The reason they probably haven't done it is because this software needs to run on shared hosting, where installing some other linux tool isn't possible.
No, as is has worked before and furthermore
the bug only hit if pics were added to a post as an attachment via the "attach"-button, not when added via others ways. It was caused by a code change in this area - simply a bug and nothing that would hinder shared hosting when solved.
But indeed the timeline and behavior regarding this bug as it can be seen from the relating thread is a pretty good example of what goes wrong in terms of attitude and communication:
July 15th 2025: XF 2.3.7 released
July, 18th:
bug opened as new problem tied to 2.3.7: Some pictures are falsely shown upside down after upload in 2.3.7
July, 19th: various users confirm the issue under certain circumstances
July, 19th: XF forum mod
posts something that probably reads as "there is no bug and you are stupid to claim there would be one"
July, 19th: user
identifies the file and code parts that were changed in 2.3.7 and are causing the issue
July, 19th: XF forum mod hints to possible connection to
another issue/change
July, 21th: Bug marked fixed by a posting of the bugbot
July, 21th: after various requests a
patchfile ist posted to the thread by XF that can be manually copied into an existing 2.3.7-install to fix the issue. Obviously, as a consequence, the checksum for the files installed does not match any more the one a normal 2.3.7 has and therefore a red warning rendered in ACP on installs where the patch was applied.
Over the following weeks there is some confusion if an official patch release 2.3.7p1 will be published due to the relevance of the bug or if the 2.3.7-installer got silently patched/updated in the meantime as the issue was found and fixed quickly after the initial 2.3.7 release. No statement from XF in that regard other than
cynical comments by the XF forum mod,
arrogantly making fun of customers on Sept 29th. Apart from that: silence from the side of XF but a lot of irritation and confusion by users that don't know how to deal with the patch and it's consequences.
Nov, 4th: finally
clarification by XF (via a seven-word-post) that the patched file is not part of the current download of 2.3.7.
To this day (Jan 14th 2026) neither a patched 2.3.7 nor a 2.3.8 that would include the fix have been released. Half a year after the bug has been reported and fixed. A bug that has absolutely annoying visible effects on a forum when it hits. As from the usecase-perspective it is a bit of an edge case it is in my eyes understandable/toleratable that it has not been found in testing in beforehand. The fix was done quickly, within days. But then attitude and bad communication hit: It seems that once the bug was marked as fixed XF forgot that this does not mean that it is fixed for the users, it is only fixed in the internal codebase w/o any effect on the users or new installs/upgrades. XF did not even not bother to fix their installer or (in my eyes the best option) create a small patch release, they did also not bother to clarify that for 3,5 months or to answer the questions customres had regarding the patch or to deliver a proper "how to" for users that are less familiar with technology. This had to be done by other customers. Instead, as more or less often, the XF forum moderation made fun of customers instead of being helpful and supportive.
Today, new installs of and upgrades to 2.3.7 still have this nasty bug that most willing to upgrade let alone new customers won't be ware of. The bugfix is not prominently communicated and the patch that solves it can only be found deep in a thread in the "closed bugs" forum. The warning about the wrong checksum in ACP after applying the patch is still there, teaching users that red warnings are not worth bothering.
The story of this bug shows at a microscopic scale what is wrong with XF: technically solid, but this is trashed by non-existent communication, dysfunctional processes and a complete non-understanding and ignorance of customer needs and expectations (which would as the most prominent one be "clarity"). On top of that ignorance come cynical comments of the forum mod towards customers that may maybe intended to be funny but are in fact arrogant, rude and inadequate.
This way XF kills trust in the team and the company and frustrates and annoys customers for no reason, as it could easily have been avoided.
What would have been an adequate way of dealing with the issue?
a) provide a patch release 2.3.7p1 very shortly after the patch was fixed (end of July the latest). Should not have been much work, could have included other urgent fixes in case there were any (seems not to have been the case) and the issue would have been solved instantly, flawlessly and professionally. Consequence: Happy customers.
or
b) if XF consider the bug as not so relevant: communicate early (again end of July the latest) that there will be no dedicated patch release for this but and it will fixed within the next release. Provide the patch prominently along with an easy to follow how to for the not so familiar ones and provide quick support in case they still have issues.
Personally I would have clearly choosen a), the more as it probably wouldn't have been much more work / time involved (if at all) than with a properly executed b) realistically. However: XF choose to go for c) which is: Do not communicate for months and ignore customer requests and needs.
