Xenforo 2 Full - Compelling Community Platform

Xenforo 2 Full - Compelling Community Platform 2.2.15 Nulled

  • Join us to download any resource for free. You will be able to download or guest post.
    Sign Up Now
Hot on the heels of yesterday's XF 2.2.14 release and subsequent patches, we are today making XenForo 2.2.15 available for all licensed customers to download. We strongly recommend that all customers running previous versions of XenForo 2.2 upgrade to this release to benefit from increased stability, particularly if you already upgraded to XenForo 2.2.14.

As of this point, XenForo 2.2.14 and its patches are no longer available for download. We are still planning a final XF 2.2 release at some point around the release of XenForo 2.3!

Some of the changes in XF 2.2.15 include:
  • Avoid setting duplicate List-Unsubscribe headers.
  • Include first post QA schema items unconditionally.
  • Make outdated PHP version notice in admin control panel clearer.
  • Retain the original unsubscribeEmailAddress option for backwards compatibility.
  • New unsubscribeEmailHandling option to replace the new unsubscribeEmail option and conclusively fix issues arising from yesterday's XF 2.2.14 release.
  • Fix URL unfurls no longer unfurling.

Current requirements​

Please note that XenForo 2.2 has higher system requirements than earlier versions.

The following are minimum requirements:
  • PHP 7.0 or newer (PHP 8.2 recommended)
  • MySQL 5.5 and newer (Also compatible with MariaDB/Percona etc.)
  • All of the official add-ons require XenForo 2.2.
  • Enhanced Search requires at least Elasticsearch 2.0.
XenForo 2.2.13 is now available for all licensed customers to download. We strongly recommend that all customers running previous versions of XenForo 2.2 upgrade to this release to benefit from increased stability.

In addition to the fixes listed below, we have a few other aces up our sleeves this time around.

Full iOS PWA compatibility with push notification support​

iOS 16.4 finally introduced push notifications for iOS devices. To facilitate this, your members need to install your site as a PWA (by utilising the Add to Home Screen feature in Safari). XenForo 2.2.13 now satisfies all of the prerequisites for this to support push notifications which can be enabled by your members once they log in through the PWA and enable push notifications in their Preferences.

The PWA (progressive web app) has now been enhanced with additional gesture based or UI controls, including pull down to refresh and a floating back button.

Structured data metadata improvements​

With many thanks to Ryan Levering from Google we have made a number of improvements to structured data metadata. Structured data enriches the pages we output with additional information which enables Google and other search engines to better understand the structure of the information that is rendered. This helps Google provide rich search results and helps provide additional context to users who may find your content during their Google searches.

Support for OAuth authentication for Microsoft 365 business email accounts​

Microsoft has deprecated the ability to send emails over SMTP using traditional username/password authentication. This is similar to what Google did a while ago. In light of this we have now added an additional option when setting up either your email transport or automated mail handlers (automated unsubscribe/bounce handling) which will enable you to authenticate with OAuth.

Note: The set up for this is fairly complex, requiring you to set up an Azure Active Directory application within the Azure developer portal. There is a link to the documentation when setting this up.

If you are a XenForo Cloud customer, your upgrade will be scheduled automatically.

