XenForo 2.2.12 Released Full | XenForo 2.2 ENXF Nulled

Released 2x XenForo 2.2.12 Released Full | XenForo 2.2 ENXF Nulled 2.2.12

No permission to download

XenForo 2.2.12 Released​

XenForo 2.2.12 is now available for all licensed customers to download. We strongly recommend that all customers running previous versions of XenForo 2.2 upgrade to this release to benefit from increased stability.

We're pleased to announce the introduction of two new features available in XenForo 2.2.12.

New CAPTCHA provider: Cloudflare Turnstile​

In September, Cloudflare Turnstile was announced. You may have noticed that we quickly implemented this into the software and it has been running here now for a little while.

While on the surface this may seem like "just another CAPTCHA" option, we feel that Cloudflare has gotten a lot of things right in its approach to this product that is missing from many other providers including HCaptcha and Google reCAPTCHA. It's a much better experience for your users, respects your users privacy and with XF 2.2.12 also provides more granular logging in the Cloudflare dashboard so you can see analytics about where in the software a CAPTCHA is being used.

We encourage you to read more about Cloudflare Turnstile on their blog and consider signing your site up, for free, right here or if you are an existing Cloudflare user, get started in your Cloudflare dashboard.

Advanced cookie consent system​

Starting with XF 2.2.12 you will be able to enable a new "Advanced" cookie consent system. This enables your users to have much more granular control over the specific cookies that are set, the purpose of each cookie and prevents certain cookies from being set at all until explicit consent is given.

As ever, this system is also extendable by add-on developers so that cookies set by an add-on can be appropriately categorised and also require consent before certain functionality is available.

Some of the changes in XF 2.2.12 include:
  • Always default to an empty array when IPv6 lookup fails
  • Fix a server error when guests tried to access non-existent search results
  • Include some missing entries in the hashes file
  • Suppress warnings when converting invalid IP addresses on older versions of PHP
  • Implement suggested password normalization for PhpBb3 authentication
  • Check for "Manage add-ons" permission when viewing or triggering a file health check
  • Fix not being able to follow users in an email bounced user state
  • Fix custom user titles set to falsy values not being displayed
  • Add missing pagination when searching for a user's reported content
  • Only sign emails if DKIM setup has been verified
  • Properly account for falsy values in wholeWordTrim and snippetString functions
  • Fix PHP 8.1 compatibility issue when performing a search with no keywords
  • Update Swiftmailer to v6.3.0 for PHP 8.1 support
  • Make adjustments to Facebook media site to support new pfbid IDs
  • Add support for detecting utf8mb3 and treating it the same as utf8 thus ensuring unicode mismatch detection and table conversion to utf8mb4 is working correctly.
  • Add missing CSS to the comment macro in the profile_post_macros template
  • When trying to unapprove a deleted thread, undelete it and put it in the approval queue
  • Prevent configuration of two-factor authentication when it is disabled via the config.php switch
  • Fix outdated link in the you_can_preview_icons_and_their_names_here phrase
  • Fix typo in legacy Instagram embed template
  • Re-implement Instagram embeds without a reliance on the oEmbed endpoints and support reel links.
  • Adjust template Parser to allow for more precise parentheses placement in some previously ambiguous usages.
  • If guest content is awaiting approval, show the username the content was submitted under
  • Fix PHP 8.1 compatibility issue when rebuilding a thread's first post information
  • Remove extraneous line breaks from the news feed option description
  • If a user is also a moderator, update the URL on their admin profile page to only show forums they moderate
  • Exclude nodes where a user can't view thread content from search queries
  • When importing from an RSS feed and posting as a particular user, respect their auto-watch preferences
  • Add support for 3GP encoded videos
  • Fix $fromEmail variable not being set correctly when sending emails
  • Fix accidentally exposing thread content to guests without the "View threads by others" permission when the thread starter's account has been deleted
  • Ensure error logging isn't silently skipped if stacktrace arguments contain invalid utf-8.
  • Adjust CSS for Spotify media embed.
  • Adjust Select2 and native auto-completer to accept tab key as selecting a result.
  • Support node_name / URL portion for categories (relevant if categoryOwnPage option enabled)
  • Remove reference to non-existent reaction_text column
  • Fix typo in mail template rendering exception message
  • Fix connected account providers not appearing on the login form in some cases
  • More accurate way of parsing byte values from PHP config values.
  • Ensure only valid users are able to change their username.
  • Better support cross platform directory separator trimming in ComposerAutoload
  • Mark XF\Payment\CallbackState as allowing dynamic properties.
  • Include PHP 8.2 compatibility fixes in non-vendor classes and utf8.php
  • Fix Vimeo embed start timestamp behavior
  • Use late static binding in utility classes to make them easier to extend
  • Ensure job max run-time checks occur at end of loops
  • Dynamically build link to front-end in the control panel
  • Include content IDs in extra data when performing spam checks
  • Include content IDs in extra data when performing spam checks
  • Improve the extensibility of spam trigger log request data
  • Add validation to widget display conditions
  • Fix validation for negative whole number custom fields
  • Adjust title attributes on bookmark links and buttons
  • Adjust line height of inline mod go button to match select height
  • In Text::copy return a Text element rather than Tag.
  • Properly escape regex when rendering a BB code table.
  • Disable PSR class path inspection in extension_hint.php
  • In the ChangeLoggable behaviour add a new option to force a change to be from a specific user ID. In contexts where actions are performed from an email link, such as email stop or password resets, this allows us to ensure the password reset change log is attributed to the correct user.
  • Update flow.js to the latest version, remove legacy FustyFlow for ancient IE fallback.
  • Apply recommended fix for wrapping selection text in different editor functionality.
  • Return a HTTP 404 error code when trying to view a tag with no viewable content
  • Handle null arguments when stripping BBcode from strings
The following public templates have had changes:
  • PAGE_CONTAINER
  • _help_page_cookies
  • _media_site_embed_oembed
  • _media_site_legacy_embed
  • account_confirm_resend
  • account_security
  • app.less
  • app_inlinemod.less
  • approval_queue_macros
  • bookmark_macros
  • captcha
  • captcha_turnstile
  • contact_form
  • core_bbcode.less
  • core_utilities.less
  • editor_base.less
  • forum_post_quick_thread
  • forum_post_thread
  • google_analytics
  • helper_attach_upload
  • login
  • lost_password
  • misc_cookies
  • notice_cookies
  • notices.less
  • register_form
  • report_search
  • thread_list_macros
  • thread_reply
  • thread_view
Where necessary, the merge system within the "outdated templates" page should be used to integrate these changes.

