Khoros Communities CDN Change Notice
Hello everyone, As part of our ongoing work to improve the performance and stability of Khoros Communities, we'll be migrating our CDN over the next few weeks (exact day/time will be added as Scheduled Maintenance on status.khoros.com). Your community will not be affected The transition is seamless. Your community will remain available throughout the migration process. No action is required on your side. A note on SSL certificates If your community is currently with an AWS-issued certificate, your SSL certificate will change to one issued by Let's Encrypt as part of this migration. This is expected behavior and does not require any configuration changes from your team. Both are publicly trusted CAs, so end users won't see any difference in their user experience. If your community is served through a different provider, the SSL certificate change will not apply to you. Questions? If you have any questions or concerns, please reach out to your customer representative.
Khoros Communities 26.2 Release Notes [Updated]
The 26.2 release introduces Aurora AI capabilities for content moderation, automated responses, and workflow orchestration. It also addresses critical security vulnerabilities, delivers search and rich text editor improvements, and resolves stability issues across analytics and content archival. New Features (Aurora — Early Access) Availability: All three features below are in early access behind feature flags — nothing activates automatically. Fully configurable from the admin panel. Contact your Customer Success Manager to enable. Classic customers should reach out to their CSM to discuss migration. AI Moderation + Appeals Automates content moderation decisions based on your community guidelines, configured in plain language. Auto-approve and auto-block: Clear-cut content is handled instantly, reducing manual review volume. Gray-area escalation: Ambiguous content is held for human review rather than auto-actioned. Member appeals: Members can submit structured appeals against moderation decisions, preserving trust without adding moderator workload. Community Language Model (CLM) / Answer Assist Provides AI-generated responses to unanswered community posts after a configurable time threshold has been reached. Community-first response window: You define how long to wait before Answer Assist activates, giving members the first opportunity to respond. Source attribution: Every AI-generated answer cites the specific authors and posts it drew from, keeping community experts visible. Community Orchestrator A rules-based automation engine that triggers actions on community events such as new registrations, first posts, and milestone achievements. Automated workflows: Configure welcome sequences, expert notifications, milestone recognition, and onboarding prompts. Event-driven execution: Actions fire automatically when defined conditions are met — set up once, runs continuously. Bugs & Security Fixes Classic Fixed search autocomplete not returning results when queries contain special characters like trademark symbols or apostrophes. Fixed cursor jumping to the top of the article when applying formatting in Firefox. Fixed message position count displaying incorrectly after submitting inline replies. Fixed missing publish events in bulk data exports for republished content. Fixed Members Online count showing inflated numbers by excluding partially registered users. Fixed search results not sorting correctly by view count. Fixed video sitemap XML validation errors affecting video SEO indexing. Fixed usernames with certain Unicode characters causing registration failures and blank display names. Fixed attachments remaining visible in the editor after sending private message replies. Fixed "Show older messages" causing page reload when clicked after switching threads. Fixed rank-up notifications not being delivered via email or private message. Fixed abuse reports failing when member email addresses could not be resolved. Fixed Admin Metrics date filter returning results outside the selected range. Fixed content archival jobs getting permanently blocked when a single job encounters an error. Fixed private messages with certain HTML content showing a misleading "character limit reached" error. Fixed document viewer description to accurately reflect supported preview formats. Fixed search box losing focus while typing, particularly with mobile keyboards or Chinese IME input. Fixed external videos (Brightcove) failing with misleading "private video" error when the video provider returned an empty title. Fixed content archival API returning success but silently failing to archive. Fixed search bar defaulting to user search instead of content search on Hermes-themed communities. Fixed product search API returning duplicate or missing results with cursor pagination. Fixed @mention text inside code samples being dropped when entering edit mode. Fixed notification feed showing empty state during backend timeouts instead of a descriptive error. Fixed images pasted into the editor not uploading. Fixed "PM the Author" button opening an empty window in moderation tools. Fixed Top Solutions Authors leaderboard showing no users for time-range tabs. Fixed Promoted Search results not appearing in autocomplete dropdown after 26.1 upgrade. Fixed session token identifiers being exposed in HTML page source and error pages. Fixed stored cross-site scripting (XSS) vulnerability in user profile social link fields. Fixed unauthenticated access permissions to the individual user API endpoint. Aurora Fixed search autocomplete not returning results for queries containing special characters. Fixed @mention autocomplete not triggering when typing @ on Android mobile devices. Fixed pagination links from Linear display mode failing when viewed in Threaded display mode. Fixed auto-hyperlink conversion inconsistently applied when pasting URLs and pressing Enter quickly. Fixed auto-title feature incorrectly formatting hyperlinks when URL was followed by punctuation. Fixed attachment validation errors not being properly surfaced when the virus scanner rejected files. Fixed Group Hub members with the correct role being denied access to the Manage Members page. Fixed "Newest" sort on search and tag results using edit date instead of original post date. Fixed TKB article publishing history not recording state changes after loading autosaved drafts. Fixed Community Experience Survey CSV exports producing malformed files when responses contain special characters. Fixed JavaScript error when clicking "Add a tag" on boards where a previously muted node was deleted. Fixed Add Co-Author overlay not reopening after being dismissed in Blog boards. Fixed Analytics reports stalling or failing for multi-day date ranges. Fixed custom fields for categories and forums not appearing in the Admin UI settings panel. Fixed deletion of Idea status failing when reply messages had associated status entries. Fixed TAR file attachments being silently removed after publishing. Fixed application crashes caused by certain HTTP header configurations. Fixed internal server requests being incorrectly counted in API billing metrics. Fixed category permissions page failing to load in Admin UI. Fixed Blog, TKB, and Ideas article body expanding to full page width instead of the intended column width. Fixed the Ideas board becoming unresponsive when the Featured Statuses widget was present. Fixed tag search filter returning no results after 26.1 upgrade. Fixed bulk archive search failing to create jobs. Pre-Prod Rollout: March 17-18. Testing window open from March 18 through March 31. Production Rollout: April 1-2 >> April 8-9 [**Updated Release Dates] The rollout will follow the standard maintenance windowsKhoros Communities 26.3 Release Notes
