rss.livelink.threads-in-node

Help identifying XML fields for message attributes in Khoros data export

adtucs — Fri, 24 Apr 2026 11:03:42 GMT

I'm working on a project where I need to parse and process a Khoros XML data export of my community, and I'm trying to map out the right entities and fields for several message-level attributes.

Specifically, I'm trying to figure out which XML files, entities, and fields correspond to the following:

Visibility scope of a message i.e how can I tell a message is private, draft or archived
Whether the message is a solution and solution is marked by which user / user_id and when (time)
Whether the message is read only or has comments blocked
Moderation status - whether the message was rejected, approved etc
Kudos - How can I find the kudos count and individual kudo for a message e.g user, time and weight info
similarly, where is the MeToo data stored for a message?

Any help with field names, entity references, look in would be a huge help.

Help identifying XML fields for message attributes in Khoros data export

adtucs — Thu, 23 Apr 2026 12:41:03 GMT

I'm working on a project where I need to parse and process a Khoros XML data export of my community, and I'm trying to map out the right entities and fields for several message-level attributes.

Specifically, I'm trying to figure out which XML files, entities, and fields correspond to the following:

Visibility scope of a message i.e how can I tell a message is private, draft or archived (API Reference)
Whether the message is a solution and solution is marked by which user / user_id and when (time) (API Reference)
Whether the message is read only or has comments blocked (API Reference)
Moderation status - whether the message was rejected, approved etc (API Reference)
Kudos - How can I find the kudos count and individual kudo for a message e.g user, time and weight info (API Reference)
similarly, where is the MeToo data stored for a message? (API Reference)

Any help with field names, entity references, look in would be a huge help.

Which entity to refer for knowing user to badge mapping in XML data dump

adtucs — Tue, 14 Apr 2026 07:50:37 GMT

I'm working with XML data dump of my community and I'm able to access users and badge data individually. However, I'm unable to parse user to badge mapping i.e what all badges a specific user has been assigned

Which entity or relation I should look for in the XML data dump to get that mapping or help me with any XML data dump related documentation if any

How to parse custom li tags into raw html

adtucs — Mon, 13 Apr 2026 14:45:51 GMT

I was playing around with XML data dump of messages, and found custom HTML tags (<li-{type}> in the message content.

From Khoros API (LiQL), I'm getting transformed HTML content, without any custom lithium HTML tags

Tags example - li-answer, li-code, li-emoji, li-code, li-video, li-image etc

How to parse such tags, and get content HTML like it is provided in the API using LiQL ?

Khoros Communities 26.2 Release Notes [Updated]

MiladC — Wed, 01 Apr 2026 15:06:05 GMT

The 26.2 release introduces Aurora AI capabilities for content moderation, automated responses, and workflow orchestration. It also addresses critical security vulnerabilities, delivers search and rich text editor improvements, and resolves stability issues across analytics and content archival.

New Features (Aurora — Early Access)

Availability: All three features below are in early access behind feature flags — nothing activates automatically. Fully configurable from the admin panel. Contact your Customer Success Manager to enable. Classic customers should reach out to their CSM to discuss migration.

AI Moderation + Appeals

Automates content moderation decisions based on your community guidelines, configured in plain language.

Auto-approve and auto-block: Clear-cut content is handled instantly, reducing manual review volume.
Gray-area escalation: Ambiguous content is held for human review rather than auto-actioned.
Member appeals: Members can submit structured appeals against moderation decisions, preserving trust without adding moderator workload.

Community Language Model (CLM) / Answer Assist

Provides AI-generated responses to unanswered community posts after a configurable time threshold has been reached.

Community-first response window: You define how long to wait before Answer Assist activates, giving members the first opportunity to respond.
Source attribution: Every AI-generated answer cites the specific authors and posts it drew from, keeping community experts visible.

Community Orchestrator

A rules-based automation engine that triggers actions on community events such as new registrations, first posts, and milestone achievements.

Automated workflows: Configure welcome sequences, expert notifications, milestone recognition, and onboarding prompts.
Event-driven execution: Actions fire automatically when defined conditions are met — set up once, runs continuously.

