Xenforo 2.2x

Some of the changes in XF 2.2.13 include:

Adjust several cookie third party identifiers
Fix simple cookie notice flash for guests
Update thread creation latest activity items when merging threads
Add null checks when we're inspecting the result of the getPhraseGroup method of the Phrase entity.
Add context to node permission list with node type icons.
Don't attempt to access getCookieThirdParties on payment providers which may no longer exist.
Update enable push option to reflect better browser support.
Check search permissions when displaying the 'Your content' link in the visitor menu
Restore "notes" phrase that was inadvertently deleted in the previous release
Avoid leaking the email address linked to an account that is using email two-step verification
Don't show the view more link on a member's recent content page for users who have no permissions to search
Ensure wrapper display HTML value has whitespace trimmed
Properly set custom titles when batch updating users
When adding/editing nodes, the description for the URL portion field now refers to nodes rather than forums
Fix a typo in the cookie_consent.cookie_description_dbWriteForced phrase
Replace MaxCDN with jsDelivr as the CDN for Twemojis
Ensure emojis are properly displayed in the chosen style
More consistently set content key across different content types
Fix error thrown when xf_consent cookie has an invalid value
Escape backslashes when escaping SQL like clauses
Do not prepare member stat results prior to caching
Fix some entity collection return type hints
Clamp input filterer float values
Attempt to prevent browsers from autofilling credentials in the find member widget
Rebuild permissions in batches to limit memory usage
Display an error when an invalid URL is used to test URL unfurling
Display content vote scores in LTR orientation
Make stream closing attempts more robust when working with abstract files
Fix type hint in Oembed subcontainer
Gracefully handle Redis mget failures
Only display flash message once when tags are edited
Fix max length attribute of custom warning title input
Perform validation on email address options
Allow restricting forum RSS results by prefix IDs
Do not attempt to decrement alert counters when a new alert is inserted
Fix behavior of falsy code event listener hints
Perform validation on error reply values
Always include search query arguments when building search links
Retain previous selection when changing poll votes
Improve notice controller/action criteria validation
Include support for embedding YouTube Live URLs
Check thread visibility before redirecting for invalid post links
Improve user IP lookup query performance
Make user entity timezone verification more robust
Remove dead code from vBulletin 5 authentication handler
currencyFormat was changed to allow figures with no decimals to show without decimal places, but to show the decimals if any were present. In doing so, we managed to kill the ability to specify the number of decimals. Oopsie. So now you can do that again, and you can also now specify -1 precision in order to prevent number_format from limiting or artificially extending the decimal places at all.
Update the intl-tl-input JS library
Fix CSS border radius shifting for RTL styling
Increase entropy of temporary directory name generation to reduce the likelihood of race conditions
Improve performance of \XF\Extension::resolveExtendedClassToRoot using an inverse lookup table
Correctly replace urlencoded CSRF token values before returning cached pages to fix an issue with Advanced cookie management.
Ensure that unsubscribing from emails also unsubscribes the user from activity summary emails
Support embedding YouTube videos from youtube-nocookie.com
Fix incorrect type hints in prefix and prompt group entities
The following public templates have had changes:

PAGE_CONTAINER
account_confirm_resend
account_connected_associate
account_details
account_email
account_request_password
account_two_step_authy_config
account_visitor_menu
app_body.less
app_content_vote.less
approval_item_user
approval_queue_macros
connected_account_macros
contact_form
content_vote_macros
core.less
core_button.less
core_list.less
custom_fields_macros
editor_base.less
email_stop_confirm
google_analytics
helper_js_global
lost_password_confirm
member_about
member_recent_content
member_view
member_warn
message_macros
notice_confirm_email
notice_email_bounce
poll_macros
post_macros
post_question_macros
register_confirm
register_connected_account
security_lock_resend
security_lock_reset
spam_cleaner
tag_macros
tel_box.less
two_step_email
widget_find_member
Where necessary, the merge system within the "outdated templates" page should be used to integrate these changes.
As always, new releases of XenForo are free to download for all customers with active licenses. You may now upgrade from your admin control panel or grab the new version from the customer area.
Current requirements
Please note that XenForo 2.2 has higher system requirements than earlier versions.
The following are minimum requirements:

PHP 7.0 or newer (PHP 8.0 recommended)
MySQL 5.5 and newer (Also compatible with MariaDB/Percona etc.)
All of the official add-ons require XenForo 2.2.
Enhanced Search requires at least Elasticsearch 2.0.

