Bug Shop crashed site after XF security update

CTS · Feb 5, 2026

Please refer to my XF post for a description of the issue.

[DBTech] DragonByte Shop [Paid]

Is there an expected upper limit of items to be allowed in the store before we can expect a performance hit? I added a lot of items about a week ago and since then my forum has been loading slowly, been trying to nail down what the issue could be, since this was the only change I'm wondering if...

xenforo.com

Currently my shop is disabled in order to keep the site up.

Fillip H. · Feb 5, 2026

Hi,

I am upgrading my local development board to 2.3.9 and will post back when a fix is available

Fillip H. · Feb 5, 2026

Update: I am not able to replicate any problems with DB Shop on 2.3.9. Can you please share additional information?

I will need a copy of the server errors provided in your server error log in your AdminCP.

CTS · Feb 5, 2026

fyi, my acp reports I am on 2.3.7 on the cloud, but the security update had been verified applied by xf staff.

CTS · Feb 5, 2026

#0 src/XF/Container.php(111): XF\Container->assertNotLocked()
#1 src/XF/Container.php(68): XF\Container->set('dbtechShop.item...', Object(XF\Mvc\Entity\ArrayCollection))
#2 src/addons/DBTech/Shop/XF/Entity/User.php(248): XF\Container->offsetSet('dbtechShop.item...', Object(XF\Mvc\Entity\ArrayCollection))
#3 src/XF/Mvc/Entity/Entity.php(182): DBTech\Shop\XF\Entity\User->getDbtechShopPurchase()
#4 src/XF/Mvc/Entity/Entity.php(134): XF\Mvc\Entity\Entity->get('dbtech_shop_pur...')
#5 src/addons/DBTech/Shop/Repository/PurchaseRepository.php(376): XF\Mvc\Entity\Entity->__get('dbtech_shop_pur...')
#6 src/addons/DBTech/Shop/Repository/PurchaseRepository.php(411): DBTech\Shop\Repository\PurchaseRepository->getViewablePurchasesForUser(Object(Andrew\ModeratorPanel\XF\Entity\User), false)
#7 src/addons/DBTech/Shop/XF/Entity/User.php(307): DBTech\Shop\Repository\PurchaseRepository->filterActivePurchasesForUser(Object(Andrew\ModeratorPanel\XF\Entity\User), false)
#8 src/XF/Entity/User.php(658): DBTech\Shop\XF\Entity\User->hasPermission('general', 'search')
#9 src/XF/Template/Templater.php(1289): XF\Entity\User->canSearch()
#10 internal_data/code_cache/templates/l1/s0/public/helper_js_global.php(242): XF\Template\Templater->method(Object(Andrew\ModeratorPanel\XF\Entity\User), 'canSearch', Array)
#11 src/XF/Template/Templater.php(922): XF\Template\Templater->{closure}(Object(SV\StandardLib\XF\Template\Templater), Array, NULL)
#12 internal_data/code_cache/templates/l1/s0/admin/helper_js_global.php(49): XF\Template\Templater->callMacro('helper_js_globa...', 'body', Array, Array)
#13 src/XF/Template/Templater.php(922): XF\Template\Templater->{closure}(Object(SV\StandardLib\XF\Template\Templater), Array, NULL)
#14 internal_data/code_cache/templates/l1/s0/admin/PAGE_CONTAINER.php(569): XF\Template\Templater->callMacro('helper_js_globa...', 'body', Array, Array)
#15 src/XF/Template/Templater.php(1807): XF\Template\Templater->{closure}(Object(SV\StandardLib\XF\Template\Templater), Array, NULL)
#16 src/XF/Admin/App.php(276): XF\Template\Templater->renderTemplate('PAGE_CONTAINER', Array)
#17 src/XF/App.php(2571): XF\Admin\App->renderPageHtml('

...', Array, Object(XF\Mvc\Reply\View), Object(XF\Mvc\Renderer\Html))
#18 src/XF/Admin/App.php(156): XF\App->renderPage('

...', Object(XF\Mvc\Reply\View), Object(XF\Mvc\Renderer\Html))
#19 src/XF/Mvc/Dispatcher.php(414): XF\Admin\App->renderPage('

...', Object(XF\Mvc\Reply\View), Object(XF\Mvc\Renderer\Html))
#20 src/XF/Mvc/Dispatcher.php(66): XF\Mvc\Dispatcher->render(Object(XF\Mvc\Reply\View), 'html')
#21 src/XF/App.php(2824): XF\Mvc\Dispatcher->run()
#22 src/XF.php(806): XF\App->run()
#23 admin.php(15): XF::runApp('XF\\Admin\\App')
#24 {main}

Copy pasted stack trace

and this is the request state

array(4) {
["url"] => string(19) "/admin.php?add-ons/"
["referrer"] => string(61) "https://classifiedtopsecret.com/admin.php?logs/server-errors/"
["_GET"] => array(1) {
["add-ons/"] => string(0) ""
}
["_POST"] => array(0) {
}
}

I do not know why my paste here decided to include my favicon lol.

CTS · Feb 5, 2026

XenForo 2.3.9 & 2.2.18 Released (Security Fix)

XenForo 2.3.9 Released Today we are releasing XenForo 2.3.9 to address some potential security vulnerabilities that were recently reported to us. This version only includes security fixes and any bug fixes we previously said would make it to 2.3.9 have now been delayed until 2.3.10. It is now...

xenforo.com

the security update thread

Fillip H. · Feb 5, 2026

I have already seen it as I have already upgraded

I will post back when I have more information or if I need additional information, it is not necessary to bump this ticket.

Thanks!

DragonByte Technologies · Feb 5, 2026

Thank you for reporting this issue, it has now been resolved. We are aiming to include any changes that have been made in a future release (7.2.3).

Change log:

Fix: Fix errors caused by the new security restrictions in XenForo 2.3.9

DragonByte Technologies · Feb 12, 2026

Hello @CTS,

We hope your ticket regarding DragonByte Shop has been addressed to your satisfaction. This ticket has now been scheduled to be closed.

If your ticket has not been resolved, you can reply to this thread at any point in the next 7 days in order to reopen the ticket, afterwards this thread will be closed.

Please do not reply to this thread if your ticket has been resolved.

Thank you.

- DragonByte Technologies, Ltd.

Bug Shop crashed site after XF security update

CTS

[DBTech] DragonByte Shop [Paid]

Fillip H.

Fillip H.

CTS

CTS

CTS

XenForo 2.3.9 & 2.2.18 Released (Security Fix)

Fillip H.

DragonByte Technologies

Company Information

DragonByte Technologies

Company Information

Similar threads

DragonByte Shop

We value your privacy