• Fixed issue with geo-location of user IPs in admin area on latest versions of PHP
• Fixed issue with geo-location when users are viewing their own IP addresses (when using Security addon)

• Get user IP from request class rather than PHP global variable
• Geo-location flags work for article authors
• Don't log geo-location info for sessions if using XenForo < 2.2.8 (required method wasn't introduced until XF 2.2.8)
• Internally simplified how geo-location flag CSS is generated

Yuck... sorry. This fixes it.

Click to expand...

• Added new Cloudflare setting (under Speed): Speed Brain
• Easy Config enables Speed Brain
• Added support for setting SSL/TLS Encryption Mode to Strict (SSL-only origin pull) (for Enterprise zones)
• Added new Cloudflare setting (under SSL/TLS): Encrypted Client Hello
• Added new Cloudflare setting (under Security): Leaked credentials

• Fixed issue with deleting a Page Cache rule (change to Cloudflare API)
• Fixed issue with changing Cloudflare settings on XenForo 2.3 (was being done with form submission instead of the intended AJAX request)
• Ignore full stat rebuilds (too many API calls [11 per day], it will be impossibly slow, and you will hit API rate limit very quickly, so it would fail anyway)

• Removed workaround to allow non-Duotone icons in admin navigation for XenForo 2.3 (fixed in XF core)
• Added new Cloudflare setting (under Security): Replace insecure JavaScript libraries
• Changed verbiage to be worded better when setting up API token initially

• Removed Brotli compression setting (it's now always on in Cloudflare)
• Removed Minify settings (they have been deprecated and will be removed from Cloudflare soon)
• Removed Server-side Exclude setting (it has been deprecated and will be removed from Cloudflare soon)
• Added option to create Firewall Rule to block AI scrapers & crawlers
• Updated Chart.js library to 4.4.3

• Prevent autocompletion of authentication token (saw a situation where it could be overwritten with an admin's saved password for the site)
• XenForo 2.3 compatibility:
  • Fix for template issue when managing country blocking due to XF core change in 2.3 beta 6
  • Fix various icons that didn't work in 2.3
  • Force 2.3 to allow non-Duotone admin navigation icons

• Changed wording of "API tokens & keys" to "API tokens" (no longer allowing global keys, only API tokens)
• Updated charting library (Chart.js) to 4.4.1
• Created workaround for addons being disabled during XenForo upgrades (we need to set the externalDataUrl so that the %ASSET:stylefolder% replacement var works as expected for R2 users when .less templates are compiled). Effectively we are firing our app_setup code event listener even when all addons are disabled during the upgrade process. See this thread.

• Presigned URLs forcibly set Content-Type and Content-Disposition HTTP response headers (fixes situation where something like rclone set incorrect content type for the object in the R2 bucket)
• Cloudflare statistics charts on admin dashboard dynamically resize properly when resizing window
• Added ability for individual API calls to ignore multiple error codes instead of just one
• Changed FsMounts::getFsAdapters method name to FsMounts::getDpFsAdapters to avoid naming collision with XFCloud addon (will need to update FileSystem addon as well if you are using it)