Jump to content

IPS Community Suite 4

Sub Category  

Browse our IPS4 content.

32 files

  1. Free

    IPS 4.1.11 Retail with all apps

    By waqas dar

    This is a security release and we recommend all clients upgrade as soon as possible.
     
    Key Changes
    This is a small maintenance release to fix a few issues reported in 4.1.10. In addition to bug fixes and performance improvements, it includes following new/changed features:
    Integration with SparkPost replaces Mandrill for optional email service as Mandrill is stopping their current service toward the end of April. Questions in Question and Answer forums can now be sorted by most votes. The "All Activity" activity stream now has an RSS feed. The filter bar at the top of the activity stream no longer sticks to the stop of the screen when scrolling. If you receive a browser notification your notification menu will now reload to get the latest notification. More consistent visual feedback when a post submit or edit is processing to reduce duplicates. Sidebar widgets now how rounded corners to match rest of Suite. Recaptcha style is now a per-theme setting. You can now set which theme should be the default for the AdminCP separate to which should be the default for the front-end.  
    Important Note
    This is the last release that will support PHP 5.4 as it is end of life and no longer supported by PHP.
    Please also note that PHP 5.5 goes full end of life in July 2016 so you should look into upgrading if your web host is using outdated versions. We will not immediately stop supporting PHP 5.5 in July but it may follow soon after.
     
    Additional Information
    Important Fixes
    In addition to many smaller bug fixes and performance improvements, the following important fixes are included:
    Guests were able to create streams. Logging into the AdminCP using Microsoft Sign In wasn't working. Pas were missing from the report center. In some circumstances, "0" would be removed from post content. MySQL 5.7 could throw an error when trying to clear out sessions. A recent Chrome update caused ACP search results to not display. Replying to support requests on an iPad wasn't working in some circumstances.  
    Security Fixes
    We are engaging in a third-party security audit of IPS Community Suite so you can expect the next few releases to contain a lot of security hardening. Many of these issues are not critical but we do still want to get the updates to you. This release includes fixes for several security issues:
    Several CSRF vulnerabilities - most importantly on the process for associating OAuth sign-ins (Facebook, Twitter, etc.) with an account, meaning a malicious user could associate their own OAuth sign-in with another user's account. A session-hijacking vulnerability where after a login key is reset (such as after a password) since a new key is not immediately generated, the account was vulnerable to hijacking until they sign in again. A bug which meant the names of forums or other nodes a user did not have permission to access may have been exposed by accessing a particular URL. Several XSS vulnerabilities meaning if a malicious user could convince another user to perform particular steps, limited arbitrary JavaScript could be executed. A vulnerability where if using the "Download Member List" feature and opening the file with certain applications, malicious user data could cause expressions to be evaluated.  
    And several security improvements:
    Any existing sessions for a member are now cleared if they change their password, meaning users signed in on multiple devices will need to sign in again after a password change. A more secure hash generation algorithm is now used for login keys.   
    Information for 3rd party developers
    ModCpMemberManagement can now return NULL to not display the tab. CKEditor has been updated to 4.5.8.

    8 downloads

       (0 reviews)

    0 comments

    Updated

  2. Free

    IPS Community Full Suite 4.1.11.1 Nulled

    By waqas dar

    This is a security release and we recommend all clients upgrade as soon as possible.
    Dont be leech click at like and share forum link with others. 
     
    Key Changes
    This is a security release to fix a number of security related issues.
    A vulnerability was recently discovered in ImageMagick, which, depending on your configuration, IPS Community Suite may use manipulate images. This update verifies that images sent to ImageMagick begin with the expected "magic bytes" corresponding to the image file type. We are engaging in a third-party security audit of IPS Community Suite and this update contains a lot of security hardening. Many of these issues are not critical but we do still want to get the updates to you.   
    This release only contains security fixes only. 4.1.12 will be our next general maintenance release.
     
    Additional Information
    In addition to the ImageMagick fix described above, this update contains fixes for the following issues:
    Session hijacking vulnerabilities with unmunged URLs and with referrer leaking  Several XSS vulnerabilities An open redirect vulnerability Under some circumstances, the reputation activity on a user's profile could reveal the titles of hidden content. Under some circumstances, the "post feed" sidebar widget reveal the titles of hidden content. The "Resend Confirmation Email" and "Change Email" buttons which appear when validating, and the "lost password" tool had no rate limiting, which could allow a malicious user to send lots of emails damaging the server's reputation. Uninstalling an application caused Pages pages to lose their sidebar configurations.

