news XenForo 2.3.11 Released

XenForo 2.3.11 is now available for all licensed customers to download. We strongly recommend that all customers running previous versions of XenForo 2.3 upgrade to this release to benefit from increased stability.

One-click upgrade to XenForo 2.3.11

Directly from your admin control panel

If you are a XenForo Cloud customer, your upgrade will be scheduled automatically.

Some of the changes in XF 2.3.11 include:

• Fix cron job runner being deleted if a cron job itself hits a fatal error
• Skip moderator log IP capture when no request IP is available, so CLI-triggered moderator actions no longer crash with Invalid string IP.
• Make parse_less_color() return null for an empty string instead of #000000, restoring 2.2 behaviour so callers can omit the meta tag when no color is configured.
• Skip emitting the theme-color meta tag when the style property is empty, so admins can opt out and let the browser use its default.
• Use viewport-relative coordinates when computing nestable drop position so an item can be dropped before the first element of a list.
• Set the EHLO local domain from the server hostname when constructing the Symfony SMTP transport so strict mail relays no longer reject messages identifying themselves as [127.0.0.1].
• Add a non-development xf-rebuild:icon-usage CLI command so administrators can rebuild font-awesome icon usage outside development mode, mirroring the admincp tool.
• Refactor the missing-config handling on the App into an override point and let the CLI app continue running with a warning when only the legacy config is present, so list, help and the upgrade command remain usable while the site is mid-upgrade.
• Delete xf_api_login_token, xf_oauth_token, xf_oauth_request and the linked xf_oauth_refresh_token rows during user account deletion so abandoned access tokens and OAuth authorization records do not linger after the user is gone.
• Recognise additional invalid-mailbox bounce phrases (No such local user, Invalid Recipient, RecipientNotFound and recipient not known) and rewrite the recipient-not-found rule as a regex so spaceless variants are also caught, ensuring these 550 responses are treated as hard bounces.
• Use the canonical entry URL as the RSS item GUID for thread and featured-content feeds so guids are globally unique permalinks rather than bare numeric IDs that could collide with other feeds.
• Suppress the third-party cookie consent form in the HTML BB code renderer when the noCookieConsent option is set and enable that option for thread RSS feeds so embedded media renders without the interactive consent UI that has no place in a feed reader.
• When the user API admin save accepts secondary_group_ids, merge in any groups still listed in xf_user_group_change so moderator promotions, automatic promotions and user upgrade groups are not silently dropped from the rebuilt user group cache by API consumers that round-trip the secondary group list.
• Batch xf_search prune deletes in chunks of 1000 to avoid Galera writeset size limits
• Guard the null user when building search data in prepareMessageData()
• Remove deprecated allowtransparency="false" from Spotify iframe embed
• Capture the full multi-line selection when opening the Insert Code dialog
• Fix invalid child-combinator selectors and createElement calls in editor paste normalisation
• Add public getters to DeleteCleanUpService for code event listeners
• Gracefully handle VAPID key generation failure when enabling push notifications
• Fix QuoteClick scroll position using absolute offset instead of viewport-relative
• Insert editor preview box outside the enclosing form to prevent nested form submission conflict
• Anchor the aliasable-namespace check in getClassForAlias() to prevent false positives
• Remove scrollIntoView from FocusTrigger to prevent page jumping when focusing the status textarea
• Avoid full History relation load for template edit/history pages
• Fix HScroller.step() missing RTL direction inversion
• Stop navigator.share() prepending title and text before the URL on Android and iOS
• Normalise path separators in FileCleanUpRepository for Windows compatibility
• Preserve inner HTML when stripping sup/sub/ins/del/code elements on paste
• Fix hour-constrained crons being scheduled at the wrong minute offset
• Limit alert prune queries to 1000 rows per cron run to avoid unbounded memory use
• Eager-load PermissionCombination in NewProfilePosts widget to eliminate N+1 permission queries
• Strip the leading # from cleanedHash so getElementById resolves the target
• Use ISO year token in weekly stats label
• Only return a renamed class from getClassForAlias/getAliasForClass when the resolved class exists
• Ping idle SMTP keep-alive connections before sending to avoid 451 timeout errors

The following public templates have had changes:

• OAUTH_CONTAINER
• OFFLINE_CONTAINER
• PAGE_CONTAINER

Where necessary, the merge system within the "outdated templates" page should be used to integrate these changes.

As always, new releases of XenForo are free to download for all customers with active licenses. You may now upgrade from your admin control panel or grab the new version from the customer area.

Current requirements

Please note that XenForo 2.3 has higher system requirements than earlier versions.

The following are minimum requirements:

• PHP 7.2 or newer (PHP 8.3 recommended)
• MySQL 5.7 and newer (Also compatible with MariaDB/Percona etc.)
• All of the official add-ons require XenForo 2.3.
• Enhanced Search requires at least Elasticsearch 7.2.

Installation and upgrade instructions

Full details of how to install and upgrade XenForo can be found in the XenForo 2 Manual. We strongly recommend upgrading directly from within your control panel.