Khoros Communities CDN Change Notice
Hello everyone, As part of our ongoing work to improve the performance and stability of Khoros Communities, we'll be migrating our CDN over the next few weeks (exact day/time will be added as Scheduled Maintenance on status.khoros.com). Your community will not be affected The transition is seamless. Your community will remain available throughout the migration process. No action is required on your side. A note on SSL certificates If your community is currently with an AWS-issued certificate, your SSL certificate will change to one issued by Let's Encrypt as part of this migration. This is expected behavior and does not require any configuration changes from your team. Both are publicly trusted CAs, so end users won't see any difference in their user experience. If your community is served through a different provider, the SSL certificate change will not apply to you. Questions? If you have any questions or concerns, please reach out to your customer representative.
Khoros Communities 26.2 Release Notes [Updated]
The 26.2 release introduces Aurora AI capabilities for content moderation, automated responses, and workflow orchestration. It also addresses critical security vulnerabilities, delivers search and rich text editor improvements, and resolves stability issues across analytics and content archival. New Features (Aurora — Early Access) Availability: All three features below are in early access behind feature flags — nothing activates automatically. Fully configurable from the admin panel. Contact your Customer Success Manager to enable. Classic customers should reach out to their CSM to discuss migration. AI Moderation + Appeals Automates content moderation decisions based on your community guidelines, configured in plain language. Auto-approve and auto-block: Clear-cut content is handled instantly, reducing manual review volume. Gray-area escalation: Ambiguous content is held for human review rather than auto-actioned. Member appeals: Members can submit structured appeals against moderation decisions, preserving trust without adding moderator workload. Community Language Model (CLM) / Answer Assist Provides AI-generated responses to unanswered community posts after a configurable time threshold has been reached. Community-first response window: You define how long to wait before Answer Assist activates, giving members the first opportunity to respond. Source attribution: Every AI-generated answer cites the specific authors and posts it drew from, keeping community experts visible. Community Orchestrator A rules-based automation engine that triggers actions on community events such as new registrations, first posts, and milestone achievements. Automated workflows: Configure welcome sequences, expert notifications, milestone recognition, and onboarding prompts. Event-driven execution: Actions fire automatically when defined conditions are met — set up once, runs continuously. Bugs & Security Fixes Classic Fixed search autocomplete not returning results when queries contain special characters like trademark symbols or apostrophes. Fixed cursor jumping to the top of the article when applying formatting in Firefox. Fixed message position count displaying incorrectly after submitting inline replies. Fixed missing publish events in bulk data exports for republished content. Fixed Members Online count showing inflated numbers by excluding partially registered users. Fixed search results not sorting correctly by view count. Fixed video sitemap XML validation errors affecting video SEO indexing. Fixed usernames with certain Unicode characters causing registration failures and blank display names. Fixed attachments remaining visible in the editor after sending private message replies. Fixed "Show older messages" causing page reload when clicked after switching threads. Fixed rank-up notifications not being delivered via email or private message. Fixed abuse reports failing when member email addresses could not be resolved. Fixed Admin Metrics date filter returning results outside the selected range. Fixed content archival jobs getting permanently blocked when a single job encounters an error. Fixed private messages with certain HTML content showing a misleading "character limit reached" error. Fixed document viewer description to accurately reflect supported preview formats. Fixed search box losing focus while typing, particularly with mobile keyboards or Chinese IME input. Fixed external videos (Brightcove) failing with misleading "private video" error when the video provider returned an empty title. Fixed content archival API returning success but silently failing to archive. Fixed search bar defaulting to user search instead of content search on Hermes-themed communities. Fixed product search API returning duplicate or missing results with cursor pagination. Fixed @mention text inside code samples being dropped when entering edit mode. Fixed notification feed showing empty state during backend timeouts instead of a descriptive error. Fixed images pasted into the editor not uploading. Fixed "PM the Author" button opening an empty window in moderation tools. Fixed Top Solutions Authors leaderboard showing no users for time-range tabs. Fixed Promoted Search results not appearing in autocomplete dropdown after 26.1 upgrade. Fixed session token identifiers being exposed in HTML page source and error pages. Fixed stored cross-site scripting (XSS) vulnerability in user profile social link fields. Fixed unauthenticated access permissions to the individual user API endpoint. Aurora Fixed search autocomplete not returning results for queries containing special characters. Fixed @mention autocomplete not triggering when typing @ on Android mobile devices. Fixed pagination links from Linear display mode failing when viewed in Threaded display mode. Fixed auto-hyperlink conversion inconsistently applied when pasting URLs and pressing Enter quickly. Fixed auto-title feature incorrectly formatting hyperlinks when URL was followed by punctuation. Fixed attachment validation errors not being properly surfaced when the virus scanner rejected files. Fixed Group Hub members with the correct role being denied access to the Manage Members page. Fixed "Newest" sort on search and tag results using edit date instead of original post date. Fixed TKB article publishing history not recording state changes after loading autosaved drafts. Fixed Community Experience Survey CSV exports producing malformed files when responses contain special characters. Fixed JavaScript error when