Vanilla 2.6 is here
! It includes security fixes and requires PHP 7.0. We have therefore ALSO released Vanilla 2.5.2
with security patches if you are still on PHP 5.6 to give you additional time to upgrade.
Vanilla 2.1.1 - important security & bug release
Announcing the availability of 2.1.1, a security & bug fix release for 2.1.
It is imperative all 2.1 forums upgrade immediately.
- HtmLawed was upgraded to close an XSS vector (thanks to Psych0tr1a for responsibly disclosing this to us & to HtmLawed for a fast patch in response).
- Multiple XSS exploits were fixed (thanks to @x00 for responsibly disclosing and both he and @businessdad for assistance in making our patches as bulletproof as possible).
- Fixed a Twitter SSL bug (thanks @Adrian for the patch).
- Fixed a missing permission check in the sorting utility (thanks @R_J for the patch).
- cleditor was patched to fix a crippling IE11 bug.
- Profile Extender was upgraded and a security flaw in it was fixed.
- Fixed a bug in Announcing while starting a discussion.
- Corrected the default theme README.
- Backported GDN_UserAuthenticationProvider.IsDefault so the latest version of jsConnect will work with 2.1.1.
- Fixes a theme screenshot bug (thanks @hgtonight for the patch).
As you can see, some extremely critical fixes are included. The only feature addition is those added to the Profile Extender addon as a result of getting backported from 2.2 (master) branch.
Diff of 2.1.1 against 2.1 gold. (32 files changed, so I don't recommend a selective upgrade on this one.)
18.104.22.168 has the same XSS issues and its patch will be released this weekend is available here as 22.214.171.124.