Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Try Vanilla Forums Cloud product

Ready to contribute?

Amazing! Sign our contributors' agreement and then join us on GitHub.

Vanilla 2.2.1 now available

LincLinc Vanilla's Bard (and Director of Development)Detroit Vanilla Staff
edited May 2016 in Releases

Problem upgrading? Start a new discussion for assistance.

This release addresses 2 security issues and should be applied immediately to all forums running version 2.2 or earlier.

Download it now: http://vanillaforums.org/addon/vanilla-core

Upgrade Steps

  • Backup your database, .htaccess and conf/config.php file somewhere safe.
  • Upload the new release's files so they overwrite the old ones.
  • Go to yourforum.com/index.php?p=/utility/update to force any updates needed.
  • If it fails, try it a second time by refreshing the page. More troubleshooting tips.

If you are upgrading from any 2.1 version, please note:

  • You CANNOT downgrade later (nor is there any reason you ever should). It may result in users being locked out.
  • You MUST update your locales.

If you are upgrading from any 2.0 version, add these steps:

  • Delete the file /themes/mobile/views/discussions/helper_functions.php
  • Delete the file /applications/dashboard/views/default.master.php (note the PHP extension, not TPL)

Security Patches in 2.2.1

  • Upgrade htmLawed library to 1.1.21 (security fix). Thanks to psych0tr1a for responsibly disclosing this.
  • Fix condition where a filename could be echoed back to user (unsanitized output).

Change log for 2.2.1

  • Sets email default to text. This is future-proofing for HTML emails being added in 2.3.
  • Fix RSS feed when using table layout (thanks to korelstar).
  • Fix breadcrumbs when Vanilla is installed in a sub-directory (thanks to korelstar).
  • Fix translation bug in Captcha.
  • Fix where an error could be thrown on certain 404 pages.
  • Fix redirect after deleting an activity.

We recommend against doing partial upgrades. Never modify core files; put your changes in a plugin or theme. Troubleshooting tips.

The 2.2 branch is now in maintenance mode, which means it is only receiving security patches until the release of 2.3.

ligyxylvezsubdreamerPamelaGEORGiOBBLOVERMohammadHIItsVizionTv
«1

Comments

  • kopnakopna Coimbra Portugal ☯

    How about Updates of automatic without intervention in manual mode?

  • LincLinc Vanilla's Bard (and Director of Development) Detroit Vanilla Staff
    edited May 2016

    @kopna said:
    How about Updates of automatic without intervention in manual mode?

    Our hosted service essentially does that. We don't have plans to add automatic updates to the product at this time. Mostly because it would take an incredible amount of time to accomplish.

  • kopnakopna Coimbra Portugal ☯

    @Linc написал:

    @kopna said:
    How about Updates of automatic without intervention in manual mode?

    Our hosted service essentially does that. We don't have plans to add automatic updates to the product at this time. Mostly because it would take an incredible amount of time to accomplish.

    Perhaps for the business model is the best option. But - unfortunately my hosting provider even heard of Vanilla! :( And all actions related to upgrades - I own doing. It is sad that the proposed package of CMS is anything other than vanilla. It would be really helpful to use Vanilla automatically updated, thank you!

  • vrijvlindervrijvlinder Papillon-Sauvage MVP

    @kopna said:
    Perhaps for the business model is the best option.

    It is.

    But - unfortunately my hosting provider even heard of Vanilla! :(

    You are in Ukraine ? They should, otherwise they are not good.

    And all actions related to upgrades - I own doing.

    Yes, because this is free software and you should be capable of updating when necessary.

    It is sad that the proposed package of CMS is anything other than vanilla. It would be really helpful to use Vanilla automatically updated, thank you!

    Why ? because you might be lazy ? What if some plugins are not compatible with the update and it crashes your site ? What if some setting or your theme does not work with the update ? Automatic updates are for absent admins and lazy people. Get a grip !!!

  • LincLinc Vanilla's Bard (and Director of Development) Detroit Vanilla Staff

    @vrijvlinder No need to come down that hard on innocent questions. ;) Easy to lose perspective when you see the presumption and the questioner does not, but sometimes it's best to just let it slide. Not a big deal.

    AaronWebstey
  • vrijvlindervrijvlinder Papillon-Sauvage MVP
  • kopnakopna Coimbra Portugal ☯

    @Linc , @vrijvlinder
    Thank you for your answers. Later I will try to update vanilla (now change my hosting platform)

    @vrijvlinder I'm from Ukraine but for many years living in Portugal. Sure that the provider does not know about vanilla, always asks for this site link when I'm having some difficulties and need their help.

