Vanilla 1 is no longer supported or maintained. If you need a copy, you can get it here.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Options
XSS Security Patch (November 22, 2005) [READ THIS]
Mark
Vanilla Staff
It has come to my attention that there was a very serious security hole in Vanilla <= 0.9.2.5.
Despite the fact that we are on the cusp of the next big upgrade to Vanilla 0.9.3, this hole is so serious that I have decided to release one more patch to the old Vanilla core. I very highly recommend upgrading all forums out there as soon as possible.
The upgrade should be very painless:
--EDIT--
If you are concerned about the specific files that have been updated, here is a list of the specific files and lines that have been altered:
Despite the fact that we are on the cusp of the next big upgrade to Vanilla 0.9.3, this hole is so serious that I have decided to release one more patch to the old Vanilla core. I very highly recommend upgrading all forums out there as soon as possible.
The upgrade should be very painless:
- Download the latest version of vanilla at getvanilla.com. The file you receive should be vanilla.0.9.2.6.zip.
- Upload the /controls and /library folders up to your vanilla installation, overwriting the old ones.
- For your own personal records, you may want to update your appg/settings.php file and change your agVANILLA_VERSION to 0.9.2.6.
--EDIT--
If you are concerned about the specific files that have been updated, here is a list of the specific files and lines that have been altered:
- library/Vanilla.Search.class.php
- Lines 158 & 169
- library/Utility.Parameters.class.php
- Line 21
- controls/search.php
- Line 229
0
This discussion has been closed.
Comments