Vanilla 2.6 is here
! It includes security fixes and requires PHP 7.0. We have therefore ALSO released Vanilla 2.5.2
with security patches if you are still on PHP 5.6 to give you additional time to upgrade.
Security Update: Vanilla 188.8.131.52
We've released an important security update that should be applied immediately to anyone running 2.0.18.*. The new version can be found here.
Here is a summary of what we've done:
- 2013-11-26 Use SafeRedirect() instead of Redirect() in the discussion controller.
- 2013-11-26 Added TrustedDomains() and SafeRedirect().
- 2013-11-26 Don't allow user id override on post.
- 2013-08-25 Fix Flagging security flaw
- 2013-08-25 Filter discussion title on categories/all
- 2013-06-20 Comment notifications should only be sent to people with the "NewComment" preference set.
- 2013-06-13 Twitter: Change api version to 1.1.
- 2013-05-08 Tagging: Fix xss bug in tagging.
- 2013-05-02 Do not add linebreaks twice on search.