26.3 helps make your community a place members return to. Managers can create branded email templates tied to Orchestrator for end-to-end outreach, while Polls and Clarification Questions improve engagement and answer quality. AI Moderation is more reliable at scale. The release also adds Metric Explorer, plus search upgrades and Zoom event registration. New Features (Aurora - Early Access) Availability: All features in early access are behind feature flags and must be manually enabled by contacting your Customer Success Manager. They are fully configurable from the admin panel once enabled. You may enable select Early Access products. Note: Classic users can migrate to Aurora at no cost in 2026. Contact your CSM for details. Customizable Email Templates Email communications from your community - registration confirmations, notification digests, workflow alerts - have historically required developer involvement to customize. Branding changes, copy updates, or new email types meant filing tickets and waiting. Community managers had no self-service control over one of the most direct channels for bringing members back. What you can do now: Create and manage branded, customizable email templates directly from the admin panel. With full control over content, layout, and branding, no developer dependencies required. Template creation & management Self-service editor for creating and customizing email templates with branding, custom content, and layout control. Organize templates with categories and search for easy management at scale. Customize emails across community communications - including registration, notifications, and workflow-triggered emails. Orchestrator integration Created templates can be accessed directly in Orchestrator automation rules — when a trigger fires (such as User Registers, Solution Accepted, Topic Posted, or Role Granted), the Orchestrator sends your branded template automatically. Visual compatibility indicators show which templates work with which triggers, with placeholder validation against available data. Enablement: All existing community emails continue to function without any changes. To adopt the new system, the Khoros team runs a migration script that generates your templates. You review and sign off on the migrated templates, and only after your approval does the Khoros team activate the new flow. Contact your CSM to begin the process. Proactive Clarification Questions for Answer Assist Helps members get better, faster answers by guiding them to provide the right context upfront without adding friction to the posting experience. Post-publish flow: Posts publish as per the moderation settings. For question-type posts, the system surfaces AI-generated clarification questions in a slide-in panel (desktop) or bottom sheet (mobile). CM-guided generation: Community managers provide example clarification questions to guide the AI. The system then generates both the questions and suggested answer options dynamically, informed by post content and community knowledge. Configurable and optional: Admins set the maximum number of questions per board (default 3, max 6). All questions are optional. Members can answer any, all, or none, and skip the entire step while posting the question. Polls Enable members to share opinions and surface community sentiment through lightweight, interactive polls - giving community managers structured insight into what members think and need. Creation: Create text or image-based polls directly from the message editor on Forum, Blog, and Group boards. It supports 2–8 options and durations from 1 hour to 1 month. Image polls: Support for image-based options with responsive grid layout, alt text, and lightbox preview, ideal for visual preference assessment on design concepts, product options, or community decisions. One-click voting: Real-time result updates with percentage breakdowns and social proof. Configurable for single-vote or multi-vote, with optional vote-change support. Results visibility controls: Set results to public, participants + creator only, or creator-only with configurable exposure timing (after voting, live, or after poll closes). Admin controls: Board-level enable/disable, configurable limits (duration, options, characters), minimum rank and account age gating for poll creators, and standard moderation pipeline integration. Notifications & analytics: Poll-closed email notifications to creators and voters. Per-poll CSV export and community-wide aggregate statistics available from the admin panel. Voting history visible on member profiles. Metric Explorer A new dedicated analytics experience for deeper, more flexible analysis of community metrics. Metric Explorer lets you select any supported metric and slice it by multiple dimensions such as board, content type, role, or time period with comparative views that show trends side-by-side. Key capabilities include: Slice-and-dice: Break down any metric by dimensions like board, content type, user role, language, and custom date ranges. Comparative analysis: Compare metrics across time periods, boards, or segments to identify trends and performance shifts. Extended date ranges: Metric Explorer supports date ranges beyond 90 days up to one full year with interval-based charting. For example, DAU/MAU now displays as a full time-series chart in Metric Explorer (rather than the single aggregate value shown on the main dashboard). Full metric catalog: A comprehensive guide to all available metrics, their definitions, supported dimensions, and slice-and-dice options will be published alongside this release (see Guides section below). Search Analytics dashboard: New analytics dashboard providing visibility into search performance including search volume, success rates, top search terms, zero-result queries, filter usage, and board-level search metrics with drill-down and time period selection. Expert Report Expert Scoring & Top Experts List: Discover and filter top experts per topic with a ranked list (configurable up to top 10 per topic). Filter by topic category or staff/community role, with CSV export. AI profiles are automatically excluded. Enhancements (Aurora) Search Multi-select filters: Members can now select multiple values in Content Type, Author, and other filter categories to create targeted search queries. Admins can enable this via the Features tab. For multi-tag filtering, admins can choose between AND/OR filtering; for Content Type and Author, OR filtering is applied. Author Search: Search by community member name to surface all posts and replies created by that user, enabling quick content discovery and contributor insights. AI Platform Auto-exclude banned users from expert recommendations: Permanently banned, temporarily suspended, and deactivated users are automatically filtered from the expert recommendation pipeline before expert cards are displayed or notifications are sent. Expert and clarification events for Orchestrator: Expert identification events and clarification question nudge events are now published to the Orchestrator, enabling custom workflows, such as routing expert invitations through branded email templates or automating follow-up when members haven't completed clarification questions. Prioritized Knowledge Base and Blog sources in AI answers: Answer Assist now prioritizes KB articles and blog posts over forum replies when generating cited answers, improving answer authority and accuracy. Configurable citations card title: Community admins can customize the "Citations" heading on AI answer cards to match their brand (e.g., "Sources," "References," "Learn More") from AI Settings. Configurable multi-modal vision models: Admins can configure multi-modal vision models for AI image analysis directly from the AI Settings page, now fully integrated into the AI moderation pipeline. Khoros Managed Key support for AI Moderation: Communities can now enable AI Moderation using Khoros-provided API keys instead of bringing their own LLM service credentials, simplifying onboarding and reducing setup overhead. The AI Settings UI hides model selection and API key fields when Khoros Managed Keys are in use. Analytics Extended date ranges for key dashboard metrics: The main Analytics dashboard now supports date ranges greater than 90 days (up to one year) for New vs. Returning Members and New vs. Returning Anonymous Users previously limited to 90 days. Survey Bulk API: Survey response data is now available in the Bulk Data API v3 for Aurora, enabling historical NPS and ROI measurement with backfill of existing survey data. Events & Authentication Zoom event registration integration: When members RSVP to events in the community, registration data (name, email, title, company, phone) is automatically pushed to Zoom's registrant list via API. Community managers link events to Zoom webinar IDs. Data then flows through to Salesforce via customers' existing Zoom–Salesforce integrations. Setup: An admin must complete the Zoom OAuth authorization in the admin panel to enable the data flow. Mandatory SSO registration completion: SSO registration can now be configured to require completing registration fields and accepting terms and conditions before account activation. Previously, SSO sign-up could bypass these steps. Setup: An admin must enable this setting in the SSO configuration panel. Platform UTF-8 BOM for CSV exports: Analytics CSV exports now include a UTF-8 BOM header, resolving display issues with non-English characters when opening files directly in Microsoft Excel. Pendo integration removal: Removed all Pendo tracking code from Aurora and Classic platforms. In-product admin guides previously powered by Pendo are no longer available. This change has no impact on community member experience or community functionality. Naming updates: "Community Automations" has been renamed to "Orchestrator" throughout the admin interface, and all UI references to the AI answer feature now consistently use "Answer Assist." AI Moderation Improvements (Aurora) This release delivers a significant round of improvements to the AI Moderation and Appeals systems introduced in 26.2 giving admins more control, improving moderation reliability, and making the appeals experience smoother for members. Greater Admin Control Global kill switch: A new master toggle on the AI Settings page instantly disables AI moderation across all boards, regardless of board-level settings. Re-enabling restores your existing per-board configuration automatically. Clearer confidence threshold settings: Replaced the confidence threshold slider with a dropdown control at the community level for easier, more precise configuration. Transparent bypass permissions: Added disclaimers to permission descriptions that implicitly bypass AI moderation, so admins can clearly see which roles skip the moderation pipeline. More Reliable Moderation Decisions Board-level settings honored: Resolved multiple issues where AI moderation was triggered on boards with the toggle disabled, posts were incorrectly auto-approved or auto-rejected, and community-level settings unintentionally overrode board-level configuration. Deny-default forums: Fixed AI moderation not triggering for users with role-based visibility permissions on forums using deny-default access. Multi-image posts: Posts with multiple images are now moderated reliably through chunked processing, preventing failures on image-heavy content. Improved Appeals Experience Appeals for human-moderated posts: Members can now appeal posts rejected by human moderators not just AI-moderated rejections. Correct appeal reason display: Moderation audit and member-facing panels now correctly display appeal reason codes and descriptions. User-friendly error messages: Appeal submission errors now show clear, actionable messages instead of generic error text. Admin UX Fixes Community guidelines editor: The guidelines editor now displays a character limit indicator and enforces a maximum length, resolving lag and "Failed to save" errors with very large text. Also fixed text area resize issues and empty submission validation. "Hide from View": Fixed the button showing a success message but not actually removing moderated posts from the list. Manage Content ellipsis menu: Fixed the overflow menu disappearing on hover and remaining in an active state after selecting an option. Bug Fixes Aurora Post approval badges now auto-dismiss after a few seconds instead of persisting indefinitely; badge labels are standardized across Forums, Blogs, and Knowledge Base articles, and misleading "Approved" indicators on already-published content have been suppressed. Fixed navigation links being overwritten instead of appended when more than 10 links were added to the community header. Fixed Group Hub membership UI not properly displaying or managing membership actions. Fixed thread widget crashing when moderators clicked Approve or Reject directly within the thread view. Fixed topic tags briefly appearing and then disappearing after page load. Fixed avatar images displaying at incorrect resolutions due to size variants colliding in the cache. Fixed Contributions widget on user profiles always defaulting to Newest Topics regardless of the configured default. Fixed board sort preference not persisting across page loads for anonymous and SSO-authenticated users. Fixed moderation status banner not rendering on the message page. Fixed user profile page crashing when registration data was missing for certain users. Fixed viewport scroll jumping unexpectedly after saving image ALT text. Fixed infinite reload loop after creating a blog post. Fixed search results infinite scroll stalling after the first 20 results. Fixed brief "No Replies" empty state flash appearing while replies were still loading after the 26.1 upgrade. Fixed search input becoming invisible after browser Back navigation while the dropdown remained visible. Fixed label links on search results pages not responding to clicks when the label filter widget was absent. Fixed survey text override in the admin Q&A modal showing a misleading "admin app does not allow customizations" error. Fixed Answer Assist search failing for communities using Khoros-managed API keys. Fixed Answer Assist not generating responses for posts created by users with bypass-moderation permissions. Fixed Display Name field in Answer Assist settings not updating in the UI after saving. Fixed GraphQL Follows API targetId filter returning follows for all boards instead of only the specified target. Fixed React hydration errors on the Manage Content tabs. Fixed Template Card not supporting scrolling, and filter selections resetting on navigation. Fixed sub-category and date selections reverting to previous values after saving. Fixed canonical URLs on profile and label-filtered forum pages including query parameters, causing search engines to index parameterized variations as separate pages. Fixed appeals UI disappearing from the moderation interface after deployments. Added GraphQL alias count limit to prevent resource amplification attacks via excessive query aliases. Added authorization check to the RSVP delete mutation to prevent unauthorized record deletion. Added missing authorization checks to GraphQL customization mutations. Replaced semantically