XenForo 2.3.10 & Add-ons and 2.2.19 Released (Includes Security Fix)

XenForo 2.3.10 Released​

XenForo 2.3.10 is now available for all licensed customers to download. We strongly recommend that all customers running previous versions of XenForo 2.3 upgrade to this release to benefit from increased stability.

In addition to the usual bug fixes, XenForo 2.3.10 includes a critical security fix involving a potential stored XSS vector in structured text mentions (mostly legacy profile post content). We'd like to extend thanks to metho for responsibly disclosing the issue.

If you are a XenForo Cloud customer running 2.3.8, the security fix has already been applied and no immediate action is required. XenForo 2.3.10 will be made available to you shortly.

We recommend doing a full upgrade to resolve the issue, but a patch can be applied manually. See below for further details.

Upload patch files​

• Download 2310-patch.zip
• Extract the .zip file
• Upload the contents of the upload directory to the root of your XenForo installation

Note: If you decide to patch the file instead of doing full upgrades, your "File health check" will report these files as having "Unexpected contents". Because these files no longer contain the same contents your version of XF was shipped with, this is expected and can be safely ignored.

XenForo 2.3.10 also includes a few new features which we called out in our latest Have you seen...? post here:

XF 2.3 Thread 'What's new in XenForo 2.3.10?'

Thursday at 8:07 PM

Later this week we will be releasing XenForo 2.3.10 with a couple of notable additions for developers.

Phrase tools​

For more years than I've been at the company, we have had an internal tool which we use during development of features to help us keep on top of phrases. It scans the code base to detect strings in templates that might need to become phrases and also looks for certain delimited strings in PHP code that can also be converted to phrases.

In XenForo 2.3.10 we have (finally!) polished this up and converted them to CLI commands.

Template and Template Modification...​

• Chris D
• Replies: 25
• Forum: Have you seen...?

• 
• 
• 

One-click upgrade to XenForo 2.3.10​

Directly from your admin control panel

Some of the changes in XF 2.3.10 include:

• Ensure "View Older Results" link appears on last page of search results
• Ensure "No such recipient" bounce responses are classified as hard bounces
• Ensure "Account Closed" bounce responses are classified as hard bounces
• Ensure "Recipient not found" bounce responses are classified as hard bounces
• Ensure "mailbox is disabled" bounce responses are classified as hard bounces
• Ensure "not configured to receive" bounce responses are classified as hard bounces
• Prevent inet_pton() ValueError when IP address contains null bytes
• Use original Email object for error logging after DKIM signing to prevent undefined method error
• Skip array values during custom field multiselect validation to prevent Array to string conversion warning
• Normalize discouragement delay min/max values to prevent mt_rand() ValueError
• Suppress dns_get_record() warning during DKIM verification to prevent job crash on DNS failure
• Prevent alerts from being sent to banned users
• Correct OAuth2 token revocation to properly invalidate both access and refresh tokens
• Respect direction parameter for multi-column sort ordering in Finder
• Re-enable passkey button when WebAuthn registration or authentication is aborted
• Add missing bookmark_id index to xf_bookmark_label_use table
• Prevent accumulating whitespace in GenerateFinders CLI command on repeated runs
• Avoid exception-based flow control in getFinder for entity class resolution
• Set explicit working directory for sub-processes to prevent failure when CWD is inaccessible
• Prevent type error when custom field type changes with preserved values
• Include purchasable ID in Stripe product and plan ID generation
• [ICODE=rich] does not round-trip after editing a post
• Implement ContainableInterface and DatableInterface on various child content entities
• Create template when generating a route with xf-make:route

As always, new releases of XenForo are free to download for all customers with active licenses. You may now upgrade from your admin control panel or grab the new version from the customer area.

Current requirements​

Please note that XenForo 2.3 has higher system requirements than earlier versions.

The following are minimum requirements:

• PHP 7.2 or newer (PHP 8.3 recommended)
• MySQL 5.7 and newer (Also compatible with MariaDB/Percona etc.)
• All of the official add-ons require XenForo 2.3.
• Enhanced Search requires at least Elasticsearch 7.2.

