HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Vanilla 2.1.11 released - security patch

LincLinc Detroit Admin
edited July 2015 in Releases

If you have difficulty upgrading, please start a new discussion for assistance.

This release addresses 1 security issue and 2 other issues.

Download it now: http://vanillaforums.org/addon/vanilla-core-2.1.11

Upgrade Steps

  • Backup your database, .htaccess and conf/config.php file somewhere safe.
  • Upload the new release's files so they overwrite the old ones.
  • Go to yourforum.com/index.php?p=/utility/update to force any updates needed.
  • If it fails, try it a second time by refreshing the page. More troubleshooting tips.

To upgrade to 2.1.10 directly from 2.0.x, add these steps:

  • Delete the file /themes/mobile/views/discussions/helper_functions.php
  • Delete the file /applications/dashboard/views/default.master.php (note the PHP extension, not TPL)

Security Patches in 2.1.11

  • Upgraded Htmlawed to 1.1.20 to close an XSS vector. Big thanks to Mohammed Fayez for responsibly disclosing this vulnerability via support@vanillaforums.com.

Other changes in 2.1.11

  • Restored event BeforeDiscussionName.
  • Fixed bug in the Facebook SSO addon.

We recommend against doing partial upgrades. Never modify core files; put your changes in a plugin or theme. Troubleshooting tips.

This is potentially the final release of the 2.1 branch.


  • Options
    R_JR_J Ex-Fanboy Munich Admin

    The 2.1 branch on GitHub is still 2.1.10

  • Options
    LincLinc Detroit Admin

    @R_J said:
    The 2.1 branch on GitHub is still 2.1.10

    Thanks, missed a push. :)

  • Options
    jobbatamjobbatam Batam New

    I dont know step to update, affraid fail and stand in 2.1.10 :(

  • Options
    hgtonighthgtonight ∞ · New Moderator

    @Linc said:


    To upgrade to 2.1.10 directly from 2.0.x, add these steps:

    Should be 2.1.11

    @jobbatam The instructions on how to upgrade is right in the first post. Upgrade to patch the XSS vector.

    Search first

    Check out the Documentation! We are always looking for new content and pull requests.

    Click on insightful, awesome, and funny reactions to thank community volunteers for their valuable posts.

Sign In or Register to comment.