Announcements

XenForo 2.2.1 is now available for all licensed customers to download. We strongly recommend that all customers running previous versions of XenForo 2.2 upgrade to this release to benefit from increased stability. Most importantly, this release fixes two potential security vulnerabilities in XenForo. The issues are XSS vulnerabilities. XSS (Cross Site Scripting) issues allow scripts and malicious HTML to be injected into the page, potentially allowing data theft or unauthenticated access. XenForo extends thanks to security researcher Vincent ibn Winnie for reporting the issues. We recommend doing a full upgrade to resolve the issues, but a patch can be applied manually. See below for further details. Applying a patch manually...

Today, we are releasing XenForo 2.1.12 to address two potential security vulnerabilities. We strongly recommend that all customers running XenForo 2.1 upgrade to 2.1.12 or use the attached patch file as soon as possible. The issues are XSS vulnerabilities. XSS (Cross Site Scripting) issues allow scripts and malicious HTML to be injected into the page, potentially allowing data theft or unauthenticated access. XenForo extends thanks to security researcher Vincent ibn Winnie for reporting the issues. We recommend doing a full upgrade to resolve the issues, but a patch can be applied manually. See below for further details. If you are currently running 2.1, the automatic upgrade check will now allow you to upgrade to 2.1.12 within your...

Today, after a refreshingly short beta and release candidate phase, we are excited to announce that XenForo 2.2.0 is now prepared, seasoned, baked and served, replacing XenForo 2.1.11 as our primary supported XenForo version. This release adds a collection of great new features to XenForo, including the ability to repurpose forums as article repositories, a new way to encourage guest users to register, a progressive web app and a completely redesigned rich text editor. Check out the following list for some highlights: Forum and thread types system Updated rich text editor User profile banners Username change requests Search forums Forum SEO controls Writing before registering support Progressive web app Activity summary emails Style...

Today we continue the release candidate stage of XenForo 2.2 with Release Candidate 2. We recommend that all customers running previous 2.2 versions upgrade to this release. This release is similar to the previous betas, but indicates that we are now a step closer to the stable 2.2.0 release. This is still considered a pre-release version, so we do not recommend running it in production and ticket support for this version is not yet available. More specific details regarding bugs fixed in this release can be found in the resolved bugs forum. This is pre-release software. It is not officially supported. We do not recommend running it in production. Please remember that this is pre-release software. It contains known bugs and...

Today we're happy to announce the next step towards a stable and supported release of XenForo 2.2 by moving onto the "release candidate" stage. We recommend that all customers running previous 2.2 versions upgrade to this release. This release is similar to the previous betas, but indicates that we are now a step closer to the stable 2.2.0 release. This is still considered a pre-release version, so we do not recommend running it in production and ticket support for this version is not yet available. More specific details regarding bugs fixed in this release can be found in the resolved bugs forum. This is pre-release software. It is not officially supported. We do not recommend running it in production. Please remember that this is...

Today, we are releasing XenForo 2.1.11 to address a potential security vulnerability. We recommend that all customers running XenForo 2.1 upgrade to 2.1.11 or use the attached patch file as soon as possible. (For customers running XenForo 2.0, we can only recommend upgrading to the latest version.) The issue is a cross site request forgery (CSRF) on the login form. This may allow an attacker to unexpectedly log users into an attacker-controlled account. In some scenarios, this may cause privacy concerns if users take certain actions while logged into the incorrect account. Note that this does not give an attacker any access to the user's true account. We recommend doing a full upgrade to resolve this issue, but a patch can be applied...

After last week's Wednesday-which-was-sort-of-Tuesday-a-bit release, we are back on our regular Tuesday release cycle with 2.2.0 Beta 6. We are hopeful that this may be our final beta release before we move to a Release Candidate stage. We strongly recommend anyone testing 2.2 during this beta period upgrade as each beta version is released. More specific details regarding bugs fixed in this release can be found in the resolved bugs forum. This is beta software. It is not officially supported. We do not recommend running it in production. Please remember that this is beta software. It contains known bugs and incomplete functionality. We do not recommend running beta software in a production environment, and support is limited at...