Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Try Vanilla Forums Cloud product
Vanilla 2.6 is here! It includes security fixes and requires PHP 7.0. We have therefore ALSO released Vanilla 2.5.2 with security patches if you are still on PHP 5.6 to give you additional time to upgrade.

Vanilla 2.1.9 released

LincLinc Director of DevelopmentDetroit Vanilla Staff

If you have difficulty upgrading, please start a new discussion for assistance.

This release addresses two security issues and a few other bugs.

Download it now: http://vanillaforums.org/addon/vanilla-core-2.1.9

Upgrade Steps

  • Backup your database, .htaccess and conf/config.php file somewhere safe.
  • Upload the new release's files so they overwrite the old ones.
  • Go to yourforum.com/index.php?p=/utility/update to force any updates needed.
  • If it fails, try it a second time by refreshing the page. More troubleshooting tips.

To upgrade to 2.1.9 directly from 2.0.x, add this step:

  • Delete the file /themes/mobile/views/discussions/helper_functions.php
  • Delete the file /applications/dashboard/views/default.master.php (note the PHP extension, not TPL)

Security Patches in 2.1.9

  • Fixes a SQL injection vulnerability.
  • Fixes an XSS vulnerability.

Hat tip to ZeniMax Online Studios' security team for disclosing both vectors.

Other changes in 2.1.9

  • Fixes GetUnread behavior
  • Fixes missing class in Discussion Options
  • Debugger addon now also toggles Debug config setting.
  • PermissionCategory() has been backported so FileUpload is now fully backwards compatible with 2.1.

Big thanks to @R_J, @Bleistivt, and @hgtonight for these contributions to 2.1.9!

7 files changed. View the diff. We recommend against doing partial upgrades. Never modify core files; put your changes in a plugin or theme. Troubleshooting tips.

The 2.1 branch is slowing down in anticipation of the release of 2.2. The staff are only contributing security fixes, and we are no longer accepting large change sets. It's possible this release will end the 2.1 series if no further security issues are discovered. See the road to 2.2 for more details about the next release.

AdrianhgtonightR_JRajioBleistivtK17jackmaessen

Comments

Sign In or Register to comment.