Vanilla 1.1.4 Released

Mark

Vanilla 1.1.4 fixes a serious SQL injection vulnerability.

Once again, I must mention that I did almost no work in this release - it was entirely (and quickly) handled by the folks at the bug tracker and here on the community forum. And again, I have to thank Damien Lebrun (aka Dinoboff) for taking the torch and keeping me informed about everything that has been going on.

For more information about the vulnerability:

The original report
Bug tracker issue

Upgrading instructions:

http://lussumo.com/upgrade

Dinoboff

Thanks to Feras for reporting the exploit
And to Raz0r (InATeam) for finding the vulnerability.

ps: Sorry for the people who have already downloaded the package, there were some unnecessary files in it... I tried to sneak in some of my extensions.

mojo

1.1.3 to 1.1.4 went just fine ;) Thanx

dan39

I really like that the JS files are minified now!! However, if would be incredibly helpful if the unpacked versions of each JS file were included inside a folder within the JS directory just for our reference. Would it be possible to get that included into the 1.1.4 master download?

MySchizoBuddy

It would be nice if we the extension developers have some help with security. we are not pro programmres and might have tons of vulnerability

rayk

Urgh.. I have this error when checking for updates :

Notice: Use of undefined constant APPLICATION_VERSION - assumed 'APPLICATION_VERSION' in /..../dreamgauge.com/forums/themes/settings_update_check_validpostback.php on line 12

Feras

thank you 2 Dinoboff & Mark ... and i hope the Arabic Vanilla Released soon ... Cheers ! Feras.B

Dinoboff

@rayk, reinstall appg/settings.php and appg/version.php

Wanderer

Anyone gone from 1.1.2 straight to 1.1.4 ?

Posted: Monday, 22 October 2007 at 9:51PM

Dinoboff

Mark did it.

So far, there is only one problem with one of its extensions.

Feras

Dino ... when i install the 1.1.4 and check the Updates & Reminders # Vanilla APPLICATION_VERSION Version 1.1.4 is available. Download and i'v been download the lastest version ..! so is there anyfiles should to reinstall again ??? Cheers ! Feras.B

Dinoboff

Have you tried turning it off and on again?

Wanderer

Dinoboff: So far, there is only one problem with one of its extensions.
And that extension is?

Posted: Monday, 22 October 2007 at 10:30PM

Dinoboff

@Feras: Try to reinstall appg/settings.php and appg/version.php

Dinoboff

@Wanderer: the Addon extension on this forum (account page), but I can't understand how the upgrade could have done that.

Feras

i Did !! and i Re/install appg/version and settings .php !! same thing ...

Dinoboff

I can't reproduce the error. Does someone else has this problem?

jimw

I get a similar APPLICATION_VERSION error:
Notice: Use of undefined constant APPLICATION_VERSION - assumed 'APPLICATION_VERSION' in \Program Files\xampp\htdocs\Vanilla.1\extensions\InviteOnlySystem\default.php on line 28

Dinoboff

Try to reinstall appg/settings.php and appg/version.php

jimw

There is no definition for APPLICATION_VERSION in the version file. Should we just add one?
That fixed it.

Dinoboff

It should look like define('APPLICATION', 'Vanilla'); define('FRAMEWORK_VERSION', '1.1.3'); define('PEOPLE_VERSION', '1.1.3'); define('APPLICATION_VERSION', '1.1.4');