Vanilla 2.6 is here
! It includes security fixes and requires PHP 7.0. We have therefore ALSO released Vanilla 2.5.2
with security patches if you are still on PHP 5.6 to give you additional time to upgrade.
Vanilla 2.1.10 released - critical security update
If you have difficulty upgrading, please start a new discussion for assistance.
This release addresses two security issues and a few other bugs.
Download it now: http://vanillaforums.org/addon/vanilla-core-2.1.10
- Backup your database, .htaccess and conf/config.php file somewhere safe.
- Upload the new release's files so they overwrite the old ones.
- Go to yourforum.com/index.php?p=/utility/update to force any updates needed.
- If it fails, try it a second time by refreshing the page. More troubleshooting tips.
To upgrade to 2.1.10 directly from 2.0.x, add these steps:
- Delete the file /themes/mobile/views/discussions/helper_functions.php
- Delete the file /applications/dashboard/views/default.master.php (note the PHP extension, not TPL)
Security Patches in 2.1.10
- Fixes a SSRF (server-side request forgery) vulnerability. Hat tip to Neal Poole (Facebook Security) for disclosing this issue.
Other changes in 2.1.10
- Removed unused WordPress functions.
- Removed unused method
We recommend against doing partial upgrades. Never modify core files; put your changes in a plugin or theme. Troubleshooting tips.
This is potentially the final release of the 2.1 branch.