HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Vanilla 3.2 is now available

initvectorinitvector Vanilla Staff
edited October 2019 in Releases

Missed the 3.1 release? Check out the upgrade & release notes here.

Release notes are going to be a little minimal, this go around! So, without further ado...


Rich Editor

Alt-text Support

It is now possible to add alternative text to images in Rich Editor. When selecting images in Rich Editor a button will appear next to allowing this text to customized.

Alternative text is primarily used to improve SEO and make images accessible to users with vision impairment.

Improved Mention Sorting

While attempting to mention a user, suggested results now have improved sorting. Users that have been active in the last 90 days will be prioritized above users that have not been recently active.

Additionally matching of exact accents is now given high priority than matching of exact casing-sensitivity. For example, if typing mention with the text sté , the user "Stéphane" would be ranked as a better suggestions than "steven" if both users existed.

Embedded content rendering warnings

Some users configure their browser to block external scripts & sites. Sometimes this can interfere with the rendering of various rich/auto embeds. 1 commonly blocked embed is twitter. Starting in this release, if an embed fails to render due to a user's browser configuration, they will be shown a warning icon next to the link.

If they click on this warning icon they will be taken to an FAQ page explaining the issue. The embed will still render normally for other users.

Other Editor Fixes/Changes

  • When inserting an embed (such as a quote or image), the user's cursor is now automatically placed after the embed.
  • It is on longer possible for the editor to get "stuck" with an embed at the end of the post. Clicking after the embed will always ensure the cursor is placed after it. #7597
  • Notifications are now sent for users to users when a Rich Quote is created of one of their discussions/comments. It is essentially treated as a mention. #9066
  • Update the mention toolbar to prioritize users that have been active in the last 90 days. #5936
  • Fix various edge cases when typing enter while inside of a list. #9026#8684
  • Fix performance issues while creating and editing posts in certain browsers. #9051We will continue to monitor Rich Editor performance across different browsers.
  • Fix scroll position jumping to the top of the page while creating a link. #9060
  • Fix incorrect Rich Posts rendering in the Warnings & Notes plugins. #8404
  • Fix a bug where sometimes creating a mention crashes the Rich Editor. support#590
  • Fix incorrect positioning of the Rich editor paragraph formatting on the first line. knowledge#1137
  • Improve styling of list elements (especially nested lists) with rich editor. vanilla#8985
  • Fix emoji rendering in the Rich Editor emoji picker on windows machines. vanilla#9143


  • Fix possible request forgery using Facebook Social Connect sharing
  • Fix invitation codes not expiring after use
  • Fix users being able to dismiss a non-dismissable message
  • Fix passing post URL in request when flagging a post
  • Fix enumeration via user availability endpoints in private communities
  • Fix ability to send invitations when site not configured for invitation registration
  • Fix category validation in embedded comment posts
  • Fix ability to manually set ID when creating an invitation
  • Fix quote folding settings not requiring authenticated postback


Get it over in the addon directory. https://open.vanillaforums.com/addon/vanilla-core-3.2



  • charrondevcharrondev Developer Lead (PHP, JS) Montreal Vanilla Staff

    Rich Embed System

    The Rich Embed system received a major overhaul in this release. Starting with this release it is possible for addons to create custom Embed. See our new Embed Addon guide:


    In addition the following improvements have been made

    • Various embeds now support more URL formats, such as Vimeo & Giphy.
    • Embeds now contain robust data validation & automated testing.
    • Tightened up the styling consistency across various embeds.
    • Fixed various broken links in certain embeds.
    • Fix bug where quoting a discussion would require edit permissions. vanilla#8463
    • Fix Rich Quotes not working with private communities & subcommunities at the same time. internal#1739
    • Fixed a bug causing some pages to adjust the scroll position after rendering the page. #9050

    Developer notes

    Gdn_Format Deprecations

    This release includes a large refactoring of the text formatting pipeline, as well as 100s of additional automated test cases.

    The new class for formatting is Vanilla\Formatting\FormatService. It is recommend to dependency inject this class using Garden\Container but it is also easily accessible through Gdn::formatService(). For each existing vanilla format a new class implementing Vanilla\Contracts\Formatting\FormatInterface has been created and registered with the service.

