invalid forum ids would remain "forever" in the address bar.
- Fixed protocol relative URL's showing in Blog RSS Feeds.
- Fixed 2 faulty canHide permission checks.
- Fixed an issue where links to comments in archived topics would point to the wrong location.
Pages
- Improved the design on the ACP Support Form to improve the readability of the "GOTO" links.
- Fixed an issue where expired or canceled subscriptions did not always restore the appropriate member groups.
- Fixed an issue where Google/Apple Pay transactions may auto-capture when held by a fraud rule.
- Fixed an issue where the same PayPal transaction could be processed twice.
- Fixed an issue where 3D Secure status may not show correctly on some Stripe transactions.
Gallery
- Fixed an issue where the rss import feature skipped the title prefix value.
- Fixed an issue where records created via the REST API or RSS import wouldn't be linked correctly to other items.
- Fixed an issue where page record comments would create posts in archived topics when topic syncing is enabled.
- Fixed an issue with the database filter widget where the custom fields default value was set automatically.
- Fixed an issue where unsetting the "Remember filters" checkbox wouldn't remove the filter cookie.
- Fixed an issue where moving/deleting comments could stop the queue from processing.
Converters
- Fixed an issue where editing the gallery image details would remove the exif data.
- Fixed an issue where editing the gallery image or video details while the file is still uploading would not save the details.
- Fixed an issue where allowing a user to submit images to an album they do not own may not allow them to submit.
Platform
- Fixed tags not displaying properly when rebuild completes before permissions are set.
- Improved the un-archiving process for topics when archiving gets disabled.
Changes affecting third-party developers and designers
- The POST /core/members/{id}/secgroup/{groupId} endpoint will log the changes to the member history.
- Fixed an IN_DEV issue in the checkout form, which was caused by an undefined variable.
- Fixed an INDEV issue where ignoring a member from his hovercard with INDEV mode would show a "CSRF KEY present in the url error".
- The Contact Form will now contain a "contact_referrer" value when the form is submitted. It is up to the calling extensions handleForm() method to determine how to handle this information.
- Performance improvements targeting MySQL 8.
- Changed the method signature for \IPS\Node\Model::setLastComment() and \IPS\Content\Item::resyncLastComment()
Forums
Downloads
- Added a new "Topics with No Replies" list to the Topics statistics section.
- Added a setting for each forum to exclude topics marked as solved that were posted before a specific time.
- Fixed an issue where it was possible to downvote answers even when negative ratings were disabled.
- Fixed an issue where club forums were showing in global forum stats.
- Fixed an issue where empty answers (including image/embed only answers) may cause a json-ld validation error.
Events
- Fixed linked files not showing a title on the download prompt when multiple files are available.
- Fixed new versions always requiring approval even if submitter is set to bypass content approval.
Converter
- Fixed an issue where copying an event did not honor automatically following content posted.
- Fixed a permission conflict where a user could see a calendar, but not read events, could not see those events in the listing.
Commerce
- Added Invision Community merge tools for Calendar and Blog.
Pages
- Fixed Paid club memberships not able to be renewed if a renewal invoice is already pending.
- Fixed incorrect renewal terms description when manually adding a member to a subscription.
Gallery
- Fixed an issue where records may show incorrect posted in badges if forum comment sync is enabled.
- Separated Records per page and Comments per page in database settings.
- Fixed record image not able to be set via REST API.
- Fixed an issue where promoting a topic to the CMS could fail if the target DB had a custom field which was set to be unique.
- Fixed an issue where some field types did not display properly when viewing revisions.
Blogs
- Optimized the ACP Dashboard widget.
Courses
- Fixed extraneous arrow showing for child blog categories.
Platform
- Fixed an issue where module names were returning all languages simultaneously.
- Fixed an issue where images in course lessons wouldn't load in a lightbox.
- Fixed an issue where long descriptions caused the course image to stretch out on the page.
- Fix content removed by spam analysis still sending unapproved notifications.
Changes affecting third-party developers and designers
- Searching specific REST API log endpoints with variables (ex, {id}, {key}, etc.) is limited to the following regex pattern: [a-zA-Z0-9-]+
full chanagelog for this version link https://invisioncommunity.com/release-notes/