Current requirements​

Please note that XenForo 2.2 has higher system requirements than earlier versions.

The following are minimum requirements:
  • PHP 7.0 or newer (PHP 8.0 recommended)
  • MySQL 5.5 and newer (Also compatible with MariaDB/Percona etc.)
  • All of the official add-ons require XenForo 2.2.
  • Enhanced Search requires at least Elasticsearch 2.0.
The issue relates to HTML attribute injection which can be triggered when rendering editor content, such as when a post is edited or quoted.
Shortly after we released XenForo 2.2.10 we became aware of a number of minor issues that may have affected a number of customers.

Therefore, today, we have released XenForo 2.2.10 Patch 1 to rectify these issues.

XenForo 2.2.10 Released​

XenForo 2.2.10 is now available for all licensed customers to download. We strongly recommend that all customers running previous versions of XenForo 2.2 upgrade to this release to benefit from increased stability.

This version contains a fix for an issue whereby outgoing requests from the server running XenForo could be tricked into accessing web-accessible resources on the local network. The scope to exploit this issue is limited within the core and first-party add-ons.

2.2.10 will be one of the last releases of the 2.2.x series before we move 2.3.0 to beta, but we do have a handful of things coming late to 2.2.x before that happens, including some enhanced cookie consent features to comply with the ever-evolving field of privacy legislation, and some enhanced performance-boosting functionality for Entities and Finders for developers. More details on those soon.

Of course, 2.2 will continue to be supported and maintenance releases will be made periodically throughout the 2.3.0 beta process and as always we will issue patches and fixes for any critical issues in 2.2 even after 2.3 becomes our primary, supported version.

If you are a XenForo Cloud customer, your upgrade will be scheduled automatically. For self-hosted customers, read on...

Some of the changes in XF 2.2.10 include:
  • Require values for old/new changelog values
  • Properly handle null values within the Arr::stringToArray() function
  • Remove extraneous space when generating a one-time password URL
  • Support rebuilding daily stats from the command line
  • Add additional indexes for the active and expired user upgrade tables
  • Remove superfluous code setting aria-label for tooltips
  • Add lazy loading attribute to resource icons
  • Pass an index hint when performing certain IP lookups
The following public templates have had changes:
  • core_block.less
  • poll_create
  • poll_edit
  • poll_macros
  • tag_macros
  • widget_forum_statistics

Current requirements​

Please note that XenForo 2.2 has higher system requirements than earlier versions.

The following are minimum requirements:
  • PHP 7.0 or newer (PHP 8.0 recommended)
  • MySQL 5.5 and newer (Also compatible with MariaDB/Percona etc.)
  • All of the official add-ons require XenForo 2.2.
  • Enhanced Search requires at least Elasticsearch 2.0.

