diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8b793bc928..b053f14578 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,54 @@
+#### v2.8.6 (2023-02-03)
+
+##### Chores
+
+* **i18n:**  fallback strings for new resources: nodebb.error (8335f90a)
+*  incrementing version number - v2.8.5 (bff5ce2d)
+*  update changelog for v2.8.5 (24e58c28)
+*  incrementing version number - v2.8.4 (a46b2bbc)
+*  incrementing version number - v2.8.3 (c20b20a7)
+*  incrementing version number - v2.8.2 (050e43f8)
+*  incrementing version number - v2.8.1 (727f879e)
+*  incrementing version number - v2.8.0 (8e77673d)
+*  incrementing version number - v2.7.0 (96cc0617)
+*  incrementing version number - v2.6.1 (7e52a7a5)
+*  incrementing version number - v2.6.0 (e7fcf482)
+*  incrementing version number - v2.5.8 (dec0e7de)
+*  incrementing version number - v2.5.7 (5836bf4a)
+*  incrementing version number - v2.5.6 (c7bd7dbf)
+*  incrementing version number - v2.5.5 (3509ed94)
+*  incrementing version number - v2.5.4 (e83260ca)
+*  incrementing version number - v2.5.3 (7e922936)
+*  incrementing version number - v2.5.2 (babcd17e)
+*  incrementing version number - v2.5.1 (ce3aa950)
+*  incrementing version number - v2.5.0 (01d276cb)
+*  incrementing version number - v2.4.5 (dd3e1a28)
+*  incrementing version number - v2.4.4 (d5525c87)
+*  incrementing version number - v2.4.3 (9c647c6c)
+*  incrementing version number - v2.4.2 (3aa7b855)
+*  incrementing version number - v2.4.1 (60cbd148)
+*  incrementing version number - v2.4.0 (4834cde3)
+*  incrementing version number - v2.3.1 (d2425942)
+*  incrementing version number - v2.3.0 (046ea120)
+
+##### New Features
+
+*  add sitemap filter hooks for categories/topic pages (bf92ee0e)
+*  closes #11241, add missing error lang keys (c241baf6)
+*  #11240, only show relevant users in flags assignee list (0713482b)
+
+##### Bug Fixes
+
+*  #11254, return check for reroll property (202378b9)
+*  closes #11249, notification uses displayname (705cd13a)
+*  wrong link to topics in acp dashboard (b5598a6e)
+*  https://github.com/NodeBB/NodeBB/issues/11239 (1d3c0e5a)
+*  notif filter selecte field (6d819b05)
+
+##### Other Changes
+
+*  remove unused (d68352cc)
+
 #### v2.8.5 (2023-01-27)
 
 ##### Chores
diff --git a/public/openapi/write/topics.yaml b/public/openapi/write/topics.yaml
index ba00cf0024..49cae076f9 100644
--- a/public/openapi/write/topics.yaml
+++ b/public/openapi/write/topics.yaml
@@ -19,6 +19,15 @@ post:
             content:
               type: string
               example: This is the test topic's content
+            timestamp:
+              type: number
+              description: |
+                A UNIX timestamp of the topic's creation date (i.e. when it will be posted).
+                Specifically, this value can only be set to a value in the future if the calling user has the `topics:schedule` privilege for the passed-in category.
+                Otherwise, the current date and time are always assumed.
+                In some scenarios (e.g. forum migrations), you may want to backdate topics and posts.
+                Please see [this Developer FAQ topic](https://community.nodebb.org/topic/16983/how-can-i-backdate-topics-and-posts-for-migration-purposes) for more information.
+              example: 556084800000
             tags:
               type: array
               items:
diff --git a/public/openapi/write/topics/tid.yaml b/public/openapi/write/topics/tid.yaml
index 8e68efe25a..4c1acab3d6 100644
--- a/public/openapi/write/topics/tid.yaml
+++ b/public/openapi/write/topics/tid.yaml
@@ -46,8 +46,6 @@ post:
             content:
               type: string
               example: This is a test reply
-            timestamp:
-              type: number
             toPid:
               type: number
           required:
diff --git a/public/src/admin/settings/email.js b/public/src/admin/settings/email.js
index e1598c2c0b..c1b3ee33b5 100644
--- a/public/src/admin/settings/email.js
+++ b/public/src/admin/settings/email.js
@@ -9,15 +9,23 @@ define('admin/settings/email', ['ace/ace', 'alerts', 'admin/settings'], function
 		configureEmailTester();
 		configureEmailEditor();
 		handleDigestHourChange();
-		handleSmtpServiceChange();
 
