As this is a maintenance release, the vast majority of the focus was an increase in stability.
However, we have improved our login brute force mitigation system to not only limit login attempts per user but to also place temporary blocks on entire IP addresses if they fail to login too many times.
This release also brings our use of the Facebook Open Graph API up to version 2.0. Although you will not see any noticeable difference, it does ensure that the Facebook integration will continue to work after they officially end support for version 1.x of the API. In addition to this mostly behind-the-scenes change, we have also removed the Facepile and Recommendations box from various templates as these Facebook plugins are now deprecated and due to stop working in June.
Please note that we are now formally recommending that you upgrade to PHP 5.4 or newer. Our intention with XenForo 2.0 is to require PHP 5.4 or newer. If you are running PHP 5.3 or 5.2, you will receive a warning when installing or upgrading XenForo.
Some of the bugs fixed in 1.4.6 include:
- Prevent double escaping of ampersands in image tags.
- Add limits to the number of images being fetched by the image proxy simultaneously and add more strict limits to time outs and retrieval speed.
- Allow a character set to be specified in the SMF importer.
- Fix an off-by-one style error with the flood check that could allow multiple requests through in a 1 second window.
- On the customized components page, only revert items matching the filter.
- Remove deprecated Facebook social buttons and convert to use the HTML5-style versions.
- Fix an issue where Chrome would not re-focus the editor properly when opening a menu.
- In the editor, update the current button state using the browser APIs when backspacing.
- Load external JS/CSS when opening the smilie menu.
- When running the spam cleaner, stop redirecting when not checking IPs.
- Dynamically change whether fixed overlays are used based on the overlay height (when loaded).
- Properly number format user upgrade costs
See the
Resolved Bug Reports forum for further information.
The following templates have had changes:
- account_external_accounts
- member_list
- member_notable
- member_warn
- news_feed_page
- news_feed_page_global
- PAGE_CONTAINER
- quick_navigation_menu
- register_facebook
- report_view
- share_page
- sidebar_share_page
Where necessary, the merge system within the "Outdated Templates" page should be used to integrate these changes.
