HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Vanilla 2.8.3 is now available for download - Security patches.

nervoustwitnervoustwit Vanilla Staff

Get it right here: https://open.vanillaforums.com/addon/vanilla-core-2.8.3

Our Hacker One bounty campaign continues to bear fruit helping us to harden our code. In this release:

  • Patching XSS vulnerabilities in the Rich Editor.
  • Better permission checks on several endpoints.
  • Stopping stored XSS attacks in the message alerts.

Please upgrade to the latest version of Vanilla as soon as possible. No other changes from 2.8.1 are in this version.

Sign In or Register to comment.