Forum update & theme change

bear

Server Owner
Everyone,

Our forum software has now been updated, containing functionality improvements, bug fixes, and an important security fix:

The issue is a XSS vulnerability. XSS (Cross Site Scripting) issues allow scripts and malicious HTML to be injected into the page, potentially allowing data theft or unauthenticated access. The vulnerability requires some very specific steps to be taken, involving pasting malicious content into the XenForo rich text editor, which may mean it is difficult to trigger.

Additionally, I have made the decision to revert our forum theme to the default version as shipped by XenForo.

There are a number of reasons for this, some of which include:

- The default theme is more reliable. There were a number of bugs with the old custom theme, including, but not limited to, the editor for when making topics and posts. Some functionality simply did not work as it should have. That functionality now works fine.

- Using the default theme is easier to maintain. Whenever XenForo release an update, there are usually template changes that have to be manually applied. By using the default theme, we don't have to worry about that anymore.

Whilst the new theme is not as tasty on the eyes, it will provide a more reliable browsing experience, which is far more important than aesthetics.

More information about the 60+ changes in this update can be found at https://xenforo.com/community/threads/xenforo-2-1-10-patch-2-released-includes-security-fix.180901/

P.s. I will add the SFSE logo back shortly :)

Thanks!
 
Anyway to make it dark again?

From what I can see none that is official, however here is an alternative I use.
SX2njTt.png
 
aren't the default theme has an option to switch from light to dark.

No, that was an option available in the custom theme we reverted back from. While I wish we would change back to custom themes, possibly find one that doesn't have vital bugs concerning functionality or anything else, I can understand choosing security and efficiency over features.
I guess as long as this decision is up to date and in effect, we've got to look for third-party ways to have a dark theme. Browser extensions such as the one I mentioned in my post above is one of them.
 
I can understand choosing security and efficiency over features.

Pretty much. You'll find a lot of webmasters seriously do not give a toss about security. They install bloated plugins or themes because it looks pretty or adds functionality that no one really cares about or uses.

And that's a good part of the reason their databases get exposed on sites like https://haveibeenpwned.com/ (fun fact: there's some SA:MP servers listed in this database too).

I can name a whole bunch of SA:MP servers who run outdated forum software with active security vulnerabilities and are putting their members' personal information at risk.
 
The forum has once again been updated, this time to XenForo 2.2!

The main changes you'll notice are a much cleaner looking editor for making threads, or replying to them, along with the ability to upload a profile banner. You can also now add attachments to profile posts.

Elsewhere, guests can now write replies as though they had an account, and when submitting, they will never be prompted to register. This is designed to boost engagement.

There's a bunch of other things too :)

Enjoy!
 
Last edited by a moderator:
Back
Top