    The following methods have been updated to point to the service and have been deprecated.

    Deprecated and Emitting Warnings

    • fixnl2br
    • Gdn_Format::auto
    • Gdn_Format::unembedContent
    • Gdn_Format::getEmbedSize
    • Gdn_Format::replaceButProtectCodeBlocks
    • The config setting Garden.Format.WysiwygFunction
    • Gdn_Format::quoteEmbed
    • Gdn_Format::getRichMentionUsernames
    • The parameters $addBreaks on Gdn_Format::text and Gdn_Format::textEx . Instead the existing configuration Garden.Format.ReplaceNewlines now controls this behaviour.
    • The $flavored parameter is no longer available on Gdn_Format::markdown(). This is now controlled by the configuration value Garden.Format.UseVanillaMarkdownFlavor (default true).

    Deprecated without warnings (for now)

    • Gdn_Format::bbCode
    • Gdn_Format::display
    • Gdn_Format::plainText
    • Gdn_Format::excerpt
    • Gdn_Format::markdown
    • Gdn_Format::text
    • Gdn_Format::textEx
    • Gdn_Format::to
    • Gdn_Format::wysiwyg
    • Gdn_Format::rich
    • Gdn_Format::html


    Starting in this release PHP E_WARNING and E_USER_WARNING messages are being sent to logs init addition to errors. vanilla#9201

    This may cause additional content to be written to web server logs, please file issues for warnings that may appear.

  • pioc34pioc34 Pézenas ✭✭

    Hi all, i have a warning in my logs related to trusted domains. I don't have enable this feature on my site

  • charrondevcharrondev Developer Lead (PHP, JS) Montreal Vanilla Staff

    We do have an issue open for that warning (and a couple others).

    From the notes:

    Starting in this release PHP E_WARNING and E_USER_WARNING messages are being sent to logs init addition to errors. vanilla#9201

    PHP 8 is planning to turn a bunch of these into exceptions so we're preparing early by logging them. @initvector and his team are planning on tackling these going forward, so most of them should be fixed in the next release.

  • What an awesome release!! hats off for such huge improvements to the rich text editor, guys.

  • Hello, I just wanted to do a quick shoutout to the current Vanilla Team.

    I'm either getting better at this (from the years doing this), or the software is simply getting better... probably the later.. but maybe a little of the prior.

    It was a leap of faith for us to switch all our forums to Open-Source Vanilla several years ago, and this year, I feel pretty dang good about that decision.

    It's great to see all the git activity and it feels like less issues with open-source.

    We run SSO (SAML) with wordpress sites and we still use JSConnect to trickle that SSO state down to vanilla. I just completed the latest build with all the latest versions (wordpress / themes / plugins / vanilla)... and it works. This build does still require a couple tweaks.. but all-in-all.. I still consider this the best solution.

    So, Cheers!

  • charrondevcharrondev Developer Lead (PHP, JS) Montreal Vanilla Staff

    Thanks! We're continuing to work on it as a core priority.

    Our pace of development and bandwidth for new features and fixes has been increasing as well. Our develop staff has been expanded in the in last 2 years from ~5 to almost 20 now! As a result we are able to have more and more improvements to the open source project, and still have time to improve our proprietary plugins for cloud customers.

    We run SSO (SAML) with wordpress sites and we still use JSConnect to trickle that SSO state down to vanilla. I just completed the latest build with all the latest versions (wordpress / themes / plugins / vanilla)... and it works. This build does still require a couple tweaks.. but all-in-all.. I still consider this the best solution.

    Could you open another thread on setup experience? I'm particularly interested in what extra steps you had to take to get your setup working properly. I'd like future upgrades & installs to be easier for everyone.

  • Hi, just saw this. I basically followed regular update protocol, then referenced my old post for Van 2.6 to fix a few lingering issues:

    I did not take good notes this go 'round... but, I'm doing another upgrade soon and will try to take better notes.

  • is paid forum?? how come people can download it for free?

  • KasparKaspar Moderator
    edited October 2019

    You get Hosting, setup and Vanilla Forums support on a paid subscription.

    If you manage all your self you can use the forum platform for free.

Sign In or Register to comment.