Bugs & Security Fixes

Classic

Fixed search autocomplete not returning results when queries contain special characters like trademark symbols or apostrophes.
Fixed cursor jumping to the top of the article when applying formatting in Firefox.
Fixed message position count displaying incorrectly after submitting inline replies.
Fixed missing publish events in bulk data exports for republished content.
Fixed Members Online count showing inflated numbers by excluding partially registered users.
Fixed search results not sorting correctly by view count.
Fixed video sitemap XML validation errors affecting video SEO indexing.
Fixed usernames with certain Unicode characters causing registration failures and blank display names.
Fixed attachments remaining visible in the editor after sending private message replies.
Fixed "Show older messages" causing page reload when clicked after switching threads.
Fixed rank-up notifications not being delivered via email or private message.
Fixed abuse reports failing when member email addresses could not be resolved.
Fixed Admin Metrics date filter returning results outside the selected range.
Fixed content archival jobs getting permanently blocked when a single job encounters an error.
Fixed private messages with certain HTML content showing a misleading "character limit reached" error.
Fixed document viewer description to accurately reflect supported preview formats.
Fixed search box losing focus while typing, particularly with mobile keyboards or Chinese IME input.
Fixed external videos (Brightcove) failing with misleading "private video" error when the video provider returned an empty title.
Fixed content archival API returning success but silently failing to archive.
Fixed search bar defaulting to user search instead of content search on Hermes-themed communities.
Fixed product search API returning duplicate or missing results with cursor pagination.
Fixed @mention text inside code samples being dropped when entering edit mode.
Fixed notification feed showing empty state during backend timeouts instead of a descriptive error.
Fixed images pasted into the editor not uploading.
Fixed "PM the Author" button opening an empty window in moderation tools.
Fixed Top Solutions Authors leaderboard showing no users for time-range tabs.
Fixed Promoted Search results not appearing in autocomplete dropdown after 26.1 upgrade.
Fixed session token identifiers being exposed in HTML page source and error pages.
Fixed stored cross-site scripting (XSS) vulnerability in user profile social link fields.
Fixed unauthenticated access permissions to the individual user API endpoint.

Aurora

Fixed search autocomplete not returning results for queries containing special characters.
Fixed @mention autocomplete not triggering when typing @ on Android mobile devices.
Fixed pagination links from Linear display mode failing when viewed in Threaded display mode.
Fixed auto-hyperlink conversion inconsistently applied when pasting URLs and pressing Enter quickly.
Fixed auto-title feature incorrectly formatting hyperlinks when URL was followed by punctuation.
Fixed attachment validation errors not being properly surfaced when the virus scanner rejected files.
Fixed Group Hub members with the correct role being denied access to the Manage Members page.
Fixed "Newest" sort on search and tag results using edit date instead of original post date.
Fixed TKB article publishing history not recording state changes after loading autosaved drafts.
Fixed Community Experience Survey CSV exports producing malformed files when responses contain special characters.
Fixed JavaScript error when clicking "Add a tag" on boards where a previously muted node was deleted.
Fixed Add Co-Author overlay not reopening after being dismissed in Blog boards.
Fixed Analytics reports stalling or failing for multi-day date ranges.
Fixed custom fields for categories and forums not appearing in the Admin UI settings panel.
Fixed deletion of Idea status failing when reply messages had associated status entries.
Fixed TAR file attachments being silently removed after publishing.
Fixed application crashes caused by certain HTTP header configurations.
Fixed internal server requests being incorrectly counted in API billing metrics.
Fixed category permissions page failing to load in Admin UI.
Fixed Blog, TKB, and Ideas article body expanding to full page width instead of the intended column width.
Fixed the Ideas board becoming unresponsive when the Featured Statuses widget was present.
Fixed tag search filter returning no results after 26.1 upgrade.
Fixed bulk archive search failing to create jobs.

Pre-Prod Rollout: March 17-18. Testing window open from March 18 through March 31.
Production Rollout: ~~April 1-2~~ >> April 8-9 [**Updated Release Dates]

The rollout will follow the standard maintenance windows

Khoros Community Classic/Aurora Certificates

LucyL — Wed, 25 Feb 2026 06:24:09 GMT

Overview

Khoros manages SSL/TLS certificates for all hosted community sites. We have recently moved to a fully automated renewal process. This document explains how it works.

Automated Renewals

Khoros automatically renews SSL certificates before they expire. No action is required from your team for routine renewals, and you will not be contacted as part of the standard process.

Certificate management in Khoros Communities was previously a manual process, carrying an inherent risk of delays and late renewals. As part of our ongoing commitment to improving the reliability and quality of the service, we have rebuilt this process from the ground up using modern, automated approaches. Certificates are now renewed consistently and on schedule, eliminating the operational risk that came with manual handling.

This also positions us well for the future. The industry is moving to significantly shorter certificate validity periods — the CA/Browser Forum has a published schedule reducing certificate validity from 13 months today down to 47 days by 2029. Automation is the only viable way to manage certificates at that cadence, and we are already there.

For more background on why the industry is moving this direction, see: Automated Certificate Management Is No Longer a Nice-to-Have — It's Essential

How We Validate Your Domain

Khoros issues certificates using HTTP domain validation. To prove we legitimately manage the subdomain hosting your community (e.g. community.example.com), we serve specific content from a URL on your community site. This is verified by the Certificate Authority, and the certificate is issued.

This means:

No DNS changes are required from your team
No CSR handover or manual certificate issuance is needed
Validation is scoped to the specific subdomain we host — we cannot access to your root domain

Certificate Authority

We currently support a range of ACME-compatible Certificate Authorities, including:

Amazon Trust Services
DigiCert
Google Trust Services
Let's Encrypt

With Amazon Trust Services being used by default.

