Khoros Communities 25.12 Release Notes
The Khoros Communities 25.12 release delivers extensive accessibility improvements across both Classic and Aurora platforms, critical security fixes, significant search and analytics enhancements, and numerous stability improvements for content management, rich text editing, and API functionality. Classic Applied input sanitization for survey form submissions to ensure data integrity and security. Fixed slide-out navigation menu accessibility violations including improper button element nesting and focus management issues affecting screen readers. Fixed spoiler tags scrolling to page top instead of expanding content on first visit due to script loading latency. Fixed Q&A structured data linking accepted answer URLs to author profiles instead of actual solution posts, improving SEO accuracy. Fixed LiQL query operator "!=" to correctly apply multiple exclusion conditions, allowing users to exclude multiple nodes in a single query. Fixed code snippet syntax highlighting disappearing when editing posts containing li-code elements. Fixed post counter incorrectly decreasing when deleting product idea status updates. Enhanced V2 API error messages to specify which field and content caused validation failures, providing actionable feedback to API consumers. Fixed post approval failures in moderation manager showing false success messages when approving spam in archived threads. Fixed kudos leaderboard displaying empty slots when deleted users were included in rankings. Fixed API errors when querying subscriptions for label objects. Enabled text key scoping for TKB template selection page to support template-specific customization. Fixed API errors when retrieving posts containing malformed CSS classes in HTML content. Optimized settings editor to reduce search reindex latency from 20-90 seconds to under 3 seconds when updating large custom settings. Added comprehensive accessibility improvements including: proper combobox roles for all search and autocomplete fields; ARIA expanded/collapsed states for image upload controls; corrected button roles for file upload and avatar controls; keyboard focus management in settings tabs; screen reader announcements for file upload status messages; and notification settings sections defined as proper headings for navigation. Aurora Fixed critical authorization vulnerability in GraphQL endpoints to properly enforce permission checks for privileged operations. Implemented multi-select functionality for idea status filter in ideas widget, providing filtering parity with Classic Community. Implemented SEO improvements for tag pages including lowercase URLs, updated robots meta tags, and dynamic meta descriptions. Enabled notifications and email alerts for followed tags, resolving "No activity yet" displays despite active content. Fixed image lightbox not opening when clicking images in post replies. Fixed spotlight search bar disappearing for anonymous users when typing specific search terms. Fixed date calculations showing incorrect year values in user profiles due to improper rounding of negative numbers. Updated tooltip text from deprecated "Kudos received" to "Likes received" throughout Aurora. Fixed cookie banner reappearing on page refresh despite user accepting or declining consent. Fixed pixelated thumbnail image display across community pages on high-DPI displays. Fixed date preference not applying to profile page elements when set to absolute format. Fixed internal links not opening in new window when using Cmd-click on Mac or Ctrl-click on Windows. Fixed ZIP file attachment failures on Windows systems due to MIME type mismatch. Fixed GraphQL ancestorId constraint returning zero results for boards queries. Fixed timestamp mouseover displaying incorrect timezone after user login/logout cycles. Fixed idea status updates displaying status ID instead of custom status name in user profiles. Enabled bold formatting for hyperlinked text in rich text editor regardless of formatting order. Fixed roles filter in analytics to display all community roles instead of only 25. Fixed LithiumVisitor cookie being reset on every asset request, causing inflated visitor counts in analytics. Fixed graphqlAdmin permission elevation for addUsersToRole mutation in endpoints. Removed "Category:" prefix from browser tab titles on category homepages used as localized entry points. Fixed search filters being cleared when performing consecutive searches. Fixed quote button being hidden by browser context menu on touch devices by repositioning below selected text. Fixed card view image quality on high-DPR displays by increasing thumbnail dimensions. Removed inappropriate content filters from OAuth SSO token validation and abuse content moderation workflows. Fixed place filter in ideas analytics report to correctly scope data to selected category. Fixed missing user names in reply notification emails. Fixed featured badge display to show highest earned badge level instead of first earned. Fixed featured content widget briefly displaying restricted content to anonymous users during page load. Fixed image upload order and caption issues when uploading multiple images simultaneously. Fixed publication scheduler being obscured by footer UI elements. Fixed oversized image warning notification persisting across page navigation. Fixed "Show More" button resetting page scroll position to top on large threads. Fixed duplicate author attribution display in TKB