XenForo 2.2.15 Released Full | XenForo 2.2 ENXF

Released 2x XenForo 2.2.15 Released Full | XenForo 2.2 ENXF 2.2.15

No permission to download

XenForo 2.2.10 Released​

XenForo 2.2.10 is now available for all licensed customers to download. We strongly recommend that all customers running previous versions of XenForo 2.2 upgrade to this release to benefit from increased stability.

This version contains a fix for an issue whereby outgoing requests from the server running XenForo could be tricked into accessing web-accessible resources on the local network. The scope to exploit this issue is limited within the core and first-party add-ons.

2.2.10 will be one of the last releases of the 2.2.x series before we move 2.3.0 to beta, but we do have a handful of things coming late to 2.2.x before that happens, including some enhanced cookie consent features to comply with the ever-evolving field of privacy legislation, and some enhanced performance-boosting functionality for Entities and Finders for developers. More details on those soon.

Of course, 2.2 will continue to be supported and maintenance releases will be made periodically throughout the 2.3.0 beta process and as always we will issue patches and fixes for any critical issues in 2.2 even after 2.3 becomes our primary, supported version.

If you are a XenForo Cloud customer, your upgrade will be scheduled automatically. For self-hosted customers, read on...

Some of the changes in XF 2.2.10 include:
  • Require values for old/new changelog values
  • Properly handle null values within the Arr::stringToArray() function
  • Remove extraneous space when generating a one-time password URL
  • Support rebuilding daily stats from the command line
  • Add additional indexes for the active and expired user upgrade tables
  • Remove superfluous code setting aria-label for tooltips
  • Add lazy loading attribute to resource icons
  • Pass an index hint when performing certain IP lookups
The following public templates have had changes:
  • core_block.less
  • poll_create
  • poll_edit
  • poll_macros
  • tag_macros
  • widget_forum_statistics

Current requirements​

Please note that XenForo 2.2 has higher system requirements than earlier versions.

The following are minimum requirements:
  • PHP 7.0 or newer (PHP 8.0 recommended)
  • MySQL 5.5 and newer (Also compatible with MariaDB/Percona etc.)
  • All of the official add-ons require XenForo 2.2.
  • Enhanced Search requires at least Elasticsearch 2.0.