  • x00x00 MVP
    edited May 2016

    I'm really against the type of upgrades that wordpress does out of the box. Although it is convenient it gives level of control to a web application it shouldn't really have. it is not the job of a web app to manage your sever, and do file management other then in very limited way. If ti has this control you are probably doing it wrong. it is the tail wagging the dog.

    It can be done another way where the credential are not held by the web app, but the process is still automated.

    grep is your friend.

  • PamelaPamela ✭✭

    Hi, thank to you for this update
    We 're still using a older version called 2.2.5 (downloaded from GitHub, early 2014), so ;-) do you know if we could upgrade it to v2.2.1
    May be we should stay as it in fact... in waiting an upcoming v2.3

  • LincLinc Vanilla's Bard (and Director of Development) Detroit Vanilla Staff

    Hi @Pamela, yes you can and should upgrade to the official 2.2.1 release. Your version likely has known security vulnerabilities. For all intents and purposes, you are upgrading from 2.1 and should follow all upgrade instructions accordingly, including carefully testing theme and addon compatibility before upgrading your live server.

  • LincLinc Vanilla's Bard (and Director of Development) Detroit Vanilla Staff

    Thanks to psych0tr1a for discovering and responsibly disclosing an XSS exploit in the htmLawed software to us, which we promptly reported upstream and was fixed by them. I added a credit above in the release notes.

  • Hello i got notified 7 hrs ago that there's a new update via softaculous i used the 1 click upgrade , it was successful. is it ok i updated it this way?

  • LincLinc Vanilla's Bard (and Director of Development) Detroit Vanilla Staff

    @maxyaeger Unfortunately I have no idea, I'm not familiar with that process.

  • edited May 2016

    Just a note on the upgrade from 2.2. My roles&permissions were messed up... By messed up i mean no guest could view forum posts/comments. Guest had 'unconfirmed' role.. I changed that to 'Guests' and it works.. again

  • LincLinc Vanilla's Bard (and Director of Development) Detroit Vanilla Staff

    @CrazyLemon Thanks for the heads up. This was just the patch upgrade from 2.2 to 2.2.1? Are you sure you ran utility/update after the last update? I would've expected an issue like that to present itself on the 2.1 -> 2.2 upgrade.

  • edited May 2016

    @Linc that was from 2.2 to 2.2.1 yeah. I did ran utility/update and it was Successful (after i disabled a few plugins). I only noticed the issue when i checked Piwik and saw every forum url had /entry/signin=Target stuff in it.
    I know you guys didn't change any role/permissions related files on the .1 update (at least i didn't see any on github) so yea.. i'm still confused why that happened.

  • Ivan_GurinIvan_Gurin Moscow

    After replace new files doesn't work update via open url %my_domen%/index.php?p=/utility/update. When I try to run update I see HTTP ERROR 500.

  • PamelaPamela ✭✭

    @Linc said:
    Hi @Pamela, yes you can and should upgrade to the official 2.2.1 release. Your version likely has known security vulnerabilities. For all intents and purposes, you are upgrading from 2.1 and should follow all upgrade instructions accordingly, including carefully testing theme and addon compatibility before upgrading your live server.

    Well, test done without any issues! thanks to @Linc, so we 're close to be ready ;-) for upcoming 2.3 version

    We 're using your default theme (only made minor CSS color changes) and this great FileUpload addon (from Github) is still workin'... it seems right for us

  • @Ivan_Gurin said:
    After replace new files doesn't work update via open url %my_domen%/index.php?p=/utility/update. When I try to run update I see HTTP ERROR 500.

    As a relatively new "admin" of a Vanilla installation (used it a lot as a regular member and decided to try and get my local group interested in it) I am a bit worried about the upgrade process going wrong on me when I read comments like this, and blowing a big hole in my efforts to get all of my friends to adopt Vanilla.

    I only run a private community - no one can sign up and only users I've added myself can even view the forum. In this case will it be safe to skip this update until I'm a bit more familiar with the software?

    Softaculous sounds interesting but it's a paid service and I couldn't easily see how to add software you've already got intalled to their one-click upgrade service, but it shows it can be done.

  • R_JR_J Cheerleader & Troubleshooter Munich Moderator

    @Ivan_Gurin: error 500 is a server problem. You have to check your server logs in order to get a hint on what is wrong

    @collents: don't rely on one click installers. Setting up Vanilla is a no brainer.
    If you make a backup of your database, an update bears no danger at all. If there really is a problem, you could simply get a copy of the previous version, restore your database and you are up and running again. There is no reason for not updating your installation.