If your domain has CAA records restricting which Certificate Authorities may issue certificates, Khoros respects these and will issue via a permitted CA.

If your security policy requires a specific Certificate Authority, please contact your account manager. We can support any Certificate Authority that implements ACME (Automatic Certificate Management Environment) — the industry-standard protocol for automated certificate issuance.

Extended Validation (EV) Certificates

If your site uses an EV certificate, this is handled outside our standard process. Please contact our support team if you have an upcoming EV certificate renewal.

SAML Certificates

SAML certificates are used to secure Single Sign-On (SSO) authentication between your identity provider and your Khoros community. These are separate from the SSL/TLS certificates described above and are not yet covered by our automated renewal process.

SAML certificate renewals are currently handled manually. We are planning to improve this in the future. If you have a SAML certificate approaching expiry, please contact our support team.

What Does It Take to Develop a High-Performance Candy AI Clone?

bradsiemn — Wed, 11 Feb 2026 09:03:16 GMT

Developing a high-performance candy ai clone requires a scalable architecture, advanced AI integration, and optimized real-time communication systems. The foundation begins with selecting a strong backend such as Node.js or Python (FastAPI) to handle API requests and AI processing. Large Language Models (LLMs) power conversational intelligence, while vector databases like Pinecone store contextual memory for personalized responses.

Cloud infrastructure (AWS or GCP) with GPU support ensures smooth AI inference under heavy traffic. Real-time messaging can be implemented using WebSockets:

Efficient caching with Redis reduces latency, while secure authentication (JWT, OAuth 2.0) protects user sessions. Performance monitoring tools track system health and auto-scale resources dynamically, ensuring consistent speed and reliability.

Khoros Communities 26.1 Release Notes [Prod Release Date Updated]

MiladC — Fri, 13 Feb 2026 19:32:32 GMT

The Khoros Communities 26.1 release delivers critical security patches including RCE vulnerability remediation, extensive accessibility improvements for mobile screen readers, and stability fixes across moderation workflows, content management, and API functionality.

Classic

Fixed badges being awarded before posts were approved on pre-moderated boards.
Fixed anchor links within posts failing to scroll to their target sections.
Fixed quoting posts with code samples throwing errors for users with Simple HTML permissions.
Fixed top contributors widget displaying users in incorrect order.
Fixed Table of Contents button not appearing in blog article editor when enabled.
Fixed search autocomplete retaining incorrect selection when cursor moved away quickly.
Fixed Accept Solution option missing from Group posts.
Fixed solutions leaderboard showing fewer users than configured when role filters were applied.
Fixed external video embeds from Brightcove and other providers failing to render.
Fixed Vimeo embeds with longer video IDs disappearing after publishing.
Fixed "Show older messages" in Private Messages causing page refresh on repeated clicks.
Fixed ban edit popup displaying empty for deleted users.
Fixed product and tag autocomplete failing with special characters like "/" and "_".
Fixed GroupHub subscription status displaying incorrectly after page reload.
Fixed admin metrics date range filter returning results outside specified dates.
Fixed orphaned HTML appearing in posts when mentioned users were deleted.
Added support for .f3z file attachments.
Fixed Hi-Labels validation incorrectly triggering when editing attachments or comments.
Fixed role filter in Community Analytics throwing errors.
Fixed TKB and Blog workflow notification emails not being sent when spam filtering was triggered.
Fixed archive search filter counts showing zero despite archived content existing.
Fixed user search filter state lost after browser back navigation.
Fixed Safari on macOS intermittent failures with sort filters and post actions.
Fixed email validation not being enforced during registration, allowing accounts without email addresses.
Fixed notifications not being delivered for posts on pre-moderated forums after approval.
Fixed Private Messages failing to load for users with certain message history patterns.
Changed PDF attachments to use native browser viewer instead of third-party preview.
Implemented clipboard content sanitization in rich text editor to prevent XSS attacks.
Added accessibility improvements including: visible focus indicators on message links; tooltip text visibility at 200% zoom; proper ARIA attributes for image and video upload modals; keyboard controls for Brightcove video timeline; and corrected form field descriptions for screen readers.

