Vanilla 2.6 is here
! It includes security fixes and requires PHP 7.0. We have therefore ALSO released Vanilla 2.5.2
with security patches if you are still on PHP 5.6 to give you additional time to upgrade.
Security Update: Vanilla 188.8.131.52
Even though Vanilla 2.1 is just around the corner we are still supporting 2.0.18.* installations. To this end we've released an important security update that should be applied immediately to anyone running 2.0.18.*. The new version can be found here.
If you don't wan't to overwrite every single file then the one file that needs to be changed is here (raw download here).
This is an important security update so please update your installation.
- 2013-04-05 Check for FilterForm() before calling it.
- 2013-04-04 Disable the ability to call functions in escaped sql strings.
- 2013-03-22 Switch update checks to json to prevent object injection hacks.
- 2013-03-02 Make sure the admin password is hashed when inserting the admin user on an already installed Vanilla.
- 2012-12-12 Fix Facebook plugin for the 5 Dec 2012 Facebook update.
- 2012-10-13 Add class attributes for all the menu item elements.
- 2012-10-13 Ignore eclipse project files.
- 2012-09-11 Add the cache-control logic from the 2.1 branch.
- 2012-04-11 Add the proper username parameter to profile/edit.
- 2012-04-11 Filter activity, discussion, and comment forms.
- 2012-03-26 Added Gdn_Model->FilterForm() to help prevent user from posting unauthorized database values.
- 2012-04-11 Fixed security hole where on profile/picture and profile/preferences. Allow moderators to change users' pictures from the profile page.
- 2012-04-03 Added joomla password hashing.