clicking "Add a tag" on boards where a previously muted node was deleted. Fixed Add Co-Author overlay not reopening after being dismissed in Blog boards. Fixed Analytics reports stalling or failing for multi-day date ranges. Fixed custom fields for categories and forums not appearing in the Admin UI settings panel. Fixed deletion of Idea status failing when reply messages had associated status entries. Fixed TAR file attachments being silently removed after publishing. Fixed application crashes caused by certain HTTP header configurations. Fixed internal server requests being incorrectly counted in API billing metrics. Fixed category permissions page failing to load in Admin UI. Fixed Blog, TKB, and Ideas article body expanding to full page width instead of the intended column width. Fixed the Ideas board becoming unresponsive when the Featured Statuses widget was present. Fixed tag search filter returning no results after 26.1 upgrade. Fixed bulk archive search failing to create jobs. Pre-Prod Rollout: March 17-18. Testing window open from March 18 through March 31. Production Rollout: April 1-2 >> April 8-9 [**Updated Release Dates] The rollout will follow the standard maintenance windowsKhoros Communities 26.3 Release Notes
26.3 helps make your community a place members return to. Managers can create branded email templates tied to Orchestrator for end-to-end outreach, while Polls and Clarification Questions improve engagement and answer quality. AI Moderation is more reliable at scale. The release also adds Metric Explorer, plus search upgrades and Zoom event registration. New Features (Aurora - Early Access) Availability: All features in early access are behind feature flags and must be manually enabled by contacting your Customer Success Manager. They are fully configurable from the admin panel once enabled. You may enable select Early Access products. Note: Classic users can migrate to Aurora at no cost in 2026. Contact your CSM for details. Customizable Email Templates Email communications from your community - registration confirmations, notification digests, workflow alerts - have historically required developer involvement to customize. Branding changes, copy updates, or new email types meant filing tickets and waiting. Community managers had no self-service control over one of the most direct channels for bringing members back. What you can do now: Create and manage branded, customizable email templates directly from the admin panel. With full control over content, layout, and branding, no developer dependencies required. Template creation & management Self-service editor for creating and customizing email templates with branding, custom content, and layout control. Organize templates with categories and search for easy management at scale. Customize emails across community communications - including registration, notifications, and workflow-triggered emails. Orchestrator integration Created templates can be accessed directly in Orchestrator automation rules — when a trigger fires (such as User Registers, Solution Accepted, Topic Posted, or Role Granted), the Orchestrator sends your branded template automatically. Visual compatibility indicators show which templates work with which triggers, with placeholder validation against available data. Enablement: All existing community emails continue to function without any changes. To adopt the new system, the Khoros team runs a migration script that generates your templates. You review and sign off on the migrated templates, and only after your approval does the Khoros team activate the new flow. Contact your CSM to begin the process. Proactive Clarification Questions for Answer Assist Helps members get better, faster answers by guiding them to provide the right context upfront without adding friction to the posting experience. Post-publish flow: Posts publish as per the moderation settings. For question-type posts, the system surfaces AI-generated clarification questions in a slide-in panel (desktop) or bottom sheet (mobile). CM-guided generation: Community managers provide example clarification questions to guide the AI. The system then generates both the questions and suggested answer options dynamically, informed by post content and community knowledge. Configurable and optional: Admins set the maximum number of questions per board (default 3, max 6). All questions are optional. Members can answer any, all, or none, and skip the entire step while posting the question. Polls Enable members to share opinions and surface community sentiment through lightweight, interactive polls - giving community managers structured insight into what members think and need. Creation: Create text or image-based polls directly from the message editor on Forum, Blog, and Group boards. It supports 2–8 options and durations from 1 hour to 1 month. Image polls: Support for image-based options with responsive grid layout, alt text, and lightbox preview, ideal for visual preference assessment on design concepts, product options, or community decisions. One-click voting: Real-time result updates with percentage breakdowns and social proof. Configurable for single-vote or multi-vote, with optional vote-change support. Results visibility controls: Set results to public, participants + creator only, or creator-only with configurable exposure timing (after voting, live, or after poll closes). Admin controls: Board-level enable/disable, configurable limits (duration, options, characters), minimum rank and account age gating for poll creators, and standard moderation pipeline integration. Notifications & analytics: Poll-closed email notifications to creators and voters. Per-poll CSV export and community-wide aggregate statistics available from the admin panel. Voting history visible on member profiles. Metric Explorer A new dedicated analytics experience for deeper, more flexible analysis of community metrics. Metric Explorer lets you select any supported metric and slice it by multiple dimensions such as board, content type, role, or time period with comparative views that show trends side-by-side. Key capabilities include: Slice-and-dice: Break down any metric by dimensions like board, content type, user role, language, and custom date ranges. Comparative analysis: Compare metrics across time periods, boards, or segments to identify trends and performance shifts. Extended date ranges: Metric Explorer supports date ranges beyond 90 days up to one full year with interval-based charting. For example, DAU/MAU now displays as a full time-series chart in Metric Explorer (rather than the single aggregate value shown on the main dashboard). Full metric catalog: A comprehensive guide to all available metrics, their definitions, supported dimensions, and slice-and-dice options will be published alongside this release (see Guides section below). Search Analytics dashboard: New analytics dashboard providing visibility into search performance including search volume, success rates, top search terms, zero-result queries, filter usage, and board-level search metrics with drill-down and time period selection. Expert Report Expert Scoring & Top Experts List: Discover and filter top experts per topic with a ranked list (configurable up to top 10 per topic). Filter by topic category or staff/community role, with CSV export. AI profiles are automatically excluded. Enhancements (Aurora) Search Multi-select filters: Members can now select multiple values in Content Type, Author, and other filter categories to create targeted search queries. Admins can enable this via the Features tab. For multi-tag filtering, admins can choose between AND/OR filtering; for Content Type and Author, OR filtering is applied. Author Search: Search by community member name to surface all posts and replies created by that user, enabling quick content discovery and contributor insights. AI Platform Auto-exclude banned users from expert recommendations: Permanently banned, temporarily suspended, and deactivated users are automatically filtered from the expert recommendation pipeline before expert cards are displayed or notifications are sent. Expert and clarification events for Orchestrator: Expert identification events and clarification question nudge events are now published to the Orchestrator, enabling custom workflows, such as routing expert invitations through branded email templates or automating follow-up when members haven't completed clarification questions. Prioritized Knowledge Base and Blog sources in AI answers: Answer Assist now prioritizes KB articles and blog posts over forum replies when generating cited answers, improving answer authority and accuracy. Configurable citations card title: Community admins can customize the "Citations" heading on AI answer cards to match their brand (e.g., "Sources," "References," "Learn More") from AI Settings. Configurable multi-modal vision models: Admins can configure multi-modal vision models for AI image analysis directly from the AI Settings page, now fully integrated into the AI moderation pipeline. Khoros Managed Key support for AI Moderation: Communities can now enable AI Moderation using Khoros-provided API keys instead of bringing their own LLM service credentials, simplifying onboarding and reducing setup overhead. The AI Settings UI hides model selection and API key fields when Khoros Managed Keys are in use. Analytics Extended date ranges for key dashboard metrics: The main Analytics dashboard now supports date ranges greater than 90 days (up to one year) for New vs. Returning Members and New vs. Returning Anonymous Users previously limited to 90 days. Survey Bulk API: Survey response data is now available in the Bulk Data API v3 for Aurora, enabling historical NPS and ROI measurement with backfill of existing survey data. Events & Authentication Zoom event registration integration: When members RSVP to events in the community, registration data (name, email, title, company, phone) is automatically pushed to Zoom's registrant list via API. Community managers link events to Zoom webinar IDs. Data then flows through to Salesforce via customers' existing Zoom–Salesforce integrations. Setup: An admin must complete the Zoom OAuth authorization in the admin panel to enable the data flow. Mandatory SSO registration completion: SSO registration can now be configured to require completing registration fields and accepting terms and conditions before account activation. Previously, SSO sign-up could bypass these steps. Setup: An admin must enable this setting in the SSO configuration panel. Platform UTF-8 BOM for CSV exports: Analytics CSV exports now include a UTF-8 BOM header, resolving display issues with non-English characters when opening files directly in Microsoft Excel. Pendo integration removal: Removed all Pendo tracking code from Aurora and Classic platforms. In-product admin guides previously powered by Pendo are no longer available. This change has no impact on community member experience or community functionality. Naming updates: "Community Automations" has been renamed to "Orchestrator" throughout the admin interface, and all UI references to the AI answer feature now consistently use "Answer Assist." AI Moderation Improvements (Aurora) This release delivers a significant round of improvements to the AI Moderation and Appeals systems introduced in 26.2 giving admins more control, improving moderation reliability, and making the appeals experience smoother for members. Greater Admin Control Global kill switch: A new master toggle on the AI Settings page instantly disables AI moderation across all boards, regardless of board-level settings. Re-enabling restores your existing per-board configuration automatically. Clearer confidence threshold settings: Replaced the confidence threshold slider with a dropdown control at the community level for easier, more precise configuration. Transparent bypass permissions: Added disclaimers to permission descriptions that implicitly bypass AI moderation, so admins can clearly see which roles skip the moderation pipeline. More Reliable Moderation Decisions Board-level settings honored: Resolved multiple issues where AI moderation was triggered on boards with the toggle disabled, posts were incorrectly auto-approved or auto-rejected, and community-level settings unintentionally overrode board-level configuration. Deny-default forums: Fixed AI moderation not triggering for users with role-based visibility permissions on forums using deny-default access. Multi-image posts: Posts with multiple images are now moderated reliably through chunked processing, preventing failures on image-heavy content. Improved Appeals Experience Appeals for human-moderated posts: Members can now appeal posts rejected by human moderators not just AI-moderated rejections. Correct appeal reason display: Moderation audit and member-facing panels now correctly display appeal reason codes and descriptions. User-friendly error messages: Appeal submission errors now show clear, actionable messages instead of generic error text. Admin UX Fixes Community guidelines editor: The guidelines editor now displays a character