Installation and upgrade instructions​

Full details of how to install and upgrade XenForo can be found in the XenForo 2 Manual. We strongly recommend upgrading directly from within your control panel.

 

[XenForo]

XenForo 2.2.19 Released​

XenForo 2.2.19 has also been released. Please refer to the release notes above.

We recommend doing a full upgrade to resolve the issue, but a patch can be applied manually. See below for further details.

• Download 2219-patch.zip
• Extract the .zip file
• Upload the contents of the upload directory to the root of your XenForo installation

Note: If you decide to patch the files instead of doing full upgrades, your "File health check" will report these files as having "Unexpected contents". Because these files no longer contain the same contents your version of XF was shipped with, this is expected and can be safely ignored.

 

[XenForo]

XenForo Media Gallery 2.3.10 Released​

XenForo Media Gallery 2.3.10 is now available for all licensed customers to download. We strongly recommend that all customers running previous versions of XenForo Media Gallery 2.3 upgrade to this release to benefit from increased stability.

One-click upgrade to XenForo Media Gallery 2.3.10​

Directly from your admin control panel

If you are a XenForo Cloud customer, your upgrade will be scheduled automatically.

Some of the changes in XFMG 2.3.10 include:

• Apply pagination to category content API endpoints
• Catch DuplicateKeyException when setting media watch state to prevent race condition
• Update album last_update_date when content fields change
• Use correct permission check for adding media on what's new page
• Disambiguate content type phrases by prefixing with 'Media'
• Hide search albums tab when albums are globally disabled
• Add lazy loading to gallery media images
• Hide alert opt-outs when user cannot view media gallery
• Delete original file only after transcoded file is successfully saved

The following public templates have had changes:

• xfmg_media_view_macros
• xfmg_whats_new_media

Where necessary, the merge system within the "outdated templates" page should be used to integrate these changes.

XenForo Media Gallery requires XenForo 2.3 or later.

Purchasing​

XenForo Media Gallery can be purchased with a new license via the purchase page or with an existing license via the customer area.

Installation, upgrading and configuration​

Please see our XenForo Media Gallery manual page for more information.

 

[XenForo]

XenForo Resource Manager 2.3.10 Released​

XenForo Resource Manager 2.3.10 is now available for all licensed customers to download. We strongly recommend that all customers running previous versions of XenForo Resource Manager 2.3 upgrade to this release to benefit from increased stability.

One-click upgrade to XenForo Resource Manager 2.3.10​

Directly from your admin control panel

If you are a XenForo Cloud customer, your upgrade will be scheduled automatically.

Some of the changes in XFRM 2.3.10 include:

• Use rating_count instead of review_count for rating percentage calculation
• Remove incorrect category add permission check from team member eligibility
• Add itemReviewed name to aggregate rating structured data

XenForo Resource Manager requires XenForo 2.3 or later.

Purchasing​

XenForo Resource Manager can be purchased with a new license via the purchase page or with an existing license via the customer area.

Installation, upgrading and configuration​

Please see our XenForo Resource Manager manual page for more information.

 

[XenForo]

XenForo Enhanced Search 2.3.10 Released​

XenForo Enhanced Search 2.3.10 is now available for all licensed customers to download. We strongly recommend that all customers running previous versions of XenForo Enhanced Search 2.3 upgrade to this release to benefit from increased stability.

One-click upgrade to XenForo Enhanced Search 2.3.10​

Directly from your admin control panel

If you are a XenForo Cloud customer, your upgrade will be scheduled automatically.

Some of the changes in XFES 2.3.10 include:

• Pass analyzer settings when optimizing or truncating the search index

XenForo Enhanced Search requires XenForo 2.3 or later.

Purchasing​

XenForo Enhanced Search can be purchased with a new license via the purchase page or with an existing license via the customer area.

Installation, upgrading and configuration​

Please see our XenForo Enhanced Search manual page for more information.