diff --git a/.github/dependabot.yml b/.github/dependabot.yml
deleted file mode 100644
index f5cc000bd1..0000000000
--- a/.github/dependabot.yml
+++ /dev/null
@@ -1,6 +0,0 @@
-version: 2
-updates:
-  - package-ecosystem: npm
-    directory: "/install"
-    schedule:
-      interval: daily
diff --git a/CHANGELOG.md b/CHANGELOG.md
index f9aa6d52c4..addb024ffd 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,61 @@
+#### v2.3.1 (2022-07-29)
+
+##### Chores
+
+* **deps:**
+  *  bump sanitize-html from 2.7.0 to 2.7.1 in /install (7b606d2e)
+  *  bump webpack from 5.73.0 to 5.74.0 in /install (a9900625)
+* **i18n:**  fallback strings for new resources: nodebb.admin-settings-advanced, nodebb.admin-menu, nodebb.error (17120e03)
+*  incrementing version number - v2.3.0 (046ea120)
+*  update changelog for v2.3.0 (a6f7fff0)
+
+##### New Features
+
+*  add emoji to startup logs, because procrastination. (5176fb15)
+
+##### Bug Fixes
+
+*  #10798, logic error in COEP header; helmet config (89173f17)
+*  #10795, early return for selection tooltip based on calling user privilege (847d2b91)
+* **deps:**  update persona to v12.0.14 (9f225e70)
+
+#### v2.3.0 (2022-07-28)
+
+##### Chores
+
+* **deps:**
+  *  update dependency lint-staged to v13 (07ce0c39)
+  *  bump ace-builds from 1.7.1 to 1.8.1 in /install (f397d968)
+  *  bump ioredis from 5.2.0 to 5.2.2 in /install (067a5110)
+*  have renovate work off of `develop` branch instead (f334e398)
+*  update changelog for v2.2.5 (6c3ebf3b)
+
+##### New Features
+
+*  add client side filter:chat.send, closes #10729 (b2da02d6)
+*  UI changes for ACP > Manage > Categories (#10782) (820bc994)
+*  show an informative message when no plugins are found after filtering (6840a742)
+*  Allow defining active plugins in config (#10767) (23cb67a1)
+*  allow plugins to toggle whether IPs are shown in the users CSV export (a6af47da)
+*  fire hook to allow plugins to filter the pids returned in a user profile (c26be43a)
+*  closes #10719, don't trim children if category is marked section (7e80cc10)
+
+##### Bug Fixes
+
+* **deps:**
+  *  update dependency mongodb to v4.8.1 (8384b7cf)
+  *  update dependency helmet to v5.1.1 (03a173bb)
+*  bug where fallback to forum search was not working due to client-side error (25046642)
+*  better looking placeholder text for ACP search (1b9c6819)
+*  use `user.hidePrivateData();` more consistently across user retrieval endpoints (0529f2fb)
+*  minor margin tweak for alert in acp header (4faf0cdf)
+*  cannot turn off all networks (bbc7f2af)
+*  cannot setting networks for sharing posts (2e088a8e)
+
+##### Refactors
+
+*  invert helmet configuration (dcacd815)
+
 #### v2.2.5 (2022-07-21)
 
 ##### Chores
diff --git a/install/package.json b/install/package.json
index 3381690a46..5dd86cfd56 100644
--- a/install/package.json
+++ b/install/package.json
@@ -2,7 +2,7 @@
     "name": "nodebb",
     "license": "GPL-3.0",
     "description": "NodeBB Forum",
-    "version": "2.2.5",
+    "version": "2.3.1",
     "homepage": "http://www.nodebb.org",
     "repository": {
         "type": "git",
@@ -97,7 +97,7 @@
         "nodebb-plugin-spam-be-gone": "1.0.0",
         "nodebb-rewards-essentials": "0.2.1",
         "nodebb-theme-lavender": "6.0.0",
-        "nodebb-theme-persona": "12.0.12",
+        "nodebb-theme-persona": "12.0.14",
         "nodebb-theme-slick": "2.0.2",
         "nodebb-theme-vanilla": "12.1.18",
         "nodebb-widget-essentials": "6.0.0",
@@ -123,7 +123,6 @@
         "sitemap": "7.1.1",
         "slideout": "1.0.1",
         "socket.io": "4.5.1",
-        "socket.io-adapter-cluster": "1.0.1",
         "socket.io-client": "4.5.1",
         "@socket.io/redis-adapter": "7.2.0",
         "sortablejs": "1.15.0",
diff --git a/public/src/client/topic/postTools.js b/public/src/client/topic/postTools.js
index 8b46eb3485..28b1119a3f 100644
--- a/public/src/client/topic/postTools.js
+++ b/public/src/client/topic/postTools.js
@@ -478,6 +478,10 @@ define('forum/topic/postTools', [
 	const selectionChangeFn = utils.debounce(selectionChange, 100);
 
