Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
Quick Links
Categories
Vanilla 2.6 is here! It includes security fixes and requires PHP 7.0. We have therefore ALSO released Vanilla 2.5.2 with security patches if you are still on PHP 5.6 to give you additional time to upgrade.
CRITICAL: Vanilla 2.1.8 released
This is a critical and time-sensitive security upgrade for all forums. At least one of these issues is being actively exploited.
Download it now: http://vanillaforums.org/addon/vanilla-core-2.1.8p2
UPDATE: We have incremented to "2.1.8p2" to address upgrade issues.
Upgrade Steps
- Backup your database, .htaccess and conf/config.php file somewhere safe.
- Upload the new release's files so they overwrite the old ones.
- Go to yourforum.com/index.php?p=/utility/update to force any updates needed.
- If it fails, try it a second time by refreshing the page. More troubleshooting tips.
To upgrade to 2.1.8 directly from 2.0.x, add this step:
- Delete the file /themes/mobile/views/discussions/helper_functions.php
- Delete the file /applications/dashboard/views/default.master.php (note the PHP extension, not TPL)
Critical Security Patches in 2.1.8
- Fixes a SQL injection vulnerability.
- Fixes a user registration vulnerability.
Hat tip to ZeniMax Online Studios' security team for disclosing the SQL injection vector.
Changes in 2.1.8
- Hardens the UserModel against potential abuse.
- Stub content being re-created on utility/update on private communities.
- Increase permissions required for massing banning (from
Moderation.ManagetoSettings.Manage). - Collect additional information about mass-banning changes.
- Removes super-admin permissions from secondary accounts on utility update.
- Fixes an issue changing primary keys during utility update
15 files changed. View the diff. We strongly recommend against doing partial upgrades. Never modify core files; put your changes in a plugin or theme.
If you have difficulty upgrading, please start a new discussion for assistance.
Comments
/utility/update fails:
@Nyr Thank you, I will have it corrected shortly. The update as been amended.
We accidentally included a call to
array_columnwhich was not added to PHP until 5.5. I substitutedConsolidateArrayValuesByKey, incremented to 2.1.8p1, and updated the first post in this discussion.I can confirm it's working now
Hi i would like to update my forum but can't reason.
set_time_limit() has been disabled for security reasons
Is there a way arround?
@deex Yes, comment out this line:
https://github.com/vanilla/vanilla/blob/2.1/applications/dashboard/controllers/class.utilitycontroller.php#L16
As long as your server is fast enough to do it in the standard time limit, you should be fine.
My themes: pure | minusbaseline - My plugins: CSSedit | HTMLedit | InfiniteScroll | BirthdayModule | [all] - PM me about customizations
How can i update from vanilla 2.1.6?
I just tried updating from 2.1.6. The utility/update says simply 'update failed'. Enabling debugging only gives me a couple of errors about my theme cache. Site seems to be working, but going to utility/structure says there are a couple of google-related updates required; clicking the 'run scripts' button reports success but when I re-scan, they're back.
The instructions are above.
Can you post the update it's requesting repeatedly? Did you try disabling third-party addons?
updating from 2.1.6 give error to me saying simply "update failed".
More troubleshooting steps: http://docs.vanillaforums.com/developers/troubleshooting/
I recommend starting a discussion with the full error message.
the first thing i followed
Set $Configuration['Debug'] = TRUE; in your conf/config.php to reveal full error messages. Remember to remove it when you are done.the whole forum gives a blank page, without any errors
@AaronWebstey
I think you are talking about
update GDN_UserAuthenticationProvider UserAuthenticationProvider set AuthenticationSchemeAlias = 'GooglePlus' where AuthenticationSchemeAlias = 'Google+';this is a known issue, if not in Github I will add it. It's okay though, your site is fine. you can ignore it.
Sharing is caring
Thanks @Linc ; I'll try disabling plugins tomorrow. Here's the update it can't do. And now that I think of it, I may have fudged around with the google plugin code (I just made a post about that tonight).
Yes @Adrian; sorry, looks like I posted while you were posting
No worries. I had noticed it before, my bad for not adding an issue in Github
Doing it now.
https://github.com/vanilla/vanilla/issues/2407
Sharing is caring
My version number says "Version 2.1.8p1"
Is the p1 bit weird?
@Simeon_Griggs it's fine, linc had to make a small change
Sharing is caring
Failure
The update was not successful. i have gone to the link to read on the troubleshooting techniques but still. but at the footer of the dashboard i see Version 2.1.8p1
@martin2008 Do you, also, have Google+ enabled?
Nm
@Linc nope i don't use google+ 'cos i have not paid for the openid
Sorry for double posting, I thought I had fixed things but no I definitely haven't.
Getting this error on the update page after putting in my info.
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'alter table
GDN_Tagadd unique index UX_Tag (Name,CategoryID)' at line 4|Gdn_Database|Query|/* 'unique index UX_Tag (Name)' => 'unique index UX_Tag (Name,CategoryID)' */ alter tableGDN_Tagdrop index UX_Tag; alter tableGDN_Tagadd unique index UX_Tag (Name,CategoryID);Thanks. I actually had the same issue @martin2008 describes above. The update page never said that the installation was successful. But in the footer of the dashboard I see the new version number and assumed it was all okay.
Hello, I uploaded the files to the new version but had to roll back to the previous. I run an integrated forum and only a blank screen appeared. Ideas?
I suggest starting a new discussion with details of what "integrated" means after following the additional troubleshooting steps linked in the OP. Also check your PHP error log.
On the database table
GDN_Tag, delete the index namedUX_Tag, and then run it again. It should then regenerate correctly.@Simeon_Griggs @martin2008 I need the error message to assist you. Have you completed the troubleshooting steps? Since the last step says "Start a new discussion" and you are still posting in the release thread, I suspect not.
@Chalipa Please check your PHP error log for the error message and start a new discussion for assistance.
I followed the steps in the OP, and getting a blank page, no errors. Need to roll back while we figure out how to correctly make the update.
Any thoughts on how to troubleshoot this?
@JeffHat: try adding this to your
conf/config.php:$Configuration['Garden']['Errors']['MasterView'] = 'deverror.master.php';That will show you the real error. Don't forget to delete if from config.php after you are finished with debugging.
I tried going to "yourforum.com/index.php?p=/utility/update" (substituting my forum's domain name for yourforum" as stated in the Read Me instructions, but I just get "Error 404-Page Not Found".
I use Expression Web as an ftp upload program, but it will not show the .htaccess file or allow it to be downloaded from the server. I went directly to the server & located the .htaccess file, but don't know how to get it replaced by the new file. Any suggestions? I am not very proficient in websites & don't understand the "techy" language so if replies could be kept simple, I'd appreciate it.