- Compatible XF 2.x versions
- 2.3
- Additional requirements
- PHP 7.2 or newer (PHP 8.3 recommended)
MySQL 5.7 and newer (Also compatible with MariaDB/Percona etc.)
All of the official add-ons require XenForo 2.3.
Enhanced Search requires at least Elasticsearch 7.2.
We recommend doing a full upgrade to resolve the issue, but a patch can be applied manually.
XenForo is a powerful and modern forum software, specifically designed for building online communities. It is based on PHP and MySQL and is known for its high performance, security, and customization. XenForo's clean user interface and smooth user experience are suitable for new and experienced users alike.
XenForo includes advanced features such as Enhanced Search , Media Gallery , Resource Manager , and Importers , which make community management easier and more efficient. In addition, it can be customized to any type of forum or discussion platform with powerful add-on and theme support.
Security Fix-Focused Release
XenForo 2.3.9 is primarily a security patch release, not a feature-packed update. The XenForo team has explicitly stated that this version was released to address reported vulnerabilities, and most non-security bug fixes originally planned for 2.3.9 have been postponed to 2.3.10.
What's Included
The update includes fixes for several potential security issues:- Prevention of a possible stored XSS (cross-site scripting) exploit related to BB code rendering.
- Prevention of a possible XSS exploit in lightbox usage in posts.
- Prevention of a possible RCE (remote code execution) vulnerability involving authenticated (but malicious) admin users.
These changes make it important to upgrade from earlier 2.3.x versions for improved security and increased stability.
Templates Updates
A few public template files have been changed to support these fixes:- attachment_macros
- bb_code_tag_attach
- lightbox_macros
Merge these updated templates via the outdated templates page in your Admin Control Panel if prompted after the upgrade.