XenForo 2.2.9 Released​

Some of the changes in XF 2.2.9 include:
  • Fix fatal error when viewing debug page on PHP 8.1
  • Revert previous change so that actioning conversation message report still relies on the 'warn' permission.
  • Reset file hash when pruning proxied images
  • Correctly remove duplicated relations when fetching the user entity within the Member controller
  • Ensure there's a breadcrumb to return to the help pages list when modifying a help page
  • When a suggested answer only contains an attachment, make sure the suggested schema text isn't blank
  • Update various phrases to point to the new location of Google's Developer Console
  • Fix an error that could occur when navigating search results after performing an exact match search for users but not providing a value for the username or email
  • When registering with a connected provider, correctly redirect to the specified return URL
  • When writing before registering but then logging in with an existing account, redirect to the newly created content
  • When sending a push notification about a post being merged, avoid rendering the prefix as HTML
  • Correctly mark the use_tfa field as a boolean value in the API documentation
  • Patch Froala to workaround an issue which prevents "recently used" smilies from being stored as expected.
  • Include $template in $params sent to email container templates
  • Workaround a potential issue when upgrading from older versions due to new code in newer versions.
  • Improve accessibility of inline spoilers.
  • Fix Vimeo time-based links and support unlisted videos via the key portion of the URL.
  • Append content link and title to report closure alerts.
  • Workaround an undefined array key error that may happen during upgrade
  • Do not display view count for directly viewed attachments (video and audio).
  • When opening a page in an overlay that contains share buttons, override the page URL to the URL of the overlay loaded.
  • Update Asia/Novosibirsk timezone to UTC+7
  • Adjust job-related type hints to int|float.
  • Log payment callbacks that come from an unknown source
  • Document where scrolling notices are located
  • Implement __isset() in the Finder class
  • Make it easier to load additional relations with the search forum user cache
  • Improve cross-table data consistency when threads are created
  • Allow feed reader entries without a title to fallback to the description, and vice-versa
  • Pass referrer through poll creation form
  • Default to the first option value for read-only select inputs
  • Improve PHP 8.1 compatibility when logging payment callbacks
  • Fix null query parameter handling on the debug page
  • Correct the IRR currency precision
  • Include a content setter for report entities
  • Fix attributes on the registration defaults option not referring to unique inputs
  • Don't re-save avatars if the crop positioning hasn't changed
  • Redirect to page 1 if a non-number value is passed to the "Go to page" form
  • List the events a Stripe webhook endpoint should listen for
  • Improve PHP 8.1 compatibility within the Register controller
  • Work around an upstream issue in WinCache
  • Always throw an exception when a file fils to copy to an abstracted file path
  • Attempt to determine first proxyable favicon when fetching page metadata
  • Canonicalize proxied thread cover image URLs
  • Prevent search engines from attempting to index thread preview URLs
  • Throw an exception when add-on requirement errors or warnings are not arrays
  • Update watch notifier getDefaultWatchNotifyData method visibility to match parent class
  • Fix route normalization in policy acceptance bypass check
  • Improve PHP 8.1 compatibility in template trim tag/function
  • Add response documentation to the POST posts/ API route
  • Adjust maximum width of board title in control panel header
  • Normalize root breadcrumb URL before checking if it matches the current page
  • Make unfurl usage analysis more robust
  • Improve PHP 8.1 compatibility within template filters
  • When logging a failed email exception, include the from email in the exception message
  • Add embed support for public Spotify playlists
  • Make the default cookie same-site behavior configurable
  • Always allow top-level categories which are not displayed in the node list to be accessed at their dedicated URL
  • Fix article preview text fade not applying to articles without a cover image
  • Strip AJAX query params from password confirmation redirects
  • Avoid decreasing user message count twice when moving a thread in/out of a forum that does not count messages
  • Improve PHP 8.1 compatibility within the API docs generator
  • Fix potential stale recompilation of grouped phrases
  • Include some missing entries in the hashes file
  • Ensure zlib output compression is disabled to prevent interference with XF output compression
  • Hide the article forum snippet length option when using the preview display style
  • Correct the description for the user_content_change_init code event description
  • Reword the "this_accounts_email_is_already_associated_with_another_member" phrase
  • Add option to disable appending a CAPTCHA provider's privacy policy to the site's privacy policy
  • Only send certain moderator action alerts when the content is or was visible to the author
  • Improve PHP 8.1 compatibility within the unsharp image mask algorithm
  • Improve PHP 8.1 compatibility within the route filter entity
  • Remove stray XF.Element.register() in password_box.js
  • Improve PHP 8.1 compatibility when resizing and cropping an image
  • When converting tables to utf8mb4, only show the prompt to add fullUnicode to config.php if the value isn't set already
The following public templates have had changes:
  • PAGE_CONTAINER
  • alert_user_report_rejected
  • alert_user_report_resolved
  • attachment_macros
  • browser_warning_macros
  • core_block.less
  • core_datalist.less
  • core_menu.less
  • core_tab.less
  • editor_base.less
  • login_password_confirm
  • member.less
  • message.less
  • page_nav
  • poll_create
  • post_article_macros
  • progress_bar.less
  • progress_bar_macros
  • push_user_post_merge
  • push_user_report_rejected
  • push_user_report_resolved
  • thread_preview
  • widget_html
Where necessary, the merge system within the "outdated templates" page should be used to integrate these changes.

Current requirements​

Please note that XenForo 2.2 has higher system requirements than earlier versions.