    3 downloads

       (0 reviews)

    0 comments

    Updated

  3. Free

    IPS 4.1.10 all apps retail

    By waqas dar

    Download Ips 4.1.10 retail original files with all apps at fundayforu.com
     
    This is a maintenance and security release to fix reported issues and add refinement to existing features. In addition to bug fixes and performance improvements, it includes following new/changed features:
    Instant notifications are now dismissible. The sidebar has been added back to the stream pages. You can now sort by most downloaded in Downloads app. The ModeratorCP and AdminCP IP Address Tools now allow you to track the IP addresses used to vote in polls. A new setting has been added to disable the RSS feed for activity streams. A new setting has been added to specify the minimum display name length. Adds a new "can unban" moderator permission separate to the "can edit profiles" permission being used previously. IP addresses now show in reports. There is now a constant-level setting to disable the ACP IP address check in case of being locked out of the ACP. Several improvements to Commerce to make some features clearer: the Shipping Rates configuration pages now indicate to the admin if a potential mistake has been made, the front-end indicates to admins if no support departments have been set up, and the renewal settings wording has been clarified.

    20 downloads

       (0 reviews)

    1 comment

    Updated

  4. Free

    IPS Community Suite 4.1.9 Retail

    By waqas dar

    Released 03/21/2016
     
    This is a security release and we recommend all clients upgrade as soon as possible.
     
    Forum Chat Download Gallery Blog Nexus pages  
    Key Changes
    This release fixes reported issues from clients in our bug tracker and support tickets and adds refinement to existing features.
    New or Changed Features
     
    When your link auto-embeds in a post such as with an image, YouTube video, Twitter link, etc. an option will now display to revert the embed back to a plain text link if you do not want the embed. New setting to disable embedding. Facebook/Twitter integration improvements If you are an administrator and encounter a system error, additional debug output will now display. Regular members will see the normal error message. Custom Fields for Support Requests in Commerce now show on the front-end. If an advertisement is set up with a main image, but not smaller images for tablets/mobiles, the ad would not show at all on tablets/mobiles. This has changed so the main image will display on all devices unless smaller images are provided. Topics scheduled to automatically lock or unlock will now reflect this in the topic listing and when viewing the topic. Placing a link to a Facebook status will embed when possible. When viewing a report, the container (for example, the forum) the content is from is displayed. Three character searches are now allowed in the Admin CP Live Search. The Account Settings page now uses vertical rather than horizontal tabs to prevent overflow. If Gravatar is enabled, and a user has not defined an profile photo, then their email address will be used to fetch from Gravatar unless explicitly set not to. Gfycat embeds now use their oEmbed endpoint rather than their JS API. Using Amazon CloudFront as https provider will now be recognized as valid secure connection. The member REST API endpoint will now return custom fields. The Developer Center for Plugins now shows the filename in the list of hooks, and when editing a hook, a breadcrumb includes a link back to the list. Inline notifications can now be dismissed Efficiency improvements to the search index You can now close a poll independently of the topic  
    Important Fixes
     
    In addition to dozens of smaller fixes this release includes fixes for the follow items that impacted many clients:
     
    Several security enhancements. The posting parser has been made more efficient. Some BBCode does not parse correctly in version 4 and we have applied some fixes for this. In general BBCode is deprecated so we only provide basic support. Sitemaps could sometimes be blank if there was no content in a specific section. Certain URLs from version 3 were not redirecting properly to the new version 4 format. The timezone detection is now more robust and will more gracefully fail if it cannot determine a visitor's timezone. Permission matrices have been reworked to send less data to prevent exceeding server limitations. Decimal handling has been reworked in Commerce for more precise calculations. The database class now handles InnoDB deadlocks more gracefully, and some queries have been changed to reduce the likeliness of deadlocks. Performance improvements to areas which perform large updates on the members table (for example, when editing permissions). Pages 'number' custom fields previously had an upper limit for submitted values around 2 billion. Multiple fixes for tag searching  
    Additional Information
     
    Security Enhancements:
     