incorrect aside spacer with a div in the message view card to comply with WCAG 1.3.1. Fixed tag focus indicator contrast ratio to meet WCAG 1.4.11 requirements. Added underline decoration to user profile links in the message view byline to comply with WCAG 1.4.1. Classic Fixed MESSAGE_TYPE field returning null in some GraphQL responses. Fixed rank field missing from REST API v1/v2 responses for newly created users. Fixed tag cloud widget ignoring its configured maximum tag count setting. Fixed private message content filter notifications not posting to the report board. Fixed full-page Products and Places search failing to match partial terms within compound names containing separators. Fixed archive totalCount returning the page-local size instead of the actual total number of archived items. Fixed label validation being skipped when the label.labels parameter was omitted from requests. Fixed REST API search queries triggering live rank recalculation, which sent unintended mass email notifications to users whose ranks changed. Fixed orphaned message-level float records remaining after a thread's global float was removed, leaving threads pinned at the board level. Changed RSVP email calendar invite method from REQUEST to PUBLISH to prevent non-functional Accept/Decline prompts in email clients. Increased board ID maximum length from 40 to 255 characters. Fixed NullPointerException in the video gallery component on pages accessed without a user context. Fixed quilt flattener producing duplicate components when class names changed between versions. Fixed Elasticsearch bookmark race condition during rolling upgrades that triggered unnecessary full index backfills. Fixed Idea Exchange search defaulting to the parent category scope instead of the current board. Fixed Redis connection pool not rebuilding automatically after connection failures. Fixed inbox infinite scroll stalling after 30 conversations. Fixed REST API ban operation failing for admin users who had never logged in through the UI. Fixed attachment Show More button not functioning in draft preview mode. Fixed Elasticsearch full refill operations exiting prematurely after the first chunk. Fixed NullPointerException when viewing abuse reports for deleted private messages. Fixed clipboard image paste creating a placeholder but never uploading the image in the V2 editor. Fixed file descriptor leak when journal entry write operations failed. Fixed list-style-type formatting being stripped from nested lists during content sanitization, which caused extra list items to appear after saving posts with multi-level indentation. Fixed emoji picker panel closing immediately when opened on mobile devices. Fixed Grammarly extension blocking the TinyMCE editor resize controls. Fixed hard-coded English labels in the Private Notes threaded view options menu. Added figure and figcaption elements to the server-side HTML whitelist so image captions are preserved after saving. Fixed GNU tar attachments being silently dropped due to MIME type mismatch. Fixed multiple rapid attachment uploads silently dropping files; pending uploads are now queued and processed sequentially. Added lowercase route alias for the Critical CSS callback endpoint to handle CDN providers that send lowercased URLs. Fixed tags disappearing when editing custom fields on TKB draft articles. Added a maximum retry limit for Akismet spam processing failures to prevent unbounded queue growth during service disruptions. Fixed object tag previews not rendering in the TinyMCE rich text editor. Fixed Members Online count fluctuating erratically across page loads. Fixed PageOutOfRangeException when navigating to certain blog comment permalinks. Fixed scheduled member reports missing columns when exports exceeded 2,000 lines. Fixed Traditional Chinese (zh-TW) and Simplified Chinese (zh-CN) translation files being swapped, causing the wrong script variant to display. Fixed expensive MySQL COUNT query causing CPU spikes on the message view threads table. Fixed orphaned cover images remaining after moving a blog post to a non-blog board. Fixed registration form being misidentified as a login form by password managers, causing autofill of existing credentials instead of new credential generation. Fixed case-sensitive query parameter lookup causing guide URLs to redirect to the wrong KB article. Fixed approved posts reappearing in the moderation queue after being processed. Fixed anonymous user access check blocking authenticated users from looking up their own profile data through the API. Fixed application failures during startup caused by Flow app initialization errors. Fixed persistent stored cross-site scripting (XSS) vulnerability via HTML sanitizer bypass. Fixed server-side request forgery (SSRF) vulnerability in the Classic REST image upload endpoint via the upload_url parameter. Enforced REST v2 Users API access controls so personally identifiable fields are no longer exposed to unauthorized callers. Added per-field access control to prevent anonymous PII exposure in user profile API responses. Fixed personal information exports leaking settings-scoped custom content values that should not have been part of user data. Pre-Prod Rollout: May 12-13. Testing window open from May 14 through May 25. Production Rollout: May 27-28 The rollout will follow the standard maintenance windows.Khoros Communities 25.12 Release Notes
The Khoros Communities 25.12 release delivers extensive accessibility improvements across both Classic and Aurora platforms, critical security fixes, significant search and analytics enhancements, and numerous stability improvements for content management, rich text editing, and API functionality. Classic Applied input sanitization for survey form submissions to ensure data integrity and security. Fixed slide-out navigation menu accessibility violations including improper button element nesting and focus management issues affecting screen readers. Fixed spoiler tags scrolling to page top instead of expanding content on first visit due to script loading latency. Fixed Q&A structured data linking accepted answer URLs to author profiles instead of actual solution posts, improving SEO accuracy. Fixed LiQL query operator "!=" to correctly apply multiple exclusion conditions, allowing users to exclude multiple nodes in a single query. Fixed code snippet syntax highlighting disappearing when editing posts containing li-code elements. Fixed post counter incorrectly decreasing when deleting product idea status updates. Enhanced V2 API error messages to specify which field and content caused validation failures, providing actionable feedback to API consumers. Fixed post approval failures in moderation manager showing false success messages when approving spam in archived threads. Fixed kudos leaderboard displaying empty slots when deleted users were included in rankings. Fixed API errors when querying subscriptions for label objects. Enabled text key scoping for TKB template selection page to support template-specific customization. Fixed API errors when retrieving posts containing malformed CSS classes in HTML content. Optimized settings editor to reduce search reindex latency from 20-90 seconds to under 3 seconds when updating large custom settings. Added comprehensive accessibility improvements including: proper combobox roles for all search and autocomplete fields; ARIA expanded/collapsed states for image upload controls; corrected button roles for file upload and avatar controls; keyboard focus management in settings tabs; screen reader announcements for file upload status messages; and notification settings sections defined as proper headings for navigation. Aurora Fixed critical