Vanilla 2.6 is here
! It includes security fixes and requires PHP 7.0. We have therefore ALSO released Vanilla 2.5.2
with security patches if you are still on PHP 5.6 to give you additional time to upgrade.
Security vulnerability: Flagging plugin (220.127.116.11 and earlier)
There is an XSS vulnerability in Vanilla, version 18.104.22.168 and earlier. This only effects the Flagging plugin. Anyone using the Flagging plugin should immediately upgrade to 22.214.171.124 or make this change: Fix for Flagging XSS.
126.96.36.199 is now available.