OzzModz News Tickers 2.2.1

We're pleased to announce the introduction of two new features available in XenForo 2.2.12.
New CAPTCHA provider: Cloudflare Turnstile
In September, Cloudflare Turnstile was announced. You may have noticed that we quickly implemented this into the software and it has been running here now for a little while.
While on the surface this may seem like "just another CAPTCHA" option, we feel that Cloudflare has gotten a lot of things right in its approach to this product that is missing from many other providers including HCaptcha and Google reCAPTCHA. It's a much better experience for your users, respects your users privacy and with XF 2.2.12 also provides more granular logging in the Cloudflare dashboard so you can see analytics about where in the software a CAPTCHA is being used.
We encourage you to read more about Cloudflare Turnstile on their blog and consider signing your site up, for free, right here or if you are an existing Cloudflare user, get started in your Cloudflare dashboard.
Advanced cookie consent system
Starting with XF 2.2.12 you will be able to enable a new "Advanced" cookie consent system. This enables your users to have much more granular control over the specific cookies that are set, the purpose of each cookie and prevents certain cookies from being set at all until explicit consent is given.
As ever, this system is also extendable by add-on developers so that cookies set by an add-on can be appropriately categorised and also require consent before certain functionality is available.
This is not enabled by default and should currently be considered a Beta feature. If you wish to enable it, you can do so by searching for the cookieConsent option in your Admin control panel and setting the option to "Advanced". 
 
The following public templates have had changes:
PAGE_CONTAINER _help_page_cookies _media_site_embed_oembed _media_site_legacy_embed account_confirm_resend account_security app.less app_inlinemod.less approval_queue_macros bookmark_macros captcha captcha_turnstile contact_form core_bbcode.less core_utilities.less editor_base.less forum_post_quick_thread forum_post_thread google_analytics helper_attach_upload login lost_password misc_cookies notice_cookies notices.less register_form report_search thread_list_macros thread_reply thread_view Where necessary, the merge system within the "outdated templates" page should be used to integrate these changes.
 
Current requirements
Please note that XenForo 2.2 has higher system requirements than earlier versions.
The following are minimum requirements: PHP 7.0 or newer (PHP 8.0 recommended) MySQL 5.5 and newer (Also compatible with MariaDB/Percona etc.) All of the official add-ons require XenForo 2.2. Enhanced Search requires at least Elasticsearch 2.0.

We're pleased to announce the introduction of two new features available in XenForo 2.2.12.
New CAPTCHA provider: Cloudflare Turnstile
In September, Cloudflare Turnstile was announced. You may have noticed that we quickly implemented this into the software and it has been running here now for a little while.
While on the surface this may seem like "just another CAPTCHA" option, we feel that Cloudflare has gotten a lot of things right in its approach to this product that is missing from many other providers including HCaptcha and Google reCAPTCHA. It's a much better experience for your users, respects your users privacy and with XF 2.2.12 also provides more granular logging in the Cloudflare dashboard so you can see analytics about where in the software a CAPTCHA is being used.
We encourage you to read more about Cloudflare Turnstile on their blog and consider signing your site up, for free, right here or if you are an existing Cloudflare user, get started in your Cloudflare dashboard.
Advanced cookie consent system
Starting with XF 2.2.12 you will be able to enable a new "Advanced" cookie consent system. This enables your users to have much more granular control over the specific cookies that are set, the purpose of each cookie and prevents certain cookies from being set at all until explicit consent is given.
As ever, this system is also extendable by add-on developers so that cookies set by an add-on can be appropriately categorised and also require consent before certain functionality is available.
This is not enabled by default and should currently be considered a Beta feature. If you wish to enable it, you can do so by searching for the cookieConsent option in your Admin control panel and setting the option to "Advanced". 
 
The following public templates have had changes:
PAGE_CONTAINER _help_page_cookies _media_site_embed_oembed _media_site_legacy_embed account_confirm_resend account_security app.less app_inlinemod.less approval_queue_macros bookmark_macros captcha captcha_turnstile contact_form core_bbcode.less core_utilities.less editor_base.less forum_post_quick_thread forum_post_thread google_analytics helper_attach_upload login lost_password misc_cookies notice_cookies notices.less register_form report_search thread_list_macros thread_reply thread_view Where necessary, the merge system within the "outdated templates" page should be used to integrate these changes.
 