limit indicator and enforces a maximum length, resolving lag and "Failed to save" errors with very large text. Also fixed text area resize issues and empty submission validation. "Hide from View": Fixed the button showing a success message but not actually removing moderated posts from the list. Manage Content ellipsis menu: Fixed the overflow menu disappearing on hover and remaining in an active state after selecting an option. Bug Fixes Aurora Post approval badges now auto-dismiss after a few seconds instead of persisting indefinitely; badge labels are standardized across Forums, Blogs, and Knowledge Base articles, and misleading "Approved" indicators on already-published content have been suppressed. Fixed navigation links being overwritten instead of appended when more than 10 links were added to the community header. Fixed Group Hub membership UI not properly displaying or managing membership actions. Fixed thread widget crashing when moderators clicked Approve or Reject directly within the thread view. Fixed topic tags briefly appearing and then disappearing after page load. Fixed avatar images displaying at incorrect resolutions due to size variants colliding in the cache. Fixed Contributions widget on user profiles always defaulting to Newest Topics regardless of the configured default. Fixed board sort preference not persisting across page loads for anonymous and SSO-authenticated users. Fixed moderation status banner not rendering on the message page. Fixed user profile page crashing when registration data was missing for certain users. Fixed viewport scroll jumping unexpectedly after saving image ALT text. Fixed infinite reload loop after creating a blog post. Fixed search results infinite scroll stalling after the first 20 results. Fixed brief "No Replies" empty state flash appearing while replies were still loading after the 26.1 upgrade. Fixed search input becoming invisible after browser Back navigation while the dropdown remained visible. Fixed label links on search results pages not responding to clicks when the label filter widget was absent. Fixed survey text override in the admin Q&A modal showing a misleading "admin app does not allow customizations" error. Fixed Answer Assist search failing for communities using Khoros-managed API keys. Fixed Answer Assist not generating responses for posts created by users with bypass-moderation permissions. Fixed Display Name field in Answer Assist settings not updating in the UI after saving. Fixed GraphQL Follows API targetId filter returning follows for all boards instead of only the specified target. Fixed React hydration errors on the Manage Content tabs. Fixed Template Card not supporting scrolling, and filter selections resetting on navigation. Fixed sub-category and date selections reverting to previous values after saving. Fixed canonical URLs on profile and label-filtered forum pages including query parameters, causing search engines to index parameterized variations as separate pages. Fixed appeals UI disappearing from the moderation interface after deployments. Added GraphQL alias count limit to prevent resource amplification attacks via excessive query aliases. Added authorization check to the RSVP delete mutation to prevent unauthorized record deletion. Added missing authorization checks to GraphQL customization mutations. Replaced semantically incorrect aside spacer with a div in the message view card to comply with WCAG 1.3.1. Fixed tag focus indicator contrast ratio to meet WCAG 1.4.11 requirements. Added underline decoration to user profile links in the message view byline to comply with WCAG 1.4.1. Classic Fixed MESSAGE_TYPE field returning null in some GraphQL responses. Fixed rank field missing from REST API v1/v2 responses for newly created users. Fixed tag cloud widget ignoring its configured maximum tag count setting. Fixed private message content filter notifications not posting to the report board. Fixed full-page Products and Places search failing to match partial terms within compound names containing separators. Fixed archive totalCount returning the page-local size instead of the actual total number of archived items. Fixed label validation being skipped when the label.labels parameter was omitted from requests. Fixed REST API search queries triggering live rank recalculation, which sent unintended mass email notifications to users whose ranks changed. Fixed orphaned message-level float records remaining after a thread's global float was removed, leaving threads pinned at the board level. Changed RSVP email calendar invite method from REQUEST to PUBLISH to prevent non-functional Accept/Decline prompts in email clients. Increased board ID maximum length from 40 to 255 characters. Fixed NullPointerException in the video gallery component on pages accessed without a user context. Fixed quilt flattener producing duplicate components when class names changed between versions. Fixed Elasticsearch bookmark race condition during rolling upgrades that triggered unnecessary full index backfills. Fixed Idea Exchange search defaulting to the parent category scope instead of the current board. Fixed Redis connection pool not rebuilding automatically after connection failures. Fixed inbox infinite scroll stalling after 30 conversations. Fixed REST API ban operation failing for admin users who had never logged in through the UI. Fixed attachment Show More button not functioning in draft preview mode. Fixed Elasticsearch full refill operations exiting prematurely after the first chunk. Fixed NullPointerException when viewing abuse reports for deleted private messages. Fixed clipboard image paste creating a placeholder but never uploading the image in the V2 editor. Fixed file descriptor leak when journal entry write operations failed. Fixed list-style-type formatting being stripped from nested lists during content sanitization, which caused extra list items to appear after saving posts with multi-level indentation. Fixed emoji picker panel closing immediately when opened on mobile devices. Fixed Grammarly extension blocking the TinyMCE editor resize controls. Fixed hard-coded English labels in the Private Notes threaded view options menu. Added figure and figcaption elements to the server-side HTML whitelist so image captions are preserved after saving. Fixed GNU tar attachments being silently dropped due to MIME type mismatch. Fixed multiple rapid attachment uploads silently dropping files; pending uploads are now queued and processed sequentially. Added lowercase route alias for the Critical CSS callback endpoint to