Aurora

Fixed required custom fields not displaying in Add User form, preventing member creation.
Fixed group names exceeding 40 characters failing silently instead of showing error messages.
Fixed event calendar invite links navigating to incorrect page format.
Fixed lock icon not displaying on ideas with commenting disabled.
Fixed content formatting errors for users with Simple HTML permissions when applying alignment to lists.
Fixed user timezone reverting to default after SSO login.
Fixed unsupported tag warning not appearing when moving posts with newly added tags.
Fixed moderators not receiving email notifications for content on moderated boards.
Fixed moderator Reject menu immediately closing on Windows with display scaling above 100%.
Fixed custom endpoints returning 404 errors after deployments.
Fixed "Show more" button in Ideas widget failing to load additional results.
Fixed Q&A structured data not rendering for search engine crawlers, affecting SEO.
Fixed anchor links failing to scroll when target section was below the link.
Fixed lock indicator not displaying on threads with zero comments.
Fixed Knowledge Base and Ideas pages not respecting 100% page width setting.
Fixed images uploaded to landing page widgets displaying as broken.
Fixed Private Messages inbox failing to load for certain users.
Fixed SSO logout not ending session at Identity Provider, causing automatic re-login.
Fixed "Show More" button replacing visible replies instead of adding more at certain depth levels.
Fixed all file attachments returning 404 errors in certain timezone configurations.
Fixed user search returning empty results for certain username formats.
Fixed custom pages returning 404 errors after component deployments.
Fixed SDK Preview mode causing infinite page refresh loop.
Fixed GraphQL Admin operations failing in custom endpoints for authenticated users.
Fixed plugin build failures due to ESLint resolver incompatibility.
Updated event calendar invites to use community mailer address instead of organizer email to protect privacy.
Updated Next.js to address critical remote code execution vulnerabilities.
Implemented validation for image URL uploads to prevent server-side request forgery attacks.
Added react-markdown as allowed dependency for custom component development.
Added comprehensive accessibility improvements including: swipe accessibility for tag menus, username filters, and author comboboxes on mobile; proper expanded/collapsed state announcements for all menus and navigation elements; descriptive button labels for message actions, replies, and status controls; proper tab selection announcements; content reflow after device orientation change; and hamburger menu labels reflecting current state.

**UPDATE: We identified an issue affecting search functionality in this release. A fix has been applied to all stage environments. The production upgrade has been moved from February 13 to February 19, 2026 to allow us more time to thoroughly validate the fix and ensure the stability of the search functionality before promoting to production.

Pre-Prod Rollout: January 28-29. Testing window open from Jan 29 through Feb 19.
Production Rollout: ~~February 13-14~~ February 19-20 **UPDATED DATE**
The rollout will follow the standard maintenance windows

Experience Survey GraphQL

allensmith81 — Wed, 21 Jan 2026 03:04:12 GMT

in the graphQL for pulling the experience survey its says the graphQL is:

query MyQuery { valueSurveyResponses { csv } }

this implies this pulls all survey responses ever, I am wondering if there are constraints or pagination because this could very quickly become a massive dayaset.

Khoros K1, Care, Marketing, Flow Release notes - December 15th 2025

PabloF — Thu, 15 Jan 2026 10:50:27 GMT

Here is a list of the released features and bugfixes over the last two weeks:

Marketing (Spredfast)

Enhanced Analytics Data Processing: Fixed critical data processing workflows to ensure analytics reports display accurate metrics and insights without delays
Improved Platform Reliability: Addressed stability issues that affected content publishing and analytics workflows during peak usage periods

Flow

Configurable Search Precision: You can now customize how many documents are analyzed when using AI search reranking, allowing you to balance between search speed and result accuracy based on your needs
Faster AI Training Completion: Training jobs now complete significantly faster by running at higher priority, reducing wait times when setting up new AI capabilities
Multi-Language Agent Handover: Fixed chatbot prompts that were always in English - the "connect with an agent" suggestion now appears in the same language as the customer's conversation
Improved System Responsiveness: Optimized background processes to reduce latency and improve overall platform performance during high-traffic periods

Care

Instagram: Accurate Ad Content Attribution: Fixed an issue where Instagram ads from other accounts were incorrectly appearing under your brand - ads now correctly filter to show only content owned by your configured Instagram account
Instagram:Better Multi-Brand Response Handling: When managing multiple Instagram brand accounts mentioned in a single conversation, the system now correctly identifies and uses all relevant brand tokens for responses, preventing missed reply opportunities
TikTok: Correct Response Attribution: TikTok replies are now properly labeled as your brand responses instead of being marked as "External Response" - improving conversation tracking and reporting accuracy
LinkedIn: Reliable Comment Deletion: LinkedIn comment deletion now includes verification and automatic retry logic to ensure comments are successfully removed, with clear logging of success or failure status
Facebook Messenger: Clean Secure Chat Invitations: Secure chat invitation links sent via Facebook Messenger now display cleanly without showing raw URLs or incorrect "Post edited" labels in the agent timeline
Fixed Moderation Column Updates: Posts now automatically disappear from Community Moderation columns after being moderated, instead of remaining visible with a spinning indicator indefinitely
Support for Authors Without Profile Pictures: Fixed a critical issue preventing Community posts from authors without profile pictures from appearing in Care - these posts now process correctly and reach your agents
Prevent Duplicate Cases: Eliminated race condition that created multiple cases when customers sent rapid messages - now ensures only one case is created per customer conversation, even during high-traffic periods
Clearer Integration Connection Errors: Integration connection failures now display helpful error messages explaining what went wrong, instead of generic errors
Validation for Account Switching: Prevents accidental integration misconfiguration by blocking attempts to reconnect an integration with a different account than originally configured, with clear error messaging
Dark Mode Toggle Visibility: Dark mode toggle now only appears in applications that support it, removing confusion in apps like Khoros One where it wasn't functional
Automatic Tag Accuracy: Fixed incorrect "Emojis Only" tagging being applied to conversations containing only @mentions - tags now accurately reflect actual emoji presence
Enhanced Chat Widget Stability: Improved chat widget reliability and performance for end-user interactions

