Blog Documentation Try Vanilla Cloud
Vanilla 1 is no longer supported or maintained. If you need a copy, you can get it here.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Options

Vanilla 1.1.5 release candidate 4

DinoboffDinoboff
edited September 2008 in Vanilla 1.0 Help
Vanilla 1.1.5 will fix some XSS and CSRF vulnerability. You can try it already by installing Vanilla 1.1.5 release candidate 4. For more information about the vulnerabilities, see Vanilla 1.1.5 releases notes (draft).

Upgrading instructions (draft):
http://lussumo.com/upgrade

The official release is planed for 22nd of September. Let us know if find any bugs or need us to add some delegation.

Vanilla 1.1.5-rc4:
http://vanilla-friends.googlecode.com/files/vanilla-1.1.5-rc4.zip

Don't install it on a live forum!!!
«1

Comments

  • Options
    fmimosofmimoso
    You removed all the carriage returns and I can't do a diff with the new one line CSS files... that sucks, I have a customized theme. Where can I see what were the changes in the CSS files, if possible? Thanks. :)
  • Options
    DinoboffDinoboff
    The uncompressed css files are in themes/vanilla/styles/default/src.

    There is also a src folder in js/
  • Options
    SimonbSimonb
    edited August 2008
    Still does not like it if you don't have a db password which my localhost does not. I have to add
    $Configuration['DATABASE_PASSWORD'] = ''; to the conf/database.php even when it asked me in the install file.

    Other than that it seems to be running A okay. Not any visual chance is there?

    Ps how do you get on the vanilla development team?
  • Options
    WallPhoneWallPhone
    It was decided to show a warning about the blank password--we didn't want the user to be ignorant of the problem and we didn't want to accept blank passwords without batting an eye. So you see a warning message that you have to read with instructions that you had better follow before being able to proceed. You're on the right track to be a developer--you basically prove yourself with add-ons and offering help in the community forums.
  • Options
    miczmicz
    Will you release also a changed-only-files package with the final 1.1.5 release? mic
  • Options
    DinoboffDinoboff
    edited August 2008
    @micz: I will host a changed-only-files package on Vanilla-friend.

    Update: You can now download the changed-only-files package. The upgrade package doesn't have the css and js source files.
  • Options
    StashStash
    edited August 2008
    Great work guys, nice to see some fixes coming down the pipe, looking forward to giving it a test as soon as I get a moment :)
  • Options
    SimonbSimonb
    I don't wish to be rude, but why had vanilla not had a update in some time. Other forums seem to be adding new features every other day. This is not a hit a vanilla.
  • Options
    StashStash
    I'm guessing, but I'd imagine it's due to it getting features added "every day" through it's extensions and because it mainly worked well already ie. not too much needed fixing!

    Vanilla's not about tonnes of features!
  • Options
    DinoboffDinoboff
    edited August 2008
    @Simonb: We are just fixing bugs. Vanilla is just a basic forum that should allow developers to build a forum that looks like and does exactly what they want. Its a long time I haven't look at other forum but at the time they were very difficult to customize and to strip down.

    I wish someone would make a full feature forum based on Vanilla, so that people who like vanilla design but are not developers have a ready to use solution.

    From what I read, Vanilla 2 that Mark is working on should give more power to extension developer (in 1.x, some part can't easily be modified because they are loaded before the extensions) with a better api, and will focus on scalability. It will probably have less features; a feature like whispers make caching impossible.
  • Options
    miczmicz
    @dinoboff: thanks.
  • Options
    gulftechgulftech
    Thanks guys for fixing this issues. I appreciate the fact that you gave due credit also. Good work Vanilla! :)
  • Options
    squirrelsquirrel
    w00t! I'm useful! *flex*

    Thanks for giving credit (no matter how small the contribution).
  • Options
    pbearpbear New
    Vanilla++ :)

    Thanks for doing the legwork for the update!
  • Options
    sirlancelotsirlancelot New
    Yes, even though my contribution was small, thanks for remembering :)
  • Options
    mattucfmattucf
    edited August 2008
    Ditto. I feel a bit guilty that you guys were nice enough to credit me, when all I did was suggest a minor change. :)
    a feature like whispers make caching impossible
    How so? Just filter the whispers from the cached copy. Even if there's a hundred whispers in the discussion, which I assume is really stretching it, it's no big in terms of memory or CPU cycles.

    Question: I noticed some PHPDocumenter work in the feature list...is that the way of the future? While I was working on that bit of API documentation I did for the wiki, I kept thinking, "this is not the proper place for this."
  • Options
    DinoboffDinoboff
    edited August 2008
    We are primarily adding them for IDEs like PDT.
    image
    image

    When working on the api documentation, you can write in-line doc (using svn as a base) and send me a patch.
  • Options
    SubJunkSubJunk ✭✭
    You said the full release was scheduled for the end of the month, how far has the expected release date been pushed back? (if it isn't coming out today)
  • Options
    DinoboffDinoboff
    edited August 2008
    Probably on Monday.

    ps: I just updated the preview package.
  • Options
    squirrelsquirrel
    Lots of files have this:

    @version 1.1.4-rc2

    when it should be this:

    @version 1.1.5-rc2
This discussion has been closed.