XenForo Announcements

XenForo 2.3.4 is now available for all licensed customers to download. We strongly recommend that all customers running previous versions of XenForo 2.3 upgrade to this release to benefit from increased stability. One-click upgrade to XenForo 2.3.4 Directly from your admin control panel If you are a XenForo Cloud customer, your upgrade will be scheduled automatically. Some of the changes in XF 2.3.4 include: Include embed.php in hashes.json Fix error thrown when feed entry is missing an ID Use AbstractCollection for type hint on addContentToBookmarks method Fix deprecated usage of str_replace with API scopes Improve PHP 8.4 compatibility Output hsla in the color picker when an alpha channel is present Ensure URLs are valid when...

XenForo 2.3.3 & Add-ons Released XenForo 2.3.3 is now available for all licensed customers to download. We strongly recommend that all customers running previous versions of XenForo 2.3 upgrade to this release to benefit from increased stability. One-click upgrade to XenForo 2.3.3 Directly from your admin control panel If you are a XenForo Cloud customer, your upgrade will be scheduled automatically. Some of the changes in XF 2.3.3 include: Fix select-to-quote handler error on soft-deleted threads Ignore port if Redis host appears to be a file path Fix a few cases where hashes were concatenated instead of passed to router Fix flickering issue with JS icon renderer Fix expandable content transition class callback Use correct finder...

XenForo 2.3.2 Released XenForo 2.3.2 is now available for all licensed customers to download. We strongly recommend that all customers running previous versions of XenForo 2.3 upgrade to this release to benefit from increased stability. One-click upgrade to XenForo 2.3.2 Directly from your admin control panel If you are a XenForo Cloud customer, your upgrade will be scheduled automatically. Some of the changes in XF 2.3.2 include: Make PCRE character class check more robust. Do not attempt to redefine UTF-8 string shim functions if they already exist Rename search forum node type handler as expected Fix utf8_isASCII return type Fix an issue where the batch size for search rebuilds could grow unbounded Strip BBCode from trending...

🚨 It's time to party like it's 2022 2023 2024! Today we are very pleased (and relieved) to announce the stable release of XenForo 2.3.0 and our official add-ons. It has been a long time coming so we thank you for your patience and support. There are a myriad of new features and improvements. Here's a brief overview of our favourites: Style variants with Dark mode Improved performance Featured content Image optimization Automation with webhooks SSO with OAuth2 Passwordless logins with passkeys Trending content This is not an exhaustive list of what's new in 2.3, and you can read more about the above and other new changes/improvements features in the Have you seen...? forum. As always, new releases of XenForo are free to download for...

Today we are releasing XenForo 2.3.0 Release Candidate 5. While the majority of this release is focusing on bug fixes and stability, there are a few noteworthy changes. Automatic legacy file clean up XenForo installations after upgrading to XenForo 2.3 will have a number of files sitting in the file system which are no longer used. Any XenForo installation that has been around for a while, will to a lesser extent, have a similar issue. These files on their own shouldn't present any issue, but at the same time, keeping them around doesn't make much sense either. There are three approaches to cleaning up legacy files automatically. During one-click upgrade One-click upgrades now have a special step for removing files that were present...

This week in addition to a bunch of bug fixes, we've also been doing a spot of housekeeping in our code. The following is quite technically heavy so if you're a non-developer, shield your eyes and read the less boring bits. Much wider usage for class strings As a reminder, XenForo 2.3 brings with it support for using native PHP class strings. For example, originally we used "class short names" to point to certain classes. While these were easy to write, it makes refactoring classes difficult, and you need these PHP doc comments to hint to code editors what object is ultimately returned in the code: /** @var \XF\Entity\User $user **/ $user = \XF::em()->create('XF:User'); Our preference going forwards is using class strings: $user =...

Security Fix Today we are advising all customers running XenForo that a potential security vulnerability has been identified. All affected customers running XenForo 2.3.0 should upgrade to XenForo 2.3.0 Release Candidate 1, including XenForo Media Gallery 2.3.0 Release Candidate 1 if needed. If you also have active installs of XenForo 2.2 or XenForo 2.1 you should refer to the earlier thread with details and patch. The issue relates to a potential cross-site request forgery and code injection vulnerability which could lead to a remote code execution (RCE) or cross-site scripting (XSS) exploit. XenForo extends thanks to independent security researcher, Egidio Romano (EgiX), working with SSD Secure Disclosure. We recommend doing a...