Users running a non-download version of Vanilla (pulled from github), on branch release/2019.016 or master from the last 2 weeks should upgrade to release/2019.017 or latest master for security reasons. Downloaded official open sources releases are not affected.

Improve Vanilla Security by Default - Deny Viewing the Cache

mtschirsmtschirs ✭✭✭

I would suggest to make vulnerability discovery in Vanilla harder by removing web access to the cache directory (or relevant parts of it). E.g.

I suggest adding some rules to the .htaccess file that comes 'preinstalled' with Vanilla.




Sign In or Register to comment.