-		$(window).on('action:admin.settingsLoaded action:admin.settingsSaved', handleDigestHourChange);
-		$(window).on('action:admin.settingsSaved', function () {
-			socket.emit('admin.user.restartJobs');
-		});
-		$('[id="email:smtpTransport:service"]').change(handleSmtpServiceChange);
+		$(window).off('action:admin.settingsLoaded', onSettingsLoaded)
+			.on('action:admin.settingsLoaded', onSettingsLoaded);
+		$(window).off('action:admin.settingsSaved', onSettingsSaved)
+			.on('action:admin.settingsSaved', onSettingsSaved);
 	};
 
+	function onSettingsLoaded() {
+		handleDigestHourChange();
+		handleSmtpServiceChange();
+	}
+
+	function onSettingsSaved() {
+		handleDigestHourChange();
+		socket.emit('admin.user.restartJobs');
+	}
+
 	function configureEmailTester() {
 		$('button[data-action="email.test"]').off('click').on('click', function () {
 			socket.emit('admin.email.test', { template: $('#test-email').val() }, function (err) {
@@ -106,20 +114,26 @@ define('admin/settings/email', ['ace/ace', 'alerts', 'admin/settings'], function
 	}
 
 	function handleSmtpServiceChange() {
-		const isCustom = $('[id="email:smtpTransport:service"]').val() === 'nodebb-custom-smtp';
-		$('[id="email:smtpTransport:custom-service"]')[isCustom ? 'slideDown' : 'slideUp'](isCustom);
-
-		const enabledEl = document.getElementById('email:smtpTransport:enabled');
-		if (enabledEl) {
-			if (!enabledEl.checked) {
-				enabledEl.closest('label').classList.toggle('is-checked', true);
-				enabledEl.checked = true;
-				alerts.alert({
-					message: '[[admin/settings/email:smtp-transport.auto-enable-toast]]',
-					timeout: 5000,
-				});
-			}
+		function toggleCustomService() {
+			const isCustom = $('[id="email:smtpTransport:service"]').val() === 'nodebb-custom-smtp';
+			$('[id="email:smtpTransport:custom-service"]')[isCustom ? 'slideDown' : 'slideUp'](isCustom);
 		}
+		toggleCustomService();
+		$('[id="email:smtpTransport:service"]').change(function () {
+			toggleCustomService();
+
+			const enabledEl = document.getElementById('email:smtpTransport:enabled');
+			if (enabledEl) {
+				if (!enabledEl.checked) {
+					$('label[for="email:smtpTransport:enabled"]').toggleClass('is-checked', true);
+					enabledEl.checked = true;
+					alerts.alert({
+						message: '[[admin/settings/email:smtp-transport.auto-enable-toast]]',
+						timeout: 5000,
+					});
+				}
+			}
+		});
 	}
 
 	return module;
diff --git a/public/src/client/account/edit/password.js b/public/src/client/account/edit/password.js
index abbe443e85..4ad1b47dbb 100644
--- a/public/src/client/account/edit/password.js
+++ b/public/src/client/account/edit/password.js
@@ -77,6 +77,7 @@ define('forum/account/edit/password', [
 							ajaxify.go('user/' + ajaxify.data.userslug + '/edit');
 						}
 					})
+					.catch(alerts.error)
 					.finally(() => {
 						btn.removeClass('disabled').find('i').addClass('hide');
 						currentPassword.val('');
diff --git a/src/api/users.js b/src/api/users.js
index e0382c95cd..bbb02a43bb 100644
--- a/src/api/users.js
+++ b/src/api/users.js
@@ -443,6 +443,10 @@ usersAPI.changePicture = async (caller, data) => {
 };
 
