HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Vanilla 2.1.6 released
This is an important security upgrade for all forums.
Download it: http://vanillaforums.org/addon/vanilla-core-2.1.6
7 file changed. See the code diff.
Summary:
- Security: Fixes an SQL injection vector.
- Security: Adds a PDO option to harden against SQL injection.
- Security: Improves the security of password resets by increasing token length and limiting them to 1 hour expiration.
- Adds vBulletin 5.1 password hashing to allow seamless password migrations. All previous versions continue to be supported.
Thanks to the team at ZeniMax Online Studios for disclosing the password reset issue and SQL injection vector.
9
Comments
thanks. just upgraded to 2.1.6 BTW, info message at top of screen also needs to be updated above to reflect new version 2.1.6
function request for next release... https://github.com/vanilla/vanilla/issues/2283
I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.
@Linc
Should this be an announcement?
Anybody know how to upgrade to 2.1.6 from 2.1.5 .do i have to download all the package again?![:\](https://open.vanillaforums.com/plugins/emojiextender/emoji/little/confused.png ":\")
It is best to follow normal upgrade procedures.
grep is your friend.
@waplist
@x00 is right, but if you check the GitHub page, you can see the 7 updated files, and just upload those, especially as you have only just installed 2.1.5
Ok thank you
There is a bug in the Dashboard News feed that causes an announced discussion to disappear, so no, not if I want folks to see it beyond this site
Ah, OK.
I shall try to remember to bump it.
This reminded me of a need for a security tracker.
http://vanillaforums.org/discussion/28568/security-tracker
grep is your friend.
@linc: It's really cool to see so much progress around here right now. Thanx for the work!
@whu606 I've added the Bump addon, so you can select "Bump" as an option from the Discussions list now.
OK!
I shall shelve my other 'bump' related gags...![:\](https://open.vanillaforums.com/plugins/emojiextender/emoji/little/confused.png ":\")
Forwarded to the page index.php?p=/dashboard/setup.
database in the phpmyadmin is not created.
config has no blog entries, just white.
what's the problem?
best to start a new discussion. state what you did in the new discussion.
was this an upgrade or new install. put that in your new discussion as well.
hints for everyone upgrading or installing
https://github.com/vanilla/vanilla/blob/2.1/README.md
read the faq (all comments)
http://vanillaforums.org/discussion/28420/faq
read 2.1 release notes discussion and comments
http://vanillaforums.org/discussion/26685/vanilla-2-1-stable-released#p1
and this
http://docs.vanillaforums.com/developers/troubleshooting/
and this
I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.
@Linc
numerous people are getting this error upon upgrading.
may need to go in and manually fix.
http://vanillaforums.org/discussion/28583/upgrading-to-2-1-6-from-2-0-18
I had one person run
in phpmyadmin and go to your database and
and run /utility/structure again and it fixed it.
http://vanillaforums.org/discussion/comment/220312/#Comment_220312
I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.
@peregrine Is this something specific to 2.1.6, or just a general issue surfacing for the 2.0 -> 2.1 transition?
I'm not sure, but it involves upgrading from 2.0.x to 2.1.6
two people at least were upgrading from 2.0 .18.x - > 2.1.6
if you have a Tag table as a result of installing tagging plugin in vanilla 2.0.18
I haven't seen any one report problem before Gillingham reported problem
but 3 different people (have had the issue and posted a problem).
I wonder if they don't have drop index permissions - but that would probably result in a permissions error I would think.
I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.
@peregrine OK, would you please file this as an issue? This should be fixed via the structure file & tested before and after with a full upgrade. I don't recall if the Tagging tables are core in 2.0.18 but that's a consideration too - whether the plugin is enabled.