Vanilla 1 is no longer supported or maintained. If you need a copy, you can get it here.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Options

Vanilla 1.1.4 Released

MarkMark Vanilla Staff
edited June 2008 in Vanilla 1.0 Help
Vanilla 1.1.4 fixes a serious SQL injection vulnerability.

Once again, I must mention that I did almost no work in this release - it was entirely (and quickly) handled by the folks at the bug tracker and here on the community forum. And again, I have to thank Damien Lebrun (aka Dinoboff) for taking the torch and keeping me informed about everything that has been going on.

For more information about the vulnerability:

The original report
Bug tracker issue

Upgrading instructions:

http://lussumo.com/upgrade
«1345

Comments

  • Options
    edited October 2007
    Thanks to Feras for reporting the exploit
    And to Raz0r (InATeam) for finding the vulnerability.

    ps: Sorry for the people who have already downloaded the package, there were some unnecessary files in it... I tried to sneak in some of my extensions.
  • Options
    1.1.3 to 1.1.4 went just fine ;) Thanx
  • Options
    I really like that the JS files are minified now!! However, if would be incredibly helpful if the unpacked versions of each JS file were included inside a folder within the JS directory just for our reference. Would it be possible to get that included into the 1.1.4 master download?
  • Options
    It would be nice if we the extension developers have some help with security. we are not pro programmres and might have tons of vulnerability
  • Options
    Urgh.. I have this error when checking for updates :

    Notice: Use of undefined constant APPLICATION_VERSION - assumed 'APPLICATION_VERSION' in /..../dreamgauge.com/forums/themes/settings_update_check_validpostback.php on line 12
  • Options
    thank you 2 Dinoboff & Mark ... and i hope the Arabic Vanilla Released soon ... Cheers ! Feras.B
  • Options
    @rayk, reinstall appg/settings.php and appg/version.php
  • Options
    Anyone gone from 1.1.2 straight to 1.1.4 ?

    Posted: Monday, 22 October 2007 at 9:51PM

  • Options
    edited October 2007
    Mark did it.

    So far, there is only one problem with one of its extensions.
  • Options
    Dino ... when i install the 1.1.4 and check the Updates & Reminders # Vanilla APPLICATION_VERSION Version 1.1.4 is available. Download and i'v been download the lastest version ..! so is there anyfiles should to reinstall again ??? Cheers ! Feras.B
  • Options
    Have you tried turning it off and on again?
  • Options
    Dinoboff: So far, there is only one problem with one of its extensions.
    And that extension is?

    Posted: Monday, 22 October 2007 at 10:30PM

  • Options
    edited October 2007
    @Feras: Try to reinstall appg/settings.php and appg/version.php
  • Options
    edited October 2007
    @Wanderer: the Addon extension on this forum (account page), but I can't understand how the upgrade could have done that.
  • Options
    i Did !! and i Re/install appg/version and settings .php !! same thing ...
  • Options
    I can't reproduce the error. Does someone else has this problem?
  • Options
    I get a similar APPLICATION_VERSION error:
    Notice: Use of undefined constant APPLICATION_VERSION - assumed 'APPLICATION_VERSION' in D:\Program Files\xampp\htdocs\Vanilla.1\extensions\InviteOnlySystem\default.php on line 28
  • Options
    Try to reinstall appg/settings.php and appg/version.php
  • Options
    edited October 2007
    There is no definition for APPLICATION_VERSION in the version file. Should we just add one?
    That fixed it.
  • Options
    It should look like define('APPLICATION', 'Vanilla'); define('FRAMEWORK_VERSION', '1.1.3'); define('PEOPLE_VERSION', '1.1.3'); define('APPLICATION_VERSION', '1.1.4');
This discussion has been closed.