 usersAPI.generateExport = async (caller, { uid, type }) => {
+	const validTypes = ['profile', 'posts', 'uploads'];
+	if (!validTypes.includes(type)) {
+		throw new Error('[[error:invalid-data]]');
+	}
 	const count = await db.incrObjectField('locks', `export:${uid}${type}`);
 	if (count > 1) {
 		throw new Error('[[error:already-exporting]]');
diff --git a/src/controllers/mods.js b/src/controllers/mods.js
index 3656146652..760c119fbe 100644
--- a/src/controllers/mods.js
+++ b/src/controllers/mods.js
@@ -132,11 +132,11 @@ modsController.flags.detail = async function (req, res, next) {
 			uids = _.uniq(admins.concat(uids));
 		} else if (flagData.type === 'post') {
 			const cid = await posts.getCidByPid(flagData.targetId);
-			if (!cid) {
-				return [];
+			uids = _.uniq(admins.concat(globalMods));
+			if (cid) {
+				const modUids = (await privileges.categories.getUidsWithPrivilege([cid], 'moderate'))[0];
+				uids = _.uniq(uids.concat(modUids));
 			}
-			uids = (await privileges.categories.getUidsWithPrivilege([cid], 'moderate'))[0];
-			uids = _.uniq(admins.concat(globalMods).concat(uids));
 		}
 		const userData = await user.getUsersData(uids);
 		return userData.filter(u => u && u.userslug);
diff --git a/src/routes/authentication.js b/src/routes/authentication.js
index 9febe062a8..934fdec80e 100644
--- a/src/routes/authentication.js
+++ b/src/routes/authentication.js
@@ -154,7 +154,7 @@ Auth.reloadRoutes = async function (params) {
 		}, Auth.middleware.validateAuth, (req, res, next) => {
 			async.waterfall([
 				async.apply(req.login.bind(req), res.locals.user, { keepSessionInfo: true }),
-				async.apply(controllers.authentication.onSuccessfulLogin, req, req.uid),
+				async.apply(controllers.authentication.onSuccessfulLogin, req, res.locals.user.uid),
 			], (err) => {
 				if (err) {
 					return next(err);
diff --git a/src/routes/feeds.js b/src/routes/feeds.js
index fbd8de7072..e82b344d67 100644
--- a/src/routes/feeds.js
+++ b/src/routes/feeds.js
@@ -127,7 +127,7 @@ async function generateForCategory(req, res, next) {
 		db.getSortedSetRevIntersect({
 			sets: ['topics:tid', `cid:${cid}:tids:lastposttime`],
 			start: 0,
-			stop: 25,
+			stop: 24,
 			weights: [1, 0],
 		}),
 	]);
diff --git a/src/socket.io/user/profile.js b/src/socket.io/user/profile.js
index 20a869056c..95c0097116 100644
--- a/src/socket.io/user/profile.js
+++ b/src/socket.io/user/profile.js
@@ -74,6 +74,6 @@ module.exports = function (SocketUser) {
 
 		await user.isAdminOrSelf(socket.uid, data.uid);
 
-		api.users.generateExport(socket, { type, ...data });
+		api.users.generateExport(socket, { type, uid: data.uid });
 	}
 };
diff --git a/src/topics/scheduled.js b/src/topics/scheduled.js
index 3544e54945..a386de8869 100644
--- a/src/topics/scheduled.js
+++ b/src/topics/scheduled.js
@@ -60,6 +60,7 @@ Scheduled.pin = async function (tid, topicData) {
 };
 
 Scheduled.reschedule = async function ({ cid, tid, timestamp, uid }) {
+	const mainPid = await topics.getTopicField(tid, 'mainPid');
 	await Promise.all([
 		db.sortedSetsAdd([
 			'topics:scheduled',
@@ -67,6 +68,7 @@ Scheduled.reschedule = async function ({ cid, tid, timestamp, uid }) {
 			'topics:tid',
 			`cid:${cid}:uid:${uid}:tids`,
 		], timestamp, tid),
+		posts.setPostField(mainPid, 'timestamp', timestamp),
 		shiftPostTimes(tid, timestamp),
 	]);
 	return topics.updateLastPostTimeFromLastPid(tid);
diff --git a/src/upgrades/2.8.7/fix-email-sorted-sets.js b/src/upgrades/2.8.7/fix-email-sorted-sets.js
new file mode 100644
index 0000000000..fcab69a8f4
--- /dev/null
+++ b/src/upgrades/2.8.7/fix-email-sorted-sets.js
@@ -0,0 +1,46 @@
+'use strict';
+
+
+const db = require('../../database');
+const batch = require('../../batch');
+
+
+module.exports = {
+	name: 'Fix user email sorted sets',
+	timestamp: Date.UTC(2023, 1, 4),
+	method: async function () {
+		const { progress } = this;
+		const bulkRemove = [];
+		await batch.processSortedSet('email:uid', async (data) => {
+			progress.incr(data.length);
+			const usersData = await db.getObjects(data.map(d => `user:${d.score}`));
+			data.forEach((emailData, index) => {
+				const { score: uid, value: email } = emailData;
+				const userData = usersData[index];
+				// user no longer exists or doesn't have email set in user hash
+				// remove the email/uid pair from email:uid, email:sorted
+				if (!userData || !userData.email) {
+					bulkRemove.push(['email:uid', email]);
+					bulkRemove.push(['email:sorted', `${email.toLowerCase()}:${uid}`]);
+					return;
+				}
+
+				// user has email but doesn't match whats stored in user hash, gh#11259
+				if (userData.email && userData.email.toLowerCase() !== email.toLowerCase()) {
+					bulkRemove.push(['email:uid', email]);
+					bulkRemove.push(['email:sorted', `${email.toLowerCase()}:${uid}`]);
+				}
+			});
+		}, {
+			batch: 500,
+			withScores: true,
+			progress: progress,
+		});
+
+		await batch.processArray(bulkRemove, async (bulk) => {
+			await db.sortedSetRemoveBulk(bulk);
+		}, {
+			batch: 500,
+		});
+	},
+};
diff --git a/src/user/email.js b/src/user/email.js
index 1ea8bd551e..9b51b43ddd 100644
--- a/src/user/email.js
+++ b/src/user/email.js
@@ -39,7 +39,7 @@ UserEmail.remove = async function (uid, sessionId) {
 		db.sortedSetRemove('email:uid', email.toLowerCase()),
 		db.sortedSetRemove('email:sorted', `${email.toLowerCase()}:${uid}`),
 		user.email.expireValidation(uid),
-		user.auth.revokeAllSessions(uid, sessionId),
+		sessionId ? user.auth.revokeAllSessions(uid, sessionId) : Promise.resolve(),
 		events.log({ type: 'email-change', email, newEmail: '' }),
 	]);
 };
@@ -69,7 +69,7 @@ UserEmail.expireValidation = async (uid) => {
 };
 
