Released 2x XenForo 2.3.0 Released Full | XenForo 2.3 ENXF 2.3.3

• Fix select-to-quote handler error on soft-deleted threads
• Ignore port if Redis host appears to be a file path
• Fix a few cases where hashes were concatenated instead of passed to router
• Fix flickering issue with JS icon renderer
• Fix expandable content transition class callback
• Use correct finder when looking up Stripe subscriber IDs
• Do not attempt to set RSS feed language if no language code is set
• Check if job table exists before attempting to sync structure
• Fix issues serializing nestable elements which contain unrelated lists
• Adjust some automatic alert read-marking behaviors
• Adjust offset of focus-visible tab outline
• Re-enable caching for tag edit overlay
• Fix error handling for fetching/creating PayPal products and plans
• Fix determining locale from language code for string manipulation
• Ensure points phrase is used in trending weights.
• Optimize string transliteration performance
• Override some missing phrases for token inputs.
• Reduce trending content widget queries
• Fix embedding Imgur galleries and applying JS states
• Romanize heading anchors
• Do not force romanization for category anchors
• Fix merging reactions with multiple source reactions from deleted users
• Do not cache report overlays
• Fix Tagify filtering out non-exact matches unexpectedly
• Set 1:1 aspect-ratio on connected account provider icons
• Use the editorButtonSelectedBg property for active editor button backgrounds
• Fix DM icon clipping on desktop Safari
• Fix phrase method casing in icon option handler
• Perform client-size image optimization even when no maximum image width/height is set
• Fix checking if Rocket Loader is disabled in the middle of an upgrade
• Throw an error when attempting to recursively load config file
• Fix string style property variations support for properties without assets enabled
• Prevent double logging of moderator changes for threads when editing first post
• Adjust width of inline time inputs
• Check private use TLDs when determining if a host is local
• Fix some issues with appending filter rows
• Use XF.setupHtmlInsert for filter AJAX responses
• Allow passing HTMLElement objects to alerts
• Fix support for alternative icon variants in custom BB codes
• Fix fetching default avatar when templater style is not set
• Address some phrases which reference conversations
• Handle unexpected values in cookie consent cookie

The following public templates have had changes:

• PAGE_CONTAINER
• account_banner
• app_nav.less
• conversation_message_macros
• core_block.less
• core_button.less
• core_input.less
• core_tab.less
• editor_override.less
• helper_js_global
• member_view
• passkeys_macros
• post_macros
• profile_post_macros
• tag_macros
• token_input

Where necessary, the merge system within the "outdated templates" page should be used to integrate these changes.

Security Fix​

Today we are advising all customers running XenForo that a potential security vulnerability has been identified. All affected customers running XenForo 2.3.0 should upgrade to XenForo 2.3.0 Release Candidate 1, including XenForo Media Gallery 2.3.0 Release Candidate 1 if needed.

If you also have active installs of XenForo 2.2 or XenForo 2.1 you should refer to the earlier thread with details and patch.

The issue relates to a potential cross-site request forgery and code injection vulnerability which could lead to a remote code execution (RCE) or cross-site scripting (XSS) exploit.

Shortly after the release of Release Candidate 1, we identified an issue related to editing node-like permissions. A very minor bug was surfaced by the changes today. Specifically one of our view class names was using a \ instead of a :

Due to a localised shortage of version numbers (we cannot increment the version to a patch release for release candidates) we have released Release Candidate 2 to address this.

The specific files with changes are:

• src/XF/Admin/Controller/Node.php
• src/XF/Admin/Controller/Permission.php

As we get ever closer to the fabled "release candidate" stage and the eventual stable release, today we are releasing the eighth beta for XenForo 2.3! Nothing particularly noteworthy this week other than a number of bug fixes.

We strongly recommend anyone testing 2.3 during this beta period upgrade as each beta version is released.

Welcome to 2.3.0 Beta 7! Since our last release we have been mostly focusing again on bug fixes and stability, though we do have an interesting change to note related to multibyte strings, specifically URL romanization. If available, we now use the intl extension and perform a multi-layered process for normalizing and transliterating strings. This is now much more intelligent as it handles some special cases for certain locales (based on the default language of the forum).

We also have a new option for controlling the output of emojis in URLs. You can leave them URL encoded, remove them, or convert them to a string based on the emoji name. This also requires the intl extension.

This week (and a bit) we have been extremely busy working towards that enticing milestone of a stable release. There's still a little while to go with a healthy number of bugs, feedback and other bits in our backlog that we'd like to work through, but each release represents a significant amount of effort and progress towards the end goal.

While we have mostly focused on bug fixes and other stability improvements, this has resulted in some notable changes which you should be aware of.

A new beta version released

Finally, the add-ons have some love ❤️ While there is the usual amount of bug fixes as we work hard to make XenForo 2.3 even more stable, this Beta in particular brings a number of new features to our official add-ons.

Today, we continue the, uh, trend of weekly beta releases for XenForo 2.3 with Beta 4. This release fixes a number of bugs found since the previous release, and adds support for trending content which you can read about right here.

In addition to the trending content widget we have also made the following notable changes:

• You can now log in to the admin control panel using your configured passkey.
• Changes to the job queueing system that allows a caller to create jobs with a specified priority.
• Webhook support for user upgrades.
• Separated XF.Cropbox from avatar.js into its own file, crop_box.js.

Today, we continue the beta stage of XenForo 2.3 with Beta 3, albeit a little later than originally planned This release fixes a number of bugs found since the previous release, and adds support for passwordless logins with passkeys which you can read about right here. There are a few known issues with passkeys at this point, particularly with hardware-based keys, so please check the bug reports forum if you run into anything.

We strongly recommend anyone testing 2.3 during this beta period upgrade as each beta version is released.

More specific details regarding bugs fixed in this release can be found in the resolved bugs forum.

This is beta software. It is not officially supported.
We do not recommend running it in production.

This is beta software. It is not officially supported.
We do not recommend running it in production.

Please remember that this is beta software. It contains known bugs and incomplete functionality. We do not recommend running beta software in a production environment, and support is limited at this time to questions here on the community forums.

Add-ons and custom styles may be broken after upgrading to 2.3. You must test your add-ons thoroughly or look for updates. Be especially careful with add-ons that cover similar features to ones that are added to 2.3; these may conflict with the core XenForo data. If data conflicts are found, they will need to be resolved in a new add-on release or by removing the add-on before upgrading to 2.3.

If you choose to run beta software, it is your responsibility to ensure that you make a backup of your data. We recommend you do this before attempting an upgrade. If in doubt, always do a test upgrade on a copy of your production data.