Released 2x XenForo 2.3.0 Released Full | XenForo 2.3 ENXF 2.3.7

reupload fix error api and hash file

Some of the changes in XF 2.3.7 include:

• Escape select input option labels
• Improve supported EXIF data when client-side image resizing is enabled
• Allow fetching forum prefixes even without node permissions
• Normalize entity manager repository cache keys
• Fix IPv6 binary to string expansion
• Fix appearance of member tooltip on recent Safari versions
• Use text structured data field for DiscussionForumPosting content
• Require confirmation for linking connected accounts
• Suppress logging of normal connected account exceptions
• Clear site cache data when logging out
• Move XF.SolutionEditClick into action.js to resolve dependency issues
• Fix carousel margin on RTL languages
• Expand global email template parameters
• Adjust wording of account approval phrases
• Improve typing of repository find methods
• Fix issue with missing verbosity when casting collections to webhook results.
• Avoid logging errors when IndexNow is having intermittent issues
• Delete related user alerts when a trophy is deleted
• Add support for viewing and revoking a user's authorised applications from the admin panel
• Handle nulls and empty-evaluated strings properly
• Detect Google Inspection Tool crawler
• No longer create user fields by default during install.
• Fix manual video thumbnail generation on iOS
• Remove legacy Imagick GIF optimization technique
• Display search suggestions properly when results contain guest content
• Fix lift ban link on ban edit page
• Render all activity summary display values in the user language
• Set default Accept-Language header in outgoing HTTP requests
• Allow overriding avatar usernames when a user is specified
• Fix generated entity type hints for JSON columns

• Fix select-to-quote handler error on soft-deleted threads
• Ignore port if Redis host appears to be a file path
• Fix a few cases where hashes were concatenated instead of passed to router
• Fix flickering issue with JS icon renderer
• Fix expandable content transition class callback
• Use correct finder when looking up Stripe subscriber IDs
• Do not attempt to set RSS feed language if no language code is set
• Check if job table exists before attempting to sync structure
• Fix issues serializing nestable elements which contain unrelated lists
• Adjust some automatic alert read-marking behaviors
• Adjust offset of focus-visible tab outline
• Re-enable caching for tag edit overlay
• Fix error handling for fetching/creating PayPal products and plans
• Fix determining locale from language code for string manipulation
• Ensure points phrase is used in trending weights.
• Optimize string transliteration performance
• Override some missing phrases for token inputs.
• Reduce trending content widget queries
• Fix embedding Imgur galleries and applying JS states
• Romanize heading anchors
• Do not force romanization for category anchors
• Fix merging reactions with multiple source reactions from deleted users
• Do not cache report overlays
• Fix Tagify filtering out non-exact matches unexpectedly
• Set 1:1 aspect-ratio on connected account provider icons
• Use the editorButtonSelectedBg property for active editor button backgrounds
• Fix DM icon clipping on desktop Safari
• Fix phrase method casing in icon option handler
• Perform client-size image optimization even when no maximum image width/height is set
• Fix checking if Rocket Loader is disabled in the middle of an upgrade
• Throw an error when attempting to recursively load config file
• Fix string style property variations support for properties without assets enabled
• Prevent double logging of moderator changes for threads when editing first post
• Adjust width of inline time inputs
• Check private use TLDs when determining if a host is local
• Fix some issues with appending filter rows
• Use XF.setupHtmlInsert for filter AJAX responses
• Allow passing HTMLElement objects to alerts
• Fix support for alternative icon variants in custom BB codes
• Fix fetching default avatar when templater style is not set
• Address some phrases which reference conversations
• Handle unexpected values in cookie consent cookie

The following public templates have had changes:

• PAGE_CONTAINER
• account_banner
• app_nav.less
• conversation_message_macros
• core_block.less
• core_button.less
• core_input.less
• core_tab.less
• editor_override.less
• helper_js_global
• member_view
• passkeys_macros
• post_macros
• profile_post_macros
• tag_macros
• token_input

Where necessary, the merge system within the "outdated templates" page should be used to integrate these changes.

Security Fix​

Today we are advising all customers running XenForo that a potential security vulnerability has been identified. All affected customers running XenForo 2.3.0 should upgrade to XenForo 2.3.0 Release Candidate 1, including XenForo Media Gallery 2.3.0 Release Candidate 1 if needed.

If you also have active installs of XenForo 2.2 or XenForo 2.1 you should refer to the earlier thread with details and patch.

The issue relates to a potential cross-site request forgery and code injection vulnerability which could lead to a remote code execution (RCE) or cross-site scripting (XSS) exploit.

Shortly after the release of Release Candidate 1, we identified an issue related to editing node-like permissions. A very minor bug was surfaced by the changes today. Specifically one of our view class names was using a \ instead of a :

Due to a localised shortage of version numbers (we cannot increment the version to a patch release for release candidates) we have released Release Candidate 2 to address this.

The specific files with changes are:

• src/XF/Admin/Controller/Node.php
• src/XF/Admin/Controller/Permission.php

As we get ever closer to the fabled "release candidate" stage and the eventual stable release, today we are releasing the eighth beta for XenForo 2.3! Nothing particularly noteworthy this week other than a number of bug fixes.

We strongly recommend anyone testing 2.3 during this beta period upgrade as each beta version is released.

Welcome to 2.3.0 Beta 7! Since our last release we have been mostly focusing again on bug fixes and stability, though we do have an interesting change to note related to multibyte strings, specifically URL romanization. If available, we now use the intl extension and perform a multi-layered process for normalizing and transliterating strings. This is now much more intelligent as it handles some special cases for certain locales (based on the default language of the forum).

We also have a new option for controlling the output of emojis in URLs. You can leave them URL encoded, remove them, or convert them to a string based on the emoji name. This also requires the intl extension.

This week (and a bit) we have been extremely busy working towards that enticing milestone of a stable release. There's still a little while to go with a healthy number of bugs, feedback and other bits in our backlog that we'd like to work through, but each release represents a significant amount of effort and progress towards the end goal.

While we have mostly focused on bug fixes and other stability improvements, this has resulted in some notable changes which you should be aware of.

A new beta version released

Finally, the add-ons have some love ❤️ While there is the usual amount of bug fixes as we work hard to make XenForo 2.3 even more stable, this Beta in particular brings a number of new features to our official add-ons.

Today, we continue the, uh, trend of weekly beta releases for XenForo 2.3 with Beta 4. This release fixes a number of bugs found since the previous release, and adds support for trending content which you can read about right here.

In addition to the trending content widget we have also made the following notable changes:

• You can now log in to the admin control panel using your configured passkey.
• Changes to the job queueing system that allows a caller to create jobs with a specified priority.
• Webhook support for user upgrades.
• Separated XF.Cropbox from avatar.js into its own file, crop_box.js.