The following are minimum requirements:

  • PHP 7.0 or newer (PHP 8.0 recommended)
  • MySQL 5.5 and newer (Also compatible with MariaDB/Percona etc.)
  • All of the official add-ons require XenForo 2.2.
  • Enhanced Search requires at least Elasticsearch 2.0.
Shortly after releasing 2.2.8, we became aware of an issue that may affect the expected operation of the image proxy system which may cause cached images to no longer refresh as expected.
Some of the changes in XF 2.2.8 include:
  • Do not wrap iconic inputs when directly adjacent to other inline items
  • Generate PhpStorm metadata for validator classes
  • Optionally normalize a URL passed into getRoutePathFromUrl to exclude the script part of the URL if it is passed in.
  • Fix further JavaScript regression in editor.js that affected older browsers.
  • Fix undefined variable $option when failing to refresh an OAuth email access token.
  • If the location field is required at registration, indicate so on the account details page
  • Correctly mark Applebot as a robot
  • Fix the type hint in AbstractDriver for the imageFromFile method
  • Ensure report comments are ordered consistently
  • Allow API thread filtering by prefix_id when the specific forum is unknown
  • Add support for podcast episodes to the Spotify BB code media site
  • Adjust the way answers are counted and represented within the JSON-LD schema for question threads
  • If the forum used for reports is deleted, revert back to using the report centre
  • Throw a prettier error if downloading an XF upgrade package fails
  • When sending a payment receipt for user upgrades, display the price paid and not the current price of the user upgrade
  • Fix an issue preventing numeric custom fields from being searched
  • Remove itemprop attribute from the fnUsernameLink templater function
  • Silence errors when a template doesn't exist
  • Patch a regression in Froala which caused images inside clipboard data to no longer be uploaded as expected.
  • Consistently nest date of birth privacy options in the admin control panel user edit page.
  • Fix password strength meter background color bleed.
  • coerce the lbThumbsAuto option value to a boolean to ensure it works as expected.
  • Fix vertical alignment of sort order indicator inside filter bar toggles.
  • Remove CSS rule that inadvertently increases the size of the text of some form row elements.
  • When requesting a new attachment key and hitting a permission error, make the error more clear.
  • Fix an issue with the wrong reaction sprite displaying when switching between reactions on different sprite sheets.
  • Support adding data attributes to <xf:eek:ptgroup> elements inside <xf:checkbox> and <xf:radio> elements.
  • Remove orphaned buttons from the button manager and correctly indicate button visibility
  • When using ImageMagick, correctly set its temp directory to tempDataPath
  • Include 'all' filter within page navigation when batch updating threads
  • Improve handling for batch updating a large number of records in one go
  • Add .opus as a supported audio file extension
  • Ensure advanced flag for options is both imported and exported correctly
  • Restore the default tab for a node when deleting its associated navigation tab
  • Disable page load scroll adjustment on browsers supporting native scroll anchoring
  • Filter removed buttons from editor dropdowns
  • Inhibit scroll button click event when clicking between buttons
  • Avoid truncating long widget descriptions
  • Make it easier to extend valid image proxy mime types
  • Fix layout shift when profile posts not visible on user profiles.
  • Workaround an issue that could allow certain registration moderation requirements to be bypassed.
  • Prevent posts from being moved or copied to threads that a moderator cannot view
  • Ensure node ID constraints are always in a numerical array when searching for posts
  • Re-work session activity updates to reduce locking pressure
  • When encountering an invalid cost amount error with PayPal, expand the error message with a hint to check for additional shipping and handling charges
  • Display the correct image for certain emojis containing a zero width joiner
  • Record image proxy file hashes, and do not overwrite files if their hashes have not changed
  • When replying to a thread that has been deleted during the reply, throw a clearer error message
  • When filtering for unsolved questions, encourage MySQL to use a better index
  • Prevent member tabs from overlapping the avatar when member stats aren't being displayed
  • Add global template data to the API templater
The following public templates have had changes:
  • PAGE_CONTAINER
  • account_details
  • alert_user_report_rejected
  • core_datalist.less
  • core_filter.less
  • core_formrow.less
  • core_input.less
  • core_menu.less
  • core_meter_bar.less
  • editor_base.less
  • helper_user_dob_edit
  • member.less
  • member_view
  • message_macros
  • poll_macros
  • thread_type_fields_article
XenForo 2.2.7 inadvertently shipped with an implicit minimum requirement of PHP 7.1 due to the way that newer versions of composer attempt to validate your platform is compatible with the included dependencies.

