Vanilla 2.6 is here
! It includes security fixes and requires PHP 7.0. We have therefore ALSO released Vanilla 2.5.2
with security patches if you are still on PHP 5.6 to give you additional time to upgrade.
CRITICAL: Vanilla 2.1.8 released
This is a critical and time-sensitive security upgrade for all forums. At least one of these issues is being actively exploited.
Download it now: http://vanillaforums.org/addon/vanilla-core-2.1.8p2
UPDATE: We have incremented to "2.1.8p2" to address upgrade issues.
- Backup your database, .htaccess and conf/config.php file somewhere safe.
- Upload the new release's files so they overwrite the old ones.
- Go to yourforum.com/index.php?p=/utility/update to force any updates needed.
- If it fails, try it a second time by refreshing the page. More troubleshooting tips.
To upgrade to 2.1.8 directly from 2.0.x, add this step:
- Delete the file /themes/mobile/views/discussions/helper_functions.php
- Delete the file /applications/dashboard/views/default.master.php (note the PHP extension, not TPL)
Critical Security Patches in 2.1.8
- Fixes a SQL injection vulnerability.
- Fixes a user registration vulnerability.
Hat tip to ZeniMax Online Studios' security team for disclosing the SQL injection vector.
Changes in 2.1.8
- Hardens the UserModel against potential abuse.
- Stub content being re-created on utility/update on private communities.
- Increase permissions required for massing banning (from
- Collect additional information about mass-banning changes.
- Removes super-admin permissions from secondary accounts on utility update.
- Fixes an issue changing primary keys during utility update
15 files changed. View the diff. We strongly recommend against doing partial upgrades. Never modify core files; put your changes in a plugin or theme.
If you have difficulty upgrading, please start a new discussion for assistance.