Best Of

Release Notes

Rich Editor

Rich Editor saw a number of enhancements in this release.

New paragraph level formatting menu

We've added a new paragraph level formatting menu in order to surface more formatting options.

Currently it is broken down into 4 categories.

• Heading Formats (Displays 4 possible levels of headings).
• List Formats (Numbered List, Bulleted List, Indented & Outdent).
• Special Formats (Quote, Code Block, Spoiler).
• Standard Format

New Rich Editor formats

Along with the paragraph formatting menu, we've added support for

• Additional levels of heading (2, 3, 4, 5). Previously only levels 2 & 3 were available.
• Support for nested lists. Lists can now be nested up to 4 levels deep.

Improved Pasting Robustness

This iteration of Rich Editor see much improved ability to paste content into the editor.

The following may now be pasted from other web pages

• Images (multiple at a time, including with mixed content).
• Lists (Including nested lists).

Markdown Macros

Rich editor now has support for markdown based macros. Try out standard markdown input syntax and watch as it is transformed into your Rich Post.

Other

• Fix a memory leak and improve performance of Rich Editor.
• Rich Quotes now properly enable by default when enabling the addon. Thanks @R_J.

Image Upload Limits

It is now possible to limit maximum image upload dimensions through and enhanced dashboard posting page. Any images uploaded above this limit will be resized (while preserving aspect ratio) to fit within the configured dimensions.

These dimensions will be respected in Rich Editor, Advanced Editor, and the /api/v2/media endpoint.

Keystone Theme

The keystone header on desktop now contains core & contextual navigation items. Additionally these items can be found on mobile devices by opening the navigation menu.

Other

• Move AfterBody event in to the end of the body in Keystone & Theme Boilerplate #8857. Thanks @R_J

SEO & Performance

Blocking Script Tags

By default Vanilla blocks a page from rendering until most of its javascript is loaded. This is not considered best practice, because it negatively impacts user’s page load times. Search engines like google penalize sites that do this.

Site’s may now opt-in to better behaviour here and load all scripts after the main document loads. This can be done by setting the configuration value.

$Configuration['Feature']['DeferredLegacyScripts']['Enabled'] = true;

or in JSON (Vanilla console)

  "Feature": {
    "DeferredLegacyScripts": {
      "Enabled": false
    }
  }

If this is done properly all scripts in the of the page should have the defer attribute set.

This can lead to large increases in score on google’s page-speed index as well improved load times for users, especially on mobile.

Warning: This may not be compatible with certain custom Pockets or custom themes. Please test on staging environments first.

Sitemaps & Robots.txt

• Robots.txt is now present on all sites, separately of the sitemaps plugin.
• The Sitemaps setting page now displays a warning of private communities are enabled. addons#714

Google Sign In

Due to the fact that Google is sunsetting Google+ Sign In method we are adding Google Sign In. Forums that are using Google+ now are strongly recommended to create an OpenID OAuth 2.0 application at Google and turn on the Google Sign In plugin.

For more information about the user authentication workflow that is being implemented please read this documentation on Google.com. For instructions on how to set up the plugin see Vanilla user docs for Google Sign In

Dashboard

• Keep left panel of the dashboard pinned to the side when scrolling on long pages.
• Allow initial starting values for color forms #8580. Thanks @R_J
• Fix reset password link when password has been reset by an admin#8859 

New or Expanded API endpoints

Set the canonical URL of a discussion

• PUT /api/v2/discussions/:id/canonical-url
• DELETE /api/v2/discussions/:id/canonical-url

Expand accepted answer IDs

The GET /api/v2/discussions/:id endpoint now offers an expand parameter acceptedAnswers. When set the commentID & rendered text of the accepted answer will be included in the response.

Current user endpoints

• GET /api/v2/users/me
• GET /api/v2/users/me-counts

These 2 endpoints may be used to fetch information about the currently signed in user.

Record a page view

• POST /api/v2/tick

Updated File Release Permissions

Note: This fix is also present in the 2.8.4 release.

It has been brought to our attention that our file system permissions were far to open in our open source releases. These concerns were initially dismissed because in our version control repository and on all of our infrastructure the permissions were correct.

Thanks to the insistence of @R_J I discovered a bug in our OSS release build tool that reset all of the file permissions to 777 (very dangerous).

Starting in this release file system permissions are essentially 755 for directories and 644 for files.

Other Fixes

Discussions/Comments

• Fixed an issue where drafts would save even though no text had been inputted or changed. #8722

Categories

• Reading all posts in a category will not mark the category as read. #8547
• Remove redundant missing category error. #8886

Embedded Comments

• Inherit dashboard post format type (Fixes embedded comments with Rich Editor). #8767

Twitter SSO

• Fix broken twitter SSO plugin #8881

Accessibility

• The Pager controls should now be more accessible to users with assistive screen devices (Such as screen readers). #8634

Profile

• Profile Extender fields may now be translated. #8566

Features and Fixes

These are the features & fixes for the rc2 release. For the rc1 notes see this post:

Rich Editor

• Rich editor now has support for markdown based macros. Try out standard markdown input syntax and watch as it is transformed into your Rich Post.

• Fix a memory leak and improve performance of Rich Editor.

Updated File Release Permissions

Note: This fix is also present in the 2.8.4 release.

It has been brought to our attention that our file system permissions were far to open in our open source releases. These concerns were initially dismissed because in our version control repository and on all of our infrastructure the permissions were correct.

Thanks to the insistence of @R_J I discovered a bug in our OSS release build tool that reset all of the file permissions to 777 (very dangerous).

Starting in this release file system permissions are essentially 755 for directories and 644 for files.

Categories

• Remove redundant missing category error. #8886

Embedded comments

• Inherit dashboard post format type. #8767

Twitter SSO

• Fix broken twitter SSO plugin

Dashboard

• Allow initial starting values for color forms #8580. Thanks @R_J
• Fix reset password link when password has been reset by an admin #8859

Keystone

• Move AfterBody event in to the end of the body in Keystone & Theme Boilerplate #8857. Thanks @R_J

Sitemaps & Robots.txt

• Robots.txt is now present on all sites, separately of the sitemaps plugin.
• The Sitemaps setting page now displays a warning of private communities are enabled. addons#714

Get it right here: https://open.vanillaforums.com/addon/vanilla-core-2.8.4

This release contains CRITICAL security patches.

• Patched SSRF in HTTP client.
• Updated release file system permissions to be less permissive.

It has been brought to our attention that our file system permissions were far to open in our open source releases. These concerns were initially dismissed because in our version control repository and on all of our infrastructure the permissions were correct.

Thanks to the insistence of @R_J I discovered a bug in our OSS release build tool that reset all of the file permissions to 777 (very dangerous).

Starting in this release file system permissions are essentially 755 for directories and 644 for files.

Please upgrade to the latest version of Vanilla as soon as possible. No other changes from 2.8.3 are in this version.

Just a brief update here:

I'm in the process of getting a couple last fixes onto the 3.0 branch this week, and expect to make the final release available for the weekend.

To @Krisstoffer Thank you for filing multiple issues. I intend to have that search one resolved for 3.0.

Other issues are being triaged and will make there way through our product pipeline. As always is an issue is important to you, and you want to help out the community, contributions are greatly appreciated. I track any new PRs that open and will do my best to give a timely response.