Xenforo - Xenforo - Updates | hrace009 Community ✅
Xenforo

Xenforo Xenforo 2.1.1

No permission to download
XenForo 2.1.1 is now available for all licensed customers to download. We recommend that all customers running previous versions of XenForo 2.1 upgrade to this release to benefit from increased stability.

We have also made some improvements to the importer framework. Notably it is now possible to perform a multi-process import in order to make better use of multi-core processors. If you run an import via the CLI and you add the --processes option with a value greater than 1, then multiple PHP processes will be used to perform the import, instead of a single CPU core being used as is the PHP default. Your results may vary, but with the number of processes set to equal the number of physical cores on a sufficiently powerful server, you should notice a significant increase in performance.

You can also run your import command with the new --finalize option which will run the finalize stage automatically after the data import has finished.

While we're talking about importers we should also point out that we are today also releasing XenForo Importers 1.2.0 with a new "Invision Community Forums" importer, XenForo Media Gallery 2.1.1 which reintroduces a number of importers originally included in XFMG 1.x and XenForo Resource Manager 2.1.1 which includes an XFRM to XFRM importer. See below for more information.

If you are upgrading from XenForo 2.1.0, please be aware that there is a new option called "Convert Markdown-style content to BB code" which is now disabled by default. If you would like to use Markdown-style formatting in your messages, you will need to enable this option first.

Other changes in XF 2.1.1 include:
The following public templates have had changes:
  • app_nav.less
  • app_sectionlinks.less
  • app_staffbar.less
  • bb_code.less
  • bb_code_preview.less
  • bookmark_edit
  • bookmark_macros
  • category_view
  • core_bbcode.less
  • core_block.less
  • core_contentrow.less
  • core_menu.less
  • core_pikaday.less
  • core_tab.less
  • editor.less
  • forum_post_thread
  • forum_view
  • google_analytics
  • member_macros
  • member_tooltip
  • member_view
  • PAGE_CONTAINER
  • poll_macros
  • prefix_input
  • register_form
  • register_macros
  • share_page_macros
  • structured_list.less
  • thread_list_macros
Where necessary, the merge system within the "outdated templates" page should be used to integrate these changes.

As always, new releases of XenForo are free to download for all customers with active licenses, who may now grab the new version from the customer area.

Note: add-ons, customizations and styles made for XenForo 1.x are not compatible with XenForo 2.x. If your site relies upon these for essential functionality, ensure that a XenForo 2 version exists before you start to upgrade. We strongly recommend you make a backup before attempting an upgrade.

Current Requirements

Please note that XenForo 2.1.x has higher system requirements than XenForo 1.x.

The following are minimum requirements:
  • PHP 5.6 or newer (PHP 7.3 recommended)
  • MySQL 5.5 and newer (Also compatible with MariaDB/Percona etc.)
  • All of the official add-ons require XenForo 2.1.
  • Enhanced Search requires at least Elasticsearch 2.0.
Installation and Upgrade Instructions for XenForo 2.1

Full details of how to install and upgrade XenForo can be found in the XenForo 2 Manual.

Note that when upgrading from XenForo 1.x, all add-ons will be disabled and style customizations will not be maintained. New versions of add-ons will need to be installed and customizations will need to be redone. We strongly recommended that you make a backup before attempting an upgrade. Once upgraded, you will not be able to downgrade without restoring from a backup.
Today, we are pleased to release XenForo 1.5.10. This release fixes several bugs and issues that were found since the release of 1.5.9.

Most importantly, this release includes a fix for a security issue that we found during internal testing. The issue is known as a server-side request forgery (SSRF). This could allow an attacker to use your server to bypass your server's firewall and make internal requests. Depending on the services found, this could lead to privilege escalation or remote code execution.

This is a potentially serious issue and we strongly recommend all customers follow one of the below methods to fix this security issue.


If you are running XenForo 1.4, please see the 1.4.13 announcement for a patch. If you are running XenForo 1.3 or older, you must upgrade to the latest 1.4 or 1.5 release to fix this issue.

If you are running XenForo Media Gallery 1.0, you must also follow the instructions in the XFMG 1.0.10 release announcement to fully patch this issue. If you are running XFMG 1.1.0 to 1.1.4, you must upgrade to a newer XFMG release. XFMG 1.1.5+ will be automatically fixed by following one of the steps below.

Method 1: Upgrade to the New Version (Recommended)

You may upgrade to XenForo 1.5.10 (or any subsequent version) to fix this issue. You should upgrade as you would to any other release. See further below in this announcement for more details on this release. If you take this approach, you should not apply the patch below.

Method 2: Install the Patch (for 1.5 Users)

Download the patch zip file attached to the end of this message. It contains 4 files:
  • library/XenForo/BbCode/Formatter/BbCode/AutoLink.php
  • library/XenForo/Helper/Http.php
  • library/XenForo/Helper/Url.php
  • library/XenForo/Model/ImageProxy.php
These 4 files should be uploaded to your server, overwriting the existing files of the same names.

Note that with this method there is no outward indication that the patch has been applied. We recommend upgrading if possible.

Other Changes in 1.5.10

Some of the bugs fixed in 1.5.10 include:
  • Add several language code/locale options for pages.
  • Fix a situation where white space may not be maintained 100% when pasting code/pre-formatted into the rich text editor.
  • Add a 1000 user limit to ignoring to prevent potential errors.
  • Ensure that poll resetting/deleting is logged correctly.
  • Automatically adjust uploaded image extensions to match their type (rather than throwing an error).
  • Change NoCaptcha requests to POST to prevent a possible regular expression failure.
  • Fix an issue with automatic vendor prefixing in the CSS when using @supports.
  • Fix a timezone related issue when displaying stats output.
  • Adjust the meta description of member profiles to handle missing components better.
  • Prevent an error in the phpBB 3.1 importer relating to timezones.
See the Resolved Bug Reports forum for further information.

The following templates have had changes:
  • member_view
Where necessary, the merge system within the "Outdated Templates" page should be used to integrate these changes.

Please note that we are now formally recommending that you upgrade to PHP 5.4 or newer. Our intention with XenForo 2.0 is to require PHP 5.4 or newer. If you are running PHP 5.3 or 5.2, you will receive a warning when installing or upgrading XenForo.

All customers with active licenses may now download the new version from the customer area.

Download XenForo 1.5.10
From the Licensed Customer Area


More Stable

This release follows our principle that third-point (x.x.X) releases should always be more stable than the preceding version, so for the most part you will not find new features in this release. Major new features will be reserved for second point versions (x.X.x).

Installation and Upgrade Instructions

Full details for how to install and upgrade XenForo can be found in the XenForo Manual.
Top