handle CDN providers that send lowercased URLs. Fixed tags disappearing when editing custom fields on TKB draft articles. Added a maximum retry limit for Akismet spam processing failures to prevent unbounded queue growth during service disruptions. Fixed object tag previews not rendering in the TinyMCE rich text editor. Fixed Members Online count fluctuating erratically across page loads. Fixed PageOutOfRangeException when navigating to certain blog comment permalinks. Fixed scheduled member reports missing columns when exports exceeded 2,000 lines. Fixed Traditional Chinese (zh-TW) and Simplified Chinese (zh-CN) translation files being swapped, causing the wrong script variant to display. Fixed expensive MySQL COUNT query causing CPU spikes on the message view threads table. Fixed orphaned cover images remaining after moving a blog post to a non-blog board. Fixed registration form being misidentified as a login form by password managers, causing autofill of existing credentials instead of new credential generation. Fixed case-sensitive query parameter lookup causing guide URLs to redirect to the wrong KB article. Fixed approved posts reappearing in the moderation queue after being processed. Fixed anonymous user access check blocking authenticated users from looking up their own profile data through the API. Fixed application failures during startup caused by Flow app initialization errors. Fixed persistent stored cross-site scripting (XSS) vulnerability via HTML sanitizer bypass. Fixed server-side request forgery (SSRF) vulnerability in the Classic REST image upload endpoint via the upload_url parameter. Enforced REST v2 Users API access controls so personally identifiable fields are no longer exposed to unauthorized callers. Added per-field access control to prevent anonymous PII exposure in user profile API responses. Fixed personal information exports leaking settings-scoped custom content values that should not have been part of user data. Pre-Prod Rollout: May 12-13. Testing window open from May 14 through May 25. Production Rollout: May 27-28 The rollout will follow the standard maintenance windows.Khoros Communities 25.12 Release Notes
The Khoros Communities 25.12 release delivers extensive accessibility improvements across both Classic and Aurora platforms, critical security fixes, significant search and analytics enhancements, and numerous stability improvements for content management, rich text editing, and API functionality. Classic Applied input sanitization for survey form submissions to ensure data integrity and security. Fixed slide-out navigation menu accessibility violations including improper button element nesting and focus management issues affecting screen readers. Fixed spoiler tags scrolling to page top instead of expanding content on first visit due to script loading latency. Fixed Q&A structured data linking accepted answer URLs to author profiles instead of actual solution posts, improving SEO accuracy. Fixed LiQL query operator "!=" to correctly apply multiple exclusion conditions, allowing users to exclude multiple nodes in a single query. Fixed code snippet syntax highlighting disappearing when editing posts containing li-code elements. Fixed post counter incorrectly decreasing when deleting product idea status updates. Enhanced V2 API error messages to specify which field and content caused validation failures, providing actionable feedback to API consumers. Fixed post approval failures in moderation manager showing false success messages when approving spam in archived threads. Fixed kudos leaderboard displaying empty slots when deleted users were included in rankings. Fixed API errors when querying subscriptions for label objects. Enabled text key scoping for TKB template selection page to support template-specific customization. Fixed API errors when retrieving posts containing malformed CSS classes in HTML content. Optimized settings editor to reduce search reindex latency from 20-90 seconds to under 3 seconds when updating large custom settings. Added comprehensive accessibility improvements including: proper combobox roles for all search and autocomplete fields; ARIA expanded/collapsed states for image upload controls; corrected button roles for file upload and avatar controls; keyboard focus management in settings tabs; screen reader announcements for file upload status messages; and notification settings sections defined as proper headings for navigation. Aurora Fixed critical authorization vulnerability in GraphQL endpoints to properly enforce permission checks for privileged operations. Implemented multi-select functionality for idea status filter in ideas widget, providing filtering parity with Classic Community. Implemented SEO improvements for tag pages including lowercase URLs, updated robots meta tags, and dynamic meta descriptions. Enabled notifications and email alerts for followed tags, resolving "No activity yet" displays despite active content. Fixed image lightbox not opening when clicking images in post replies. Fixed spotlight search bar disappearing for anonymous users when typing specific search terms. Fixed date calculations showing incorrect year values in user profiles due to improper rounding of negative numbers. Updated tooltip text from deprecated "Kudos received" to "Likes received" throughout Aurora. Fixed cookie banner reappearing on page refresh despite user accepting or declining consent. Fixed pixelated thumbnail image display across community pages on high-DPI displays. Fixed date preference not applying to profile page elements when set to absolute format. Fixed internal links not opening in new window when using Cmd-click on Mac or Ctrl-click on Windows. Fixed ZIP file attachment failures on Windows systems due to MIME type mismatch. Fixed GraphQL ancestorId constraint returning zero results for boards queries. Fixed timestamp mouseover displaying incorrect timezone after user login/logout cycles. Fixed idea status updates displaying status ID instead of custom status name in user profiles. Enabled bold formatting for hyperlinked text in rich text editor regardless of formatting order. Fixed roles filter in analytics to display all community roles instead of only 25. Fixed LithiumVisitor cookie being reset on every asset request, causing inflated visitor counts in analytics. Fixed graphqlAdmin permission elevation for addUsersToRole mutation in endpoints. Removed "Category:" prefix from browser tab titles on category homepages used as localized entry points. Fixed search filters being cleared when performing consecutive