authorization vulnerability in GraphQL endpoints to properly enforce permission checks for privileged operations. Implemented multi-select functionality for idea status filter in ideas widget, providing filtering parity with Classic Community. Implemented SEO improvements for tag pages including lowercase URLs, updated robots meta tags, and dynamic meta descriptions. Enabled notifications and email alerts for followed tags, resolving "No activity yet" displays despite active content. Fixed image lightbox not opening when clicking images in post replies. Fixed spotlight search bar disappearing for anonymous users when typing specific search terms. Fixed date calculations showing incorrect year values in user profiles due to improper rounding of negative numbers. Updated tooltip text from deprecated "Kudos received" to "Likes received" throughout Aurora. Fixed cookie banner reappearing on page refresh despite user accepting or declining consent. Fixed pixelated thumbnail image display across community pages on high-DPI displays. Fixed date preference not applying to profile page elements when set to absolute format. Fixed internal links not opening in new window when using Cmd-click on Mac or Ctrl-click on Windows. Fixed ZIP file attachment failures on Windows systems due to MIME type mismatch. Fixed GraphQL ancestorId constraint returning zero results for boards queries. Fixed timestamp mouseover displaying incorrect timezone after user login/logout cycles. Fixed idea status updates displaying status ID instead of custom status name in user profiles. Enabled bold formatting for hyperlinked text in rich text editor regardless of formatting order. Fixed roles filter in analytics to display all community roles instead of only 25. Fixed LithiumVisitor cookie being reset on every asset request, causing inflated visitor counts in analytics. Fixed graphqlAdmin permission elevation for addUsersToRole mutation in endpoints. Removed "Category:" prefix from browser tab titles on category homepages used as localized entry points. Fixed search filters being cleared when performing consecutive searches. Fixed quote button being hidden by browser context menu on touch devices by repositioning below selected text. Fixed card view image quality on high-DPR displays by increasing thumbnail dimensions. Removed inappropriate content filters from OAuth SSO token validation and abuse content moderation workflows. Fixed place filter in ideas analytics report to correctly scope data to selected category. Fixed missing user names in reply notification emails. Fixed featured badge display to show highest earned badge level instead of first earned. Fixed featured content widget briefly displaying restricted content to anonymous users during page load. Fixed image upload order and caption issues when uploading multiple images simultaneously. Fixed publication scheduler being obscured by footer UI elements. Fixed oversized image warning notification persisting across page navigation. Fixed "Show More" button resetting page scroll position to top on large threads. Fixed duplicate author attribution display in TKB contributor lists. Fixed locked indicator not displaying on threads with zero comments. Fixed date display formatting issue causing text wrapping in published article tables. Fixed analytics report table displaying incorrect numbers for values above 10 million. Fixed inconsistent auto-hyperlink conversion when pasting URLs and quickly pressing Enter. Fixed text pasting issue when replacing highlighted text from Notepad or VSCode. Whitelisted @fluentui/react package for custom component development. Added permission check to prevent image paste operations when user lacks image posting permissions. Fixed missing UI error message when group names exceed 40 character limit. Fixed images uploaded in HTML widgets displaying as broken due to malformed URLs. Fixed closed private messages in inbox failing to load when messages referenced deleted users. Fixed Annual Total Visits mismatch and incorrect contract period display in Community Analytics billing dashboard. Fixed missing GroupHub "Invite Sent" events in Firehose when invitations were sent via email. Fixed blank member registration graph in analytics caused by Elasticsearch circuit breaker exceptions. Fixed day-of-week misalignment in analytics "Match day of the week" year-over-year comparisons. Added comprehensive accessibility improvements including: text color control swipe accessibility on mobile; alt text for like icons and profile images; descriptive labels for form fields in private messaging; proper combobox announcements for all autocomplete fields; ARIA states for menu selections, sort controls, and expandable elements; improved button labels for skin tone picker, logo links, and context-specific actions; corrected button roles for rich text editor toolbar controls; and screen reader support for tooltips on mobile devices. Pre-Prod Rollout: December 15-16. Testing window open from December 16 through January 4. Production Rollout: January 6-7 The rollout will follow the standard maintenance windowsKhoros Communities 26.1 Release Notes [Prod Release Date Updated]
The Khoros Communities 26.1 release delivers critical security patches including RCE vulnerability remediation, extensive accessibility improvements for mobile screen readers, and stability fixes across moderation workflows, content management, and API functionality. Classic Fixed badges being awarded before posts were approved on pre-moderated boards. Fixed anchor links within posts failing to scroll to their target sections. Fixed quoting posts with code samples throwing errors for users with Simple HTML permissions. Fixed top contributors widget displaying users in incorrect order. Fixed Table of Contents button not appearing in blog article editor when enabled. Fixed search autocomplete retaining incorrect selection when cursor moved away quickly. Fixed Accept Solution option missing from Group posts. Fixed solutions leaderboard showing fewer users than configured when role filters were applied. Fixed external video embeds from Brightcove and other providers failing to render. Fixed Vimeo embeds with longer video IDs disappearing after publishing. Fixed "Show older messages" in Private Messages causing page refresh on repeated clicks. Fixed ban edit popup displaying empty for deleted users. Fixed product and tag autocomplete failing with special characters like "/" and "_". Fixed GroupHub subscription status displaying incorrectly after page reload. Fixed admin metrics date range filter returning results outside specified dates. Fixed orphaned HTML appearing in posts when mentioned users were deleted. Added support for .f3z file attachments. Fixed Hi-Labels validation incorrectly triggering when editing attachments or comments. Fixed role filter in Community Analytics throwing errors. Fixed TKB and Blog workflow notification emails not being sent when spam filtering was triggered. Fixed archive search filter counts showing zero despite archived content existing. Fixed user search filter state lost after browser back navigation. Fixed Safari on macOS intermittent failures with sort filters and post actions. Fixed email validation not being enforced during registration, allowing accounts without email addresses. Fixed notifications not being delivered for posts on pre-moderated forums after approval. Fixed Private Messages failing to load for users with certain message history patterns. Changed PDF attachments to use native browser viewer instead of third-party preview. Implemented clipboard content sanitization in rich text editor to prevent XSS attacks. Added accessibility improvements including: visible focus indicators on message links; tooltip text visibility at 200% zoom; proper ARIA attributes for image and video upload modals; keyboard controls for Brightcove video timeline; and corrected form field descriptions for screen readers. Aurora Fixed required custom fields not displaying in Add User form, preventing member creation. Fixed group names exceeding 40 characters failing silently instead of showing error messages. Fixed event calendar invite links navigating to incorrect page format. Fixed lock icon not displaying on ideas with commenting disabled. Fixed content formatting errors for users with Simple HTML permissions when applying alignment to lists. Fixed user timezone reverting to default after SSO login. Fixed unsupported tag warning not appearing when moving posts with newly added tags. Fixed moderators not receiving email notifications for content on moderated boards. Fixed moderator Reject menu immediately closing on Windows with display scaling above 100%. Fixed custom endpoints returning 404 errors after deployments. Fixed "Show more" button in Ideas widget failing to load additional results. Fixed Q&A structured data not rendering for search engine crawlers, affecting SEO. Fixed anchor links failing to scroll when target section was below the link. Fixed lock indicator not displaying on threads with zero comments. Fixed Knowledge Base and Ideas pages not respecting 100% page width setting. Fixed images uploaded to landing page widgets displaying as broken. Fixed Private Messages inbox failing to load for certain users. Fixed SSO logout not ending session at Identity Provider, causing automatic re-login. Fixed "Show More" button replacing visible replies instead of adding more at certain depth levels. Fixed all file attachments returning 404 errors in certain timezone configurations. Fixed user search returning empty results for certain username formats. Fixed custom pages returning 404 errors after component deployments. Fixed SDK Preview mode causing infinite page refresh loop. Fixed GraphQL Admin operations failing in custom endpoints for authenticated users. Fixed plugin build failures due to ESLint resolver incompatibility. Updated event calendar invites to use community mailer address instead of organizer email to protect privacy. Updated Next.js to address critical remote code execution vulnerabilities. Implemented validation for image URL uploads to prevent server-side request forgery attacks. Added react-markdown as allowed dependency for custom component development. Added comprehensive accessibility improvements including: swipe accessibility for tag menus, username filters, and author comboboxes on mobile; proper expanded/collapsed state announcements for all menus and navigation elements; descriptive button labels for message actions, replies, and status controls; proper tab selection announcements; content reflow after device orientation change; and hamburger menu labels reflecting current state. **UPDATE: We identified an issue affecting search functionality in this release. A fix has been applied to all stage environments. The production upgrade has been moved from February 13 to February 19, 2026 to allow us more time to thoroughly validate the fix and ensure the stability of the search functionality before promoting to production. Pre-Prod Rollout: January 28-29. Testing window open from Jan 29 through Feb 19. Production Rollout: February 13-14 February 19-20 **UPDATED DATE** The rollout will follow the standard maintenance windowsKhoros Communities 25.11 Release Notes
The Khoros Communities 25.11 release delivers critical security updates, comprehensive accessibility improvements, enhanced survey targeting capabilities, and numerous stability fixes across content management, authentication, and search functionality. Classic Applied critical security patches addressing vulnerabilities in jQuery and TinyMCE components. Enhanced username validation to prevent impersonation attempts using visually similar characters from different language scripts. Improved flood control performance, significantly reducing processing time for users with many product associations. Fixed Rich Text Editor alignment not applying correctly to text with inline formatting such as bold or italic. Fixed custom table background colors and styling being stripped when saving blog posts. Fixed Events module errors preventing users from creating, publishing, or viewing events after upgrade. Fixed deleted article history records causing entire version history to be wiped when removing individual draft versions. Added comprehensive accessibility improvements including: keyboard operability for Reply and Follow buttons; proper carousel navigation with skip options; corrected focus order in Tags modal; disabled auto-focus in private message compose modal; added missing alt attributes to images throughout the application; and programmatically associated error messages with form fields. Aurora Implemented advanced survey targeting with configurable prompts based on user authentication status, roles, location, and visit patterns. Fixed critical memory leak in integration points registry that was causing system crashes and performance degradation after 24-40 hours of operation. Fixed private messages failing to load for users with large recipient lists. Fixed users being unable to join hidden groups via email invitations. Enhanced search functionality to properly handle Traditional Chinese, Japanese, and Korean characters. Fixed language preference cookie expiring after 24 hours instead of persisting for the configured 30-day period. Fixed CSV export failures when survey responses were linked to deleted user accounts, now properly marking these as "Anonymous". Added dimension validation for image uploads to prevent pixel flood attacks that could cause memory exhaustion and system crashes. Fixed navigation error flash when users return from profile pages to discussion threads using the browser back button. Fixed blog article delete confirmation dialog intermittently not appearing for users. Fixed page index resetting to first page when unfollowing items on the Follows and Notifications page. Fixed navigation links being replaced instead of appended when adding more than 10 links in the community header. Fixed missing locale parameter causing incorrect privacy policy URLs during SSO registration. Fixed Aurora search bar displaying category IDs instead of user-friendly board names as placeholder text. Fixed custom fields and mandatory native fields not appearing on SSO registration forms for partially registered users. Fixed page crashes when users with Employee role attempted to use @mentions in comments. Fixed ZIP file attachments being stripped when submitting forum replies despite being configured as allowed. Fixed anonymous and deleted users appearing in Top Taggers leaderboard. Enhanced security for video embedding with improved validation and localized error messages. Enabled DNG (Digital Negative) file uploads for communities requiring professional photography file support. Updated robots.txt configuration to prevent Google from crawling legacy Classic URLs, eliminating 404 errors in Search Console. Enabled API access to archived messages using client credentials authentication with proper pagination support. Fixed BrandMessenger component causing page errors when encountering loading issues. Fixed custom React components failing to load on newly created development branches. Fixed custom component localization displaying text keys instead of translated values for Portuguese (Brazil) and other regional locales. Fixed message indexing errors that were preventing proper search functionality for archived content. Added content-type header to SAML logout calls to ensure proper session termination across integrated systems. Prevented OIDC SSO authentication tokens from being exposed in Personal Information exports. Pre-Prod Rollout: November 26-27. Testing window open from November 27 through December 8. Production Rollout: December 12-13 The rollout will follow the standard maintenance windows [Bug - Will be patching 26.01] GraphQLAdmin endpoints fail to authenticate correctly. Instead of applying admin permissions, the system is defaulting to 'logged out' permissions.Khoros Communities 25.10 - Release Notes