Current requirements
Please note that XenForo 2.2 has higher system requirements than earlier versions.
The following are minimum requirements: PHP 7.0 or newer (PHP 8.0 recommended) MySQL 5.5 and newer (Also compatible with MariaDB/Percona etc.) All of the official add-ons require XenForo 2.2. Enhanced Search requires at least Elasticsearch 2.0.
 

The XenForo Media Gallery is an add-on that allows you and your users to create galleries of images, videos, and audio in your forum, organized into admin-defined categories or user-created albums.
Media categories
Media will be placed into individual categories that are organized into a tree. In this regard, they are very similar to the node tree.
A category may be one of three types:
Container only: these categories will not contain media or albums, instead serving to organize sub-categories. Albums only: in these categories, users will create albums that can contain one or more media items. When the category is viewed, there will be one entry for each album. Media items only: media will be added directly to these categories and not organized into albums. Each media item will be displayed directly when viewing the category. If your users are likely to upload a number of related pictures (such as from a single event), you will likely want to use album categories. Note that the category type cannot be changed unless the category is empty.
Media fields
Custom media fields allow you to define additional structured fields for users to fill in when creating a thread. These are similar to custom thread fields.
Media fields can be displayed in one of several locations:
Below media item: this will be displayed in the box below the media, with the title and author info. Bottom of media info block: in the sidebar opposite the comments, in the media information block. Extra info block: in the sidebar opposite the comments, in a new Extra information block. New sidebar block: in its own sidebar block, using the custom field's name as the header. Permissions
The Media Gallery adds a number of new permissions. When installed, reasonable defaults are selected based on existing permissions. However, you should confirm that the permissions meet your needs and that your moderators have the permissions you want.
Options
The Media Gallery's options can be found in the XenForo media gallery option group.

Today, we are releasing XenForo 2.2.11 to address a potential security vulnerability. We recommend that all customers running XenForo 2.2 upgrade to 2.2.11 or use the attached patch file as soon as possible.
The issue relates to HTML attribute injection which can be triggered when rendering editor content, such as when a post is edited or quoted

The XenForo Resource Manager is an add-on that allows you to manage resources such as files and tutorials or other article-like content along side your normal forum. The aim is allow content such as files to be listed with a focus on the initial content rather than discussion surrounding it. It can be purchased from XenForo.com directly.

Shortly after we released XenForo 2.2.10 we became aware of a number of minor issues that may have affected a number of customers.
Therefore, today, we have released XenForo 2.2.10 Patch 1 to rectify these issues.

XenForo 2.2.10 Released
XenForo 2.2.10 is now available for all licensed customers to download. We strongly recommend that all customers running previous versions of XenForo 2.2 upgrade to this release to benefit from increased stability.
This version contains a fix for an issue whereby outgoing requests from the server running XenForo could be tricked into accessing web-accessible resources on the local network. The scope to exploit this issue is limited within the core and first-party add-ons.
2.2.10 will be one of the last releases of the 2.2.x series before we move 2.3.0 to beta, but we do have a handful of things coming late to 2.2.x before that happens, including some enhanced cookie consent features to comply with the ever-evolving field of privacy legislation, and some enhanced performance-boosting functionality for Entities and Finders for developers. More details on those soon.
Of course, 2.2 will continue to be supported and maintenance releases will be made periodically throughout the 2.3.0 beta process and as always we will issue patches and fixes for any critical issues in 2.2 even after 2.3 becomes our primary, supported version.
Some of the changes in XF 2.2.10 include:
Require values for old/new changelog values
Properly handle null values within the Arr::stringToArray() function
Remove extraneous space when generating a one-time password URL
Support rebuilding daily stats from the command line
Add additional indexes for the active and expired user upgrade tables
Remove superfluous code setting aria-label for tooltips
Add lazy loading attribute to resource icons
Pass an index hint when performing certain IP lookups
The following public templates have had changes:
core_block.less
poll_create
poll_edit
poll_macros
tag_macros
widget_forum_statistics
Where necessary, the merge system within the "outdated templates" page should be used to integrate these changes.
Current requirements
Please note that XenForo 2.2 has higher system requirements than earlier versions.
The following are minimum requirements:
PHP 7.0 or newer (PHP 8.0 recommended)
MySQL 5.5 and newer (Also compatible with MariaDB/Percona etc.)
All of the official add-ons require XenForo 2.2.
Enhanced Search requires at least Elasticsearch 2.0.
Installation and upgrade instructions
Full details of how to install and upgrade XenForo can be found in the XenForo 2 Manual. We strongly recommend upgrading directly from within your control panel.

