Kynan C.
Admin
Security Update
The security issue relates to XML processing. A specially crafted XML file can be used to enact a denial of service attack or potentially read files from the the file system. This type of vulnerability has been identified in many other applications. In XenForo, the risk is mitigated as only authenticated administrators may trigger the XML processing routines; website visitors cannot directly exploit this issue. However, if you import RSS feeds from elsewhere, these could potentially be modified to trigger the issue. As such, we strongly recommend that you upgrade to a patched version as soon as possible.
The security issue relates to XML processing. A specially crafted XML file can be used to enact a denial of service attack or potentially read files from the the file system. This type of vulnerability has been identified in many other applications. In XenForo, the risk is mitigated as only authenticated administrators may trigger the XML processing routines; website visitors cannot directly exploit this issue. However, if you import RSS feeds from elsewhere, these could potentially be modified to trigger the issue. As such, we strongly recommend that you upgrade to a patched version as soon as possible.
