HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Vanilla Released

This discussion is related to the Vanilla addon.
ToddTodd Chief Product Officer Vanilla Staff
edited March 2012 in Releases

This release fixes a security hole in Vanilla that can leave your forum open to XSS attacks. There are also a couple of other minor fixes included with this release. We strongly recommend updating to this version of Vanilla.


  • 2012-03-26 Partially fix #1330 by checking the format field on models.
  • 2011-09-28 Fixed canonical url in /categories/*.
  • 2012-03-16 Fixed canonical url bug when looking at a category.

If you are running Vanilla 2.0.18+ and want the files to fix the security hole you can do the following:

  1. Download Vanilla
  2. Replace the following files on your site:
    • applications/dashboard/locale/en-CA/definitions.php
    • library/core/class.validation.php
    • library/core/functions.validation.php


Sign In or Register to comment.