Platform-Wide Security

Critical Security Patches

Addressed Remote Code Execution Vulnerabilities: Patched multiple critical CVEs (CVE-2019-14540, CVE-2019-14379, CVE-2019-16335, CVE-2019-16942, CVE-2017-7657, CVE-2020-9546, CVE-2020-9547, CVE-2020-9548) with CVSS scores of 9.8 related to deserialization exploits and HTTP smuggling attacks
Updated Security Libraries: Upgraded jackson-databind, Jetty WebSocket, Netty codec-http, and commons-collections to latest secure versions across multiple platform components
Enhanced Application Security: Applied comprehensive security patches across Care, Marketing, and Analytics components to protect against known vulnerabilities

Khoros Communities 25.12 Release Notes

MiladC — Mon, 08 Dec 2025 17:27:22 GMT

The Khoros Communities 25.12 release delivers extensive accessibility improvements across both Classic and Aurora platforms, critical security fixes, significant search and analytics enhancements, and numerous stability improvements for content management, rich text editing, and API functionality.

Classic

Applied input sanitization for survey form submissions to ensure data integrity and security.
Fixed slide-out navigation menu accessibility violations including improper button element nesting and focus management issues affecting screen readers.
Fixed spoiler tags scrolling to page top instead of expanding content on first visit due to script loading latency.
Fixed Q&A structured data linking accepted answer URLs to author profiles instead of actual solution posts, improving SEO accuracy.
Fixed LiQL query operator "!=" to correctly apply multiple exclusion conditions, allowing users to exclude multiple nodes in a single query.
Fixed code snippet syntax highlighting disappearing when editing posts containing li-code elements.
Fixed post counter incorrectly decreasing when deleting product idea status updates.
Enhanced V2 API error messages to specify which field and content caused validation failures, providing actionable feedback to API consumers.
Fixed post approval failures in moderation manager showing false success messages when approving spam in archived threads.
Fixed kudos leaderboard displaying empty slots when deleted users were included in rankings.
Fixed API errors when querying subscriptions for label objects.
Enabled text key scoping for TKB template selection page to support template-specific customization.
Fixed API errors when retrieving posts containing malformed CSS classes in HTML content.
Optimized settings editor to reduce search reindex latency from 20-90 seconds to under 3 seconds when updating large custom settings.
Added comprehensive accessibility improvements including: proper combobox roles for all search and autocomplete fields; ARIA expanded/collapsed states for image upload controls; corrected button roles for file upload and avatar controls; keyboard focus management in settings tabs; screen reader announcements for file upload status messages; and notification settings sections defined as proper headings for navigation.

