It looks like you're new here. If you want to get involved, click one of these buttons!
Get it here: https://open.vanillaforums.com/addon/vanilla-core
This release includes 5 security patches disclosed thru our HackerOne bounty campaign. They include fixes for:
We also made it more difficult to maliciously change a user's email by removing the cooldown period on prompting for your password when an email change is requested.
Warning: If you have any addons (themes or plugins) in your forum install with an invalid key, you will get an error on upgrade and will need to physically delete them from your installation. Fixing them is relatively painless, but a topic for elsewhere. We no longer allow invalid keys due to one of the security vulnerabilities above.
Please upgrade to the latest version of Vanilla as soon as possible. No other changes from 2.6.3 are in this version.