Vanilla 2.6 is here
! It includes security fixes and requires PHP 7.0. We have therefore ALSO released Vanilla 2.5.2
with security patches if you are still on PHP 5.6 to give you additional time to upgrade.
[Solved] [GitHub Bug #907] OpenID broken for months
Even on this site.
I want to draw attention to GitHub Bug #907
Many of us are reliant on openid, this seem to be a conflict with recent authentication code.
It is not to do with the lightopenid code as far as I cans see. I have used the existing version and the curl version and they both validate (some minor changes are need for shared hosting but that is expected).
I wonder if it is to do with the postback.