Aurora

Fixed critical authorization vulnerability in GraphQL endpoints to properly enforce permission checks for privileged operations.
Implemented multi-select functionality for idea status filter in ideas widget, providing filtering parity with Classic Community.
Implemented SEO improvements for tag pages including lowercase URLs, updated robots meta tags, and dynamic meta descriptions.
Enabled notifications and email alerts for followed tags, resolving "No activity yet" displays despite active content.
Fixed image lightbox not opening when clicking images in post replies.
Fixed spotlight search bar disappearing for anonymous users when typing specific search terms.
Fixed date calculations showing incorrect year values in user profiles due to improper rounding of negative numbers.
Updated tooltip text from deprecated "Kudos received" to "Likes received" throughout Aurora.
Fixed cookie banner reappearing on page refresh despite user accepting or declining consent.
Fixed pixelated thumbnail image display across community pages on high-DPI displays.
Fixed date preference not applying to profile page elements when set to absolute format.
Fixed internal links not opening in new window when using Cmd-click on Mac or Ctrl-click on Windows.
Fixed ZIP file attachment failures on Windows systems due to MIME type mismatch.
Fixed GraphQL ancestorId constraint returning zero results for boards queries.
Fixed timestamp mouseover displaying incorrect timezone after user login/logout cycles.
Fixed idea status updates displaying status ID instead of custom status name in user profiles.
Enabled bold formatting for hyperlinked text in rich text editor regardless of formatting order.
Fixed roles filter in analytics to display all community roles instead of only 25.
Fixed LithiumVisitor cookie being reset on every asset request, causing inflated visitor counts in analytics.
Fixed graphqlAdmin permission elevation for addUsersToRole mutation in endpoints.
Removed "Category:" prefix from browser tab titles on category homepages used as localized entry points.
Fixed search filters being cleared when performing consecutive searches.
Fixed quote button being hidden by browser context menu on touch devices by repositioning below selected text.
Fixed card view image quality on high-DPR displays by increasing thumbnail dimensions.
Removed inappropriate content filters from OAuth SSO token validation and abuse content moderation workflows.
Fixed place filter in ideas analytics report to correctly scope data to selected category.
Fixed missing user names in reply notification emails.
Fixed featured badge display to show highest earned badge level instead of first earned.
Fixed featured content widget briefly displaying restricted content to anonymous users during page load.
Fixed image upload order and caption issues when uploading multiple images simultaneously.
Fixed publication scheduler being obscured by footer UI elements.
Fixed oversized image warning notification persisting across page navigation.
Fixed "Show More" button resetting page scroll position to top on large threads.
Fixed duplicate author attribution display in TKB contributor lists.
Fixed locked indicator not displaying on threads with zero comments.
Fixed date display formatting issue causing text wrapping in published article tables.
Fixed analytics report table displaying incorrect numbers for values above 10 million.
Fixed inconsistent auto-hyperlink conversion when pasting URLs and quickly pressing Enter.
Fixed text pasting issue when replacing highlighted text from Notepad or VSCode.
Whitelisted @fluentui/react package for custom component development.
Added permission check to prevent image paste operations when user lacks image posting permissions.
Fixed missing UI error message when group names exceed 40 character limit.
Fixed images uploaded in HTML widgets displaying as broken due to malformed URLs.
Fixed closed private messages in inbox failing to load when messages referenced deleted users.
Fixed Annual Total Visits mismatch and incorrect contract period display in Community Analytics billing dashboard.
Fixed missing GroupHub "Invite Sent" events in Firehose when invitations were sent via email.
Fixed blank member registration graph in analytics caused by Elasticsearch circuit breaker exceptions.
Fixed day-of-week misalignment in analytics "Match day of the week" year-over-year comparisons.
Added comprehensive accessibility improvements including: text color control swipe accessibility on mobile; alt text for like icons and profile images; descriptive labels for form fields in private messaging; proper combobox announcements for all autocomplete fields; ARIA states for menu selections, sort controls, and expandable elements; improved button labels for skin tone picker, logo links, and context-specific actions; corrected button roles for rich text editor toolbar controls; and screen reader support for tooltips on mobile devices.

Pre-Prod Rollout: December 15-16. Testing window open from December 16 through January 4.
Production Rollout: January 6-7
The rollout will follow the standard maintenance windows

Security Advisory: CVE-2025-66478 (Next.js)

LucyL — Fri, 05 Dec 2025 17:47:23 GMT

Date: December 4, 2025

Status: Not Affected

Summary

A critical remote code execution vulnerability (CVE-2025-66478, CVSS 10.0) was recently disclosed affecting Next.js applications using the App Router with React Server Components.

Impact Assessment

The Aurora platform is not affected by this vulnerability.

After a thorough review of our codebase, we have confirmed that our applications use the Next.js Pages Router architecture, which is explicitly excluded from the scope of this vulnerability. According to Vercel's official security advisory, Pages Router applications are not susceptible to this exploit.

Actions Taken

Despite not being vulnerable, we are proactively updating our Next.js dependency from version 15.1.7 to 15.1.9 as part of our commitment to security best practices and maintaining up-to-date dependencies.

References

Questions

If you have any questions regarding this advisory, please contact your account representative or our support team.

Khoros K1, Care, Marketing, Flow Release notes - December 1st 2025

PabloF — Thu, 15 Jan 2026 10:51:03 GMT

Khoros Care

Customer Experience Improvements

TikTok Response Labeling Enhancement: Agent responses to TikTok conversations are now correctly identified in the conversation timeline, eliminating incorrect "External response" labels that caused confusion for agents
Trustpilot Data Recovery: Backfilled missing Trustpilot reviews that failed to process during authentication issues, restoring complete customer review data
Community User Avatar Handling: Fixed issue where Community users without profile pictures caused processing failures, ensuring all Community posts are properly delivered to Care
Brand Messenger Chat Reliability: Resolved bot response delivery issues in Brand Messenger widget, ensuring consistent message arrival and improved error logging for customer interactions
Social Media Authentication & Message Processing: Resolved authentication issues and improved message processing reliability for social media channels, ensuring consistent delivery of customer messages
Message Processing Reliability: Improved retry mechanism for failed message processing, reducing message delivery failures

Performance & Scalability

European Region Performance: Increased capacity in EU region to handle higher load during business hours, improving response times and system stability
Proactive System Monitoring: Deployed comprehensive monitoring across US, EU, and APAC regions to validate core platform functionality including agent conversation handling, queue management, agent assist widgets, and dashboard access