If you're currently running PHP 7.0 you may have been unable to upgrade to or run XenForo 2.2.7. Patch 1 removes this platform check.

Additionally, if you're currently running PHP 7.0 we would strongly urge you to consider upgrading to a newer version as soon as possible. XenForo 2.3 will be shipping with a minimum requirement of PHP 7.2.5. We currently recommend upgrading to PHP 8.0 where possible.
In addition to the usual bug fixes and improvements, there is a database schema change which may take significant time to perform. If you have a particularly large xf_attachment and xf_attachmet_data table (several million records) then we recommend performing a CLI upgrade.

XenForo 2.2.7 is also the first version to support cleaning up files that belong to uninstalled add-ons. You can read more about that.

Some of the changes in XF 2.2.7 include:
  • Update add-on list filter bar to use the correct prefix search phrase.
  • Output XenForo version when running cmd.php --version or -V
  • Change [MEDIA] BB code tag example to point to a valid video.
  • Ensure the input element for token inputs inherit the expected font color.
  • Disable caching for the birthdays member stat. The results could be different for each user depending on time zone so caching won't be effective.
  • Workaround a browser quirk to do with sticky navigation and the staff bar when the border width is an odd number. This removes the bottom border entirely.
  • Workaround an issue that could be caused by mail queue entries that fail to unserialize.
  • Avoid n+1 queries when filtering profile posts from banned users in the find new system
  • Patch loose string comparisons such as !$username and in_array($username, $usernames) that can result in unexpected behaviors when wierd strings are used.
  • When permanently deleting threads, ensure associated records are deleted too
  • When generating RSS feed entries for threads, set the guid attribute to the thread ID
  • Only overwrite push notification opt-out preferences if the visitor has permission to use push notifications.
  • Allow unassociated attachment deletion cutoff to be extended inline with draft save lifetime, plus refresh temporary attachments when saving a draft.
  • Trim excess whitespace from the beginning of Font Awesome icon classes
  • Fix compatibility issue with type checking when rendering prefixes
  • Add a new registration default to control whether push notifications should be sent for new conversation messages.
  • Fix an issue preventing guests from creating polls
  • When updating content reactions, check if reactions actually exist in the cache
  • Properly coerce URLs that may not begin with "www."
  • Fix casing for the metadata logo URL phrase
  • Don't allow retaining IDs when importing reaction content records
  • Use correct type hint for the getTitle method in the Report entity
  • When editing admin navigation items, properly save the development_only value
  • Adjust the query for determining who should receive a report closure notification to only return distinct and non-zero user IDs
  • If using PHP 7.1 or above, allow the image proxy to fetch and store webp images.
  • Ensure control panel attachment manager date boundaries are inclusive
  • Open off-canvas sub-navigation menu when tapping a heading with no link
  • Do not attempt to query for uncached content permissions after the global cache has already been run
  • Remove duplicated templates for node permissions management
  • Support specifying multiple content types when rebuilding the search index
  • Change "Edit own thread title" permission to "Edit own thread" as this permission allows multiple thread properties to be edited.
  • Improve legibility of thread prompt placeholder on the title input while using a narrow display when creating a new thread.
  • Do not offset the sticky submit row in overlays to account for bottom fixed notices that are behind the overlay.
