Security Update: Vanilla 220.127.116.11
Even though Vanilla 2.1 is just around the corner we are still supporting 2.0.18.* installations. To this end we've released an important security update that should be applied immediately to anyone running 2.0.18.*. The new version can be found here.
This is an important security update so please update your installation.
- 2013-04-05 Check for FilterForm() before calling it.
- 2013-04-04 Disable the ability to call functions in escaped sql strings.
- 2013-03-22 Switch update checks to json to prevent object injection hacks.
- 2013-03-02 Make sure the admin password is hashed when inserting the admin user on an already installed Vanilla.
- 2012-12-12 Fix Facebook plugin for the 5 Dec 2012 Facebook update.
- 2012-10-13 Add class attributes for all the menu item elements.
- 2012-10-13 Ignore eclipse project files.
- 2012-09-11 Add the cache-control logic from the 2.1 branch.
- 2012-04-11 Add the proper username parameter to profile/edit.
- 2012-04-11 Filter activity, discussion, and comment forms.
- 2012-03-26 Added Gdn_Model->FilterForm() to help prevent user from posting unauthorized database values.
- 2012-04-11 Fixed security hole where on profile/picture and profile/preferences. Allow moderators to change users' pictures from the profile page.
- 2012-04-03 Added joomla password hashing.