Admin Console

Change Log Navigation: Change Log has been released from Beta and is generally available.
User Management Enhancements: Improved batch user processing and cache synchronization to prevent data loss during user management operations

Security & Platform Updates

Security Enhancements: Deployed security fixes across multiple Care components:

Analytics Dashboard: Critical security vulnerability patches
Case Management Interface
AI/ML Processing System
Brand Messenger Chat Backend
Publishing Interface: Latest security patches
Messaging Authentication

Khoros Marketing

Platform Improvements

Instance Management: Fixed server error that was preventing Marketing instance deprovisioning, improving platform lifecycle management
User Moderation: Resolved issue preventing users from being banned in Marketing Inbox, restoring full moderation capabilities
Stream Collections: Fixed deletion functionality for stream collections

Infrastructure & Performance

Social Gateway Updates: Deployed infrastructure improvements for enhanced reliability and performance
Advertising Metrics Processing: Improved reliability of advertising metrics data collection by introducing safeguards to prevent processing failures
Notification System: Improved stability of the notification system
Enhanced Security Protocols: Strengthened database security protocols as part of ongoing security compliance efforts

Khoros Flow

AI & Platform Upgrades

Claude 4.5 AI Upgrade: Upgraded AI model from Claude Sonnet 3.5 to Claude Sonnet 4.5 in Flow, providing enhanced AI capabilities for improved customer interactions and automated responses

Integration Improvements

WhatsApp Integration Upgrade: Updated WhatsApp channel integration to latest API version, improving message delivery reliability and media handling capabilities
Care System Integration: Enhanced integration with Khoros Care to provide better tracking and visibility of customer cases across systems, enabling more seamless workflows between Flow and Care

Security & Stability

Security Vulnerability Remediation: Addressed known security vulnerabilities across Flow platform including CVE-2019-10744 (lodash), CVE-2020-7610 (bson), CVE-2021-26707 (merge-deep), and others by upgrading to latest secure versions of system dependencies
Message Processing Improvements: Increased message processing capacity to handle larger messages and attachments, improving reliability for customers sending rich media content
System Connection Resilience: Improved system resilience to prevent service interruptions during network connectivity issues, ensuring consistent message processing

Monitoring & Operations

Proactive Feature Monitoring: Implemented comprehensive monitoring for dashboard performance and bot response times with automated alerting
Data Pipeline Optimization: Optimized data processing pipeline, significantly improving performance and reducing processing delays

Platform-Wide Updates

Security

Comprehensive Security Fixes: Applied critical security updates across all Khoros products, including user interfaces and backend services

System Reliability

Enhanced Error Handling: Improved system resilience with better error recovery mechanisms
Deployment Process: Streamlined release processes for faster, more reliable updates

Dashboard Data Not Matching Reports — Need Help

Danzidpp — Fri, 21 Nov 2025 01:10:53 GMT

Hi everyone,

I’m trying to pull dashboard data, pageViews, visits, uniqueVisitors, etc. but the numbers I’m getting aren’t matching. I’m really new to this and trying to get the data for reporting, and I’ve been stuck for a few months.

I tried the Bulk API, but the numbers came out really low.

So I decided to download the report from Analytics instead.
Dashboard

Report

Can anyone explain why the dashboard numbers don’t match the report? Is anyone using a different method to get this data? I’m trying to bring everything into Power BI.

Can I get this data using Aurora GraphQL API?

Thanks!

Khoros K1, Marketing, Care and Flow release cadence

PabloF — Wed, 19 Nov 2025 16:05:26 GMT

As part of our ongoing commitment to reliability and transparency, we have adopted a continuous delivery model for Khoros K1, Care, Spredfast Marketing and Flow. This means improvements, fixes, and enhancements are deployed to production incrementally rather than through large, infrequent releases. This approach minimizes operational risk, accelerates value delivery, and ensures that your environment benefits from the most stable and secure version of our product at all times.

We recognize that visibility into product evolution is essential for planning and governance. To provide this transparency, we are introducing a regular changelog where you can review all functional, performance, and stability updates that have been deployed. Each entry will briefly describe what has changed and when, serving as a single source of truth for product updates.

Our initial plan is to publish changelog updates on a regular cadence (approximately bi-weekly) on the release notes space, ensuring timely and consolidated communication without excessive notifications. As the product continues to evolve, we may adjust this frequency to align with customer needs and product maturity—always maintaining consistency and clarity in how updates are communicated.

Khoros Communities 25.11 Release Notes

MiladC — Thu, 18 Dec 2025 05:25:51 GMT

The Khoros Communities 25.11 release delivers critical security updates, comprehensive accessibility improvements, enhanced survey targeting capabilities, and numerous stability fixes across content management, authentication, and search functionality.

