Vanilla - Security release for old 2.0.18 installs

LincLinc Admin
edited August 2014 in Releases

If you are on 2.0.18 (or any 2.0.* release) and have not yet made the upgrade to 2.1, this would be a great time to get moving! If you're still not ready leave our glorious 2.0 days behind, fear not, the latest security patch is here.


The 2.0 code base is only being given important security patches, and only until the end of 2014.

In this release, we close recently discovered XSS exploits:

  • HtmLawed is upgraded and its filtering tightened (thanks @x00 & Psych0tr1a)
  • parseJSON() is substituted for eval() in 2 places
  • We refactor the definitions list into Javascript instead of using the DOM (thanks @businessdad)

Complete diff here.


Sign In or Register to comment.