[XF Release] XenForo 2.2.14 Patch 2 Full NULL 2.2.14 Patch 2

XenForo 2.2.14 Released​

In addition to the usual slew of bug fixes and improvements, there are a few notable changes in this release.

Most compatibility issues between PHP 8.1 and 8.2 have been addressed. Remaining issues might trigger E_DEPRECATED warnings in the xf_error_log during debug mode, but these are generally non-critical and can be disregarded.

Previously, we allowed users to unsubscribe from emails through certain mail clients when the automated unsubscribe handler was configured. With the introduction of XenForo 2.2.14, we're implementing a new standard feature that processes unsubscribe requests via HTTP. This feature is activated by default and requires no additional configuration. Your current settings for email unsubscribing will not be altered. The recent updates include:

• Enhanced handling of the List-Unsubscribe header to support both mailto and HTTP methods.
• Automatic inclusion of the unsubscribe header in a broader range of outgoing emails, such as notifications for watched threads and activity summaries.
• A default-enabled option to send confirmation emails to users once their unsubscribe request is fulfilled.

In previous versions, add-on or style archives could escape their container directory and bypass subsequent validation checks. Exploiting this requires an administrator with the pertinent permissions to upload a maliciously-crafted archive. This has been addressed in XenForo 2.2.14. Thank you to Egidio Romano of Karma(In)Security for reporting this issue.

Work continues towards the next versions of XenForo. @Kier is now working full time on some exciting stuff for XenForo 3.0 while the rest of us are working towards getting XenForo 2.3 stable enough for a public beta release, in addition to the last few bells and whistles for both the core software and some enhancements to our official add-ons. Additionally, we plan to release one last update for XenForo 2.2, namely XenForo 2.2.15, which will incorporate significant fixes before we transition to primarily supporting XenForo 2.3.

Some of the changes in XF 2.2.14 include:

• Fix type hinting for extendClass
• Do not attempt to generate tag URLs without a valid tag
• Properly disable outbound IPv6 requests when PHP is not compiled with IPv6 support
• Improve audio mime-type detection
• Use sodium_bin2base64 over base64_encode when generating random strings.
• Update Twitter BB code media site to support x.com URLs and update some branding to X, rather than Twitter.
• Increase the size of the old_value and new_value columns in the xf_change_log table
• Properly throw an exception when failing to decode JSON for oEmbed
• Ensure tag pages have a canonical URL set
• Support custom URL portions for link forums
• Mark old_value and new_value fields as required in the change log entity
• Adjust regex for dialog loading to ensure consistency with BB code tag naming.
• Fix a number of emoji phrases
• Update braintree_api_keys_explain.txt phrase
• Update webmanifest orientation to use natural as this should derive from the system's settings.
• Highlight current style and language selections on chooser pages
• Always set thread RSS publication dates to the creation date of the thread
• Fix profile post/comment author alert reason API documentation
• Properly phrase the BB Code help page example
• Improve error handling when loading notifier services
• Extend notifier service class before calling createForJob static method
• Reduce lock contention when writing thread read records
• Provide a getter for class extensions, and check for class extensions before attempting to remove them
• Skip relative (dot) files when cleaning up temporary files
• Ensure prefix search constraints are lists of values
• Use a no-permission response when a user cannot be banned, and gracefully handle error responses without a proper error message
• Clarify that new SFS submissions will transmit an unhashed email address
• Properly capture array_unique results
• Add an index to the user ID column of the error log table
• Fix value of custom user titles in API responses
• Surely .u-spaceBefore is intended to apply the margin to the left
• Guard against null metadata in MySQL full-text searchs
• Do not display menus for selected tabs with no links
• Use a more efficient query when updating reaction caches for content
• Support filtering threads with forum type filters when using the API
• When rebuilding user group relations, skip falsey values
• Include support for embedding YouTube Live URLs
• Improve PHP 8.2 compatibility in vendor libraries
• Pass posterParams in the post reaction push template
• Attempt to support fb.watch URLs
• Only set descriptor suffix for Stripe card payments

Please note that XenForo 2.2 has higher system requirements than earlier versions.

The following are minimum requirements:

• PHP 7.0 or newer (PHP 8.2 recommended)
• MySQL 5.5 and newer (Also compatible with MariaDB/Percona etc.)
• All of the official add-ons require XenForo 2.2.
• Enhanced Search requires at least Elasticsearch 2.0.

An issue was identified with applying the new email unsubscribe header if both HTTP and email methods were enabled. We have released XenForo 2.2.14 Patch 1 to address this.

Sincere apologies. A further issue has been identified in which initial upgrades to 2.2.14 may have set the default 'http' option for the unsubscribe option incorrectly.

The latest patch will workaround this issue if you are affected.

Alternatively, going to Options > Email options in your admin control panel and setting the "Unsubscribe email handling" option as desired will fix the issue without needing to upgrade.