Ozzy47
Administrator
- Thread starter Thread starter XenForo
- Start date Start date Friday at 7:33 PM
In addition to the usual bug fixes, XenForo 2.3.10 includes a critical security fix involving a potential stored XSS vector in structured text mentions (mostly legacy profile post content). We'd like to extend thanks to metho for responsibly disclosing the issue.
If you are a XenForo Cloud customer running 2.3.8, the security fix has already been applied and no immediate action is required. XenForo 2.3.10 will be made available to you shortly.
We recommend doing a full upgrade to resolve the issue, but a patch can be applied manually. See below for further details.
- Download 2310-patch.zip
- Extract the .zip file
- Upload the contents of the upload directory to the root of your XenForo installation
XenForo 2.3.10 also includes a few new features which we called out in our latest Have you seen...? post here:
Later this week we will be releasing XenForo 2.3.10 with a couple of notable additions for developers.
For more years than I've been at the company, we have had an internal tool which we use during development of features to help us keep on top of phrases. It scans the code base to detect strings in templates that might need to become phrases and also looks for certain delimited strings in PHP code that can also be converted to phrases.
In XenForo 2.3.10 we have (finally!) polished this up and converted them to CLI commands.
Template and Template Modification...
Directly from your admin control panel
Some of the changes in XF 2.3.10 include:
- Ensure "View Older Results" link appears on last page of search results
- Ensure "No such recipient" bounce responses are classified as hard bounces
- Ensure "Account Closed" bounce responses are classified as hard bounces
- Ensure "Recipient not found" bounce responses are classified as hard bounces
- Ensure "mailbox is disabled" bounce responses are classified as hard bounces
- Ensure "not configured to receive" bounce responses are classified as hard bounces
- Prevent inet_pton() ValueError when IP address contains null bytes
- Use original Email object for error logging after DKIM signing to prevent undefined method error
- Skip array values during custom field multiselect validation to prevent Array to string conversion warning
- Normalize discouragement delay min/max values to prevent mt_rand() ValueError
- Suppress dns_get_record() warning during DKIM verification to prevent job crash on DNS failure
- Prevent alerts from being sent to banned users
- Correct OAuth2 token revocation to properly invalidate both access and refresh tokens
- Respect direction parameter for multi-column sort ordering in Finder
- Re-enable passkey button when WebAuthn registration or authentication is aborted
- Add missing bookmark_id index to xf_bookmark_label_use table
- Prevent accumulating whitespace in GenerateFinders CLI command on repeated runs
- Avoid exception-based flow control in getFinder for entity class resolution
- Set explicit working directory for sub-processes to prevent failure when CWD is inaccessible
- Prevent type error when custom field type changes with preserved values
- Include purchasable ID in Stripe product and plan ID generation
[ICODE=rich]does not round-trip after editing a post- Implement ContainableInterface and DatableInterface on various child content entities
- Create template when generating a route with xf-make:route
As always, new releases of XenForo are free to download for all customers with active licenses. You may now upgrade from your admin control panel or grab the new version from the customer area.
Please note that XenForo 2.3 has higher system requirements than earlier versions.
The following are minimum requirements:
- PHP 7.2 or newer (PHP 8.3 recommended)
- MySQL 5.7 and newer (Also compatible with MariaDB/Percona etc.)
- All of the official add-ons require XenForo 2.3.
- Enhanced Search requires at least Elasticsearch 7.2.
Installation and upgrade instructions
Full details of how to install and upgrade XenForo can be found in the XenForo 2 Manual. We strongly recommend upgrading directly from within your control panel.Attachments
- 2310-patch.zip
2310-patch.zip
8.7 KB · Views: 48
Written by
Company info
There is no better platform upon which to grow your community.
Engage your customers with the premium community experience.
Staff member Licensed customer
- Messages
712 - Reaction score
24,985 - Points
503
XenForo 2.2.19 has also been released. Please refer to the release notes above.
We recommend doing a full upgrade to resolve the issue, but a patch can be applied manually. See below for further details.
- Download 2219-patch.zip
- Extract the .zip file
- Upload the contents of the upload directory to the root of your XenForo installation
Attachments
- 2219-patch.zip
2219-patch.zip
7.7 KB · Views: 20
XenForo Media Gallery 2.3.10 Released
XenForo Media Gallery 2.3.10 is now available for all licensed customers to download. We strongly recommend that all customers running previous versions of XenForo Media Gallery 2.3 upgrade to this release to benefit from increased stability.Directly from your admin control panel
If you are a XenForo Cloud customer, your upgrade will be scheduled automatically.
Some of the changes in XFMG 2.3.10 include:
- Apply pagination to category content API endpoints
- Catch DuplicateKeyException when setting media watch state to prevent race condition
- Update album last_update_date when content fields change
- Use correct permission check for adding media on what's new page
- Disambiguate content type phrases by prefixing with 'Media'
- Hide search albums tab when albums are globally disabled
- Add lazy loading to gallery media images
- Hide alert opt-outs when user cannot view media gallery
- Delete original file only after transcoded file is successfully saved
The following public templates have had changes:
- xfmg_media_view_macros
- xfmg_whats_new_media
XenForo Media Gallery requires XenForo 2.3 or later.
XenForo Media Gallery can be purchased with a new license via the purchase page or with an existing license via the customer area.
Installation, upgrading and configuration
Please see our XenForo Media Gallery manual page for more information.
XenForo Resource Manager 2.3.10 Released
XenForo Resource Manager 2.3.10 is now available for all licensed customers to download. We strongly recommend that all customers running previous versions of XenForo Resource Manager 2.3 upgrade to this release to benefit from increased stability.Directly from your admin control panel
If you are a XenForo Cloud customer, your upgrade will be scheduled automatically.
Some of the changes in XFRM 2.3.10 include:
- Use rating_count instead of review_count for rating percentage calculation
- Remove incorrect category add permission check from team member eligibility
- Add itemReviewed name to aggregate rating structured data
XenForo Resource Manager requires XenForo 2.3 or later.
XenForo Resource Manager can be purchased with a new license via the purchase page or with an existing license via the customer area.
Installation, upgrading and configuration
Please see our XenForo Resource Manager manual page for more information.
XenForo Enhanced Search 2.3.10 Released
XenForo Enhanced Search 2.3.10 is now available for all licensed customers to download. We strongly recommend that all customers running previous versions of XenForo Enhanced Search 2.3 upgrade to this release to benefit from increased stability.Directly from your admin control panel
If you are a XenForo Cloud customer, your upgrade will be scheduled automatically.
Some of the changes in XFES 2.3.10 include:
XenForo Enhanced Search requires XenForo 2.3 or later.
XenForo Enhanced Search can be purchased with a new license via the purchase page or with an existing license via the customer area.
Installation, upgrading and configuration
Please see our XenForo Enhanced Search manual page for more information.
Continue reading...