Some of the changes in XF 2.2.13 include:
  • Adjust several cookie third party identifiers
  • Fix simple cookie notice flash for guests
  • Update thread creation latest activity items when merging threads
  • Add null checks when we're inspecting the result of the getPhraseGroup method of the Phrase entity.
  • Add context to node permission list with node type icons.
  • Don't attempt to access getCookieThirdParties on payment providers which may no longer exist.
  • Update enable push option to reflect better browser support.
  • Check search permissions when displaying the 'Your content' link in the visitor menu
  • Restore "notes" phrase that was inadvertently deleted in the previous release
  • Avoid leaking the email address linked to an account that is using email two-step verification
  • Don't show the view more link on a member's recent content page for users who have no permissions to search
  • Ensure wrapper display HTML value has whitespace trimmed
  • Properly set custom titles when batch updating users
  • When adding/editing nodes, the description for the URL portion field now refers to nodes rather than forums
  • Fix a typo in the cookie_consent.cookie_description_dbWriteForced phrase
  • Replace MaxCDN with jsDelivr as the CDN for Twemojis
  • Ensure emojis are properly displayed in the chosen style
  • More consistently set content key across different content types
  • Fix error thrown when xf_consent cookie has an invalid value
  • Escape backslashes when escaping SQL like clauses
  • Do not prepare member stat results prior to caching
  • Fix some entity collection return type hints
  • Clamp input filterer float values
  • Attempt to prevent browsers from autofilling credentials in the find member widget
  • Rebuild permissions in batches to limit memory usage
  • Display an error when an invalid URL is used to test URL unfurling
  • Display content vote scores in LTR orientation
  • Make stream closing attempts more robust when working with abstract files
  • Fix type hint in Oembed subcontainer
  • Gracefully handle Redis mget failures
  • Only display flash message once when tags are edited
  • Fix max length attribute of custom warning title input
  • Perform validation on email address options
  • Allow restricting forum RSS results by prefix IDs
  • Do not attempt to decrement alert counters when a new alert is inserted
  • Fix behavior of falsy code event listener hints
  • Perform validation on error reply values
  • Always include search query arguments when building search links
  • Retain previous selection when changing poll votes
  • Improve notice controller/action criteria validation
  • Include support for embedding YouTube Live URLs
  • Check thread visibility before redirecting for invalid post links
  • Improve user IP lookup query performance
  • Make user entity timezone verification more robust
  • Remove dead code from vBulletin 5 authentication handler
  • currencyFormat was changed to allow figures with no decimals to show without decimal places, but to show the decimals if any were present. In doing so, we managed to kill the ability to specify the number of decimals. Oopsie. So now you can do that again, and you can also now specify -1 precision in order to prevent number_format from limiting or artificially extending the decimal places at all.
  • Update the intl-tl-input JS library
  • Fix CSS border radius shifting for RTL styling
  • Increase entropy of temporary directory name generation to reduce the likelihood of race conditions
  • Improve performance of \XF\Extension::resolveExtendedClassToRoot using an inverse lookup table
  • Correctly replace urlencoded CSRF token values before returning cached pages to fix an issue with Advanced cookie management.
  • Ensure that unsubscribing from emails also unsubscribes the user from activity summary emails
  • Support embedding YouTube videos from youtube-nocookie.com
  • Fix incorrect type hints in prefix and prompt group entities
The following public templates have had changes:
  • PAGE_CONTAINER
  • account_confirm_resend
  • account_connected_associate
  • account_details
  • account_email
  • account_request_password
  • account_two_step_authy_config
  • account_visitor_menu
  • app_body.less
  • app_content_vote.less
  • approval_item_user
  • approval_queue_macros
  • connected_account_macros
  • contact_form
  • content_vote_macros
  • core.less
  • core_button.less
  • core_list.less
  • custom_fields_macros
  • editor_base.less
  • email_stop_confirm
  • google_analytics
  • helper_js_global
  • lost_password_confirm
  • member_about
  • member_recent_content
  • member_view
  • member_warn
  • message_macros
  • notice_confirm_email
  • notice_email_bounce
  • poll_macros
  • post_macros
  • post_question_macros
  • register_confirm
  • register_connected_account
  • security_lock_resend
  • security_lock_reset
  • spam_cleaner
  • tag_macros
  • tel_box.less
  • two_step_email
  • widget_find_member
Where necessary, the merge system within the "outdated templates" page should be used to integrate these changes.

Current requirements​

Please note that XenForo 2.2 has higher system requirements than earlier versions.

The following are minimum requirements:
  • PHP 7.0 or newer (PHP 8.0 recommended)
  • MySQL 5.5 and newer (Also compatible with MariaDB/Percona etc.)
  • All of the official add-ons require XenForo 2.2.
  • Enhanced Search requires at least Elasticsearch 2.0.
XenForo 2.2.13 is now available for all licensed customers to download. We strongly recommend that all customers running previous versions of XenForo 2.2 upgrade to this release to benefit from increased stability.