Shortly after releasing 2.2.8, we became aware of an issue that may affect the expected operation of the image proxy system which may cause cached images to no longer refresh as expected.
Change Log
Do not wrap iconic inputs when directly adjacent to other inline items
Generate PhpStorm metadata for validator classes
Optionally normalize a URL passed into getRoutePathFromUrl to exclude the script part of the URL if it is passed in.
Fix further JavaScript regression in editor.js that affected older browsers.
Fix undefined variable $option when failing to refresh an OAuth email access token.
If the location field is required at registration, indicate so on the account details page
Correctly mark Applebot as a robot
Fix the type hint in AbstractDriver for the imageFromFile method
Ensure report comments are ordered consistently
Allow API thread filtering by prefix_id when the specific forum is unknown
Add support for podcast episodes to the Spotify BB code media site
Adjust the way answers are counted and represented within the JSON-LD schema for question threads
If the forum used for reports is deleted, revert back to using the report centre
Throw a prettier error if downloading an XF upgrade package fails
When sending a payment receipt for user upgrades, display the price paid and not the current price of the user upgrade
Fix an issue preventing numeric custom fields from being searched
Remove itemprop attribute from the fnUsernameLink templater function
Silence errors when a template doesn't exist
Patch a regression in Froala which caused images inside clipboard data to no longer be uploaded as expected.
Consistently nest date of birth privacy options in the admin control panel user edit page.
Fix password strength meter background color bleed.
coerce the lbThumbsAuto option value to a boolean to ensure it works as expected.
Fix vertical alignment of sort order indicator inside filter bar toggles.
Remove CSS rule that inadvertently increases the size of the text of some form row elements.
When requesting a new attachment key and hitting a permission error, make the error more clear.
Fix an issue with the wrong reaction sprite displaying when switching between reactions on different sprite sheets.
Support adding data attributes to <xf:eek:ptgroup> elements inside <xf:checkbox> and <xf:radio> elements.
Remove orphaned buttons from the button manager and correctly indicate button visibility
When using ImageMagick, correctly set its temp directory to tempDataPath
Include 'all' filter within page navigation when batch updating threads
Improve handling for batch updating a large number of records in one go
Add .opus as a supported audio file extension
Ensure advanced flag for options is both imported and exported correctly
Restore the default tab for a node when deleting its associated navigation tab
Disable page load scroll adjustment on browsers supporting native scroll anchoring
Filter removed buttons from editor dropdowns
Inhibit scroll button click event when clicking between buttons
Avoid truncating long widget descriptions
Make it easier to extend valid image proxy mime types
Fix layout shift when profile posts not visible on user profiles.
Workaround an issue that could allow certain registration moderation requirements to be bypassed.
Prevent posts from being moved or copied to threads that a moderator cannot view
Ensure node ID constraints are always in a numerical array when searching for posts
Re-work session activity updates to reduce locking pressure
When encountering an invalid cost amount error with PayPal, expand the error message with a hint to check for additional shipping and handling charges
Display the correct image for certain emojis containing a zero width joiner
Record image proxy file hashes, and do not overwrite files if their hashes have not changed
When replying to a thread that has been deleted during the reply, throw a clearer error message
When filtering for unsolved questions, encourage MySQL to use a better index
Prevent member tabs from overlapping the avatar when member stats aren't being displayed
Add global template data to the API templater
The following public templates have had changes:
PAGE_CONTAINER
account_details
alert_user_report_rejected
core_datalist.less
core_filter.less
core_formrow.less
core_input.less
core_menu.less
core_meter_bar.less
editor_base.less
helper_user_dob_edit
member.less
member_view
message_macros
poll_macros
thread_type_fields_article
Where necessary, the merge system within the "outdated templates" page should be used to integrate these changes.