Today, we are releasing XenForo 2.2.17 to address a potential security vulnerability. We recommend that all customers running XenForo 2.2 upgrade to 2.2.17 or use the patch instructions below as soon as possible.
Notes:
a. XenForo 2.3.1 and above is not affected by this issue. If you are still running XenForo 2.3.0 you should upgrade to the latest release or apply the patch below.
b. The few XenForo Cloud customers still running XenForo 2.2 have been patched automatically.
The issue relates to a potential redirection exploit using a specially crafted URL.
We recommend doing a full upgrade to resolve the issues, but a patch can be applied manually. See below for further details.
Applying a patch manually
Method 1: manually editing...
Have you seen...?
This forum spotlights some of XenForo's interesting features. Spotlights on features in upcoming releases will be posted here.