In addition to the fixes listed below, we have a few other aces up our sleeves this time around.

Full iOS PWA compatibility with push notification support​

iOS 16.4 finally introduced push notifications for iOS devices. To facilitate this, your members need to install your site as a PWA (by utilising the Add to Home Screen feature in Safari). XenForo 2.2.13 now satisfies all of the prerequisites for this to support push notifications which can be enabled by your members once they log in through the PWA and enable push notifications in their Preferences.

The PWA (progressive web app) has now been enhanced with additional gesture based or UI controls, including pull down to refresh and a floating back button.

Structured data metadata improvements​

With many thanks to Ryan Levering from Google we have made a number of improvements to structured data metadata. Structured data enriches the pages we output with additional information which enables Google and other search engines to better understand the structure of the information that is rendered. This helps Google provide rich search results and helps provide additional context to users who may find your content during their Google searches.

Support for OAuth authentication for Microsoft 365 business email accounts​

Microsoft has deprecated the ability to send emails over SMTP using traditional username/password authentication. This is similar to what Google did a while ago. In light of this we have now added an additional option when setting up either your email transport or automated mail handlers (automated unsubscribe/bounce handling) which will enable you to authenticate with OAuth.

Note: The set up for this is fairly complex, requiring you to set up an Azure Active Directory application within the Azure developer portal. There is a link to the documentation when setting this up.

If you are a XenForo Cloud customer, your upgrade will be scheduled automatically.

Some of the changes in XF 2.2.13 include:
  • Adjust several cookie third party identifiers
  • Fix simple cookie notice flash for guests
  • Update thread creation latest activity items when merging threads
  • Add null checks when we're inspecting the result of the getPhraseGroup method of the Phrase entity.
  • Add context to node permission list with node type icons.
  • Don't attempt to access getCookieThirdParties on payment providers which may no longer exist.
  • Update enable push option to reflect better browser support.
  • Check search permissions when displaying the 'Your content' link in the visitor menu
  • Restore "notes" phrase that was inadvertently deleted in the previous release
  • Avoid leaking the email address linked to an account that is using email two-step verification
  • Don't show the view more link on a member's recent content page for users who have no permissions to search
  • Ensure wrapper display HTML value has whitespace trimmed
  • Properly set custom titles when batch updating users
  • When adding/editing nodes, the description for the URL portion field now refers to nodes rather than forums
  • Fix a typo in the cookie_consent.cookie_description_dbWriteForced phrase
  • Replace MaxCDN with jsDelivr as the CDN for Twemojis
  • Ensure emojis are properly displayed in the chosen style
  • More consistently set content key across different content types
  • Fix error thrown when xf_consent cookie has an invalid value
  • Escape backslashes when escaping SQL like clauses
  • Do not prepare member stat results prior to caching
  • Fix some entity collection return type hints
  • Clamp input filterer float values
  • Attempt to prevent browsers from autofilling credentials in the find member widget
  • Rebuild permissions in batches to limit memory usage
  • Display an error when an invalid URL is used to test URL unfurling
  • Display content vote scores in LTR orientation
  • Make stream closing attempts more robust when working with abstract files
  • Fix type hint in Oembed subcontainer
  • Gracefully handle Redis mget failures
  • Only display flash message once when tags are edited
  • Fix max length attribute of custom warning title input
  • Perform validation on email address options
  • Allow restricting forum RSS results by prefix IDs
  • Do not attempt to decrement alert counters when a new alert is inserted
  • Fix behavior of falsy code event listener hints
  • Perform validation on error reply values
  • Always include search query arguments when building search links
  • Retain previous selection when changing poll votes
  • Improve notice controller/action criteria validation
  • Include support for embedding YouTube Live URLs
  • Check thread visibility before redirecting for invalid post links
  • Improve user IP lookup query performance
  • Make user entity timezone verification more robust
  • Remove dead code from vBulletin 5 authentication handler
  • currencyFormat was changed to allow figures with no decimals to show without decimal places, but to show the decimals if any were present. In doing so, we managed to kill the ability to specify the number of decimals. Oopsie. So now you can do that again, and you can also now specify -1 precision in order to prevent number_format from limiting or artificially extending the decimal places at all.
  • Update the intl-tl-input JS library
  • Fix CSS border radius shifting for RTL styling
  • Increase entropy of temporary directory name generation to reduce the likelihood of race conditions
  • Improve performance of \XF\Extension::resolveExtendedClassToRoot using an inverse lookup table
  • Correctly replace urlencoded CSRF token values before returning cached pages to fix an issue with Advanced cookie management.
  • Ensure that unsubscribing from emails also unsubscribes the user from activity summary emails
  • Support embedding YouTube videos from youtube-nocookie.com
  • Fix incorrect type hints in prefix and prompt group entities
The following public templates have had changes:
  • PAGE_CONTAINER
  • account_confirm_resend
  • account_connected_associate
  • account_details
  • account_email
  • account_request_password
  • account_two_step_authy_config
  • account_visitor_menu
  • app_body.less
  • app_content_vote.less
  • approval_item_user
  • approval_queue_macros
  • connected_account_macros
  • contact_form
  • content_vote_macros
  • core.less
  • core_button.less
  • core_list.less
  • custom_fields_macros
  • editor_base.less
  • email_stop_confirm
  • google_analytics
  • helper_js_global
  • lost_password_confirm
  • member_about
  • member_recent_content
  • member_view
  • member_warn
  • message_macros
  • notice_confirm_email
  • notice_email_bounce
  • poll_macros
  • post_macros
  • post_question_macros
  • register_confirm
  • register_connected_account
  • security_lock_resend
  • security_lock_reset
  • spam_cleaner
  • tag_macros
  • tel_box.less
  • two_step_email
  • widget_find_member
Where necessary, the merge system within the "outdated templates" page should be used to integrate these changes.

