Vanilla 2.6 is here
! It includes security fixes and requires PHP 7.0. We have therefore ALSO released Vanilla 2.5.2
with security patches if you are still on PHP 5.6 to give you additional time to upgrade.
This is an important security upgrade for all forums.
Download it: http://vanillaforums.org/addon/vanilla-core-2.1.6
7 file changed. See the code diff.
- Security: Fixes an SQL injection vector.
- Security: Adds a PDO option to harden against SQL injection.
- Security: Improves the security of password resets by increasing token length and limiting them to 1 hour expiration.
- Adds vBulletin 5.1 password hashing to allow seamless password migrations. All previous versions continue to be supported.
Thanks to the team at ZeniMax Online Studios for disclosing the password reset issue and SQL injection vector.