Vanilla 2.8.3 is now available for download - Security patches.

Get it right here: https://open.vanillaforums.com/addon/vanilla-core-2.8.3

Our Hacker One bounty campaign continues to bear fruit helping us to harden our code. In this release:

  • Patching XSS vulnerabilities in the Rich Editor.
  • Better permission checks on several endpoints.
  • Stopping stored XSS attacks in the message alerts.

Please upgrade to the latest version of Vanilla as soon as possible. No other changes from 2.8.1 are in this version.

LincJasonBarnabeDivineDominionevanlandreneau
Sign In or Register to comment.