Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

A proposal about future releases


I most certainly appreciate the great work that's gone into Vanilla lately, and it's looking very promising. With that said, if I might offer a perspective as one who runs a very busy community forum (, though: I would certainly not have done the upgrade to 2.8 had I known the number of severe outstanding issues I would bump up against. I've lost many days of work having to try to patch issues that have come up, especially around the new rich editor, but also assorted Bonks, layout problems, and usability concerns. I'm swimming in complaints from the community right now, and feeling a bit of a chump.

I would normally have waited for the next point release, but the notes about security content had me thinking it was a high-priority update, so I jumped in, after taking it for a quick spin on a staging site and not noticing the issues that became clear once live.

It's probably too late to put the cat back in the bag with this release, but I'm wondering if more measures might be put in place for the future, to avoid more premature releases. I'm thinking about more stringent testing procedures, perhaps more time spent running the new software on the hosted site in advance of a major launch.

Anyway, please don't take this as a rejection of the great work the Vanilla team have been doing - it remains a splendid piece of software, and that it's free and open source is wonderful. I'll try to do my part to at least continue to point out remaining issues, and look forward to 2.8.1.



  • charrondevcharrondev Developer Lead (PHP, JS) Montreal Vanilla Staff
    edited February 2019

    There were a few things in particular that contributed to some of the instability in the release. I think a lot of it could have been avoided with better messaging to the open source community.

    You absolutely should update to 2.8 for the security patches. There is no doubt of that.

    We managed to deploy Vanilla 2.8 to thousands of cloud clients with only a couple of minor hiccups along the way. All of the minor issues were caught during our rolling deploy process and all of that happened before the open source release.

    If you just upgraded from Vanilla 2.6 to Vanilla 2.8 and had a stable web server configuration you likely did not experience any issues. Keystone and Rich Editor are both opt-in and can still be disabled (you can go back to your previous theme or editor).

    If you feel Rich Editor is not ready for production users, change your default post format back to a different one.

  • Thanks @charrondev!

    I'm actually very fond of Keystone, especially on mobile - it's a great improvement, and I haven't had a great deal of issues there. I did actually try to go back to the Advanced Editor after observing the issues with Rich Editor, but the former has developed some quite serious bugs in the transition that I couldn't overcome (like the flyouts being misaligned and un-dismissable, or hidden-yet-interactive). We'll stick with the Rich Editor, and just hope for improvements along the way.

  • Just for my edification: you mentioned if one had a stable web server, it was unlikely one would experience any issues with 2.8. As far as I know, my setup is robust and based on best practices, but we've definitely had the odd problem - I was curious if there's a resource (aside from the update docs) that outlines any pitfalls I might look out for in my server setup?

  • charrondevcharrondev Developer Lead (PHP, JS) Montreal Vanilla Staff
    edited February 2019

    I was referring more to the people upgrading and having issues with URL rewriting. From memory and what I see in our documentation we dropped support for that structure with Vanilla 2.3. Somehow though every release I see people having something broken around it because we _don't_ test with it. I'm leaning to just removing it entirely in the next release but that requires some untangling in the setup process for people trying to use the whole "auto-copying" .htaccess thing. I think I've seen 3-4 different threads on here since the 2.8 upgrade that were purely caused by web server configs.

    It's quite unfortunent the issues with Keystone + Advanced Editor. I have an idea of what might be going on there. I'll say I don't think it got much testing in particular as we've been running Rich Editor + Keystone internally for a few months now.

    I do see the un-dismissable issue there though and I'll file and get a fix in for this weekend.

    As far as misalignment goes what were seeing?

  • edited February 2019

    Understood. I'm using rewriting, however.

    The alignment issues come about when NewFlyouts = false:

    Whole page is pushed over to the right, so there are permanent horizontal scrollers even when not interacting with the text field. Emoji flyout is overextended vertically (I fixed it with some CSS).

    I've just tried going back to the Advanced Editor again, as the Rich Editor has some huge problems still (can't access formatting because of #8444, and quoting and is almost entirely nonfunctional - cursor traps, inability to edit/trim quoted content, and notifications don't work at all), but if I have NewFlyouts enabled, you lose access to the page (and your post) as soon as you tap a toolbar button, and if I have them disabled, the Keystone navigation at the top stops working properly.

    Damned if I do, damned if I don't. A very problematic release for me, and one that's cost me many days of lost development time.

  • R_JR_J Ex-Fanboy Munich Admin

    With numerous issues and PRs concerning the theme and the editor right before and after the 2.8 release date, it is an obvious fact that Rich Editor and Keystone are work in progress. I wouldn't consider releasing them in that state as no-go if two conditions were met:

    1. their state is communicated clearly
    2. they both are optionally

    But they have been chosen to be the default UI for new Vanilla installations which is a signal that they have to be considered stable.

    It would be great if at least patched releases were made often.

  • charrondevcharrondev Developer Lead (PHP, JS) Montreal Vanilla Staff

    @R_J I'd like to have a 2.8.1 release next week. I and a few other team members have been putting a lot of pressure to release more often, but it still represents a large amount of overhead to make a release. I know @Linc has been putting a lot of effort in to make this easier though.

  • edited February 2019

    @charrondev Any luck fixing the Advanced Editor? Lots of irritated people in our community, and I'm getting a bit desperate to get rid of the Rich Editor

  • What broke in Advanced Editor?

  • The callouts from the toolbars; they can't be dismissed

  • x00x00 MVP
    edited February 2019

    Even before the update, I was going to give feedback although the "Rich" editor is a cool idea I definitely view it as an alternative not replacement of the other wyswyg "editor". My clients would agree. Some would lover it, some would hate it and would want it layed out how it was.

    I always hang back a few days with security updates with my clients (or I apply a patch) becuase in the past, in haste to it up mistakes (as can reasonably happen) have been made, and when mistake are fixed, they are have been done by some sort of manual intevention, which has sometime resulted from uploads were not "clean" of personal files, and last minute tests.

    Running the same unit and test you already, plus some others to ensure that last minute fixes produce a clean version, would be a good idea.

    So in that respect I agree with MichealTyson there needs to be a process in places, for urgent updates to catch mistakes and maybe they should not include new stuff that does not need to be in there.

    I hasn't gone unnoticed that there is a effort to more strongly brand vanilla, e.g through new dashboard and editor to set it a part. Although I have no desire to theme the dashboard if I can help it, if you wanted you would be stuck with lot of nth-child type selectors, not exactly ideal. I have had to do that a bit, where the backend needed to be simplified for some clients.

    I worry about these hard branding efforts at the expense of an already ailing developer program, it is not very Vanilla and more VBulletin. The incentives to support addons form version to version are diminishing, giving the considerable difficulties that can include for a compex addon. Lack of clear and consistent conventions in recent years, unnecessary reformatting, very many different methodologies for similar things and breaking changes that aren't noticed or recorded at the time they happen, make addon development less attractive.

    grep is your friend.

  • charrondevcharrondev Developer Lead (PHP, JS) Montreal Vanilla Staff

    I'll have a 2.8.1 release out next week with a statement about our open source release process.

Sign In or Register to comment.