Ozzy47
Administrator
XenForo 2.2.14 is now available for all licensed customers to download. We strongly recommend that all customers running previous versions of XenForo 2.2 upgrade to this release to benefit from increased stability.
In addition to the usual slew of bug fixes and improvements, there are a few notable changes in this release.
Previously, we allowed users to unsubscribe from emails through certain mail clients when the automated unsubscribe handler was configured. With the introduction of XenForo 2.2.14, we're implementing a new standard feature that processes unsubscribe requests via HTTP. This feature is activated by default and requires no additional configuration. Your current settings for email unsubscribing will not be altered. The recent updates include:
In previous versions, add-on or style archives could escape their container directory and bypass subsequent validation checks. Exploiting this requires an administrator with the pertinent permissions to upload a maliciously-crafted archive. This has been addressed in XenForo 2.2.14. Thank you to Egidio Romano of Karma(In)Security for reporting this issue.
Directly from your admin control panel
If you are a XenForo Cloud customer, your upgrade will be scheduled automatically.
Some of the changes in XF 2.2.14 include:
As always, new releases of XenForo are free to download for all customers with active licenses. You may now upgrade from your admin control panel or grab the new version from the customer area.
Please note that XenForo 2.2 has higher system requirements than earlier versions.
The following are minimum requirements:
Last edited by a moderator: Today at 8:38 PM
Written by
Company info
There is no better platform upon which to grow your community.
Engage your customers with the premium community experience.
Staff member
Sincere apologies. A further issue has been identified in which initial upgrades to 2.2.14 may have set the default 'http' option for the unsubscribe option incorrectly.
The latest patch will workaround this issue if you are affected.
Alternatively, going to Options > Email options in your admin control panel and setting the "Unsubscribe email handling" option as desired will fix the issue without needing to upgrade.
This is being rolled out to existing Cloud customers automatically if affected.
Continue reading...
In addition to the usual slew of bug fixes and improvements, there are a few notable changes in this release.
Compatibility with PHP 8.1 and 8.2
Most compatibility issues between PHP 8.1 and 8.2 have been addressed. Remaining issues might triggerE_DEPRECATED
warnings in the xf_error_log
during debug mode, but these are generally non-critical and can be disregarded.Previously, we allowed users to unsubscribe from emails through certain mail clients when the automated unsubscribe handler was configured. With the introduction of XenForo 2.2.14, we're implementing a new standard feature that processes unsubscribe requests via HTTP. This feature is activated by default and requires no additional configuration. Your current settings for email unsubscribing will not be altered. The recent updates include:
- Enhanced handling of the
List-Unsubscribe
header to support bothmailto
and HTTP methods. - Automatic inclusion of the unsubscribe header in a broader range of outgoing emails, such as notifications for watched threads and activity summaries.
- A default-enabled option to send confirmation emails to users once their unsubscribe request is fulfilled.
In previous versions, add-on or style archives could escape their container directory and bypass subsequent validation checks. Exploiting this requires an administrator with the pertinent permissions to upload a maliciously-crafted archive. This has been addressed in XenForo 2.2.14. Thank you to Egidio Romano of Karma(In)Security for reporting this issue.
Update on XenForo 2.3 and XenForo 3.0
Work continues towards the next versions of XenForo. @Kier is now working full time on some exciting stuff for XenForo 3.0 while the rest of us are working towards getting XenForo 2.3 stable enough for a public beta release, in addition to the last few bells and whistles for both the core software and some enhancements to our official add-ons. Additionally, we plan to release one last update for XenForo 2.2, namely XenForo 2.2.15, which will incorporate significant fixes before we transition to primarily supporting XenForo 2.3.Directly from your admin control panel
If you are a XenForo Cloud customer, your upgrade will be scheduled automatically.
Some of the changes in XF 2.2.14 include:
- Fix type hinting for extendClass
- Do not attempt to generate tag URLs without a valid tag
- Properly disable outbound IPv6 requests when PHP is not compiled with IPv6 support
- Improve audio mime-type detection
- Use sodium_bin2base64 over base64_encode when generating random strings.
- Update Twitter BB code media site to support x.com URLs and update some branding to X, rather than Twitter.
- Increase the size of the old_value and new_value columns in the xf_change_log table
- Properly throw an exception when failing to decode JSON for oEmbed
- Ensure tag pages have a canonical URL set
- Support custom URL portions for link forums
- Mark old_value and new_value fields as required in the change log entity
- Adjust regex for dialog loading to ensure consistency with BB code tag naming.
- Fix a number of emoji phrases
- Update braintree_api_keys_explain.txt phrase
- Update webmanifest orientation to use natural as this should derive from the system's settings.
- Highlight current style and language selections on chooser pages
- Always set thread RSS publication dates to the creation date of the thread
- Fix profile post/comment author alert reason API documentation
- Properly phrase the
[IMG]
BB Code help page example - Improve error handling when loading notifier services
- Extend notifier service class before calling createForJob static method
- Reduce lock contention when writing thread read records
- Provide a getter for class extensions, and check for class extensions before attempting to remove them
- Skip relative (dot) files when cleaning up temporary files
- Ensure prefix search constraints are lists of values
- Use a no-permission response when a user cannot be banned, and gracefully handle error responses without a proper error message
- Clarify that new SFS submissions will transmit an unhashed email address
- Properly capture array_unique results
- Add an index to the user ID column of the error log table
- Fix value of custom user titles in API responses
- Surely .u-spaceBefore is intended to apply the margin to the left
- Guard against null metadata in MySQL full-text searchs
- Do not display menus for selected tabs with no links
- Use a more efficient query when updating reaction caches for content
- Support filtering threads with forum type filters when using the API
- When rebuilding user group relations, skip falsey values
- Include support for embedding YouTube Live URLs
- Improve PHP 8.2 compatibility in vendor libraries
- Pass
posterParams
in the post reaction push template - Attempt to support fb.watch URLs
- Only set descriptor suffix for Stripe card payments
As always, new releases of XenForo are free to download for all customers with active licenses. You may now upgrade from your admin control panel or grab the new version from the customer area.
Please note that XenForo 2.2 has higher system requirements than earlier versions.
The following are minimum requirements:
- PHP 7.0 or newer (PHP 8.2 recommended)
- MySQL 5.5 and newer (Also compatible with MariaDB/Percona etc.)
- All of the official add-ons require XenForo 2.2.
- Enhanced Search requires at least Elasticsearch 2.0.
Installation and upgrade instructions
Full details of how to install and upgrade XenForo can be found in the XenForo 2 Manual. We strongly recommend upgrading directly from within your control panel.Last edited by a moderator: Today at 8:38 PM
Written by
Company info
There is no better platform upon which to grow your community.
Engage your customers with the premium community experience.
Staff member
- Messages
663 - Reaction score
23,710 - Points
503
Sincere apologies. A further issue has been identified in which initial upgrades to 2.2.14 may have set the default 'http' option for the unsubscribe option incorrectly.
The latest patch will workaround this issue if you are affected.
Alternatively, going to Options > Email options in your admin control panel and setting the "Unsubscribe email handling" option as desired will fix the issue without needing to upgrade.
This is being rolled out to existing Cloud customers automatically if affected.
Continue reading...