XenForo 2.2.7 ReleasedXenForo 2.2.7 is now available for all licensed customers to download. We strongly recommend that all customers running previous versions of XenForo 2.2 upgrade to this release to benefit from increased stability.
Notably, XenForo 2.2.7 includes a fix for a potentially significant issue surrounding IP address spoofing in very specific circumstances using previously trusted IP address ranges. Thanks to NamePros for taking the time to report this issue.
Directly from your admin control panel
If you are a XenForo Cloud customer, your upgrade will be scheduled automatically.
In addition to the usual bug fixes and improvements, there is a database schema change which may take significant time to perform. If you have a particularly large xf_attachment and xf_attachmet_data table (several million records) then we recommend performing a CLI upgrade.
XenForo 2.2.7 is also the first version to support cleaning up files that belong to uninstalled add-ons. You can read more about that here.
Some of the changes in XF 2.2.7 include:
- Update add-on list filter bar to use the correct prefix search phrase.
- Output XenForo version when running cmd.php --version or -V
- Change [MEDIA] BB code tag example to point to a valid video.
- Ensure the input element for token inputs inherit the expected font color.
- Disable caching for the birthdays member stat. The results could be different for each user depending on time zone so caching won't be effective.
- Workaround a browser quirk to do with sticky navigation and the staff bar when the border width is an odd number. This removes the bottom border entirely.
- Workaround an issue that could be caused by mail queue entries that fail to unserialize.
- Avoid n+1 queries when filtering profile posts from banned users in the find new system
- Patch loose string comparisons such as !$username and in_array($username, $usernames) that can result in unexpected behaviors when wierd strings are used.
- When permanently deleting threads, ensure associated records are deleted too
- When generating RSS feed entries for threads, set the guid attribute to the thread ID
- Only overwrite push notification opt-out preferences if the visitor has permission to use push notifications.
- Allow unassociated attachment deletion cutoff to be extended inline with draft save lifetime, plus refresh temporary attachments when saving a draft.
- Trim excess whitespace from the beginning of Font Awesome icon classes
- Fix compatibility issue with type checking when rendering prefixes
- Add a new registration default to control whether push notifications should be sent for new conversation messages.
- Fix an issue preventing guests from creating polls
- When updating content reactions, check if reactions actually exist in the cache
- Properly coerce URLs that may not begin with "www."
- Fix casing for the metadata logo URL phrase
- Don't allow retaining IDs when importing reaction content records
- Use correct type hint for the getTitle method in the Report entity
- When editing admin navigation items, properly save the development_only value
- Adjust the query for determining who should receive a report closure notification to only return distinct and non-zero user IDs
- If using PHP 7.1 or above, allow the image proxy to fetch and store webp images.
- Ensure control panel attachment manager date boundaries are inclusive
- Open off-canvas sub-navigation menu when tapping a heading with no link
- Do not attempt to query for uncached content permissions after the global cache has already been run
- Remove duplicated templates for node permissions management
- Support specifying multiple content types when rebuilding the search index
- Change "Edit own thread title" permission to "Edit own thread" as this permission allows multiple thread properties to be edited.
- Improve legibility of thread prompt placeholder on the title input while using a narrow display when creating a new thread.
- Do not offset the sticky submit row in overlays to account for bottom fixed notices that are behind the overlay.
- Hover variants based on saturate() won't work with greys or near greys, so let's focus on xf-intensify() instead, and raise the value somewhat to compensate for the loss of the hover saturate
- When merging users, carry over previous username change logs too.
- Remove redundant file existence check when loading templates
- Remove redundant file existence check when loading phrase groups
- When autolinking emails expand the range of word characters permitted in additional domain parts.
- Adjust Vimeo BB code media site to not match profile URLs unintentionally.
- Impose a limit on the maximum number of keywords that can be searched for (default: 1024) and allow XFES to fetch the max_clause_count configuration value where possible to avoid a shard exception.
- Steps to avoid accessing a Less mixin from one file defined in another. Move to setup.less but retain reference to the original for backwards compatibility for now.
- When unfurling URLs using unfurl.php ensure we're using the correct style for the user and passing in the default template params.
- Update timezone data
- Add Sri Lanka to the list of locales
- Handle a race condition where proxy images get pruned in the middle of a request more gracefully
- When moving the first post out of a thread with no other visible posts, correctly set the state of the new first post and original thread record
- Use the number of replies in a question thread as the number of answers instead
- Allow toggling the direction of date sort orders on user upgrade lists
- Avoid throwing an error when sending an activity summary that has a section title containing a dot.
- Resolve a number of rich text editor quirks when pasting various content.
- When fetching metadata from a URL improve checks to ensure we get a valid charset encoding where possible and prevent against an Error exception thrown if an invalid character set encoding is encountered.
- When copy/pasting content that contains quotes, tidy up the output and ensure it outputs correctly with the appropriate attributes to maintain quote author and content.
- When parsing a color string (such as for the metaThemeColor property usage) normalize the color to its hex value by default.
- When typing conversation recipients allow a min length value of 1 for single character usernames.
- Improve performance of the attachment manager when working with mind-boggling numbers of attachments
- Workaround a tooltip displaying potentially in the wrong language in the editor draft button drop down.
- Use text-shadow to give a stroke effect to usernames whilst avoiding a wrapping issue
- Remove reference to zxcvbn.min.js source mapping to avoid 404 error.
- Skip some parts of the _preSave method in Thread entity if thread does not have a forum.
- Prevent iconic labels from overflowing their container
- Introduce a code event for manipulating the current page cache ID
- When uninstalling content type data during an add-on uninstall set the attachment content_id to 0 as well as unassociated to avoid conflicts if reinstalling. The files will be cleaned up later.
The following public templates have had changes:
As always, new releases of XenForo are free to download for all customers with active licenses. You may now upgrade from your admin control panel or grab the new version from the customer area.
Current requirementsPlease note that XenForo 2.2 has higher system requirements than earlier versions.
The following are minimum requirements:
- PHP 7.0 or newer (PHP 8.0 recommended)
- MySQL 5.5 and newer (Also compatible with MariaDB/Percona etc.)
- All of the official add-ons require XenForo 2.2.
- Enhanced Search requires at least Elasticsearch 2.0.