HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Addons: security updates & sunset announcements

LincLinc Detroit Admin
edited February 2019 in Releases

There are a number of addons with important security updates. Please audit your addons against this list:

  1. FileUpload 1.9.2 was released today with 4 security patches. This is also its final release. Please upgrade to Advanced Editor or Rich Text Editor, which have uploading built into them. We will not make further security patches to it; it is now unsupported and will be deleted later this year.
  2. Signatures 1.6.1 was released 18 January with a security patch. Support continues.
  3. Q&A 1.4 - was released today with 2 security patches and a host of other overdue improvements. Support continues.
  4. Last Edited 1.3 - was released today with 1 security patch and other updates.
  5. Civil Tongue 1.2 - was released today with 1 security patch and other updates.

In 2018, we also deleted the Whispers and Customize Text addons. We strongly suggest removing them from your site if either is still there. The last known versions had security issues.

We removed these addons from the directory because they are now available within Vanilla 2.8:

  • Pockets
  • Akismet

You can manually retrieve addons we have sunset from core from our GitHub repo until they are deleted later this year:

These addons are now open source for the first time:

  • Hero Image (within Vanilla 2.8)
  • DebugBar (a developer tool not for production use)

These addons were recently deleted from the directory due to lack of use:

  • Submarine Discussions
  • No Bump
  • HTML Links
  • Facebook ID Display

These addons are likely to be removed in the near future:

  • Locale Developer (no longer supported)
  • Eventi (encourages view-based hooks we wish to move away from)

These addons have been added to the directory, but were already open source:

More addons are being updated as well, but have no current security patches or status changes to announce.


  • Options
    phreakphreak Vanilla*APP (White Label) & Vanilla*Skins Shop MVP
    edited February 2019

    Clean ups are always nice and thank you for all the updates and the open sources plugins.

    Regarding „No Bump“: It‘s a very handy tool for Admins and Moderators. We use it daily to comment on discussion with informative updates that should not reach the whole community and only the participants. Some might argue „Sink“ does the same, but „No bump“ is for one post while „Sink“ is sort of forever. We use both functions differently. Just urging people to get a version before it gets deleted.

    • VanillaAPP | iOS & Android App for Vanilla - White label app for Vanilla Forums OS
    • VanillaSkins | Plugins, Themes, Graphics and Custom Development for Vanilla
  • Options

    Please update the marketplace plugin and discussion extender.

  • Options
    LincLinc Detroit Admin

    Those addons are not maintained by Vanilla Staff, so they're outside the scope of this discussion.

Sign In or Register to comment.