searches. Fixed quote button being hidden by browser context menu on touch devices by repositioning below selected text. Fixed card view image quality on high-DPR displays by increasing thumbnail dimensions. Removed inappropriate content filters from OAuth SSO token validation and abuse content moderation workflows. Fixed place filter in ideas analytics report to correctly scope data to selected category. Fixed missing user names in reply notification emails. Fixed featured badge display to show highest earned badge level instead of first earned. Fixed featured content widget briefly displaying restricted content to anonymous users during page load. Fixed image upload order and caption issues when uploading multiple images simultaneously. Fixed publication scheduler being obscured by footer UI elements. Fixed oversized image warning notification persisting across page navigation. Fixed "Show More" button resetting page scroll position to top on large threads. Fixed duplicate author attribution display in TKB contributor lists. Fixed locked indicator not displaying on threads with zero comments. Fixed date display formatting issue causing text wrapping in published article tables. Fixed analytics report table displaying incorrect numbers for values above 10 million. Fixed inconsistent auto-hyperlink conversion when pasting URLs and quickly pressing Enter. Fixed text pasting issue when replacing highlighted text from Notepad or VSCode. Whitelisted @fluentui/react package for custom component development. Added permission check to prevent image paste operations when user lacks image posting permissions. Fixed missing UI error message when group names exceed 40 character limit. Fixed images uploaded in HTML widgets displaying as broken due to malformed URLs. Fixed closed private messages in inbox failing to load when messages referenced deleted users. Fixed Annual Total Visits mismatch and incorrect contract period display in Community Analytics billing dashboard. Fixed missing GroupHub "Invite Sent" events in Firehose when invitations were sent via email. Fixed blank member registration graph in analytics caused by Elasticsearch circuit breaker exceptions. Fixed day-of-week misalignment in analytics "Match day of the week" year-over-year comparisons. Added comprehensive accessibility improvements including: text color control swipe accessibility on mobile; alt text for like icons and profile images; descriptive labels for form fields in private messaging; proper combobox announcements for all autocomplete fields; ARIA states for menu selections, sort controls, and expandable elements; improved button labels for skin tone picker, logo links, and context-specific actions; corrected button roles for rich text editor toolbar controls; and screen reader support for tooltips on mobile devices. Pre-Prod Rollout: December 15-16. Testing window open from December 16 through January 4. Production Rollout: January 6-7 The rollout will follow the standard maintenance windows
Meta Threads is now available within Khoros Care
Khoros is pleased to announce that Meta Threads is now supported as an integrated channel within Khoros Care. The integration allows brands to respond and engage with their followers on brand posts, allowing them to provide top-notch social care and advocacy at scale.Khoros K1, Care, Marketing, Flow Release notes - December 1st 2025
Khoros Care Customer Experience Improvements TikTok Response Labeling Enhancement: Agent responses to TikTok conversations are now correctly identified in the conversation timeline, eliminating incorrect "External response" labels that caused confusion for agents Trustpilot Data Recovery: Backfilled missing Trustpilot reviews that failed to process during authentication issues, restoring complete customer review data Community User Avatar Handling: Fixed issue where Community users without profile pictures caused processing failures, ensuring all Community posts are properly delivered to Care Brand Messenger Chat Reliability: Resolved bot response delivery issues in Brand Messenger widget, ensuring consistent message arrival and improved error logging for customer interactions Social Media Authentication & Message Processing: Resolved authentication issues and improved message processing reliability for social media channels, ensuring consistent delivery of customer messages Message Processing Reliability: Improved retry mechanism for failed message processing, reducing message delivery failures Performance & Scalability European Region Performance: Increased capacity in EU region to handle higher load during business hours, improving response times and system stability Proactive System Monitoring: Deployed comprehensive monitoring across US, EU, and APAC regions to validate core platform functionality including agent conversation handling, queue management, agent assist widgets, and dashboard access Admin Console Change Log Navigation: Change Log has been released from Beta and is generally available. User Management Enhancements: Improved batch user processing and cache synchronization to prevent data loss during user management operations Security & Platform Updates Security Enhancements: Deployed security fixes across multiple Care components: Analytics Dashboard: Critical security vulnerability patches Case Management Interface AI/ML Processing System Brand Messenger Chat Backend Publishing Interface: Latest security patches Messaging Authentication Khoros Marketing Platform Improvements Instance Management: Fixed server error that was preventing Marketing instance deprovisioning, improving platform lifecycle management User Moderation: Resolved issue preventing users from being banned in Marketing Inbox, restoring full moderation capabilities Stream Collections: Fixed deletion functionality for stream collections Infrastructure & Performance Social Gateway Updates: Deployed infrastructure improvements for enhanced reliability and performance Advertising Metrics Processing: Improved reliability of advertising metrics data collection by introducing safeguards to prevent processing failures Notification System: Improved stability of the notification system Enhanced Security Protocols: Strengthened database security protocols as part of ongoing security compliance efforts Khoros Flow AI & Platform Upgrades Claude 4.5 AI Upgrade: Upgraded AI model from Claude Sonnet 3.5 to Claude Sonnet 4.5 in Flow, providing enhanced AI capabilities for improved customer interactions and automated responses Integration Improvements WhatsApp Integration Upgrade: Updated