contributor lists. Fixed locked indicator not displaying on threads with zero comments. Fixed date display formatting issue causing text wrapping in published article tables. Fixed analytics report table displaying incorrect numbers for values above 10 million. Fixed inconsistent auto-hyperlink conversion when pasting URLs and quickly pressing Enter. Fixed text pasting issue when replacing highlighted text from Notepad or VSCode. Whitelisted @fluentui/react package for custom component development. Added permission check to prevent image paste operations when user lacks image posting permissions. Fixed missing UI error message when group names exceed 40 character limit. Fixed images uploaded in HTML widgets displaying as broken due to malformed URLs. Fixed closed private messages in inbox failing to load when messages referenced deleted users. Fixed Annual Total Visits mismatch and incorrect contract period display in Community Analytics billing dashboard. Fixed missing GroupHub "Invite Sent" events in Firehose when invitations were sent via email. Fixed blank member registration graph in analytics caused by Elasticsearch circuit breaker exceptions. Fixed day-of-week misalignment in analytics "Match day of the week" year-over-year comparisons. Added comprehensive accessibility improvements including: text color control swipe accessibility on mobile; alt text for like icons and profile images; descriptive labels for form fields in private messaging; proper combobox announcements for all autocomplete fields; ARIA states for menu selections, sort controls, and expandable elements; improved button labels for skin tone picker, logo links, and context-specific actions; corrected button roles for rich text editor toolbar controls; and screen reader support for tooltips on mobile devices. Pre-Prod Rollout: December 15-16. Testing window open from December 16 through January 4. Production Rollout: January 6-7 The rollout will follow the standard maintenance windowsSecurity Advisory: CVE-2025-66478 (Next.js)
Date: December 4, 2025 Status: Not Affected Summary A critical remote code execution vulnerability (CVE-2025-66478, CVSS 10.0) was recently disclosed affecting Next.js applications using the App Router with React Server Components. Impact Assessment The Aurora platform is not affected by this vulnerability. After a thorough review of our codebase, we have confirmed that our applications use the Next.js Pages Router architecture, which is explicitly excluded from the scope of this vulnerability. According to Vercel's official security advisory, Pages Router applications are not susceptible to this exploit. Actions Taken Despite not being vulnerable, we are proactively updating our Next.js dependency from version 15.1.7 to 15.1.9 as part of our commitment to security best practices and maintaining up-to-date dependencies. References https://github.com/vercel/next.js/security/advisories/GHSA-9qr9-h5gf-34mp https://nextjs.org/blog/CVE-2025-66478 Questions If you have any questions regarding this advisory, please contact your account representative or our support team.Khoros K1, Care, Marketing, Flow Release notes
Khoros Care Customer Experience Improvements TikTok Response Labeling Enhancement: Agent responses to TikTok conversations are now correctly identified in the conversation timeline, eliminating incorrect "External response" labels that caused confusion for agents Trustpilot Data Recovery: Backfilled missing Trustpilot reviews that failed to process during authentication issues, restoring complete customer review data Community User Avatar Handling: Fixed issue where Community users without profile pictures caused processing failures, ensuring all Community posts are properly delivered to Care Brand Messenger Chat Reliability: Resolved bot response delivery issues in Brand Messenger widget, ensuring consistent message arrival and improved error logging for customer interactions Social Media Authentication & Message Processing: Resolved authentication issues and improved message processing reliability for social media channels, ensuring consistent delivery of customer messages Message Processing Reliability: Improved retry mechanism for failed message processing, reducing message delivery failures Performance & Scalability European Region Performance: Increased capacity in EU region to handle higher load during business hours, improving response times and system stability Proactive System Monitoring: Deployed comprehensive monitoring across US, EU, and APAC regions to validate core platform functionality including agent conversation handling, queue management, agent assist widgets, and dashboard access Admin Console Change Log Navigation: Change Log has been released from Beta and is generally available. User Management Enhancements: Improved batch user processing and cache synchronization to prevent data loss during user management operations Security & Platform Updates Security Enhancements: Deployed security fixes across multiple Care components: Analytics Dashboard: Critical security vulnerability patches Case Management Interface AI/ML Processing System Brand Messenger Chat Backend Publishing Interface: Latest security patches Messaging Authentication Khoros Marketing Platform Improvements Instance Management: Fixed server error that was preventing Marketing instance deprovisioning, improving platform lifecycle management User Moderation: Resolved issue preventing users from being banned