Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Try Vanilla Forums Cloud product
Vanilla 2.6 is here! It includes security fixes and requires PHP 7.0. We have therefore ALSO released Vanilla 2.5.2 with security patches if you are still on PHP 5.6 to give you additional time to upgrade.

Vanilla 2.1.11 released - security patch

LincLinc Director of DevelopmentDetroit Vanilla Staff
edited July 2015 in Releases

If you have difficulty upgrading, please start a new discussion for assistance.

This release addresses 1 security issue and 2 other issues.

Download it now:

Upgrade Steps

  • Backup your database, .htaccess and conf/config.php file somewhere safe.
  • Upload the new release's files so they overwrite the old ones.
  • Go to to force any updates needed.
  • If it fails, try it a second time by refreshing the page. More troubleshooting tips.

To upgrade to 2.1.10 directly from 2.0.x, add these steps:

  • Delete the file /themes/mobile/views/discussions/helper_functions.php
  • Delete the file /applications/dashboard/views/default.master.php (note the PHP extension, not TPL)

Security Patches in 2.1.11

  • Upgraded Htmlawed to 1.1.20 to close an XSS vector. Big thanks to Mohammed Fayez for responsibly disclosing this vulnerability via [email protected]

Other changes in 2.1.11

  • Restored event BeforeDiscussionName.
  • Fixed bug in the Facebook SSO addon.

We recommend against doing partial upgrades. Never modify core files; put your changes in a plugin or theme. Troubleshooting tips.

This is potentially the final release of the 2.1 branch.



Sign In or Register to comment.