WhatsApp channel integration to latest API version, improving message delivery reliability and media handling capabilities Care System Integration: Enhanced integration with Khoros Care to provide better tracking and visibility of customer cases across systems, enabling more seamless workflows between Flow and Care Security & Stability Security Vulnerability Remediation: Addressed known security vulnerabilities across Flow platform including CVE-2019-10744 (lodash), CVE-2020-7610 (bson), CVE-2021-26707 (merge-deep), and others by upgrading to latest secure versions of system dependencies Message Processing Improvements: Increased message processing capacity to handle larger messages and attachments, improving reliability for customers sending rich media content System Connection Resilience: Improved system resilience to prevent service interruptions during network connectivity issues, ensuring consistent message processing Monitoring & Operations Proactive Feature Monitoring: Implemented comprehensive monitoring for dashboard performance and bot response times with automated alerting Data Pipeline Optimization: Optimized data processing pipeline, significantly improving performance and reducing processing delays Platform-Wide Updates Security Comprehensive Security Fixes: Applied critical security updates across all Khoros products, including user interfaces and backend services System Reliability Enhanced Error Handling: Improved system resilience with better error recovery mechanisms Deployment Process: Streamlined release processes for faster, more reliable updatesKhoros K1, Care, Marketing, Flow Release notes - December 15th 2025
Here is a list of the released features and bugfixes over the last two weeks: Marketing (Spredfast) Enhanced Analytics Data Processing: Fixed critical data processing workflows to ensure analytics reports display accurate metrics and insights without delays Improved Platform Reliability: Addressed stability issues that affected content publishing and analytics workflows during peak usage periods Flow Configurable Search Precision: You can now customize how many documents are analyzed when using AI search reranking, allowing you to balance between search speed and result accuracy based on your needs Faster AI Training Completion: Training jobs now complete significantly faster by running at higher priority, reducing wait times when setting up new AI capabilities Multi-Language Agent Handover: Fixed chatbot prompts that were always in English - the "connect with an agent" suggestion now appears in the same language as the customer's conversation Improved System Responsiveness: Optimized background processes to reduce latency and improve overall platform performance during high-traffic periods Care Instagram: Accurate Ad Content Attribution: Fixed an issue where Instagram ads from other accounts were incorrectly appearing under your brand - ads now correctly filter to show only content owned by your configured Instagram account Instagram:Better Multi-Brand Response Handling: When managing multiple Instagram brand accounts mentioned in a single conversation, the system now correctly identifies and uses all relevant brand tokens for responses, preventing missed reply opportunities TikTok: Correct Response Attribution: TikTok replies are now properly labeled as your brand responses instead of being marked as "External Response" - improving conversation tracking and reporting accuracy LinkedIn: Reliable Comment Deletion: LinkedIn comment deletion now includes verification and automatic retry logic to ensure comments are successfully removed, with clear logging of success or failure status Facebook Messenger: Clean Secure Chat Invitations: Secure chat invitation links sent via Facebook Messenger now display cleanly without showing raw URLs or incorrect "Post edited" labels in the agent timeline Fixed Moderation Column Updates: Posts now automatically disappear from Community Moderation columns after being moderated, instead of remaining visible with a spinning indicator indefinitely Support for Authors Without Profile Pictures: Fixed a critical issue preventing Community posts from authors without profile pictures from appearing in Care - these posts now process correctly and reach your agents Prevent Duplicate Cases: Eliminated race condition that created multiple cases when customers sent rapid messages - now ensures only one case is created per customer conversation, even during high-traffic periods Clearer Integration Connection Errors: Integration connection failures now display helpful error messages explaining what went wrong, instead of generic errors Validation for Account Switching: Prevents accidental integration misconfiguration by blocking attempts to reconnect an integration with a different account than originally configured, with clear error messaging Dark Mode Toggle Visibility: Dark mode toggle now only appears in applications that support it, removing confusion in apps like Khoros One where it wasn't functional Automatic Tag Accuracy: Fixed incorrect "Emojis Only" tagging being applied to conversations containing only @mentions - tags now accurately reflect actual emoji presence Enhanced Chat Widget Stability: Improved chat widget reliability and performance for end-user interactions Platform-Wide Security Critical Security Patches Addressed Remote Code Execution Vulnerabilities: Patched multiple critical CVEs (CVE-2019-14540, CVE-2019-14379, CVE-2019-16335, CVE-2019-16942, CVE-2017-7657, CVE-2020-9546, CVE-2020-9547, CVE-2020-9548) with CVSS scores of 9.8 related to deserialization exploits and HTTP smuggling attacks Updated Security Libraries: Upgraded jackson-databind, Jetty WebSocket, Netty codec-http, and commons-collections to latest secure versions across multiple platform components Enhanced Application Security: Applied comprehensive security patches across Care, Marketing, and Analytics components to protect against known vulnerabilitiesKhoros Communities 25.11 Release Notes