 	function handleSelectionTooltip() {
+		if (!ajaxify.data.privileges['topics:reply']) {
+			return;
+		}
+
 		hooks.onPage('action:posts.loaded', delayedTooltip);
 
 		$(document).off('selectionchange', selectionChangeFn).on('selectionchange', selectionChangeFn);
diff --git a/src/controllers/accounts/helpers.js b/src/controllers/accounts/helpers.js
index 526175a838..7c249d8d5f 100644
--- a/src/controllers/accounts/helpers.js
+++ b/src/controllers/accounts/helpers.js
@@ -44,6 +44,11 @@ helpers.getUserDataByUserSlug = async function (userslug, callerUID, query = {})
 	userData = await user.hidePrivateData(userData, callerUID);
 	userData.emailClass = userSettings.showemail ? 'hide' : '';
 
+	// If email unconfirmed, hide from result set
+	if (!userData['email:confirmed']) {
+		userData.email = '';
+	}
+
 	if (isAdmin || isSelf || (canViewInfo && !results.isTargetAdmin)) {
 		userData.ips = results.ips;
 	}
diff --git a/src/posts/uploads.js b/src/posts/uploads.js
index 9504752385..27a6c10168 100644
--- a/src/posts/uploads.js
+++ b/src/posts/uploads.js
@@ -98,6 +98,10 @@ module.exports = function (Posts) {
 		let files = await fs.readdir(_getFullPath('/files'));
 		files = files.filter(filename => filename !== '.gitignore');
 
+		// Exclude non-timestamped files (e.g. group covers; see gh#10783/gh#10705)
+		const tsPrefix = /^\d{13}-/;
+		files = files.filter(filename => tsPrefix.test(filename));
+
 		files = await Promise.all(files.map(async filename => (await Posts.uploads.isOrphan(`files/${filename}`) ? `files/${filename}` : null)));
 		files = files.filter(Boolean);
 
diff --git a/src/webserver.js b/src/webserver.js
index 9aa915678a..c0a1c8e537 100644
--- a/src/webserver.js
+++ b/src/webserver.js
@@ -83,7 +83,7 @@ exports.listen = async function () {
 	helpers.register();
 	logger.init(app);
 	await initializeNodeBB();
-	winston.info('NodeBB Ready');
+	winston.info('🎉 NodeBB Ready');
 
 	require('./socket.io').server.emit('event:nodebb.ready', {
 		'cache-buster': meta.config['cache-buster'],
@@ -194,7 +194,7 @@ function setupHelmet(app) {
 		referrerPolicy: { policy: 'strict-origin-when-cross-origin' },
 	};
 
-	if (meta.config['cross-origin-embedder-policy']) {
+	if (!meta.config['cross-origin-embedder-policy']) {
 		options.crossOriginEmbedderPolicy = false;
 	}
 	if (meta.config['hsts-enabled']) {
@@ -257,7 +257,7 @@ async function listen() {
 	}
 	port = parseInt(port, 10);
 	if ((port !== 80 && port !== 443) || nconf.get('trust_proxy') === true) {
-		winston.info('Enabling \'trust proxy\'');
+		winston.info('🤝 Enabling \'trust proxy\'');
 		app.enable('trust proxy');
 	}
 
@@ -287,8 +287,8 @@ async function listen() {
 				reject(err);
 			}
 
-			winston.info(`NodeBB is now listening on: ${chalk.yellow(onText)}`);
-			winston.info(`Canonical URL: ${chalk.yellow(nconf.get('url'))}`);
+			winston.info(`📡 NodeBB is now listening on: ${chalk.yellow(onText)}`);
+			winston.info(`🔗 Canonical URL: ${chalk.yellow(nconf.get('url'))}`);
 			if (oldUmask) {
 				process.umask(oldUmask);
 			}