XenForo Announcements

Well, here we are with our first Have you seen thread for XenForo 2.3. It's been a long time coming, and for various reasons that we will go into later, it has changed quite a bit from what we had originally intended it to be, but it's finally ready to start showing you what's new. tl;dr: there's a video at the end of this post. Dark mode A lot of the new stuff in XenForo 2.3 is related to performance improvements that won't be immediately apparent on first glance, but there is one new feature in particular that is very obvious, and that is the new dark mode. If the device with which you are browsing a XenForo site is configured to use its own dark mode, XenForo will switch itself to use the dark theme...

We first documented in our XenForo 1.5 End of Life Schedule a clear timeline for the end of support and updates for XenForo 1.5. Today, we have reached the first part of that timeline and from this point forward we will no longer be providing support or updates for XenForo 1.5. XenForo 2.0 and any versions prior to XenForo 1.5 are already unsupported. At the time of writing, we will only accept support tickets and bug reports for XenForo 2.1. You may still seek support on the forum, if you wish, though we would strongly urge you to join the majority of your fellow customers who are now happily running XenForo 2.1. If you need a reminder as to what has changed in the last four years since the release of XenForo 1.5, please take a look...

🚨 It's time to party like it's 2022 2023 2024! Today we are very pleased (and relieved) to announce the stable release of XenForo 2.3.0 and our official add-ons. It has been a long time coming so we thank you for your patience and support. There are a myriad of new features and improvements. Here's a brief overview of our favourites: Style variants with Dark mode Improved performance Featured content Image optimization Automation with webhooks SSO with OAuth2 Passwordless logins with passkeys Trending content This is not an exhaustive list of what's new in 2.3, and you can read more about the above and other new changes/improvements features in the Have you seen...? forum. As always, new releases of XenForo are free to download for...

Today we are releasing XenForo 2.3.0 Release Candidate 5. While the majority of this release is focusing on bug fixes and stability, there are a few noteworthy changes. Automatic legacy file clean up XenForo installations after upgrading to XenForo 2.3 will have a number of files sitting in the file system which are no longer used. Any XenForo installation that has been around for a while, will to a lesser extent, have a similar issue. These files on their own shouldn't present any issue, but at the same time, keeping them around doesn't make much sense either. There are three approaches to cleaning up legacy files automatically. During one-click upgrade One-click upgrades now have a special step for removing files that were present...

This week in addition to a bunch of bug fixes, we've also been doing a spot of housekeeping in our code. The following is quite technically heavy so if you're a non-developer, shield your eyes and read the less boring bits. Much wider usage for class strings As a reminder, XenForo 2.3 brings with it support for using native PHP class strings. For example, originally we used "class short names" to point to certain classes. While these were easy to write, it makes refactoring classes difficult, and you need these PHP doc comments to hint to code editors what object is ultimately returned in the code: /** @var \XF\Entity\User $user **/ $user = \XF::em()->create('XF:User'); Our preference going forwards is using class strings: $user =...

Security Fix Today we are advising all customers running XenForo that a potential security vulnerability has been identified. All affected customers running XenForo 2.3.0 should upgrade to XenForo 2.3.0 Release Candidate 1, including XenForo Media Gallery 2.3.0 Release Candidate 1 if needed. If you also have active installs of XenForo 2.2 or XenForo 2.1 you should refer to the earlier thread with details and patch. The issue relates to a potential cross-site request forgery and code injection vulnerability which could lead to a remote code execution (RCE) or cross-site scripting (XSS) exploit. XenForo extends thanks to independent security researcher, Egidio Romano (EgiX), working with SSD Secure Disclosure. We recommend doing a...

Security Fix Today we are advising all customers running XenForo that a potential security vulnerability has been identified. All affected customers should either upgrade to XenForo 2.1.15 or XenForo 2.2.16. If you are a XenForo Cloud customer, a fix has been rolled out automatically, and no further action is required to address this issue. If you are running a pre-release version of XenForo 2.3, you should follow the instructions in the announcement thread for the XenForo 2.3.0 Release Candidate 1 release. The issue relates to a potential cross-site request forgery and code injection vulnerability which could lead to a remote code execution (RCE) or cross-site scripting (XSS) exploit. XenForo extends thanks to independent security...

XenForo & Add-ons 2.3.0 Release Candidate 1 Released It's finally here, the first of a series of release candidates for the XenForo 2.3.0 stable release. We still have a bit more work to do and other changes and improvements in the pipeline but at this point the most serious bugs have been tackled and we don't expect many more releases before we can declare it is ready for a stable release. We strongly recommend anyone testing 2.3 during this pre-release period upgrade as each pre-release version is released. More specific details regarding bugs fixed in this release can be found in the resolved bugs forum. This is pre-release software. It is not officially supported. We do not recommend running it in production. Please remember...

XenForo 2.2.16 is now available for all licensed customers to download. We strongly recommend that all customers running previous versions of XenForo 2.2 upgrade to this release to benefit from increased stability. One-click upgrade to XenForo 2.2.16 Directly from your admin control panel If you are a XenForo Cloud customer, your upgrade will be scheduled automatically. Some of the changes in XF 2.2.16 include: Fix some issues with xf-dev:class-use-function to better support classes with class attributes and comments, or existing use function declarations. Fix persistent action indicator when using back/forward navigation Add _deleteFromSource method to support performing tasks right before entity deletion Skip logging IPs when...