    Linccollents
  • LincLinc Vanilla's Bard (and Director of Development) Detroit Vanilla Staff

    @collents said:
    I am a bit worried about the upgrade process going wrong on me when I read comments like this

    The hundreds (thousands?) of people upgrading with no issue tend to not bother commenting. :)

    whu606AaronWebstey
  • hgtonighthgtonight ∞ · New Moderator

    @Linc said:

    @collents said:
    I am a bit worried about the upgrade process going wrong on me when I read comments like this

    The hundreds (thousands?) of people upgrading with no issue tend to not bother commenting. :)

    To chime in, I updated 7 active installations without issue.

    Search first

    Check out the Documentation! We are always looking for new content and pull requests.

    Click on insightful, awesome, and funny reactions to thank community volunteers for their valuable posts.

    collents
  • PamelaPamela ✭✭

    Running /utility/structure isn't needed? only /utility/update ;-) in fact... isn't? many thanks in advance
    PS: Upgraded from 2.2.5 (GitHub, master branch, 2014 Jan.)

  • Ivan_GurinIvan_Gurin Moscow

    I found out reason of error 500. It is because after update CloudflareSupport plugin doesn't work anymore. The plugin even doesn't turn off in the dashboard. I turn off it manual via editing config.php and then I could make successful update.

    In logs I found:
    2016/05/11 20:03:44 [error] 20467#0: *6463610 FastCGI sent in stderr: "PHP message: PHP Fatal error: Call to undefined function ip_in_range() in /home/ivan/www/mydomen.com/www/forum/plugins/CloudflareSupport/class.cloudflaresupport.plugin.php on line 74" while reading response header from upstream, client: 141.101.80.8, server: mydomen.com, request: "GET /forum/index.php?p=/utility/update HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "mydomen.com"

  • @Linc said:

    @collents said:
    I am a bit worried about the upgrade process going wrong on me when I read comments like this

    The hundreds (thousands?) of people upgrading with no issue tend to not bother commenting. :)

    Ok, and thanks for the reassurance @hgtonight .

    I gave it a go and no major problem that I can see other than my theme's custom.css got over-written so I lost a bit of the customisation I'd done, but I'd taken the additional step of backing that file up too so I just restored that and things are back to normal.

    As I'm still in the development stage with no live users I didn't bother backing my database up - I wanted to see what happened just uploading the new files.

    To speed the process up in future I'll remove a lot of those plugins I don't use from the new version before I upload it... I'm trying to keep the forum as clutter-free as possible as it's for serious collaboration so we have no need for badges or emoticons, etc.

  • LincLinc Vanilla's Bard (and Director of Development) Detroit Vanilla Staff

    @collents said:
    I gave it a go and no major problem that I can see other than my theme's custom.css got over-written so I lost a bit of the customisation I'd done

    This suggests you didn't properly copy your customized files into a new theme with a different name. You should never directly modify files that appear in the Vanilla download.

    collentsAaronWebstey
  • @Linc said:

    @collents said:
    I gave it a go and no major problem that I can see other than my theme's custom.css got over-written so I lost a bit of the customisation I'd done

    This suggests you didn't properly copy your customized files into a new theme with a different name. You should never directly modify files that appear in the Vanilla download.

    Sorry, I didn't know I had to do that - being a complete noob I just downloaded the software and installed it on my server then chose a theme. It makes a lot of sense now you mention it.

    Thanks for the tip.

    Linc
  • kopnakopna Coimbra Portugal ☯

    Hi, before you upgrade I would like to ask: which folders you want to upload to update Vanilla? I tried to update the local server, then install a new page was Vanilla. That old Vanilla just disappeared. Explain to me please, how to update Vanilla. Thank you :o

  • R_JR_J Cheerleader & Troubleshooter Munich Moderator

    @kopna said:
    Explain to me please, how to update Vanilla. Thank you :o


    @Linc said:

    Upgrade Steps

    • Backup your database, .htaccess and conf/config.php file somewhere safe.
    • Upload the new release's files so they overwrite the old ones.
    • Go to yourforum.com/index.php?p=/utility/update to force any updates needed.
    • If it fails, try it a second time by refreshing the page. More troubleshooting tips.

    If you are upgrading from any 2.1 version, please note:

    • You CANNOT downgrade later (nor is there any reason you ever should). It may result in users being locked out.
    • You MUST update your locales.

    If you are upgrading from any 2.0 version, add these steps:

    • Delete the file /themes/mobile/views/discussions/helper_functions.php
    • Delete the file /applications/dashboard/views/default.master.php (note the PHP extension, not TPL:open_mouth:


    @Linc also said:
    Problem upgrading? Start a new discussion for assistance.

    whu606hgtonightAaronWebstey
  • I recently started using Vanilla and I would like to know what is the best way to get an email notification when a new version has been released. It's very handy in cases like this one, when two security issues have been discovered and patched.

    Thanks!

«1
Sign In or Register to comment.