Current requirements​

Please note that XenForo 2.2 has higher system requirements than earlier versions.

The following are minimum requirements:
  • PHP 7.0 or newer (PHP 8.0 recommended)
  • MySQL 5.5 and newer (Also compatible with MariaDB/Percona etc.)
  • All of the official add-ons require XenForo 2.2.
  • Enhanced Search requires at least Elasticsearch 2.0.
XenForo 2.2.13 is now available for all licensed customers to download. We strongly recommend that all customers running previous versions of XenForo 2.2 upgrade to this release to benefit from increased stability.

In addition to the fixes listed below, we have a few other aces up our sleeves this time around.

Full iOS PWA compatibility with push notification support​

iOS 16.4 finally introduced push notifications for iOS devices. To facilitate this, your members need to install your site as a PWA (by utilising the Add to Home Screen feature in Safari). XenForo 2.2.13 now satisfies all of the prerequisites for this to support push notifications which can be enabled by your members once they log in through the PWA and enable push notifications in their Preferences.

The PWA (progressive web app) has now been enhanced with additional gesture based or UI controls, including pull down to refresh and a floating back button.

Structured data metadata improvements​

With many thanks to Ryan Levering from Google we have made a number of improvements to structured data metadata. Structured data enriches the pages we output with additional information which enables Google and other search engines to better understand the structure of the information that is rendered. This helps Google provide rich search results and helps provide additional context to users who may find your content during their Google searches.

Support for OAuth authentication for Microsoft 365 business email accounts​

Microsoft has deprecated the ability to send emails over SMTP using traditional username/password authentication. This is similar to what Google did a while ago. In light of this we have now added an additional option when setting up either your email transport or automated mail handlers (automated unsubscribe/bounce handling) which will enable you to authenticate with OAuth.

Note: The set up for this is fairly complex, requiring you to set up an Azure Active Directory application within the Azure developer portal. There is a link to the documentation when setting this up.

If you are a XenForo Cloud customer, your upgrade will be scheduled automatically.

