Vanilla 1 is no longer supported or maintained. If you need a copy, you can get it here.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

XSS Security Patch (November 22, 2005) [READ THIS]

MarkMark Vanilla Staff
edited November 2005 in Vanilla 1.0 Help
It has come to my attention that there was a very serious security hole in Vanilla <=

Despite the fact that we are on the cusp of the next big upgrade to Vanilla 0.9.3, this hole is so serious that I have decided to release one more patch to the old Vanilla core. I very highly recommend upgrading all forums out there as soon as possible.

The upgrade should be very painless:
  1. Download the latest version of vanilla at The file you receive should be
  2. Upload the /controls and /library folders up to your vanilla installation, overwriting the old ones.
  3. For your own personal records, you may want to update your appg/settings.php file and change your agVANILLA_VERSION to
Many thanks to cory for finding and reporting these issues before they could give us any nightmares.


If you are concerned about the specific files that have been updated, here is a list of the specific files and lines that have been altered:
Lines 158 & 169
Line 21
Line 229
I *believe* that is everything, but I may have forgotten to write down a change, which is why I still recommend doing the full overwrite of those two folders. Unless you've done some customization like leemarrett, replacing the folders entirely shouldn't affect your installation's functionality (besides patching the XSS hole, of course).


This discussion has been closed.