XenForo 2.3.0 Released Upgrade | XenForo 2.3 ENXF

Released 2x XenForo 2.3.0 Released Upgrade | XenForo 2.3 ENXF 2.3.3

No permission to download

The following public templates have had changes:
  • PAGE_CONTAINER
  • account_banner
  • app_nav.less
  • conversation_message_macros
  • core_block.less
  • core_button.less
  • core_input.less
  • core_tab.less
  • editor_override.less
  • helper_js_global
  • member_view
  • passkeys_macros
  • post_macros
  • profile_post_macros
  • tag_macros
  • token_input
Where necessary, the merge system within the "outdated templates" page should be used to integrate these changes.

The following public templates have had changes:
  • PAGE_CONTAINER
  • account_banner
  • app_nav.less
  • conversation_message_macros
  • core_block.less
  • core_button.less
  • core_input.less
  • core_tab.less
  • editor_override.less
  • helper_js_global
  • member_view
  • passkeys_macros
  • post_macros
  • profile_post_macros
  • tag_macros
  • token_input
Where necessary, the merge system within the "outdated templates" page should be used to integrate these changes.

Security Fix​

Today we are advising all customers running XenForo that a potential security vulnerability has been identified. All affected customers running XenForo 2.3.0 should upgrade to XenForo 2.3.0 Release Candidate 1, including XenForo Media Gallery 2.3.0 Release Candidate 1 if needed.

If you also have active installs of XenForo 2.2 or XenForo 2.1 you should refer to the earlier thread with details and patch.

The issue relates to a potential cross-site request forgery and code injection vulnerability which could lead to a remote code execution (RCE) or cross-site scripting (XSS) exploit.

Shortly after the release of Release Candidate 1, we identified an issue related to editing node-like permissions. A very minor bug was surfaced by the changes today. Specifically one of our view class names was using a \ instead of a :

Due to a localised shortage of version numbers (we cannot increment the version to a patch release for release candidates) we have released Release Candidate 2 to address this.

The specific files with changes are:
  • src/XF/Admin/Controller/Node.php
  • src/XF/Admin/Controller/Permission.php
Finally, the add-ons have some love ❤️ While there is the usual amount of bug fixes as we work hard to make XenForo 2.3 even more stable, this Beta in particular brings a number of new features to our official add-ons.
  • Like
Reactions: habukhan
Today, we continue the, uh, trend of weekly beta releases for XenForo 2.3 with Beta 4. This release fixes a number of bugs found since the previous release, and adds support for trending content which you can read about right here.

In addition to the trending content widget we have also made the following notable changes:
  • You can now log in to the admin control panel using your configured passkey.
  • Changes to the job queueing system that allows a caller to create jobs with a specified priority.
  • Webhook support for user upgrades.
  • Separated XF.Cropbox from avatar.js into its own file, crop_box.js.
  • Like
Reactions: habukhan and warz
Today, we continue the beta stage of XenForo 2.3 with Beta 3, albeit a little later than originally planned This release fixes a number of bugs found since the previous release, and adds support for passwordless logins with passkeys which you can read about right here. There are a few known issues with passkeys at this point, particularly with hardware-based keys, so please check the bug reports forum if you run into anything.

We strongly recommend anyone testing 2.3 during this beta period upgrade as each beta version is released.

More specific details regarding bugs fixed in this release can be found in the resolved bugs forum.

This is beta software. It is not officially supported.
We do not recommend running it in production.
Top