Jump to content

Version of Invision Community/Security Update


Recommended Posts

Intelligence Officer

Intelligence Officer


Key Changes

This is a maintenance release for Invision Community 4.6.

Additional Information


  • Increased the strength of the obfuscation hash appended to non-safe files and increased security on iFrame based embeds in posts.*


  • Added support for Brightcove video embeds.
  • Improved MySQL efficiency when deleting members.
  • Set a default value for the search flood time when creating a member group.
  • Improved logging for errors returned by Elastic Search.
  • Added delete & merge logic for the logins log on member deletion and when 2 accounts are merged.
  • Fixed an issue when upgrading to 4.5.0 with duplicate keys when consolidating the referrer tables.
  • Fixed downloading files with non-latin character downloaded with corrupt characters in Edge and Chrome.
  • Fixed broken links in the our picks widget.
  • Fixed an issue where the Oauth1 Login Handler would use a not existing method to log any upcoming errors.
  • Fixed the rank title not displaying correctly in new rank notification emails.
  • Fixed an issue where it was not possible to alter file storage configurations in some circumstances.
  • Fixed an issue where achievements would show in a hovercard for a member in a group that has achievements disabled.
  • Fixed an issue where badge images could be uploaded with the same name, thus deleting one could delete many.
  • Fixed an issue where ranks show on the AdminCP member list when Achievements are disabled.
  • Fixed an issue where anonymous users may be cached in Who's Online blocks.
  • Fixed an issue where a reserved keyword is used (specific to MySQL 8.0.17/18)
  • Fixed an issue with Elastic Search not being able to index anonymous content.
  • Fixed incorrect timezone detection for users in Argentina.
  • Fixed an issue where the notifications page could throw an exception while trying to return notification data from plugins or not existing notification extensions.
  • Fixed inability to upload WebP images to Group Icons and Ranks/Badges.
  • Made a minor change to ensure the registration page is not cached by a web browser.
  • Expired warning points are now differentiated between active warning points in member profiles for improved clarity.


  • Fixed an issue when creating a record in the Admin CP and choosing another member as the author would not fire achievements for that author.
  • Fixed an error attempting to copy a topic to a database that is not on a page.
  • Fixed some missing language strings which would result in a failure while creating a review.


  • Fixed an issue where Topics would not refresh when selecting Forums in Fluid view.
  • Fixed malformed JSON-LD markup for archived topics.
  • Fixed an issue where parent was required but not marked required when updating a forum via REST API.
  • Fixed an issue where legacy deleted posts are not removed correctly when upgrading from Invision Community 3.x.


  • Fixed an issue where copying a topic to a database would result in an IN_DEV CSRF key warning.
  • Set a default value for the 'Time user must wait before download starts' group setting while creating a member group.
  • Fixed an issue where a large file description may not save if it is larger than 64kb.


  • Added Invision Community converters for Downloads & Gallery.
  • Fixed some minor issues encountered during an Invision Community conversion.


  • Fixed an issue where the Billing Agreements synchronisation task wouldn't check payments via PayPal Subscriptions API.

REST / OAuth

  • Fixed the members/follows POST endpoint which would return an error when trying to follow some content.


  • Fixed an issue where copying a calendar event with a broken cover image would result in an exception.

* An independent security researcher, Simon Scannell, has reported this vulnerability to the SSD Secure Disclosure program

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Who's Online   0 Members, 0 Anonymous, 1 Guest (See full list)

    • There are no registered users currently online
  • Create New...