Vanilla 2.8.3 is now available for download - Security patches.
Get it right here: https://open.vanillaforums.com/addon/vanilla-core-2.8.3
Our Hacker One bounty campaign continues to bear fruit helping us to harden our code. In this release:
- Patching XSS vulnerabilities in the Rich Editor.
- Better permission checks on several endpoints.
- Stopping stored XSS attacks in the message alerts.
Please upgrade to the latest version of Vanilla as soon as possible. No other changes from 2.8.1 are in this version.