    Some potential issues have been brought to our attention with MD5 checks within the suite, including:
    In very specific situations, it can be possible to trick certain MD5 checks in to passing when the supplied MD5 hash does not actually match. Due to the way PHP compares strings, it is theoretically be possible under very controlled conditions to brute-force certain MD5 checks by measuring the response time. When logging out or changing one's password, the key used to automatically authorize a user on subsequent visits was not appropriately reset, meaning if someone had access to a machine you had previously logged in on (but not logged in again since you logged out), it may have been possible to reclaim the session. In addition to the above, we have also added additional entropy to the generation of certain hashes.  
    While these issues are mostly theoretical in nature, they have been addressed in 4.1.9. We would like to thank Ian Carroll for bringing these issues to our attention. We do not use MD5 hashing as part of our password checking so none of these issues apply to the method used for password encryption. 
     
          2. We have resolved an XSS vulnerability. Though we employ techniques to limit the damage possible with XSS vulnerabilities, they can be used to cause annoyance and for social engineering attacks. We would like to thank LinusMediaGroup for bringing this issue to our attention.
     
          3. We have added noopener and noreferrer to the rel attribute on outgoing links to alleviate certain types of social engineering attacks.
     
           4. We have resolved an issue where under certain circumstances users could delete attachments without permission. We would like to thank https://www.malwarebytes.org/ for bringing this issue to our attention.
     
    Activity Stream Improvements
    The activity stream has a new toggle and filter bar that replaces the "Edit Form" link. It is now faster and easier to customize existing streams and to change the filtering options without having to create new streams.
     

     
    Example of "un-embed" option
     

     
    Facebook/Twitter integration improvements
     
     
    If signed in with Facebook or Twitter, when posting a status update, a checkbox to share on these services appears instead of the old setting to export statuses in the account settings panel. This change ensures IPS4 conforms with Facebook's Terms & Conditions and will pass Facebook's App Review. When setting up Facebook integration, a new setting allows disabling status imports so you do not need to go through Facebook's App Review if you only want to allow users to sign in with Facebook and not integrate with status updates. When setting up Facebook or Twitter integration, the setting to allow automatic sharing is shown in addition to in the sharing settings so it is easier to enable this feature. Facebook integration has been updated to use their latest API endpoints.  
    A  new guide will be available after 4.1.9's release to explain in detail how to go through Facebook's App Review process.

    6 downloads

       (0 reviews)

    0 comments

    Updated

  5. Free

    IPS Community Suite 4.1.9 With All IPS Apps Nulled

    By waqas dar

    Key Changes
    This release fixes reported issues from clients in our bug tracker and support tickets and adds refinement to existing features.
    New or Changed Features
     
    When your link auto-embeds in a post such as with an image, YouTube video, Twitter link, etc. an option will now display to revert the embed back to a plain text link if you do not want the embed. New setting to disable embedding. Facebook/Twitter integration improvements If you are an administrator and encounter a system error, additional debug output will now display. Regular members will see the normal error message. Custom Fields for Support Requests in Commerce now show on the front-end. If an advertisement is set up with a main image, but not smaller images for tablets/mobiles, the ad would not show at all on tablets/mobiles. This has changed so the main image will display on all devices unless smaller images are provided. Topics scheduled to automatically lock or unlock will now reflect this in the topic listing and when viewing the topic. Placing a link to a Facebook status will embed when possible. When viewing a report, the container (for example, the forum) the content is from is displayed. Three character searches are now allowed in the Admin CP Live Search. The Account Settings page now uses vertical rather than horizontal tabs to prevent overflow. If Gravatar is enabled, and a user has not defined an profile photo, then their email address will be used to fetch from Gravatar unless explicitly set not to. Gfycat embeds now use their oEmbed endpoint rather than their JS API. Using Amazon CloudFront as https provider will now be recognized as valid secure connection. The member REST API endpoint will now return custom fields. The Developer Center for Plugins now shows the filename in the list of hooks, and when editing a hook, a breadcrumb includes a link back to the list. Inline notifications can now be dismissed Efficiency improvements to the search index You can now close a poll independently of the topic  
    Important Fixes
    In addition to dozens of smaller fixes this release includes fixes for the follow items that impacted many clients:
     