The Khoros Communities 25.11 release delivers critical security updates, comprehensive accessibility improvements, enhanced survey targeting capabilities, and numerous stability fixes across content management, authentication, and search functionality. Classic Applied critical security patches addressing vulnerabilities in jQuery and TinyMCE components. Enhanced username validation to prevent impersonation attempts using visually similar characters from different language scripts. Improved flood control performance, significantly reducing processing time for users with many product associations. Fixed Rich Text Editor alignment not applying correctly to text with inline formatting such as bold or italic. Fixed custom table background colors and styling being stripped when saving blog posts. Fixed Events module errors preventing users from creating, publishing, or viewing events after upgrade. Fixed deleted article history records causing entire version history to be wiped when removing individual draft versions. Added comprehensive accessibility improvements including: keyboard operability for Reply and Follow buttons; proper carousel navigation with skip options; corrected focus order in Tags modal; disabled auto-focus in private message compose modal; added missing alt attributes to images throughout the application; and programmatically associated error messages with form fields. Aurora Implemented advanced survey targeting with configurable prompts based on user authentication status, roles, location, and visit patterns. Fixed critical memory leak in integration points registry that was causing system crashes and performance degradation after 24-40 hours of operation. Fixed private messages failing to load for users with large recipient lists. Fixed users being unable to join hidden groups via email invitations. Enhanced search functionality to properly handle Traditional Chinese, Japanese, and Korean characters. Fixed language preference cookie expiring after 24 hours instead of persisting for the configured 30-day period. Fixed CSV export failures when survey responses were linked to deleted user accounts, now properly marking these as "Anonymous". Added dimension validation for image uploads to prevent pixel flood attacks that could cause memory exhaustion and system crashes. Fixed navigation error flash when users return from profile pages to discussion threads using the browser back button. Fixed blog article delete confirmation dialog intermittently not appearing for users. Fixed page index resetting to first page when unfollowing items on the Follows and Notifications page. Fixed navigation links being replaced instead of appended when adding more than 10 links in the community header. Fixed missing locale parameter causing incorrect privacy policy URLs during SSO registration. Fixed Aurora search bar displaying category IDs instead of user-friendly board names as placeholder text. Fixed custom fields and mandatory native fields not appearing on SSO registration forms for partially registered users. Fixed page crashes when users with Employee role attempted to use @mentions in comments. Fixed ZIP file attachments being stripped when submitting forum replies despite being configured as allowed. Fixed anonymous and deleted users appearing in Top Taggers leaderboard. Enhanced security for video embedding with improved validation and localized error messages. Enabled DNG (Digital Negative) file uploads for communities requiring professional photography file support. Updated robots.txt configuration to prevent Google from crawling legacy Classic URLs, eliminating 404 errors in Search Console. Enabled API access to archived messages using client credentials authentication with proper pagination support. Fixed BrandMessenger component causing page errors when encountering loading issues. Fixed custom React components failing to load on newly created development branches. Fixed custom component localization displaying text keys instead of translated values for Portuguese (Brazil) and other regional locales. Fixed message indexing errors that were preventing proper search functionality for archived content. Added content-type header to SAML logout calls to ensure proper session termination across integrated systems. Prevented OIDC SSO authentication tokens from being exposed in Personal Information exports. Pre-Prod Rollout: November 26-27. Testing window open from November 27 through December 8. Production Rollout: December 12-13 The rollout will follow the standard maintenance windows [Bug - Will be patching 26.01] GraphQLAdmin endpoints fail to authenticate correctly. Instead of applying admin permissions, the system is defaulting to 'logged out' permissions.Security Advisory: CVE-2025-66478 (Next.js)
Date: December 4, 2025 Status: Not Affected Summary A critical remote code execution vulnerability (CVE-2025-66478, CVSS 10.0) was recently disclosed affecting Next.js applications using the App Router with React Server Components. Impact Assessment The Aurora platform is not affected by this vulnerability. After a thorough review of our codebase, we have confirmed that our applications use the Next.js Pages Router architecture, which is explicitly excluded from the scope of this vulnerability. According to Vercel's official security advisory, Pages Router applications are not susceptible to this exploit. Actions Taken Despite not being vulnerable, we are proactively updating our Next.js dependency from version 15.1.7 to 15.1.9 as part of our commitment to security best practices and maintaining up-to-date dependencies. References https://github.com/vercel/next.js/security/advisories/GHSA-9qr9-h5gf-34mp https://nextjs.org/blog/CVE-2025-66478 Questions If you have any questions regarding this advisory, please contact your account representative or our support team.Khoros K1, Marketing, Care and Flow release cadence
As part of our ongoing commitment to reliability and transparency, we have adopted a continuous delivery model for Khoros K1, Care, Spredfast Marketing and Flow. This means improvements, fixes, and enhancements are deployed to production incrementally rather than through large, infrequent releases. This approach minimizes operational risk, accelerates value delivery, and ensures that your environment benefits from the most stable and secure version of our product at all times. We recognize that visibility into product evolution is essential for planning and governance. To provide this transparency, we are introducing a regular changelog where you can review all functional, performance, and stability updates that have been deployed. Each entry will briefly describe what has changed and when, serving as a single source of truth for product updates. Our initial plan is to publish changelog updates on a regular cadence (approximately bi-weekly) on the release notes space, ensuring timely and consolidated communication without excessive notifications. As the product continues to evolve, we may adjust this frequency to align with customer needs and product maturity—always maintaining consistency and clarity in how updates are communicated.
