XenForo 2.2.10 is now available for all licensed customers to download. We strongly recommend that all customers running previous versions of XenForo 2.2 upgrade to this release to benefit from increased stability.
This version contains a fix for an issue whereby outgoing requests from the server running XenForo could be tricked into accessing web-accessible resources on the local network. The scope to exploit this issue is limited within the core and first-party add-ons.
2.2.10 will be one of the last releases of the 2.2.x series before we move 2.3.0 to beta, but we do have a handful of things coming late to 2.2.x before that happens, including some enhanced cookie consent features to comply with the ever-evolving field of privacy legislation, and some enhanced performance-boosting functionality for Entities and Finders for developers. More details on those soon.
Of course, 2.2 will continue to be supported and maintenance releases will be made periodically throughout the 2.3.0 beta process and as always we will issue patches and fixes for any critical issues in 2.2 even after 2.3 becomes our primary, supported version.
If you are a XenForo Cloud customer, your upgrade will be scheduled automatically. For self-hosted customers, read on...
Some of the changes in XF 2.2.10 include:
- Require values for old/new changelog values
- Properly handle null values within the Arr::stringToArray() function
- Remove extraneous space when generating a one-time password URL
- Support rebuilding daily stats from the command line
- Add additional indexes for the active and expired user upgrade tables
- Remove superfluous code setting aria-label for tooltips
- Add lazy loading attribute to resource icons
- Pass an index hint when performing certain IP lookups