 UserEmail.canSendValidation = async (uid, email) => {
-	const pending = UserEmail.isValidationPending(uid, email);
+	const pending = await UserEmail.isValidationPending(uid, email);
 	if (!pending) {
 		return true;
 	}
@@ -134,13 +134,13 @@ UserEmail.sendValidationEmail = async function (uid, options) {
 
 	await UserEmail.expireValidation(uid);
 	await db.set(`confirm:byUid:${uid}`, confirm_code);
-	await db.pexpire(`confirm:byUid:${uid}`, emailConfirmExpiry * 24 * 60 * 60 * 1000);
+	await db.pexpire(`confirm:byUid:${uid}`, emailConfirmExpiry * 60 * 60 * 1000);
 
 	await db.setObject(`confirm:${confirm_code}`, {
 		email: options.email.toLowerCase(),
 		uid: uid,
 	});
-	await db.pexpire(`confirm:${confirm_code}`, emailConfirmExpiry * 24 * 60 * 60 * 1000);
+	await db.pexpire(`confirm:${confirm_code}`, emailConfirmExpiry * 60 * 60 * 1000);
 
 	winston.verbose(`[user/email] Validation email for uid ${uid} sent to ${options.email}`);
 	events.log({
@@ -196,6 +196,20 @@ UserEmail.confirmByUid = async function (uid) {
 		throw new Error('[[error:invalid-email]]');
 	}
 
+	// If another uid has the same email throw error
+	const oldUid = await db.sortedSetScore('email:uid', currentEmail.toLowerCase());
+	if (oldUid && oldUid !== parseInt(uid, 10)) {
+		throw new Error('[[error:email-taken]]');
+	}
+
+	const confirmedEmails = await db.getSortedSetRangeByScore(`email:uid`, 0, -1, uid, uid);
+	if (confirmedEmails.length) {
+		// remove old email of user by uid
+		await db.sortedSetsRemoveRangeByScore([`email:uid`], uid, uid);
+		await db.sortedSetRemoveBulk(
+			confirmedEmails.map(email => [`email:sorted`, `${email.toLowerCase()}:${uid}`])
+		);
+	}
 	await Promise.all([
 		db.sortedSetAddBulk([
 			['email:uid', uid, currentEmail.toLowerCase()],
diff --git a/src/user/interstitials.js b/src/user/interstitials.js
index 2a662785f9..aa70e8098f 100644
--- a/src/user/interstitials.js
+++ b/src/user/interstitials.js
@@ -42,6 +42,7 @@ Interstitials.email = async (data) => {
 		callback: async (userData, formData) => {
 			// Validate and send email confirmation
 			if (userData.uid) {
+				const isSelf = parseInt(userData.uid, 10) === parseInt(data.req.uid, 10);
 				const [isPasswordCorrect, canEdit, { email: current, 'email:confirmed': confirmed }, { allowed, error }] = await Promise.all([
 					user.isPasswordCorrect(userData.uid, formData.password, data.req.ip),
 					privileges.users.canEdit(data.req.uid, userData.uid),
@@ -68,13 +69,17 @@ Interstitials.email = async (data) => {
 					if (formData.email === current) {
 						if (confirmed) {
 							throw new Error('[[error:email-nochange]]');
-						} else if (await user.email.canSendValidation(userData.uid, current)) {
+						} else if (!await user.email.canSendValidation(userData.uid, current)) {
 							throw new Error(`[[error:confirm-email-already-sent, ${meta.config.emailConfirmInterval}]]`);
 						}
 					}
 
