Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Try Vanilla Forums Cloud product

Vanilla 2.1.11 released - security patch

LincLinc Director of DevelopmentDetroit Vanilla Staff
edited July 2015 in Releases

If you have difficulty upgrading, please start a new discussion for assistance.

This release addresses 1 security issue and 2 other issues.

Download it now:

Upgrade Steps

  • Backup your database, .htaccess and conf/config.php file somewhere safe.
  • Upload the new release's files so they overwrite the old ones.
  • Go to to force any updates needed.
  • If it fails, try it a second time by refreshing the page. More troubleshooting tips.

To upgrade to 2.1.10 directly from 2.0.x, add these steps:

  • Delete the file /themes/mobile/views/discussions/helper_functions.php
  • Delete the file /applications/dashboard/views/default.master.php (note the PHP extension, not TPL)

Security Patches in 2.1.11

  • Upgraded Htmlawed to 1.1.20 to close an XSS vector. Big thanks to Mohammed Fayez for responsibly disclosing this vulnerability via [email protected]

Other changes in 2.1.11

  • Restored event BeforeDiscussionName.
  • Fixed bug in the Facebook SSO addon.

We recommend against doing partial upgrades. Never modify core files; put your changes in a plugin or theme. Troubleshooting tips.

This is potentially the final release of the 2.1 branch.



Sign In or Register to comment.