Accounts using this forum to test Vanilla's vulnerabilities will be deleted on sight.
The terms make it clear you should NOT be using live sites.
The addon directory has some issues:
I think I fixed these various issues, but does someone have time to try out the fix / check the style requirements before I create a pull request?
Vanilla 2.6 is coming in April. It requires PHP 7.0.
It features a new "Category Following" system that replaces the old "Hide Category" functionality. It allows users to "follow" individual categories, and then filter their Recent Discussions views to include all discussions or only those from followed categories. It also will include new endpoints for the native API, and the new "Vanilla Connect" single sign-on system.
Vanilla 2.7 will follow later this year. I'll announce details once its scope is completed, which may be a month or more in the future. Its marquee feature is a new rich text editor.
Now is the time to verify your system is running PHP 7.0 and make a plan for how to upgrade if it isn't. We do not plan to backport patches to the 2.5 branch after 2.6 is released, which means your install will fall out of date if new security issues are found.
Didn't 2.5 just release in December?
Yes, accelerated releases is part of our new unified release process that keeps open source up-to-date with our cloud offering. We expect 4 months will be an average or even "long" release cycle going forward. We schedule releases based on their projected completion, not based on a fixed deadline determined in advance. Projects we expect to take longer than 4 months are generally slated for multiple releases in the future. Lastly, we are continuing to refine this process, so expect more changes along the way.
Is there a public roadmap?
Not officially, but we do intend to pre-announce features in advance whenever possible. And, as ever, much of our planning & work is done on our public repositories where you are free to follow along. For instance, we've been working on the rich text editor in public for a number of months now (on the
feature/rich-editor-mvp branch of the vanilla/vanilla repo).
Happy to answer any other questions as best I can.
Vanilla 2.5.1 contains multiple security and bug fixes. Please upgrade immediately.
If you are upgrading from a release prior to 2.5, read the 2.5 notes first and follow those steps to upgrade.
This is a drop-in replacement for 2.5. Run
utility/update twice after uploading.
Release notes follow. Please start a new discussion for assistance with problems upgrading.
Additionally, we wish to belatedly thank psych0tr1a for reporting an XSS vulnerability in our HTMLawed implementation that was previously patched in the 2.5 release.
relattribute to YouTube embeds.
We anticipate more security fixes in the coming months as we increase exposure of our security bounty program. Please keep a careful eye on your dashboard and this forum for more updates regularly.