Some of the changes in XF 2.2.13 include:
  • Adjust several cookie third party identifiers
  • Fix simple cookie notice flash for guests
  • Update thread creation latest activity items when merging threads
  • Add null checks when we're inspecting the result of the getPhraseGroup method of the Phrase entity.
  • Add context to node permission list with node type icons.
  • Don't attempt to access getCookieThirdParties on payment providers which may no longer exist.
  • Update enable push option to reflect better browser support.
  • Check search permissions when displaying the 'Your content' link in the visitor menu
  • Restore "notes" phrase that was inadvertently deleted in the previous release
  • Avoid leaking the email address linked to an account that is using email two-step verification
  • Don't show the view more link on a member's recent content page for users who have no permissions to search
  • Ensure wrapper display HTML value has whitespace trimmed
  • Properly set custom titles when batch updating users
  • When adding/editing nodes, the description for the URL portion field now refers to nodes rather than forums
  • Fix a typo in the cookie_consent.cookie_description_dbWriteForced phrase
  • Replace MaxCDN with jsDelivr as the CDN for Twemojis
  • Ensure emojis are properly displayed in the chosen style
  • More consistently set content key across different content types
  • Fix error thrown when xf_consent cookie has an invalid value
  • Escape backslashes when escaping SQL like clauses
  • Do not prepare member stat results prior to caching
  • Fix some entity collection return type hints
  • Clamp input filterer float values
  • Attempt to prevent browsers from autofilling credentials in the find member widget
  • Rebuild permissions in batches to limit memory usage
  • Display an error when an invalid URL is used to test URL unfurling
  • Display content vote scores in LTR orientation
  • Make stream closing attempts more robust when working with abstract files
  • Fix type hint in Oembed subcontainer
  • Gracefully handle Redis mget failures
  • Only display flash message once when tags are edited
  • Fix max length attribute of custom warning title input
  • Perform validation on email address options
  • Allow restricting forum RSS results by prefix IDs
  • Do not attempt to decrement alert counters when a new alert is inserted
  • Fix behavior of falsy code event listener hints
  • Perform validation on error reply values
  • Always include search query arguments when building search links
  • Retain previous selection when changing poll votes
  • Improve notice controller/action criteria validation
  • Include support for embedding YouTube Live URLs
  • Check thread visibility before redirecting for invalid post links
  • Improve user IP lookup query performance
  • Make user entity timezone verification more robust
  • Remove dead code from vBulletin 5 authentication handler
  • currencyFormat was changed to allow figures with no decimals to show without decimal places, but to show the decimals if any were present. In doing so, we managed to kill the ability to specify the number of decimals. Oopsie. So now you can do that again, and you can also now specify -1 precision in order to prevent number_format from limiting or artificially extending the decimal places at all.
  • Update the intl-tl-input JS library
  • Fix CSS border radius shifting for RTL styling
  • Increase entropy of temporary directory name generation to reduce the likelihood of race conditions
  • Improve performance of \XF\Extension::resolveExtendedClassToRoot using an inverse lookup table
  • Correctly replace urlencoded CSRF token values before returning cached pages to fix an issue with Advanced cookie management.
  • Ensure that unsubscribing from emails also unsubscribes the user from activity summary emails
  • Support embedding YouTube videos from youtube-nocookie.com
  • Fix incorrect type hints in prefix and prompt group entities
The following public templates have had changes:
  • PAGE_CONTAINER
  • account_confirm_resend
  • account_connected_associate
  • account_details
  • account_email
  • account_request_password
  • account_two_step_authy_config
  • account_visitor_menu
  • app_body.less
  • app_content_vote.less
  • approval_item_user
  • approval_queue_macros
  • connected_account_macros
  • contact_form
  • content_vote_macros
  • core.less
  • core_button.less
  • core_list.less
  • custom_fields_macros
  • editor_base.less
  • email_stop_confirm
  • google_analytics
  • helper_js_global
  • lost_password_confirm
  • member_about
  • member_recent_content
  • member_view
  • member_warn
  • message_macros
  • notice_confirm_email
  • notice_email_bounce
  • poll_macros
  • post_macros
  • post_question_macros
  • register_confirm
  • register_connected_account
  • security_lock_resend
  • security_lock_reset
  • spam_cleaner
  • tag_macros
  • tel_box.less
  • two_step_email
  • widget_find_member
Where necessary, the merge system within the "outdated templates" page should be used to integrate these changes.

