Vanilla 2.1.9 released
If you have difficulty upgrading, please start a new discussion for assistance.
This release addresses two security issues and a few other bugs.
Download it now: http://vanillaforums.org/addon/vanilla-core-2.1.9
- Backup your database, .htaccess and conf/config.php file somewhere safe.
- Upload the new release's files so they overwrite the old ones.
- Go to yourforum.com/index.php?p=/utility/update to force any updates needed.
- If it fails, try it a second time by refreshing the page. More troubleshooting tips.
To upgrade to 2.1.9 directly from 2.0.x, add this step:
- Delete the file /themes/mobile/views/discussions/helper_functions.php
- Delete the file /applications/dashboard/views/default.master.php (note the PHP extension, not TPL)
Security Patches in 2.1.9
- Fixes a SQL injection vulnerability.
- Fixes an XSS vulnerability.
Hat tip to ZeniMax Online Studios' security team for disclosing both vectors.
Other changes in 2.1.9
- Fixes GetUnread behavior
- Fixes missing class in Discussion Options
- Debugger addon now also toggles
PermissionCategory()has been backported so FileUpload is now fully backwards compatible with 2.1.
The 2.1 branch is slowing down in anticipation of the release of 2.2. The staff are only contributing security fixes, and we are no longer accepting large change sets. It's possible this release will end the 2.1 series if no further security issues are discovered. See the road to 2.2 for more details about the next release.