It looks like you're new here. If you want to get involved, click one of these buttons!
This is a critical security upgrade for all forums.
Download it now: http://vanillaforums.org/addon/vanilla-core-2.1.7
9 files changed. View the diff.
Hat tip to ZeniMax Online Studios' security team for disclosing the SQL injection vector.
Another hat tip to Dingjie Yang of Qualys, Inc for disclosing the CSRF & XSS vectors.
Both these contributors have responsibly disclosed previous security flaws as well, and we deeply appreciate their assistance.
In other news, we made significant headway in our pull request backlog over the holidays and are moving to get the 2014 ones cleared as quickly as possible. We appreciate the contributions & activity (both on PRs and elsewhere) greatly.