Classic

Applied critical security patches addressing vulnerabilities in jQuery and TinyMCE components.
Enhanced username validation to prevent impersonation attempts using visually similar characters from different language scripts.
Improved flood control performance, significantly reducing processing time for users with many product associations.
Fixed Rich Text Editor alignment not applying correctly to text with inline formatting such as bold or italic.
Fixed custom table background colors and styling being stripped when saving blog posts.
Fixed Events module errors preventing users from creating, publishing, or viewing events after upgrade.
Fixed deleted article history records causing entire version history to be wiped when removing individual draft versions.
Added comprehensive accessibility improvements including: keyboard operability for Reply and Follow buttons; proper carousel navigation with skip options; corrected focus order in Tags modal; disabled auto-focus in private message compose modal; added missing alt attributes to images throughout the application; and programmatically associated error messages with form fields.

Aurora

Implemented advanced survey targeting with configurable prompts based on user authentication status, roles, location, and visit patterns.
Fixed critical memory leak in integration points registry that was causing system crashes and performance degradation after 24-40 hours of operation.
Fixed private messages failing to load for users with large recipient lists.
Fixed users being unable to join hidden groups via email invitations.
Enhanced search functionality to properly handle Traditional Chinese, Japanese, and Korean characters.
Fixed language preference cookie expiring after 24 hours instead of persisting for the configured 30-day period.
Fixed CSV export failures when survey responses were linked to deleted user accounts, now properly marking these as "Anonymous".
Added dimension validation for image uploads to prevent pixel flood attacks that could cause memory exhaustion and system crashes.
Fixed navigation error flash when users return from profile pages to discussion threads using the browser back button.
Fixed blog article delete confirmation dialog intermittently not appearing for users.
Fixed page index resetting to first page when unfollowing items on the Follows and Notifications page.
Fixed navigation links being replaced instead of appended when adding more than 10 links in the community header.
Fixed missing locale parameter causing incorrect privacy policy URLs during SSO registration.
Fixed Aurora search bar displaying category IDs instead of user-friendly board names as placeholder text.
Fixed custom fields and mandatory native fields not appearing on SSO registration forms for partially registered users.
Fixed page crashes when users with Employee role attempted to use @mentions in comments.
Fixed ZIP file attachments being stripped when submitting forum replies despite being configured as allowed.
Fixed anonymous and deleted users appearing in Top Taggers leaderboard.
Enhanced security for video embedding with improved validation and localized error messages.
Enabled DNG (Digital Negative) file uploads for communities requiring professional photography file support.
Updated robots.txt configuration to prevent Google from crawling legacy Classic URLs, eliminating 404 errors in Search Console.
Enabled API access to archived messages using client credentials authentication with proper pagination support.
Fixed BrandMessenger component causing page errors when encountering loading issues.
Fixed custom React components failing to load on newly created development branches.
Fixed custom component localization displaying text keys instead of translated values for Portuguese (Brazil) and other regional locales.
Fixed message indexing errors that were preventing proper search functionality for archived content.
Added content-type header to SAML logout calls to ensure proper session termination across integrated systems.
Prevented OIDC SSO authentication tokens from being exposed in Personal Information exports.

Pre-Prod Rollout: November 26-27. Testing window open from November 27 through December 8.
Production Rollout: December 12-13
The rollout will follow the standard maintenance windows

[Bug - Will be patching 26.01] GraphQLAdmin endpoints fail to authenticate correctly. Instead of applying admin permissions, the system is defaulting to 'logged out' permissions.

Reinstate "top engaged contributors" monthly blog

CarolineS — Sun, 16 Nov 2025 19:06:55 GMT

I think it's sad that the Atlas Highlights blog series has stopped since July 2024 (the last one I can find... July 2024 Atlas Highlights )

It'd be nice to at least recognize the few contributors who remain in this community... per community best practices.

I imagine this could be fairly easily generated via AI 🙃

Remove "events" from the home page since there are basically never events

CarolineS — Wed, 12 Nov 2025 01:38:33 GMT

I've noticed that the "Events" component on the Atlas home page has been blank for many months (at least, the "Upcoming" tab). You might consider removing it.

Regarding O2 Community Forum Registration

mobilelinksuk — Sun, 09 Nov 2025 15:49:00 GMT

I believe Khoros have developed the community forum in o2.co.uk

I tried to register in o2 network community forum https://community.o2.co.uk/

I facing problems while registering into the community,

I can login to my o2 but the community member is not working..

Can you let me know the reason so I can contact o2 team

PageScript Changes Not Reflecting Without Restart in Aurora

Rishabh1 — Tue, 04 Nov 2025 10:57:51 GMT

Hello everyone,

While implementing PageScripts, I noticed that changes don’t reflect immediately — even when using the “Switch Branch to Preview Changes” option.

Currently, for every minor update in a script, I have to push the code to the stage-main branch and then restart the community instance to see the changes. This has been slowing down the development workflow, as even small tweaks (like adding a console log or a minor script fix) require a full restart to validate.

Has anyone else faced this issue?