in Marketing Inbox, restoring full moderation capabilities Stream Collections: Fixed deletion functionality for stream collections Infrastructure & Performance Social Gateway Updates: Deployed infrastructure improvements for enhanced reliability and performance Advertising Metrics Processing: Improved reliability of advertising metrics data collection by introducing safeguards to prevent processing failures Notification System: Improved stability of the notification system Enhanced Security Protocols: Strengthened database security protocols as part of ongoing security compliance efforts Khoros Flow AI & Platform Upgrades Claude 4.5 AI Upgrade: Upgraded AI model from Claude Sonnet 3.5 to Claude Sonnet 4.5 in Flow, providing enhanced AI capabilities for improved customer interactions and automated responses Integration Improvements WhatsApp Integration Upgrade: Updated WhatsApp channel integration to latest API version, improving message delivery reliability and media handling capabilities Care System Integration: Enhanced integration with Khoros Care to provide better tracking and visibility of customer cases across systems, enabling more seamless workflows between Flow and Care Security & Stability Security Vulnerability Remediation: Addressed known security vulnerabilities across Flow platform including CVE-2019-10744 (lodash), CVE-2020-7610 (bson), CVE-2021-26707 (merge-deep), and others by upgrading to latest secure versions of system dependencies Message Processing Improvements: Increased message processing capacity to handle larger messages and attachments, improving reliability for customers sending rich media content System Connection Resilience: Improved system resilience to prevent service interruptions during network connectivity issues, ensuring consistent message processing Monitoring & Operations Proactive Feature Monitoring: Implemented comprehensive monitoring for dashboard performance and bot response times with automated alerting Data Pipeline Optimization: Optimized data processing pipeline, significantly improving performance and reducing processing delays Platform-Wide Updates Security Comprehensive Security Fixes: Applied critical security updates across all Khoros products, including user interfaces and backend services System Reliability Enhanced Error Handling: Improved system resilience with better error recovery mechanisms Deployment Process: Streamlined release processes for faster, more reliable updatesKhoros Communities 25.11 Release Notes
The Khoros Communities 25.11 release delivers critical security updates, comprehensive accessibility improvements, enhanced survey targeting capabilities, and numerous stability fixes across content management, authentication, and search functionality. Classic Applied critical security patches addressing vulnerabilities in jQuery and TinyMCE components. Enhanced username validation to prevent impersonation attempts using visually similar characters from different language scripts. Improved flood control performance, significantly reducing processing time for users with many product associations. Fixed Rich Text Editor alignment not applying correctly to text with inline formatting such as bold or italic. Fixed custom table background colors and styling being stripped when saving blog posts. Fixed Events module errors preventing users from creating, publishing, or viewing events after upgrade. Fixed deleted article history records causing entire version history to be wiped when removing individual draft versions. Added comprehensive accessibility improvements including: keyboard operability for Reply and Follow buttons; proper carousel navigation with skip options; corrected focus order in Tags modal; disabled auto-focus in private message compose modal; added missing alt attributes to images throughout the application; and programmatically associated error messages with form fields. Aurora Implemented advanced survey targeting with configurable prompts based on user authentication status, roles, location, and visit patterns. Fixed critical memory leak in integration points registry that was causing system crashes and performance degradation after 24-40 hours of operation. Fixed private messages failing to load for users with large recipient lists. Fixed users being unable to join hidden groups via email invitations. Enhanced search functionality to properly handle Traditional Chinese, Japanese, and Korean characters. Fixed language preference cookie expiring after 24 hours instead of persisting for the configured 30-day period. Fixed CSV export failures when survey responses were linked to deleted user accounts, now properly marking these as "Anonymous". Added dimension validation for image uploads to prevent pixel flood attacks that could cause memory exhaustion and system crashes. Fixed navigation error flash when users return from profile pages to discussion threads using the browser back button. Fixed blog article delete confirmation dialog intermittently not appearing for users. Fixed page index resetting to first page when unfollowing items on the Follows and Notifications page. Fixed navigation links being replaced instead of appended when adding more than 10 links in the community header. Fixed missing locale parameter causing incorrect privacy policy URLs during SSO registration. Fixed Aurora search bar displaying category IDs instead of user-friendly board names as placeholder text. Fixed custom fields and mandatory