Addons: security updates & sunset announcements
There are a number of addons with important security updates. Please audit your addons against this list:
- FileUpload 1.9.2 was released today with 4 security patches. This is also its final release. Please upgrade to Advanced Editor or Rich Text Editor, which have uploading built into them. We will not make further security patches to it; it is now unsupported and will be deleted later this year.
- Signatures 1.6.1 was released 18 January with a security patch. Support continues.
- Q&A 1.4 - was released today with 2 security patches and a host of other overdue improvements. Support continues.
- Last Edited 1.3 - was released today with 1 security patch and other updates.
- Civil Tongue 1.2 - was released today with 1 security patch and other updates.
In 2018, we also deleted the Whispers and Customize Text addons. We strongly suggest removing them from your site if either is still there. The last known versions had security issues.
We removed these addons from the directory because they are now available within Vanilla 2.8:
- Pockets
- Akismet
You can manually retrieve addons we have sunset from core from our GitHub repo until they are deleted later this year:
- Button Bar
- Open ID
- Emotify (previously removed, now deleted from directory as well)
These addons are now open source for the first time:
- Hero Image (within Vanilla 2.8)
- DebugBar (a developer tool not for production use)
These addons were recently deleted from the directory due to lack of use:
- Submarine Discussions
- No Bump
- HTML Links
- Facebook ID Display
These addons are likely to be removed in the near future:
- Locale Developer (no longer supported)
- Eventi (encourages view-based hooks we wish to move away from)
These addons have been added to the directory, but were already open source:
More addons are being updated as well, but have no current security patches or status changes to announce.
Comments
Clean ups are always nice and thank you for all the updates and the open sources plugins.
Regarding „No Bump“: It‘s a very handy tool for Admins and Moderators. We use it daily to comment on discussion with informative updates that should not reach the whole community and only the participants. Some might argue „Sink“ does the same, but „No bump“ is for one post while „Sink“ is sort of forever. We use both functions differently. Just urging people to get a version before it gets deleted.
Please update the marketplace plugin and discussion extender.
Those addons are not maintained by Vanilla Staff, so they're outside the scope of this discussion.