 					// Admins editing will auto-confirm, unless editing their own email
 					if (isAdminOrGlobalMod && userData.uid !== data.req.uid) {
+						if (!await user.email.available(formData.email)) {
+							throw new Error('[[error:email-taken]]');
+						}
+						await user.email.remove(userData.uid);
 						await user.setUserField(userData.uid, 'email', formData.email);
 						await user.email.confirmByUid(userData.uid);
 					} else if (canEdit) {
@@ -99,8 +104,8 @@ Interstitials.email = async (data) => {
 					}
 
 					if (current.length && (!hasPassword || (hasPassword && isPasswordCorrect) || isAdminOrGlobalMod)) {
-						// User explicitly clearing their email
-						await user.email.remove(userData.uid, data.req.session.id);
+						// User or admin explicitly clearing their email
+						await user.email.remove(userData.uid, isSelf ? data.req.session.id : null);
 					}
 				}
 			} else {
diff --git a/src/views/admin/settings/email.tpl b/src/views/admin/settings/email.tpl
index 4d8dcf27b1..86145d0c69 100644
--- a/src/views/admin/settings/email.tpl
+++ b/src/views/admin/settings/email.tpl
@@ -150,7 +150,7 @@
 					[[admin/settings/email:smtp-transport.gmail-warning2]]
 				</p>
 			</div>
-			<div class="form-group well" id="email:smtpTransport:custom-service" style="display: none">
+			<div class="form-group well" id="email:smtpTransport:custom-service">
 				<h5>Custom Service</h5>
 
 				<label for="email:smtpTransport:host">[[admin/settings/email:smtp-transport.host]]</label>
diff --git a/test/authentication.js b/test/authentication.js
index b8889d95eb..3718271809 100644
--- a/test/authentication.js
+++ b/test/authentication.js
@@ -12,13 +12,22 @@ const db = require('./mocks/databasemock');
 const user = require('../src/user');
 const utils = require('../src/utils');
 const meta = require('../src/meta');
+const plugins = require('../src/plugins');
 const privileges = require('../src/privileges');
 const helpers = require('./helpers');
 
 describe('authentication', () => {
 	const jar = request.jar();
 	let regularUid;
+	const dummyEmailerHook = async (data) => {};
+
 	before((done) => {
+		// Attach an emailer hook so related requests do not error
+		plugins.hooks.register('authentication-test', {
+			hook: 'filter:email.send',
+			method: dummyEmailerHook,
+		});
+
 		user.create({ username: 'regular', password: 'regularpwd', email: 'regular@nodebb.org' }, (err, uid) => {
 			assert.ifError(err);
 			regularUid = uid;
@@ -27,6 +36,10 @@ describe('authentication', () => {
 		});
 	});
 
+	after(() => {
+		plugins.hooks.unregister('authentication-test', 'filter:email.send');
+	});
+
 	it('should allow login with email for uid 1', async () => {
 		const oldValue = meta.config.allowLoginWith;
 		meta.config.allowLoginWith = 'username-email';
diff --git a/test/user/emails.js b/test/user/emails.js
index f413a51283..47d3fcb6d0 100644
--- a/test/user/emails.js
+++ b/test/user/emails.js
@@ -120,7 +120,7 @@ describe('email confirmation (library methods)', () => {
 			await user.email.sendValidationEmail(uid, {
 				email,
 			});
-			const ok = await user.email.canSendValidation(uid, 'test@example.com');
+			const ok = await user.email.canSendValidation(uid, email);
 
 			assert.strictEqual(ok, false);
 		});
@@ -131,7 +131,7 @@ describe('email confirmation (library methods)', () => {
 				email,
 			});
 			await db.pexpire(`confirm:byUid:${uid}`, 1000);
-			const ok = await user.email.canSendValidation(uid, 'test@example.com');
+			const ok = await user.email.canSendValidation(uid, email);
 
 			assert(ok);
 		});