native fields not appearing on SSO registration forms for partially registered users. Fixed page crashes when users with Employee role attempted to use @mentions in comments. Fixed ZIP file attachments being stripped when submitting forum replies despite being configured as allowed. Fixed anonymous and deleted users appearing in Top Taggers leaderboard. Enhanced security for video embedding with improved validation and localized error messages. Enabled DNG (Digital Negative) file uploads for communities requiring professional photography file support. Updated robots.txt configuration to prevent Google from crawling legacy Classic URLs, eliminating 404 errors in Search Console. Enabled API access to archived messages using client credentials authentication with proper pagination support. Fixed BrandMessenger component causing page errors when encountering loading issues. Fixed custom React components failing to load on newly created development branches. Fixed custom component localization displaying text keys instead of translated values for Portuguese (Brazil) and other regional locales. Fixed message indexing errors that were preventing proper search functionality for archived content. Added content-type header to SAML logout calls to ensure proper session termination across integrated systems. Prevented OIDC SSO authentication tokens from being exposed in Personal Information exports. Pre-Prod Rollout: November 26-27. Testing window open from November 27 through December 8. Production Rollout: December 12-13 The rollout will follow the standard maintenance windowsKhoros K1, Marketing, Care and Flow release cadence
As part of our ongoing commitment to reliability and transparency, we have adopted a continuous delivery model for Khoros K1, Care, Spredfast Marketing and Flow. This means improvements, fixes, and enhancements are deployed to production incrementally rather than through large, infrequent releases. This approach minimizes operational risk, accelerates value delivery, and ensures that your environment benefits from the most stable and secure version of our product at all times. We recognize that visibility into product evolution is essential for planning and governance. To provide this transparency, we are introducing a regular changelog where you can review all functional, performance, and stability updates that have been deployed. Each entry will briefly describe what has changed and when, serving as a single source of truth for product updates. Our initial plan is to publish changelog updates on a regular cadence (approximately bi-weekly) on the release notes space, ensuring timely and consolidated communication without excessive notifications. As the product continues to evolve, we may adjust this frequency to align with customer needs and product maturity—always maintaining consistency and clarity in how updates are communicated.
Khoros Communities - Updated Release Process
Updates 13-Oct-2025: Added more details and clarified communication process To improve your experience and simplify our release process, we are updating how we handle Khoros Communities releases. This updated process will start to apply from Communities Release 25.10. What's Changing Communities will have two types of releases going ahead - Standard releases and Patch releases Standard releases happen on a regular cadence and include features and bug fixes. Opted-in customers are automatically upgraded with clear windows to change their decision throughout the process Patch releases address critical issues outside the regular release schedule and are automatically applied to all customers on the latest version Automated support tickets make it easy to manage your upgrade preferences, request immediate upgrades. Normal support tickets can be used to update your Upgrade Notification Contacts (and for all of the requests your account team is also available) Email notifications keep your Upgrade Notification Contacts informed at every stage: release notes publication, stage upgrade completion, and production upgrade completion Production releases are published as scheduled maintenances on our status page, providing real-time visibility and updates if anything changes Clear timelines provide transparency with defined windows to adjust your preferences Standard Releases We will have a standardized release process for both Aurora and Classic. In a standard release, opted-in customers will be auto-upgraded to the latest release. These releases will include features and bug fixes. Version numbers for the standard release will follow the existing version numbers. However, we will no longer be treating releases as major or minor - we will treat every release as a standard release. Throughout this process, you can manage your upgrade preferences using automated support tickets or by contacting your account team, who can assist with any of these requests. The process will begin when we publish the release notes. The release notes will announce the plan and scope of an upcoming release. After we post the release notes here on ATLAS Community, customers will be notified by email and will have six days to change their automatic upgrade preference (opt-in or opt-out). After this period, we will upgrade the stage environments. We will then open a testing window, where customers can test on their stage environments and report any issues through support tickets. Customers will have thirteen days to opt-out if needed, allowing