Users running a non-download version of Vanilla (pulled from github), on branch release/2019.016 or master from the last 2 weeks should upgrade to release/2019.017 or latest master for security reasons. Downloaded official open sources releases are not affected.
Please upgrade here. These earlier versions are no longer being updated and have security issues.

Vanilla 2.0.17 Released

This discussion is related to the Vanilla addon.
13567

Comments

  • why dont we have beta releases to prevent all this?
  • Sweet upgraded to 2.0.17.4 and everything is working now. Thanks to everyone that contributes to vanilla.
  • TimTim Operations Vanilla Staff
    why dont we have beta releases to prevent all this?
    And by 'we' you mean me, right? We all already code and answer support requests 7 days a week. Not sure if that would be effective use of my time.

    Vanilla Forums COO [GitHub, Twitter, About.me]

  • Thanks tim, that squashed my profile permissions bug
  • oliverraduneroliverraduner Contributing to Vanilla since 2010 Switzerland ✭✭
    edited January 2011
    Stats don't work on (stuck on Loading):
    - Safari 5.0.3
    - Opera 11.00
    Stats work on:
    - Firefox 3.6.13
    - Chrome 8.0.552.231

    Mac OS X 10.6.5
    Same issue here - Vanilla Stats do not work on Safari under Mac OS X :( (Firefox is fine)

    I saw in the Safari Developer console that the following error is popping up:
    ReferenceError: Can't find variable: Raphael | graph.js : line 24
  • TimTim Operations Vanilla Staff
    I'll have a look into this. Could have something to do with Safari's support for JSONp.

    Vanilla Forums COO [GitHub, Twitter, About.me]

  • congratuations, you guys make me feel now like a complete idiot.

    i asked two times a pretty basic question ( jan. 18 and jan. 24) and no answer in any way, i mean a simple "we look into this, come back in a week or two or such" would have been nice since i know this is a free product and there is no free 12h nonstop super duper premium support, but i have never experienced anything like this... this is imho simply off the wall :D
  • TimTim Operations Vanilla Staff
    Bump for 2.0.17.5 - Fixes default category permissions that were sometimes being defined as too restrictive and preventing posting.

    Vanilla Forums COO [GitHub, Twitter, About.me]

  • TimTim Operations Vanilla Staff
    congratuations, you guys make me feel now like a complete idiot.

    i asked two times a pretty basic question ( jan. 18 and jan. 24) and no answer in any way, i mean a simple "we look into this, come back in a week or two or such" would have been nice since i know this is a free product and there is no free 12h nonstop super duper premium support, but i have never experienced anything like this... this is imho simply off the wall :D
    We don't post in every thread or answer every question. Anyone who uses this forum regularly knows that and 99% of those people seem to understand why.

    We sometimes have to ignore less pressing questions, or things that others in the community can and should answer, in favor of actually getting work done, or having meetings, or answering more urgent questions. That's a fact of life, and its not going to change anytime soon.

    Sometimes the thing you're asking about is not a priority for us right now and we cant dedicate time to supporting it. Or maybe you've posted about something that has been answered elsewhere already. Perhaps you're trying to use some plugin that is posted at version 0.1 and is provided with a disclaimer stating that it is an alpha version proof of concept and isn't meant to properly work yet. That could be why you were ignored.

    Vanilla Forums COO [GitHub, Twitter, About.me]

  • thetryrthetryr New
    edited January 2011
    Helloooooooooooooooooo... where is the 2.0.17.6 ?????
    i try to download but it take me to 2.0.17.5 and 2.0.175 dont allow me to utility/update
  • TimTim Operations Vanilla Staff
    Bump for 2.0.17.6 - This is a SECURITY release that addresses 3 potential attack vectors:

    1) ?Target=______ was vulnerable to phising attacks since it allowed users to forward others to remote websites without confirmation. This has been prevented.

    2) ?p=______ was vulnerable to XSS attacks since it was inserted into the page without being sanitized.

    3) Cookie HMAC timing attacks. This allowed clever attackers to eventually spoof signed requests and potentially gain access to other accounts by signing fake cookies.

    Vanilla Forums COO [GitHub, Twitter, About.me]

  • TimTim Operations Vanilla Staff
    Helloooooooooooooooooo... where is the 2.0.17.6 ?????
    i try to download but it take me to 2.0.17.5 and 2.0.175 dont allow me to utility/update
    I can only do 1 thing at a time ;) 2.0.17.6 is now fully available.

    Vanilla Forums COO [GitHub, Twitter, About.me]

  • where is 2.0.17.6 link?
  • TimTim Operations Vanilla Staff
  • Does anyone know if 2.0.17.6 also include the fix for the google sign in problem??

    http://vanillaforums.org/discussion/14103/sign-in-with-google-plugin-not-working
  • Hello!
    The stats pluging don't record statistics. It always shows 0 page views. Do you know what could be the problem?
    Gabriel.
  • TimTim Operations Vanilla Staff
    Yes. I found a stupid date math problem in a key part of the code which caused stats to stop being sent. I've fixed the issue but I still need to put it together into a release, and figure out a smart way of allowing recovery of the last week's worth of stats.

    Vanilla Forums COO [GitHub, Twitter, About.me]

  • I just installed the latest version
    Dashboard works, Forum is "bonked"

    I´ve got this error:
    229: trigger_error(ErrorMessage($this->GetPDOErrorMessage($PDOStatement->errorInfo()), $this->ClassName, 'Query', $Sql), E_USER_ERROR);

    Additional information for support personnel:
    Application: Vanilla
    Application Version: 2.0.17.6
    PHP Version: 5.2.6
    Operating System: Linux
    Server Software: Apache
    User Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_6; de-de) AppleWebKit/533.19.4 (KHTML, like Gecko) Version/5.0.3 Safari/533.19.4
    Controller: Gdn_Database
    Method: Query

    any ideas??
This discussion has been closed.