Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Try Vanilla Forums Cloud product
Vanilla 2.6 is here! It includes security fixes and requires PHP 7.0. We have therefore ALSO released Vanilla 2.5.2 with security patches if you are still on PHP 5.6 to give you additional time to upgrade.

Security Update: Vanilla

ToddTodd Chief Product Officer Vanilla Staff

We've released an important security update that should be applied immediately to anyone running 2.0.18.*. The new version can be found here.

Here is a summary of what we've done:

  • 2013-11-26 Use SafeRedirect() instead of Redirect() in the discussion controller.
  • 2013-11-26 Added TrustedDomains() and SafeRedirect().
  • 2013-11-26 Don't allow user id override on post.
  • 2013-08-25 Fix Flagging security flaw
  • 2013-08-25 Filter discussion title on categories/all
  • 2013-06-20 Comment notifications should only be sent to people with the "NewComment" preference set.
  • 2013-06-13 Twitter: Change api version to 1.1.
  • 2013-05-08 Tagging: Fix xss bug in tagging.
  • 2013-05-02 Do not add linebreaks twice on search.


Sign In or Register to comment.