XenForo 2.2.10 ReleasedXenForo 2.2.10 is now available for all licensed customers to download. We strongly recommend that all customers running previous versions of XenForo 2.2 upgrade to this release to benefit from increased stability.
This version contains a fix for an issue whereby outgoing requests from the server running XenForo could be tricked into accessing web-accessible resources on the local network. The scope to exploit this issue is limited within the core and first-party add-ons. XenForo extends thanks to the team at @NamePros and @Xon for reporting the issues.
2.2.10 will be one of the last releases of the 2.2.x series before we move 2.3.0 to beta, but we do have a handful of things coming late to 2.2.x before that happens, including some enhanced cookie consent features to comply with the ever-evolving field of privacy legislation, and some enhanced performance-boosting functionality for Entities and Finders for developers. More details on those soon.
Of course, 2.2 will continue to be supported and maintenance releases will be made periodically throughout the 2.3.0 beta process and as always we will issue patches and fixes for any critical issues in 2.2 even after 2.3 becomes our primary, supported version.
If you are a XenForo Cloud customer, your upgrade will be scheduled automatically. For self-hosted customers, read on...
Applying a patch manuallyDownload the 2210patch.zip file attached to this message. It will contain an
uploaddirectory containing various files.
Extract the zip file to your computer and upload the contents of the
uploaddirectory to the root of your XenForo installation. This should overwrite the files on your server with the new version.
Note: If you decide to patch the files instead of doing a full upgrade, your "File health check" will report this file as having "Unexpected contents". Because these files no longer contain the same contents your version of XF was shipped with, this is expected and can be safely ignored.
Directly from your admin control panel
Some of the changes in XF 2.2.10 include:
- Require values for old/new changelog values
- Properly handle null values within the Arr::stringToArray() function
- Remove extraneous space when generating a one-time password URL
- Support rebuilding daily stats from the command line
- Add additional indexes for the active and expired user upgrade tables
- Remove superfluous code setting aria-label for tooltips
- Add lazy loading attribute to resource icons
- Pass an index hint when performing certain IP lookups
The following public templates have had changes:
As always, new releases of XenForo are free to download for all customers with active licenses. You may now upgrade from your admin control panel or grab the new version from the customer area.
Current requirementsPlease note that XenForo 2.2 has higher system requirements than earlier versions.
The following are minimum requirements:
- PHP 7.0 or newer (PHP 8.0 recommended)
- MySQL 5.5 and newer (Also compatible with MariaDB/Percona etc.)
- All of the official add-ons require XenForo 2.2.
- Enhanced Search requires at least Elasticsearch 2.0.