  • Hover variants based on saturate() won't work with greys or near greys, so let's focus on xf-intensify() instead, and raise the value somewhat to compensate for the loss of the hover saturate
  • When merging users, carry over previous username change logs too.
  • Remove redundant file existence check when loading templates
  • Remove redundant file existence check when loading phrase groups
  • When autolinking emails expand the range of word characters permitted in additional domain parts.
  • Adjust Vimeo BB code media site to not match profile URLs unintentionally.
  • Impose a limit on the maximum number of keywords that can be searched for (default: 1024) and allow XFES to fetch the max_clause_count configuration value where possible to avoid a shard exception.
  • Steps to avoid accessing a Less mixin from one file defined in another. Move to setup.less but retain reference to the original for backwards compatibility for now.
  • When unfurling URLs using unfurl.php ensure we're using the correct style for the user and passing in the default template params.
  • Update timezone data
  • Add Sri Lanka to the list of locales
  • Handle a race condition where proxy images get pruned in the middle of a request more gracefully
  • When moving the first post out of a thread with no other visible posts, correctly set the state of the new first post and original thread record
  • Use the number of replies in a question thread as the number of answers instead
  • Allow toggling the direction of date sort orders on user upgrade lists
  • Avoid throwing an error when sending an activity summary that has a section title containing a dot.
  • Resolve a number of rich text editor quirks when pasting various content.
  • When fetching metadata from a URL improve checks to ensure we get a valid charset encoding where possible and prevent against an Error exception thrown if an invalid character set encoding is encountered.
  • When copy/pasting content that contains quotes, tidy up the output and ensure it outputs correctly with the appropriate attributes to maintain quote author and content.
  • When parsing a color string (such as for the metaThemeColor property usage) normalize the color to its hex value by default.
  • When typing conversation recipients allow a min length value of 1 for single character usernames.
  • Improve performance of the attachment manager when working with mind-boggling numbers of attachments
  • Workaround a tooltip displaying potentially in the wrong language in the editor draft button drop down.
  • Use text-shadow to give a stroke effect to usernames whilst avoiding a wrapping issue
  • Remove reference to zxcvbn.min.js source mapping to avoid 404 error.
  • Skip some parts of the _preSave method in Thread entity if thread does not have a forum.
  • Prevent iconic labels from overflowing their container
  • Introduce a code event for manipulating the current page cache ID
  • When uninstalling content type data during an add-on uninstall set the attachment content_id to 0 as well as unassociated to avoid conflicts if reinstalling. The files will be cleaned up later.
The following public templates have had changes:
  • _help_page_bb_codes
  • bb_code_tag_quote
  • conversation_add
  • conversation_invite
  • core_blockmessage.less
  • core_datalist.less
  • core_input.less
  • core_overlay.less
  • editor_base.less
  • forum_post_thread
  • member.less
  • member_tooltip
  • member_tooltip.less
  • member_view
  • select2.less
  • setup.less
  • thread_list_macros
Where necessary, the merge system within the "outdated templates" page should be used to integrate these changes.
XenForo 2.2.6 included support for YouTube embeds which contain a playlist ID which allows an embedded video to be viewed within the context of the playlist it is part of. While this was working perfectly fine, YouTube seemingly made a change yesterday which prevented all YouTube embeds from displaying because many of them would have had an empty list parameter in the embed URL.