Due to unforseen circumstances, the rollout has been delayed. The updated dates are reflected below. The Khoros Communities 25.10 release includes accessibility improvements, localization enhancements, performance optimizations, and bug fixes across search, messaging, and community management features. Classic Fixed a memory leak affecting system stability by improving object deduplication in integration point processing. Enhanced image upload security validation to prevent potential issues with malformed or malicious image files. Fixed global and embedded search not returning results when using Traditional Chinese characters. Upgraded Image Service to Node.js 22 for improved security, stability, and long-term compatibility. Aurora Fixed recurring 503 Service Unavailable errors affecting community pages by implementing automated service stability improvements. Added full localization support for Turkish (tr-TR). Added full localization support for Indonesian (id-ID). Added full localization support for Vietnamese (vi-VN). Corrected French translations for "Board" and "Post" across UI and email templates. Fixed private messages in the inbox not loading for users with large recipient lists. Fixed an issue preventing users from joining hidden groups via email invitations. Fixed global and embedded search not returning results when using Traditional Chinese characters. Fixed an error preventing administrators from accessing Localized Categories Settings due to duplicate key entries. Upgraded to official undici library release for improved long-term maintainability and security updates. Upgraded Image Service to Node.js 22 for improved security, stability, and long-term compatibility. Enhanced image upload security validation to prevent potential issues with malformed or malicious image files. Fixed intermittent HTTP/2 connection timeout issues by implementing client-side TTL management for pooled connections. Improved accessibility across the platform including: correcting heading structures in Tags modal, editor, and Notifications; properly grouping radio buttons with fieldset and legend elements; updating placeholder text contrast to meet WCAG standards; enhancing tooltips with hover persistence and ARIA labels; grouping related form controls; correcting labeling for filters in Manage Content; adding proper scope attributes to table headers in Manage Members; fixing invalid ARIA attributes in Inbox; and ensuring form error messages are properly announced by screen readers. Pre-Prod Rollout: October 25-26. Testing window open from Oct 27 through Nov 8. Production Rollout: November 10-11 The rollout will follow the standard maintenance windows.
Khoros Communities - Updated Release Process
Updates 13-Oct-2025: Added more details and clarified communication process To improve your experience and simplify our release process, we are updating how we handle Khoros Communities releases. This updated process will start to apply from Communities Release 25.10. What's Changing Communities will have two types of releases going ahead - Standard releases and Patch releases Standard releases happen on a regular cadence and include features and bug fixes. Opted-in customers are automatically upgraded with clear windows to change their decision throughout the process Patch releases address critical issues outside the regular release schedule and are automatically applied to all customers on the latest version Automated support tickets make it easy to manage your upgrade preferences, request immediate upgrades. Normal support tickets can be used to update your Upgrade Notification Contacts (and for all of the requests your account team is also available) Email notifications keep your Upgrade Notification Contacts informed at every stage: release notes publication, stage upgrade completion, and production upgrade completion Production releases are published as scheduled maintenances on our status page, providing real-time visibility and updates if anything changes Clear timelines provide transparency with defined windows to adjust your preferences Standard Releases We will have a standardized release process for both Aurora and Classic. In a standard release, opted-in customers will be auto-upgraded to the latest release. These releases will include features and bug fixes. Version numbers for the standard release will follow the existing version numbers. However, we will no longer be treating releases as major or minor - we will treat every release as a standard release. Throughout this process, you can manage your upgrade preferences using automated support tickets or by contacting your account team, who can assist with any of these requests. The process will begin when we publish the release notes. The release notes will announce the plan and scope of an upcoming release. After we post the release notes here on ATLAS Community, customers will be notified by email and will have six days to change their automatic upgrade preference (opt-in or opt-out). After this period, we will upgrade the stage environments. We will then open a testing window, where customers can test on their stage environments and report any issues through support tickets. Customers will have thirteen days to opt-out if needed, allowing you additional time to validate the release with your specific customizations and integrations, for example. At the end of the testing window, we will perform the upgrade in production for customers who have not opted out during this period. For both stage and production, we will use existing Maintenance windows, as we expect downtime. Production releases will also be published as scheduled maintenances on our status page, where you can find real-time updates if anything goes out of schedule or is delayed. If you are on an older version, you have the following options: Use the automated opt-in ticket to opt back into auto-upgrades (you will receive the next scheduled release) Use the automated upgrade request ticket to upgrade to the latest released version at any time Communication All email notifications for standard releases are sent to your Upgrade Notification Contacts for each instance. To add, remove, or change your Upgrade Notification Contacts, contact our support team or your account team. Release Notes Publication Email When we publish the release notes here on ATLAS Community, your Upgrade Notification Contacts will receive an email containing: Link to the release notes Your current upgrade decision (opt-in or opt-out) The upgrade timeline for this release All customers, regardless of their upgrade decision, can change their preferences at any time using the automated support tickets. Stage Upgrade Completion Email After your stage environment is successfully upgraded, your Upgrade Notification Contacts will receive an email confirming: Stage upgrade completion Your current upgrade decision (opt-in) The scheduled production upgrade date How and when you can opt-out if needed (anytime during the two-week testing window) Production Upgrade Completion Email After your