Khoros Communities 25.11 Release Notes

The Khoros Communities 25.11 release delivers critical security updates, comprehensive accessibility improvements, enhanced survey targeting capabilities, and numerous stability fixes across content management, authentication, and search functionality.

Classic

• Applied critical security patches addressing vulnerabilities in jQuery and TinyMCE components.
• Enhanced username validation to prevent impersonation attempts using visually similar characters from different language scripts.
• Improved flood control performance, significantly reducing processing time for users with many product associations.
• Fixed Rich Text Editor alignment not applying correctly to text with inline formatting such as bold or italic.
• Fixed custom table background colors and styling being stripped when saving blog posts.
• Fixed Events module errors preventing users from creating, publishing, or viewing events after upgrade.
• Fixed deleted article history records causing entire version history to be wiped when removing individual draft versions.
• Added comprehensive accessibility improvements including: keyboard operability for Reply and Follow buttons; proper carousel navigation with skip options; corrected focus order in Tags modal; disabled auto-focus in private message compose modal; added missing alt attributes to images throughout the application; and programmatically associated error messages with form fields.

Aurora

• Implemented advanced survey targeting with configurable prompts based on user authentication status, roles, location, and visit patterns.
• Fixed critical memory leak in integration points registry that was causing system crashes and performance degradation after 24-40 hours of operation.
• Fixed private messages failing to load for users with large recipient lists.
• Fixed users being unable to join hidden groups via email invitations.
• Enhanced search functionality to properly handle Traditional Chinese, Japanese, and Korean characters.
• Fixed language preference cookie expiring after 24 hours instead of persisting for the configured 30-day period.
• Fixed CSV export failures when survey responses were linked to deleted user accounts, now properly marking these as "Anonymous".
• Added dimension validation for image uploads to prevent pixel flood attacks that could cause memory exhaustion and system crashes.
• Fixed navigation error flash when users return from profile pages to discussion threads using the browser back button.
• Fixed blog article delete confirmation dialog intermittently not appearing for users.
• Fixed page index resetting to first page when unfollowing items on the Follows and Notifications page.
• Fixed navigation links being replaced instead of appended when adding more than 10 links in the community header.
• Fixed missing locale parameter causing incorrect privacy policy URLs during SSO registration.
• Fixed Aurora search bar displaying category IDs instead of user-friendly board names as placeholder text.
• Fixed custom fields and mandatory native fields not appearing on SSO registration forms for partially registered users.
• Fixed page crashes when users with Employee role attempted to use @mentions in comments.
• Fixed ZIP file attachments being stripped when submitting forum replies despite being configured as allowed.
• Fixed anonymous and deleted users appearing in Top Taggers leaderboard.
• Enhanced security for video embedding with improved validation and localized error messages.
• Enabled DNG (Digital Negative) file uploads for communities requiring professional photography file support.
• Updated robots.txt configuration to prevent Google from crawling legacy Classic URLs, eliminating 404 errors in Search Console.
• Enabled API access to archived messages using client credentials authentication with proper pagination support.
• Fixed BrandMessenger component causing page errors when encountering loading issues.
• Fixed custom React components failing to load on newly created development branches.
• Fixed custom component localization displaying text keys instead of translated values for Portuguese (Brazil) and other regional locales.
• Fixed message indexing errors that were preventing proper search functionality for archived content.
• Added content-type header to SAML logout calls to ensure proper session termination across integrated systems.
• Prevented OIDC SSO authentication tokens from being exposed in Personal Information exports.

Pre-Prod Rollout: November 26-27. Testing window open from November 27 through December 8.
Production Rollout: December 10-11
The rollout will follow the standard maintenance windows.