Vanilla 2.1.3 - security release
Announcing the availability of 2.1.3, a security & bug fix release for the 2.1 branch.
This is an important security release for all users of 2.1.
- 3 newly discovered XSS vectors were fixed.
- The timezone bug introduced in 2.1.1 is fixed.
- Fixes invalid DeliveryType in plugins management.
The diff is here. 6 files changed in total.
Thanks to Dingjie Yang of Qualys, Inc for 2 of the XSS reports, and Jason Barnabe for the third. We greatly appreciate responsible security reports, which can be directed to support [at] vanillaforums.com.
Hat tip to @bleistivt for making sure the timezone bug was properly filed on GitHub so it wasn't missed for this release.