Current requirements​

Please note that XenForo 2.2 has higher system requirements than earlier versions.

The following are minimum requirements:
  • PHP 7.0 or newer (PHP 8.0 recommended)
  • MySQL 5.5 and newer (Also compatible with MariaDB/Percona etc.)
  • All of the official add-ons require XenForo 2.2.
  • Enhanced Search requires at least Elasticsearch 2.0.
  • Like
Reactions: Pascal Andresen
The following public templates have had changes:
  • PAGE_CONTAINER
  • _help_page_cookies
  • _media_site_embed_oembed
  • _media_site_legacy_embed
  • account_confirm_resend
  • account_security
  • app.less
  • app_inlinemod.less
  • approval_queue_macros
  • bookmark_macros
  • captcha
  • captcha_turnstile
  • contact_form
  • core_bbcode.less
  • core_utilities.less
  • editor_base.less
  • forum_post_quick_thread
  • forum_post_thread
  • google_analytics
  • helper_attach_upload
  • login
  • lost_password
  • misc_cookies
  • notice_cookies
  • notices.less
  • register_form
  • report_search
  • thread_list_macros
  • thread_reply
  • thread_view

Shortly after we released XenForo 2.2.10 we became aware of a number of minor issues that may have affected a number of customers.​


Therefore, today, we have released XenForo 2.2.10 Patch 1 to rectify these issues.

You may now upgrade from your admin control panel or grab the new version from the customer area.

XenForo Cloud customers who are running XF 2.2.10 will remain on XF 2.2.10 but the fixes have already been applied automatically.

XenForo 2.2.10 Released​

XenForo 2.2.10 is now available for all licensed customers to download. We strongly recommend that all customers running previous versions of XenForo 2.2 upgrade to this release to benefit from increased stability.

This version contains a fix for an issue whereby outgoing requests from the server running XenForo could be tricked into accessing web-accessible resources on the local network. The scope to exploit this issue is limited within the core and first-party add-ons.

2.2.10 will be one of the last releases of the 2.2.x series before we move 2.3.0 to beta, but we do have a handful of things coming late to 2.2.x before that happens, including some enhanced cookie consent features to comply with the ever-evolving field of privacy legislation, and some enhanced performance-boosting functionality for Entities and Finders for developers. More details on those soon.

Of course, 2.2 will continue to be supported and maintenance releases will be made periodically throughout the 2.3.0 beta process and as always we will issue patches and fixes for any critical issues in 2.2 even after 2.3 becomes our primary, supported version.

If you are a XenForo Cloud customer, your upgrade will be scheduled automatically. For self-hosted customers, read on...

One-click upgrade to XenForo 2.2.10

Directly from your admin control panel

Some of the changes in XF 2.2.10 include:
The following public templates have had changes:
  • core_block.less
  • poll_create
  • poll_edit
  • poll_macros
  • tag_macros
  • widget_forum_statistics
Where necessary, the merge system within the "outdated templates" page should be used to integrate these changes.

As always, new releases of XenForo are free to download for all customers with active licenses. You may now upgrade from your admin control panel or grab the new version from the customer area.

Current requirements​

Please note that XenForo 2.2 has higher system requirements than earlier versions.

The following are minimum requirements:
  • PHP 7.0 or newer (PHP 8.0 recommended)
  • MySQL 5.5 and newer (Also compatible with MariaDB/Percona etc.)
  • All of the official add-ons require XenForo 2.2.
  • Enhanced Search requires at least Elasticsearch 2.0.

Installation and upgrade instructions​

Full details of how to install and upgrade XenForo can be found in the XenForo 2 Manual. We strongly recommend upgrading directly from within your control panel.
  • Like
Reactions: Pascal Andresen

About us

  • Our community has been around from 2017 and pride ourselves on offering unbiased, critical discussion among people of all different backgrounds. Providing Free Resources to help newcomers/startups. We are working every day to make sure our community is one of the best.

Quick Navigation

User Menu