Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Try Vanilla Forums Cloud product

Vanilla 2.1.6 released

LincLinc Director of DevelopmentDetroit Vanilla Staff

This is an important security upgrade for all forums.

Download it: http://vanillaforums.org/addon/vanilla-core-2.1.6

7 file changed. See the code diff.

Summary:

  • Security: Fixes an SQL injection vector.
  • Security: Adds a PDO option to harden against SQL injection.
  • Security: Improves the security of password resets by increasing token length and limiting them to 1 hour expiration.
  • Adds vBulletin 5.1 password hashing to allow seamless password migrations. All previous versions continue to be supported.

Thanks to the team at ZeniMax Online Studios for disclosing the password reset issue and SQL injection vector.

«1

Comments

«1
Sign In or Register to comment.