Vanilla 2.6 is coming in April. It requires PHP 7.0.
It features a new "Category Following" system that replaces the old "Hide Category" functionality. It allows users to "follow" individual categories, and then filter their Recent Discussions views to include all discussions or only those from followed categories. It also will include new endpoints for the native API, and the new "Vanilla Connect" single sign-on system.
Vanilla 2.7 will follow later this year. I'll announce details once its scope is completed, which may be a month or more in the future. Its marquee feature is a new rich text editor.
Now is the time to verify your system is running PHP 7.0 and make a plan for how to upgrade if it isn't. We do not plan to backport patches to the 2.5 branch after 2.6 is released, which means your install will fall out of date if new security issues are found.
Didn't 2.5 just release in December?
Yes, accelerated releases is part of our new unified release process that keeps open source up-to-date with our cloud offering. We expect 4 months will be an average or even "long" release cycle going forward. We schedule releases based on their projected completion, not based on a fixed deadline determined in advance. Projects we expect to take longer than 4 months are generally slated for multiple releases in the future. Lastly, we are continuing to refine this process, so expect more changes along the way.
Is there a public roadmap?
Not officially, but we do intend to pre-announce features in advance whenever possible. And, as ever, much of our planning & work is done on our public repositories where you are free to follow along. For instance, we've been working on the rich text editor in public for a number of months now (on the
feature/rich-editor-mvp branch of the vanilla/vanilla repo).
Happy to answer any other questions as best I can.
Vanilla 2.5.1 contains multiple security and bug fixes. Please upgrade immediately.
If you are upgrading from a release prior to 2.5, read the 2.5 notes first and follow those steps to upgrade.
This is a drop-in replacement for 2.5. Run
utility/update twice after uploading.
Release notes follow. Please start a new discussion for assistance with problems upgrading.
Additionally, we wish to belatedly thank psych0tr1a for reporting an XSS vulnerability in our HTMLawed implementation that was previously patched in the 2.5 release.
relattribute to YouTube embeds.
We anticipate more security fixes in the coming months as we increase exposure of our security bounty program. Please keep a careful eye on your dashboard and this forum for more updates regularly.
Articles 1.2.0 has been released and fully supports Vanilla 2.3.1.
Major changes in v1.2.0 since v1.1.1:
- Category-based permission model.
- AttributionUserID column gone; now using InsertUserID.
- Bug fixes and style improvements. See full commit history via the GitHub repository.
Caveat of v1.2.0:
- Old global Articles permissions will not get transferred over to each category; any customized permissions in previous versions of Articles will have to be reconfigured per category in v1.2.0.
How to install:
*This add-on is an application, not a plugin.
/applicationsfolder. It should have a folder named
articlesinside of it now.
How to upgrade:
*If you're upgrading to Articles 1.2.0 from an older version and have modified the role permissions related to Articles, you must reconfigure your permissions since global permissions have been replaced with category-based permissions.
/applicationsfolder. Overwrite old application files.
Quite a lot has changed with Vanilla version 2.5 and I thought it would be a waste of time if everything that I've already stumbled upon would be forgotten. So I will write it down here.
Before I start: the Vanilla repository on GitHub has a label "Good first contribution". So if you are reading this discussion out of curiosity and not because you are a plugin author, think about becoming one
The most obvious change for a developer is the addon.json file. It is already good documented (here and here). The online documentation is getting better and better now and I would be happy if some of the info I pin down here would be carried over to the official docs by some volunteers whose English is good (enough). After all the documentation is just another public repository.
I'll be happy to check your writings if you like to before you contribute.
Here are the keys that are used in the addon.json that I found are used, not all of them are yet in the official docs ("Good first contribution" )
You can surely use whatever key=>value pair you like.
One word of caution: a key that you can see quite often is "settingsPermission", but that has no effect at all! You always have to do permission checks in your public endpoints by yourself. Specifying this key is merely informational and therefore you should consider to stop using it.
By the way: I found this information by looking at
and last but not least /cache/addon.php
* = this information might also be of interest for theme authors. At least everything you can read about the addon.json file, although there are even more keys available, just look at the class.thememanager.php