you additional time to validate the release with your specific customizations and integrations, for example. At the end of the testing window, we will perform the upgrade in production for customers who have not opted out during this period. For both stage and production, we will use existing Maintenance windows, as we expect downtime. Production releases will also be published as scheduled maintenances on our status page, where you can find real-time updates if anything goes out of schedule or is delayed. If you are on an older version, you have the following options: Use the automated opt-in ticket to opt back into auto-upgrades (you will receive the next scheduled release) Use the automated upgrade request ticket to upgrade to the latest released version at any time Communication All email notifications for standard releases are sent to your Upgrade Notification Contacts for each instance. To add, remove, or change your Upgrade Notification Contacts, contact our support team or your account team. Release Notes Publication Email When we publish the release notes here on ATLAS Community, your Upgrade Notification Contacts will receive an email containing: Link to the release notes Your current upgrade decision (opt-in or opt-out) The upgrade timeline for this release All customers, regardless of their upgrade decision, can change their preferences at any time using the automated support tickets. Stage Upgrade Completion Email After your stage environment is successfully upgraded, your Upgrade Notification Contacts will receive an email confirming: Stage upgrade completion Your current upgrade decision (opt-in) The scheduled production upgrade date How and when you can opt-out if needed (anytime during the two-week testing window) Production Upgrade Completion Email After your production environment is successfully upgraded, your Upgrade Notification Contacts will receive a confirmation email. Example Timeline Here's a typical timeline for a standard release: Day 1: Release notes published here on ATLAS Community; Upgrade Notification Contacts receive email with release details, current upgrade decision, and timeline Days 1-6: Period to change automatic upgrade preference Day 7: Release preparation (not possible to change decision anymore) Day 8-9: Stage environments upgraded; Upgrade Notification Contacts receive email confirming stage completion, upgrade decision, and production upgrade date Days 10-22: Stage testing window (opt-out available anytime during this period) Day 23: Release preparation (not possible to change decision anymore) Day 24-25: Production upgrade for opted-in customers; Upgrade Notification Contacts receive confirmation email Patch Releases Patch releases address critical issues outside the regular release schedule. These include security vulnerabilities, bugs affecting multiple customers, or issues impacting release stability. Patches are automatically applied to all customers on the latest version and cannot be opted out of due to their critical nature. Our team will publish the release notes, notify customers, and apply patches in a three-day window. Upgrade Notification Contacts will receive email notification when patch release notes are published. Version numbering for patch releases will follow <standard release version number>.<number>, where number will be incremented for each patch and reset after a particular standard version. As an example, the first patch after 25.8 will be numbered 25.8.1, the second patch as 25.8.2 and so on. However, the first patch applied after 25.9 will be 25.9.1. We will use Change windows for non-downtime needs and maintenance windows timeslots for downtime needs. Patch releases will also be published as scheduled maintenances on our status page, where you can find real-time updates if anything changes. If a patch applies to customers on an older version, your account team will reach out to coordinate the upgrade. Tickets We provide two types of support tickets to help you manage your upgrades: Automated Support Tickets Opt-in ticket: For opted-out customers who want to opt back in for automatic upgrades Opt-out ticket: For customers who want to opt out of automatic upgrades Upgrade request ticket: To upgrade to the latest version immediately at any time For more information on managing your instance upgrade settings, see How to Manage Instance Upgrade Settings with the AI assistant. Regular Support Tickets Manage Upgrade Notification Contacts ticket: To add, remove, or change contacts who receive upgrade notifications [Khoros Classic can also use this guide] Use these to enquire about a release, report bugs, or any issues encountered during testing or in your environment: How to Make the Best Use of the Khoros AI Support Agent. You can go to our product-specific support portal here: Khoros Community Classic and Khoros Community Aurora. What to expect next Moving forward, based on feedback on the new release process, we will also be reviewing the cadence of releases, which is right now monthly. The intent is to provide high-quality releases, minimizing customer disruptions, and allowing customers time to provide feedback and adjust.Khoros Care v25.06.2 Release Notes
The Khoros Care Release version 25.06.1 includes Survey and Welcome Response support for LinkedIn private messages, an increase in the character count of LinkedIn public messages, a new Post Status Escalation tag, and increased visibility of hashtags in agent responses.
