XenForo 2.3.9 Released
Today we are releasing XenForo 2.3.9 to address some potential security vulnerabilities that were recently reported to us. This version only includes security fixes and any bug fixes we previously said would make it to 2.3.9 have now been delayed until 2.3.10.
It is now available for all licensed customers to download. We strongly recommend that all customers running previous versions of XenForo 2.3 upgrade to this release to benefit from increased stability.
The issues identified are as follows:
Prevention of a possible stored XSS (cross-site scripting) exploit related to BB code rendering (thank you to Antisocial)
Prevention of a possible XSS exploit related to lightbox usage in posts (thank you UwU)
Prevention of a possible RCE (remote code execution) exploit via authenticated, but malicious, admin users (thank you UwU)
If you are a XenForo Cloud customer, fixes for these issues have been rolled out automatically, and no further action is required to address them.
We recommend doing a full upgrade to resolve the issue, but a patch can be applied manually. See below for further details.
Upload patch files
Download 239-patch.zip
Extract the .zip file
Upload the contents of the upload directory to the root of your XenForo installation
Note: If you decide to patch the files instead of doing full upgrades, your "File health check" will report these files as having "Unexpected contents". Because these files no longer contain the same contents your version of XF was shipped with, this is expected and can be safely ignored.
full 2.39 with patch or just patch files
Today we are releasing XenForo 2.3.9 to address some potential security vulnerabilities that were recently reported to us. This version only includes security fixes and any bug fixes we previously said would make it to 2.3.9 have now been delayed until 2.3.10.
It is now available for all licensed customers to download. We strongly recommend that all customers running previous versions of XenForo 2.3 upgrade to this release to benefit from increased stability.
The issues identified are as follows:
Prevention of a possible stored XSS (cross-site scripting) exploit related to BB code rendering (thank you to Antisocial)
Prevention of a possible XSS exploit related to lightbox usage in posts (thank you UwU)
Prevention of a possible RCE (remote code execution) exploit via authenticated, but malicious, admin users (thank you UwU)
If you are a XenForo Cloud customer, fixes for these issues have been rolled out automatically, and no further action is required to address them.
We recommend doing a full upgrade to resolve the issue, but a patch can be applied manually. See below for further details.
Upload patch files
Download 239-patch.zip
Extract the .zip file
Upload the contents of the upload directory to the root of your XenForo installation
Note: If you decide to patch the files instead of doing full upgrades, your "File health check" will report these files as having "Unexpected contents". Because these files no longer contain the same contents your version of XF was shipped with, this is expected and can be safely ignored.
full 2.39 with patch or just patch files
Last edited:
![[TH] Post Comments 1.0.2 Patch Level 2 - XenForo 2](https://xenvn.com/data/attachments/0/291-f8c32ee17293ab096f783be3d0055a59.jpg?hash=-MMu4XKTqw){kind=small}
![[XGT] Forum statistics English Language Patch - Xenforo 2](https://xenvn.com/data/attachments/10/10225-c49b4a3d9163ddfee5abb40d99a8aedc.jpg){kind=small}
![[TH] Spotify 1.0.2 Patch Level 2 - Spotify XenForo 2 Integration](https://xenvn.com/data/attachments/1/1032-a8c6e1dde3d6ae6ebbc28e2c0c4de69b.jpg){kind=small}
![[TH] Topics 1.0.2 Patch Level 1 - XenForo 2 Content Filter](https://xenvn.com/data/attachments/1/1019-b9e07fc7c062e657660f95e26753bc88.jpg){kind=small}
![[TH] Ignore More 2.0.0 Patch Level 1 - Xenforo 2](https://xenvn.com/data/attachments/1/1054-6f2a2d69fd79ec8eb456254fcbd64525.jpg){kind=small}