production environment is successfully upgraded, your Upgrade Notification Contacts will receive a confirmation email. Example Timeline Here's a typical timeline for a standard release: Day 1: Release notes published here on ATLAS Community; Upgrade Notification Contacts receive email with release details, current upgrade decision, and timeline Days 1-6: Period to change automatic upgrade preference Day 7: Release preparation (not possible to change decision anymore) Day 8-9: Stage environments upgraded; Upgrade Notification Contacts receive email confirming stage completion, upgrade decision, and production upgrade date Days 10-22: Stage testing window (opt-out available anytime during this period) Day 23: Release preparation (not possible to change decision anymore) Day 24-25: Production upgrade for opted-in customers; Upgrade Notification Contacts receive confirmation email Patch Releases Patch releases address critical issues outside the regular release schedule. These include security vulnerabilities, bugs affecting multiple customers, or issues impacting release stability. Patches are automatically applied to all customers on the latest version and cannot be opted out of due to their critical nature. Our team will publish the release notes, notify customers, and apply patches in a three-day window. Upgrade Notification Contacts will receive email notification when patch release notes are published. Version numbering for patch releases will follow <standard release version number>.<number>, where number will be incremented for each patch and reset after a particular standard version. As an example, the first patch after 25.8 will be numbered 25.8.1, the second patch as 25.8.2 and so on. However, the first patch applied after 25.9 will be 25.9.1. We will use Change windows for non-downtime needs and maintenance windows timeslots for downtime needs. Patch releases will also be published as scheduled maintenances on our status page, where you can find real-time updates if anything changes. If a patch applies to customers on an older version, your account team will reach out to coordinate the upgrade. Tickets We provide two types of support tickets to help you manage your upgrades: Automated Support Tickets Opt-in ticket: For opted-out customers who want to opt back in for automatic upgrades Opt-out ticket: For customers who want to opt out of automatic upgrades Upgrade request ticket: To upgrade to the latest version immediately at any time For more information on managing your instance upgrade settings, see How to Manage Instance Upgrade Settings with the AI assistant. Regular Support Tickets Manage Upgrade Notification Contacts ticket: To add, remove, or change contacts who receive upgrade notifications [Khoros Classic can also use this guide] Use these to enquire about a release, report bugs, or any issues encountered during testing or in your environment: How to Make the Best Use of the Khoros AI Support Agent. You can go to our product-specific support portal here: Khoros Community Classic and Khoros Community Aurora. What to expect next Moving forward, based on feedback on the new release process, we will also be reviewing the cadence of releases, which is right now monthly. The intent is to provide high-quality releases, minimizing customer disruptions, and allowing customers time to provide feedback and adjust.Khoros Communities 25.9 - Release Notes
The Khoros Communities 25.9 release includes performance improvements, stability enhancements, and bug fixes across search, caching, authentication, and moderation features. Classic Fixed inbox search not returning results for partial word matches. Fixed an issue where the private notes page would error when performing an empty search. Fixed image URLs not being indexable by search engines due to incorrect robot headers. Fixed an issue where Salesforce user ranks were not updating after the initial sync. Fixed archive dashboard totals showing incorrect counts due to deleted boards being included. Fixed delete confirmation errors preventing content deletion. Fixed event pages showing errors after creating and publishing new events with optional livestream details. Aurora Fixed an issue where Salesforce user ranks were not updating after the initial sync. Fixed archive dashboard totals showing incorrect counts due to deleted boards being included. Fixed an error that occurred when viewing analytics for occasion reply messages. Fixed unread and view counts not updating without a page refresh. Fixed inbox search not returning results for partial word matches. Fixed an issue where the private notes page would error when performing an empty search. Fixed image URLs not being indexable by search engines due to incorrect robot headers. Fixed an authentication issue where cookies were not being properly echoed during login/logout flows. Fixed an issue where session cookies were being incorrectly cached for anonymous users. Improved page caching performance by moving from memory-based to filesystem-based storage. Fixed a page caching issue that was reusing parent frame IDs across different users. Fixed the 3-dot action menu not working properly in text key mode within Manage Content. Fixed the 3-dot action menu not appearing for reported private messages in Manage Abuse. Fixed message action menus not responding consistently across different content types. Fixed message preview pages reloading endlessly and preventing user actions. Fixed duplicate replies being created when responding to messages at deeper thread levels. Fixed pagination issues with archived messages where the cursor was not advancing properly. Fixed a null pointer exception occurring when deleting articles via API. Fixed an issue where followers were not consistently receiving edit notifications according to their preferences. Fixed subscribers receiving unnecessary emails for non-publish workflow actions. Fixed an infinite initialization loop occurring in SDK preview for custom components. Fixed an issue where component assets were not loading correctly when switching branches. Fixed database errors caused by custom field metadata keys exceeding the allowed size limit. Fixed an issue where pasted email addresses were being replaced with suggested users when pressing Enter in group/event invites. Fixed delete confirmation errors preventing content deletion. Fixed event pages showing errors after creating and publishing new events with optional livestream details. Staging and Pre-Prod rollout: September 15 Production rollout: September 29 The rollout will follow the standard maintenance windowsKhoros Communities 25.8 - Release Notes
The Khoros Communities 25.8 release includes several important security improvements and bug fixes. [Classic] Fixed a cross-site scripting (XSS) vulnerability affecting embedded YouTube videos on community pages. [Aurora] Certain specific custom access permissions was blocking user registration, due to attempting to verify permissions before the user was registered. This has been addressed so that permissions are checked in the correct sequence. [Aurora] Fixed an issue where users were unable to join Zoom meetings when registration was set to "required"; users would instead see an error message. [Aurora] Fixed an issue with headers and footers appearing multiple times on some community pages. [Aurora] Addressed an Aurora GraphQL API issue where certain custom fields were omitted from responses. These values now appear correctly. [Aurora] Resolved an issue where the "CurrentUser" endpoint returned information about the anonymous user, not the actual current user, when using the Authorization header method of authentication. Release Date: August 20, 2025
