XenForo 2.2.18 has also been released. Please refer to the release notes above. Only two of the three security issues apply to XenForo 2.2.18. The stored XSS is not applicable.
We recommend doing a full upgrade to resolve the issue, but a patch can be applied manually. See below for further details.
- Download 2218-patch.zip
- Extract the .zip file
- Upload the contents of the upload directory to the root of your XenForo installation
Note: If you decide to patch the files instead of doing full upgrades, your "File health check" will report these files as having "Unexpected contents". Because these files no longer contain the same contents your version of XF was shipped with, this is expected and can be safely ignored.
