Vanilla 1 is no longer supported or maintained. If you need a copy, you can get it here.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Vanilla 1.1.8 Released

MarkMark Vanilla Staff
edited July 2009 in Vanilla 1.0 Help
Vanilla 1.1.8 has been released and is now available at

This version fixes an XSS security hole in the update checker. The upgrade is very simple, instructions are here.

A big thank you to all of the contributors!


  • Thanks mark :) *cough* 512kb, not 386kb any more for a LONG time *cough*
  • Mark: New install problem with 1.1.8. User password hashes turn out to be 33 chars, whereas the database column is 32 chars. Looks like an off-by-one in the hashing code, but I'm not sure which path it follows on my system. The first time you create an admin account and log in with it, things work fine. If you create a new user (application) the user can't log in even after they're approved. Admins can't log in after the first time. Expanding the database column to 33 or more chars (I have it set to 40 right now) makes everything better. I have no idea what part of the code or of my system configuration screws things up, but it looks like an off-by-one error to me. I can test it more if you'd like LATER ... after I have things online!
  • Has anybody solved this 33 character password issue? We have upgraded to 1.1.8 and can not currently log in to our forum.
  • @karkatzke Is yours a new installation or an upgrade? @dsargrad From which version did you upgrade your installation? I just updated from 1.1.7 to 1.1.8. It worked perfectly :D No problems so far. However, we are employing a special addon which replaces some password functions. We need that for some PAM_MYSQL and Samba magic. Nonetheless, as far as I see nothing changed between 1.1.7 and 1.1.8 which can have some kind effect on passwords.
  • @mumptiz New installation. DB is MySQL 5 on SLES11, web server is running OpenSuSE 10.3 all with standard versions (whatever they may be.)
  • @dsargrad: The solution I came up with was to expand the password field to > 33 chars and have everyone go through the password recovery process. However, I have a small user base.
  • For some reason, when I looked at the password field on the User table, it was VARBINARY(34). Is this the field everyone is referencing, and for others was it VARBINARY(32)?
  • Will changing the VARCHAR setting to 34 change the field size or the length of the characters created?
  • hey mark or whoever has access to the cookie domain info for the community, it's really nothing major, but i'm noticing that if i log in using the forum does not recognize that i'm logged in, haven't tried vanilla 1.1.8 yet in own domain so can't say if it's to do with the cookie domain settings.
  • edited September 2009
    For the password column issue, check this post: It can affect some upgrade of Vanilla 1.1.4 or lower.
  • Hi! I am still using 1.1.5a and now wanna upgrade to 1.1.6 then to 1.1.7 and then to 1.1.8 Problem is: Only 1.1.8 is available for download .. ???!!! Gimme links for 1.1.6 / 1.1.7 too pls, thx ... (you may should add something like an "older versions download page") Greets Eugen
  • @eugene why would you want to update in so many steps... you can update directly to 1.1.8
  • I've noticed several problems with 1.1.8 and its compatibility with extensions.
    tinymice or quicktags is not functioning.
  • vanoob: Are you sure? But then i am missing all the other updates steps shown here: HELP ... what should i do EXACTLY to upgrade from my 1.1.5a to 1.1.8 !!!??? Thanks
  • The new Vanilla 1 has a major issue with log-in's, particularly on IE7. Users, on a new session, who attempt to login to the forum are taken to an error page for the following path: This a valid file, yet, it will not load unless you hit refresh. Then the user has to provide their credentials a second time to get into the forum. This is really bad, and even worst, it's really bad that it has not been addressed by anyone from Lussomo. You would think cross-browser testing on the authentication system, which is the only way to utilize the forum from a user standpoint, would have been thoroughly pounced to ensure functionality was rock-solid. Unfortunately, I am on limited time and will have to switch to another platform (PHPBB or SMF) if I don't hear back. -Concerned
  • hi everybody,

    I found a bug, if I want to log in people.php then it will return to main website after. like people.php?ReturnUrl=http://://www.domain/f/
    that is wrong path url revise "://"

    look this pic.

    I hope admin will solve this problem. thanks.

    Free Image Hosting at

    Free Image Hosting at

    it that official bug???
  • edited July 2009
    I've just paid for hosting for Vanilla forum and have installed the latest version; however, when I tested the membership application sign-up, I discovered (after creating a test-member) that the sign-in authentication is returning an error message on the first try that essentially denies sign-in, which requires me to sign-in a SECOND time. I'm using the newer version of Firefox and am not sure if this might have something to do with it, but my hosting provider checked my installation and ok'd it. Also, most of the extension add-ons I've installed don't work so the forum is still pretty plain. My current installed extensions are: DiscussionSearch 0.5 (doesn't work); Duplicate Email Check 1.1(not working); FCKeditor 2.5.4 (not working); Guest Post 1.5 (not working); Inline Images 1.3 (not working); No Shit! 0.2; Nuggets 1.1.6; Preset Avatars 1.0; SignOutRedirect 0.1(not working); TagThis 1.08 (not working) . I also installed JQThickBox and JQuery v15-1.2.6 but they too are not working, so I disabled them--and yes, I installed them in the correct sequence. Quite frankly, almost none of these "add-ons" work (only Nuggets, Preset Avatars, and NoShit work). I own two websites and now a Vanilla forum--which makes three- for one of the sites, but I'll have to get rid of this Vanilla forum if I can't get the issues with it resolved before the weekend ends and will have to find more usable, stable software. Too bad, because it's a cool forum idea and looks the best of all the forums I've seen--if you know how to edit code-- which seems to be a requirement if you want to use the add-ons for this software (I know nothing about coding).
  • hui, thanks you.
  • Found a bug in my installation. The sign-in link in menu had an invalid ReturnUrl - added an additional :// to the url. Framework.Functions.php on Line 582 in function GetRequestUri() Changed: if ($Host != '') $Host = PrependString($Configuration['HTTP_METHOD'].'://', $Host); To: if ($Host != '') $Host = PrependString($Configuration['HTTP_METHOD'], $Host);
Sign In or Register to comment.