Blog Documentation Book a Demo

Vanilla 1.1.4 Released

MarkMark Vanilla Staff
edited June 2008 in Vanilla 1.0 Help
Vanilla 1.1.4 fixes a serious SQL injection vulnerability.

Once again, I must mention that I did almost no work in this release - it was entirely (and quickly) handled by the folks at the bug tracker and here on the community forum. And again, I have to thank Damien Lebrun (aka Dinoboff) for taking the torch and keeping me informed about everything that has been going on.

For more information about the vulnerability:

The original report
Bug tracker issue

Upgrading instructions:

http://lussumo.com/upgrade
«1345

Comments

  • DinoboffDinoboff
    edited October 2007
    Thanks to Feras for reporting the exploit
    And to Raz0r (InATeam) for finding the vulnerability.

    ps: Sorry for the people who have already downloaded the package, there were some unnecessary files in it... I tried to sneak in some of my extensions.
  • mojomojo
    1.1.3 to 1.1.4 went just fine ;) Thanx
  • dan39dan39 New
    I really like that the JS files are minified now!! However, if would be incredibly helpful if the unpacked versions of each JS file were included inside a folder within the JS directory just for our reference. Would it be possible to get that included into the 1.1.4 master download?
  • MySchizoBuddyMySchizoBuddy
    It would be nice if we the extension developers have some help with security. we are not pro programmres and might have tons of vulnerability
  • raykrayk New
    Urgh.. I have this error when checking for updates :

    Notice: Use of undefined constant APPLICATION_VERSION - assumed 'APPLICATION_VERSION' in /..../dreamgauge.com/forums/themes/settings_update_check_validpostback.php on line 12
  • FerasFeras
    thank you 2 Dinoboff & Mark ... and i hope the Arabic Vanilla Released soon ... Cheers ! Feras.B
  • DinoboffDinoboff
    @rayk, reinstall appg/settings.php and appg/version.php
  • WandererWanderer
    Anyone gone from 1.1.2 straight to 1.1.4 ?

    Posted: Monday, 22 October 2007 at 9:51PM

  • DinoboffDinoboff
    edited October 2007
    Mark did it.

    So far, there is only one problem with one of its extensions.
  • FerasFeras
    Dino ... when i install the 1.1.4 and check the Updates & Reminders # Vanilla APPLICATION_VERSION Version 1.1.4 is available. Download and i'v been download the lastest version ..! so is there anyfiles should to reinstall again ??? Cheers ! Feras.B
  • DinoboffDinoboff
    Have you tried turning it off and on again?
  • WandererWanderer
    Dinoboff: So far, there is only one problem with one of its extensions.
    And that extension is?

    Posted: Monday, 22 October 2007 at 10:30PM

  • DinoboffDinoboff
    edited October 2007
    @Feras: Try to reinstall appg/settings.php and appg/version.php
  • DinoboffDinoboff
    edited October 2007
    @Wanderer: the Addon extension on this forum (account page), but I can't understand how the upgrade could have done that.
  • FerasFeras
    i Did !! and i Re/install appg/version and settings .php !! same thing ...
  • DinoboffDinoboff
    I can't reproduce the error. Does someone else has this problem?
  • jimwjimw
    I get a similar APPLICATION_VERSION error:
    Notice: Use of undefined constant APPLICATION_VERSION - assumed 'APPLICATION_VERSION' in D:\Program Files\xampp\htdocs\Vanilla.1\extensions\InviteOnlySystem\default.php on line 28
  • DinoboffDinoboff
    Try to reinstall appg/settings.php and appg/version.php
  • jimwjimw
    edited October 2007
    There is no definition for APPLICATION_VERSION in the version file. Should we just add one?
    That fixed it.
  • DinoboffDinoboff
    It should look like define('APPLICATION', 'Vanilla'); define('FRAMEWORK_VERSION', '1.1.3'); define('PEOPLE_VERSION', '1.1.3'); define('APPLICATION_VERSION', '1.1.4');
This discussion has been closed.