XenForo v1.5.8 - it's fast and convenient system management forum. The developers of this software product dedicated many years working on such a hit as VBulletin. Therefore, among the priorities: high speed, resistance to heavy loads, as well as advanced functionality. This release includes fixes for 2 security-related issues reported by Julien Ahrens (from www.innogames.com). We consider these issues to be very minor and are very unlikely to be exploitable, so they have been included as part of the 1.5.8 fixes rather than as a separate patch.
Some of the other bugs fixed in 1.5.8 include:
Ensure message length limits are enforced in conversations.
Clean up like counts on profile post comments when the comment is deleted or the containing profile post is deleted.
Log IPs when a session is created from a "stay logged in" cookie.
Fix an issue where content pasted into the rich text editor could have spaces stripped out unexpectedly.
When an add-on is updated, make sure JS files are recached as they may have changed.
Allow reports for posts that were in a forum that has since been deleted to be viewable.
Only allow form textareas to be vertically resizable by default.
Attempt to force TLSv1 with connections to PayPal when it's unclear if TLS 1.2 is supported.
Make the meaning of certain subscription-related IPN callbacks from PayPal clearer in the transaction log.
Allow the PayPal IPN handler to be extended by add-ons.
Fix an issue where inserting a spoiler into the rich text editor could lose the current selection.
Remove an unexpected scrollbar from the second (and further) lightbox created on a page.
Fix a case where accounts imported from IPB did not authenticate properly if their password contained certain special characters.
Respect custom BB codes disabling BB code parsing within when setting up the rich text editor.