XenForo 2.2.9 Released​

Some of the changes in XF 2.2.9 include:
  • Fix fatal error when viewing debug page on PHP 8.1
  • Revert previous change so that actioning conversation message report still relies on the 'warn' permission.
  • Reset file hash when pruning proxied images
  • Correctly remove duplicated relations when fetching the user entity within the Member controller
  • Ensure there's a breadcrumb to return to the help pages list when modifying a help page
  • When a suggested answer only contains an attachment, make sure the suggested schema text isn't blank
  • Update various phrases to point to the new location of Google's Developer Console
  • Fix an error that could occur when navigating search results after performing an exact match search for users but not providing a value for the username or email
  • When registering with a connected provider, correctly redirect to the specified return URL
  • When writing before registering but then logging in with an existing account, redirect to the newly created content
  • When sending a push notification about a post being merged, avoid rendering the prefix as HTML
  • Correctly mark the use_tfa field as a boolean value in the API documentation
  • Patch Froala to workaround an issue which prevents "recently used" smilies from being stored as expected.
  • Include $template in $params sent to email container templates
  • Workaround a potential issue when upgrading from older versions due to new code in newer versions.
  • Improve accessibility of inline spoilers.
  • Fix Vimeo time-based links and support unlisted videos via the key portion of the URL.
  • Append content link and title to report closure alerts.
  • Workaround an undefined array key error that may happen during upgrade
  • Do not display view count for directly viewed attachments (video and audio).
  • When opening a page in an overlay that contains share buttons, override the page URL to the URL of the overlay loaded.
  • Update Asia/Novosibirsk timezone to UTC+7
  • Adjust job-related type hints to int|float.
  • Log payment callbacks that come from an unknown source
  • Document where scrolling notices are located
  • Implement __isset() in the Finder class
  • Make it easier to load additional relations with the search forum user cache
  • Improve cross-table data consistency when threads are created
  • Allow feed reader entries without a title to fallback to the description, and vice-versa
  • Pass referrer through poll creation form
  • Default to the first option value for read-only select inputs
  • Improve PHP 8.1 compatibility when logging payment callbacks
  • Fix null query parameter handling on the debug page
  • Correct the IRR currency precision
  • Include a content setter for report entities
  • Fix attributes on the registration defaults option not referring to unique inputs
  • Don't re-save avatars if the crop positioning hasn't changed
  • Redirect to page 1 if a non-number value is passed to the "Go to page" form
  • List the events a Stripe webhook endpoint should listen for
  • Improve PHP 8.1 compatibility within the Register controller
  • Work around an upstream issue in WinCache
  • Always throw an exception when a file fils to copy to an abstracted file path
  • Attempt to determine first proxyable favicon when fetching page metadata
  • Canonicalize proxied thread cover image URLs
  • Prevent search engines from attempting to index thread preview URLs
  • Throw an exception when add-on requirement errors or warnings are not arrays
  • Update watch notifier getDefaultWatchNotifyData method visibility to match parent class
  • Fix route normalization in policy acceptance bypass check
  • Improve PHP 8.1 compatibility in template trim tag/function
  • Add response documentation to the POST posts/ API route
  • Adjust maximum width of board title in control panel header
  • Normalize root breadcrumb URL before checking if it matches the current page
  • Make unfurl usage analysis more robust
  • Improve PHP 8.1 compatibility within template filters
  • When logging a failed email exception, include the from email in the exception message
  • Add embed support for public Spotify playlists
  • Make the default cookie same-site behavior configurable
  • Always allow top-level categories which are not displayed in the node list to be accessed at their dedicated URL
  • Fix article preview text fade not applying to articles without a cover image
  • Strip AJAX query params from password confirmation redirects
  • Avoid decreasing user message count twice when moving a thread in/out of a forum that does not count messages
  • Improve PHP 8.1 compatibility within the API docs generator
  • Fix potential stale recompilation of grouped phrases
  • Include some missing entries in the hashes file
  • Ensure zlib output compression is disabled to prevent interference with XF output compression
  • Hide the article forum snippet length option when using the preview display style
  • Correct the description for the user_content_change_init code event description
  • Reword the "this_accounts_email_is_already_associated_with_another_member" phrase
  • Add option to disable appending a CAPTCHA provider's privacy policy to the site's privacy policy
  • Only send certain moderator action alerts when the content is or was visible to the author
  • Improve PHP 8.1 compatibility within the unsharp image mask algorithm
  • Improve PHP 8.1 compatibility within the route filter entity
  • Remove stray XF.Element.register() in password_box.js
  • Improve PHP 8.1 compatibility when resizing and cropping an image
  • When converting tables to utf8mb4, only show the prompt to add fullUnicode to config.php if the value isn't set already
The following public templates have had changes:
  • PAGE_CONTAINER
  • alert_user_report_rejected
  • alert_user_report_resolved
  • attachment_macros
  • browser_warning_macros
  • core_block.less
  • core_datalist.less
  • core_menu.less
  • core_tab.less
  • editor_base.less
  • login_password_confirm
  • member.less
  • message.less
  • page_nav
  • poll_create
  • post_article_macros
  • progress_bar.less
  • progress_bar_macros
  • push_user_post_merge
  • push_user_report_rejected
  • push_user_report_resolved
  • thread_preview
  • widget_html
Where necessary, the merge system within the "outdated templates" page should be used to integrate these changes.

Current requirements​

Please note that XenForo 2.2 has higher system requirements than earlier versions.

The following are minimum requirements:

  • PHP 7.0 or newer (PHP 8.0 recommended)
  • MySQL 5.5 and newer (Also compatible with MariaDB/Percona etc.)
  • All of the official add-ons require XenForo 2.2.
  • Enhanced Search requires at least Elasticsearch 2.0.
Shortly after releasing 2.2.8, we became aware of an issue that may affect the expected operation of the image proxy system which may cause cached images to no longer refresh as expected.
Top