Ensure "View Older Results" link appears on last page of search results Ensure "No such recipient" bounce responses are classified as hard bounces Ensure "Account Closed" bounce responses are classified as hard bounces Ensure "Recipient not found" bounce responses are classified as hard bounces Ensure "mailbox is disabled" bounce responses are classified as hard bounces Ensure "not configured to receive" bounce responses are classified as hard bounces Prevent inet_pton() ValueError when IP address contains null bytes Use original Email object for error logging after DKIM signing to prevent undefined method error Skip array values during custom field multiselect validation to prevent Array to string conversion warning Normalize discouragement delay min/max values to prevent mt_rand() ValueError Suppress dns_get_record() warning during DKIM verification to prevent job crash on DNS failure Prevent alerts from being sent to banned users Correct OAuth2 token revocation to properly invalidate both access and refresh tokens Respect direction parameter for multi-column sort ordering in Finder Re-enable passkey button when WebAuthn registration or authentication is aborted Add missing bookmark_id index to xf_bookmark_label_use table Prevent accumulating whitespace in GenerateFinders CLI command on repeated runs Avoid exception-based flow control in getFinder for entity class resolution Set explicit working directory for sub-processes to prevent failure when CWD is inaccessible Prevent type error when custom field type changes with preserved values Include purchasable ID in Stripe product and plan ID generation ICODE=rich does not round-trip after editing a post Implement ContainableInterface and DatableInterface on various child content entities Create template when generating a route with xf-make:route[/CODE]
Today we are releasing XenForo 2.3.9 to address some potential security vulnerabilities that were recently reported to us. This version only includes security fixes and any bug fixes we previously said would make it to 2.3.9 have now been delayed until 2.3.10. It is now available for all licensed customers to download. We strongly recommend that all customers running previous versions of XenForo 2.3 upgrade to this release to benefit from increased stability. The issues identified are as follows: Prevention of a possible stored XSS (cross-site scripting) exploit related to BB code rendering (thank you to Antisocial) Prevention of a possible XSS exploit related to lightbox usage in posts (thank you UwU) Prevention of a possible RCE (remote code execution) exploit via authenticated, but malicious, admin users (thank you UwU) If you are a XenForo Cloud customer, fixes for these issues have been rolled out automatically, and no further action is required to address them. We recommend doing a full upgrade to resolve the issue, but a patch can be applied manually. See below for further details. Upload patch files​ Download 239-patch.zip Extract the .zip file Upload the contents of the upload directory to the root of your XenForo installation Rebuild master data by logging in to your install URL, or running xf:rebuild-master-data on the command line Note: If you decide to patch the files instead of doing full upgrades, your "File health check" will report these files as having "Unexpected contents". Because these files no longer contain the same contents your version of XF was shipped with, this is expected and can be safely ignored. As always, new releases of XenForo are free to download for all customers with active licenses, who may now grab the new version from the customer area or upgrade from your Admin control panel (Tools > Check for upgrades...).
The author sundermarkam has offered the item for free, you can now download it.
Download
This item was featured on Codesome
Last update:
09 March, 2026
Published:
27 January, 2026
Version:
Category:
![Google Play App Store [CMS] v2.0.9](https://www.codesome.net/files/items/mrlnbw6jayg5/jchzmFbWIPdpJDf_1769560161.webp)