    Several security enhancements. The posting parser has been made more efficient. Some BBCode does not parse correctly in version 4 and we have applied some fixes for this. In general BBCode is deprecated so we only provide basic support. Sitemaps could sometimes be blank if there was no content in a specific section. Certain URLs from version 3 were not redirecting properly to the new version 4 format. The timezone detection is now more robust and will more gracefully fail if it cannot determine a visitor's timezone. Permission matrices have been reworked to send less data to prevent exceeding server limitations. Decimal handling has been reworked in Commerce for more precise calculations. The database class now handles InnoDB deadlocks more gracefully, and some queries have been changed to reduce the likeliness of deadlocks. Performance improvements to areas which perform large updates on the members table (for example, when editing permissions). Pages 'number' custom fields previously had an upper limit for submitted values around 2 billion. Multiple fixes for tag searching  
    Additional Information
     
     
    Security Enhancements:
    Some potential issues have been brought to our attention with MD5 checks within the suite, including: In very specific situations, it can be possible to trick certain MD5 checks in to passing when the supplied MD5 hash does not actually match. Due to the way PHP compares strings, it is theoretically be possible under very controlled conditions to brute-force certain MD5 checks by measuring the response time. When logging out or changing one's password, the key used to automatically authorize a user on subsequent visits was not appropriately reset, meaning if someone had access to a machine you had previously logged in on (but not logged in again since you logged out), it may have been possible to reclaim the session. In addition to the above, we have also added additional entropy to the generation of certain hashes.  
    While these issues are mostly theoretical in nature, they have been addressed in 4.1.9. We would like to thank Ian Carroll for bringing these issues to our attention. We do not use MD5 hashing as part of our password checking so none of these issues apply to the method used for password encryption. 
     
    We have resolved an XSS vulnerability. Though we employ techniques to limit the damage possible with XSS vulnerabilities, they can be used to cause annoyance and for social engineering attacks.
      We have added noopener and noreferrer to the rel attribute on outgoing links to alleviate certain types of social engineering attacks.
      We have resolved an issue where under certain circumstances users could delete attachments without permission. We would like to thank https://www.malwarebytes.org/ for bringing this issue to our attention.  
    Activity Stream Improvements
    The activity stream has a new toggle and filter bar that replaces the "Edit Form" link. It is now faster and easier to customize existing streams and to change the filtering options without having to create new streams.
     

     
    Example of "un-embed" option
     

     
     
    Facebook/Twitter integration improvements
     
    If signed in with Facebook or Twitter, when posting a status update, a checkbox to share on these services appears instead of the old setting to export statuses in the account settings panel. This change ensures IPS4 conforms with Facebook's Terms & Conditions and will pass Facebook's App Review. When setting up Facebook integration, a new setting allows disabling status imports so you do not need to go through Facebook's App Review if you only want to allow users to sign in with Facebook and not integrate with status updates. When setting up Facebook or Twitter integration, the setting to allow automatic sharing is shown in addition to in the sharing settings so it is easier to enable this feature. Facebook integration has been updated to use their latest API endpoints. A new guide will be available after 4.1.9's release to explain in detail how to go through Facebook's App Review process

    2 downloads

       (0 reviews)

    0 comments

    Submitted

  6. Free

    IPS Community Suite 4.1.8.1 Retail Origional Files

    By waqas dar

    IPS Community Suite 4.1.8.1 Retail Origional Files with gallery application only.
    Released 02/04/2016
    Key Changes
    This is a very small release to fix a few rather annoying issues from 4.1.8. Sorry about that  
    Fixes an issue where incoming emails were not being received correctly.
    Fixes an issue where guests could do a partial account registration which could cause some confusion to the administrator when editing.
    Fixes an issue where the AdminCP dashboard may incorrectly report tasks aren't running when they actually are.

    1 download

       (0 reviews)

    0 comments

    Submitted

  7. Free

    IPBoard_-_4.1.8.1 nulled_With_All_IPS_Apps

    By waqas dar

    IPS Community Suite 4.1.8.1 Nulled with all apps.
     
    forum blog commerce gallery pages calendar chat  
    Released 02/04/2016
    Key Changes
    This is a very small release to fix a few rather annoying issues from 4.1.8. Sorry about that   Fixes an issue where incoming emails were not being received correctly. Fixes an issue where guests could do a partial account registration which could cause some confusion to the administrator when editing. Fixes an issue where the AdminCP dashboard may incorrectly report tasks aren't running when they actually are.

    9 downloads

       (0 reviews)

    0 comments

    Submitted



×
×
  • Create New...