This only affects customers who have already upgraded to XenForo 2.2.6 or XenForo 2.2.6 Patch 1. XenForo 2.2.6 Patch 2 resolves this issue.
Shortly after releasing 2.2.6, we became aware of a issue that may prevent user upgrade payments for legacy (XenForo 1.x-based) subscriptions from being processed. This only affects user upgrade subscriptions that were setup when the site was running XenForo 1.x and are still active. XenForo 2.2.6 Patch 1 resolves this issue.

For more details on the issue, see this bug report:

2.2.6 regression: legacy user upgrade payment failure​


If a PayPal payment is received for a user upgrade subscription that was created in XenForo 1.x, it may fail to process and the following error will be logged in the control panel:
ErrorException: [E_WARNING] Attempt to read property "extra_data" on null src/XF/Purchasable/UserUpgrade.php:50
This error may be logged a number of times for a single payment due to PayPal retrying the IPN callback a number of times.

This issue has been resolved with 2.2.6 Patch 1, but it can be manually resolved by making the following change. In src/XF/Payment/PayPal.php, find:
Code:
$state->purchasableHandler = $purchasable->handler;
Immediately after it, add:
Code:
return true;
If the error has been received, in most cases, you can update or manually patch the issue and simply wait for PayPal to attempt the callback again. This should allow the payment to go through and be processed successfully.
Some of the changes in XF 2.2.6 include:
  • Adjust file copying order of the one click upgrader to reduce issues with page breaks.
  • Support youtube.com/shorts/{id} format URLs
  • Change the CSS rules for inline spoilers to improve visibility
  • Replace Accept header to use official v3 of GitHub API for connected account requests rather than its beta.
  • Apply flood checking to thread create/reply pre-reg actions.
  • If there is no editor/quick-reply element available, bail out of the quote-click JS handler early.
  • Add some input placeholder styling to the stripe payment form.
  • Prevent editing/display/use of some payment profiles when they are no longer active or the payment provider is no longer usable.
  • When toggling comments with the profilePostCommentToggle style property enabled, ensure the editor placeholder is activated and, where possible, focus the editor.
  • When getting global permission entries, process conditions correctly to only select the relevant records.
  • Fix bad maxlength setting for warning definition titles and impose a maxlength for warning definition conversation titles.
  • Prevent an error when trying to update reactions counts if we find a reaction content entry without a matching reaction definition.
  • Implement the ability to add custom add/remove messages for the multi-quote button.
  • Fix prefix function usage in alert/push_thread_reply_ban templates.
  • Disable lightbox related output in RSS feeds.
  • Allow member stats to be used in widgets regardless of overview_display option.
  • Limit the size of each inline mod cookie to 3KB to avoid excessive header sizes.
  • Add header 'Auto-Submitted: auto-generated' header by default to outgoing emails with the ability to override or unset if needed.
  • Fix missing content type for contact form and protect against a PHP 8.0 issue if a content type phrase is empty.
  • Fix unsupported operand error when validating a style archive if hashes.json fails to decode correctly.
  • Add the ability to perform exact match email searches
  • Remove duplicate itemprop attribute on a post's username link
  • Validate usernames before trying to set them when creating threads as a guest
  • Ensure phrases are properly returned as strings
  • Wrap attachment action phrases that may not fit the thumbnail container
  • Adjust description for the forum statistics widget
  • Allow users to be reported regardless of their profile privacy settings
  • Add a separate phrase for prefix searching on the admin panel's quick filter
  • Ensure that non-ASCII characters are not in the local part of an email address.
  • When analysing images, check image type against image extension map
  • Allow alerts to be sent via an API super user key without a registered user.
  • Validate a purchasable item exists during the callback stage of a payment.
  • Ensure threads with a redirect thread type are included when batch updating threads or using a search forum
  • Ensure post thread page action buttons are marked as nofollow
  • Do not attempt to include a first_unread post in the API when the only unread posts in a thread are ignored.
  • Ensure that phrases indirectly used in push and email templates use the correct language.
  • Make the process of canceling recurring PayPal subscriptions clearer if the user does not have a PayPal account.
  • Improve performance of loading icons on the add-on list.
  • Use a new system for shortening strings that contain BB code so that they will not be cut off in the middle of BB code markup.
  • Do not allow transparent or system colors to be used in the color BB code.
  • Ensure that italics in user content are displayed as expected when using CJK languages.
  • Do not attempt to link URLs or email addresses that contain censored words.
  • Properly process Stripe subscription refunds in the payment system.
  • Do not display the "insert" option on attachments in contexts where they cannot be inserted into an editor.
  • Improve the display of message attribution rows with a large amount of content on smaller devices.
The following public templates have had changes:
  • account_upgrades
  • alert_thread_reply_ban
  • attachments.less
  • bb_code.less
  • core_datalist.less
  • core_setup.less
  • delete_confirm
  • fa.css
  • font_awesome_setup
  • forum_overview_wrapper
  • forum_post_thread_chooser
  • forum_view
  • helper_attach_upload
  • helper_js_global
  • message.less
  • message_macros
  • multi_quote_macros
  • payment_cancel_recurring_paypal
  • payment_initiate_stripe
  • post_macros
  • profile_post_macros
  • push_thread_reply_ban
  • reaction_item_profile_post
  • reaction_item_profile_post_comment
  • reaction_list_row
  • search_forum_view
  • setup_fa.less
  • thread_view
  • whats_new_posts
Top