Staff Member
Diamond Supporter
Platinum Supporter
Bronze Supporter
- Messages
- 12,559
- Reactions
- 18,018
As much as I know this will pain the people who use it with NWFA, TapaTalk is currently disabled, possibly for good this time.
An serious exploit was found in the TapaTalk forum plugin this week which left every forum running their software vulnerable. Luckily, NWFA was not targeted. Rather than notify forum owners using the vulnerable software, they quietly released a new version with a security patch. It'd debatable whether this is the best course of action when an exploit is discovered, as you don't want to alert those wishing to exploit the software before owners have time to patch it, but they didn't notify us forum owners of the new version, which they certainly should have done. No decent forum admin would ignore an urgent email telling them to update to the latest version.
This is not the first time this has happened with TapaTalk, more like the fourth. If they don't care about the security of people running their software, we can no longer continue to run it. I'm not going to put this community at risk for *any* reason.
I'm still looking into our options, but the best one seems to be resizing ads for mobile users and using the built in responsive XenForo design. The biggest drawback of this is the lack of push notifications, but these are easily replaced by email alerts on mobile devices. I'd like to hear thoughts from our TapaTalk users on this issue.
An serious exploit was found in the TapaTalk forum plugin this week which left every forum running their software vulnerable. Luckily, NWFA was not targeted. Rather than notify forum owners using the vulnerable software, they quietly released a new version with a security patch. It'd debatable whether this is the best course of action when an exploit is discovered, as you don't want to alert those wishing to exploit the software before owners have time to patch it, but they didn't notify us forum owners of the new version, which they certainly should have done. No decent forum admin would ignore an urgent email telling them to update to the latest version.
This is not the first time this has happened with TapaTalk, more like the fourth. If they don't care about the security of people running their software, we can no longer continue to run it. I'm not going to put this community at risk for *any* reason.
I'm still looking into our options, but the best one seems to be resizing ads for mobile users and using the built in responsive XenForo design. The biggest drawback of this is the lack of push notifications, but these are easily replaced by email alerts on mobile devices. I'd like to hear thoughts from our TapaTalk users on this issue.