HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Vanilla 3.1 is now available

charrondevcharrondev Developer Lead (PHP, JS)Montreal Vanilla Staff
edited July 2019 in Releases

Missed the 3.0 release? Check out the upgrade & release notes here.

Hi everyone! The team has been hard at work over the last month fixing bugs and security holes and even squeezing in a new feature. There should be no breaking changes in this release so it should be a very straightforward update.

Upgrade Notes

  • Vanilla 3.x requires PHP 7.1 which is a change from earlier versions. We strongly recommend upgrading to PHP 7.3 as soon as possible. Many hosting plans allow a seamless transition via their control panel.
  • Follow the normal upgrade process, including running /utility/update.
  • Follow additional specific upgrade instructions.
  • Test your plugin & theme compatibility in a safe place before upgrading your production forum.

Download

Get over in the addon directory. https://open.vanillaforums.com/addon/vanilla-core-3.1

«1

Comments

  • charrondevcharrondev Developer Lead (PHP, JS) Montreal Vanilla Staff
    edited July 2019

    Full Content Rendering for Moderation/Spam Queue

    The Moderation Queue and Spam Queue now display full user content, allowing for easier triaging.

    Full post formatting is now displayed, including Images, GIFs, and Rich Embeds making moderation of your Vanilla Forum easier than ever!

    Additionally the moderation toolbar now sticks the top of the page so you don't have to scroll back up to it to take action.

    Bug Fixes

    API v2

    Rich Editor

    Terms of use manager

    • Fix terms of user manager to display properly. #1883 #8928
    • Simplify showing and hiding name and password. #1911

    Categories

    • Fix category following for members. #8979

    Search

    • Fix Rich Post formatting while using search without Advanced Search. vanilla#9020

    Reporting

    MeBox & Profile

    • Ensure users can view their own profile information even if they do not have the moderator level permissions to view other users personal information - vanilla#8993

    QnA

    • Fix category discussion type not respected when creating a question. #715

    Vanilla

    Security

    This release patches multiple medium severity security issues.

    • Fix invitation limits not being enforced patches#541
    • Remove dynamic RemoteUrl detection code to fix XSS vulnerability (note: This could potentially be breaking change for sites that were improperly configured using a method deprecated 7 years ago) patches#585
    • Fix potential security vulnerability in serveFile() method - patches#581
    • Fix Right to Left override character scrambling URL on leaving page - patches#582
    • Improper Access Control - API V2 media endpoint - patches#545
    • Fix Path disclosure - patches#203
    • Publish WordPress addon security fixes - wordpress-vanilla#31
    • Fix unprivileged setting of QnA status when adding or editing comments - addons-patches#33
    • Add additional rate limiting to some Vanilla sign-in URLs vanilla/vanilla-patches#573
    • Add rate limiting to SSO connect endpoint vanilla/vanilla-patches#578

    Developer Notes

    HTTP Headers

    Starting in this release, various internal infrastructure headers are no longer being used in the application and have been removed from Gdn_Request - patches#574.

    HTTP_X_FORWARDED_HOST
    HTTP_X_CLUSTER_CLIENT_IP
    HTTP_X_ORIGINALLY_FORWARDED_PROTO
    
  • Hi, thx! the download link target s/b:



    Is there release notes of the "new features" somewhere? Thx again!

  • charrondevcharrondev Developer Lead (PHP, JS) Montreal Vanilla Staff

    Looks like you caught the post before I got through with my edits! Anyways I've updated the post to try and be a little bit more clear. There is one new feature and load of bug fixes. That would be the much improved spam/moderation queue.

    It's the type of thing that is likely most noticed on larger sites, but is a big improvement regardless.

    For anyone unfamiliar with the previous experience it:

    • Didn't use to render post. You would see the raw Rich (JSON), Markdown, BBCode, etc. Now you see images, proper spacing, embeds, etc.
    • The title bar, which is required to take action on a different post didn't stick top of your browser.
    • The user content only used to show in a tiny sliver of the screen.
    • Content in foreign languages would be double escaped and encoded. Pretty much unusable for sites that didn't use latin characters.
  • I'm noticing that within first install that the warning for external links is actually broke. Trying to look at forum software to replace "Simple Machines" and realized this was a cool alternative, but is broken in the spot that was a huge selling point for us.

    Wont lie, really digging this forum software. :)

  • Smooth upgrade but embed / insert media button in the rich editor stays greyed out and not working (notice it's doing the same thing here.

    Other than that, good update.🙂

  • charrondevcharrondev Developer Lead (PHP, JS) Montreal Vanilla Staff

    Are you able to offer any additional reproduction steps?

    It seems to be working on my end.

  • charrondevcharrondev Developer Lead (PHP, JS) Montreal Vanilla Staff

    @techthenoob Unfortunately external link detection is not currently compatible with the Rich Editor. The feature is slated to be done this year though, so maybe by 3.2 or 3.3.

    The issue is here.

    In the meantime if you require this functionality, you will have to use our older Advanced Editor. It is pre-installed so you will just need to enable the plugin in your dashboard and select one it's formats in the posting page (BBCode, Markdown, or WYSIWYG).

  • KasparKaspar Moderator

    Link of Rich quotes does not work

    I just clicked a quote box on my forum expecting to be taken to the original post and thread - it did not happen.

    I facepalmed myself - need to click on the date ofc - tried again - failed again


    Clicking user name or date in the top red square gives links/sends me to respectively:

    https://open.vanillaforums.com/profile/donovanb

    https://open.vanillaforums.com/discussion/comment/257534/#Comment_257534

    as intended and expected


    Using the same in the rich quote / lower red square send me to:

    https://open.vanillaforums.com/

    Not what I expected and can hardly believe is intended?

    Bug or functionality just not added yet?

  • my bad, may have been caching, but it is working normally. Carry on! 😁


  • Update it easily.. Thanks for fixing SEARCH Rich Post formatting issue 🙏

  • charrondevcharrondev Developer Lead (PHP, JS) Montreal Vanilla Staff

    Aware of the issue. There will be a new rich quite in the next release. It’s already fixed on master.

  • I just updated from 2.8.3 to 3.0.2 to 3.1. Utility/update said successful for both. When I go to the Dashboard of the site the version still shows up as 2.8.3??

    Anybody else seeing this issue or does everyone appear as 3.1?

  • KasparKaspar Moderator

    Do a  /utility/structure aswell

  • Disregard my last comment. I restored site to 283 and upgraded to 284. Then proceeded to update to 3.1 and now seems good. Thanks for all the work fellas!

  • fyi rich editor for mobile sites not working for me. I'm not able to select the text box for editing. Confirmed with other users on my site. I switched to wysiwyg for now as a work around.
  • I have the same problems with the rich editor, after four days using it in my forum, many users presented the same problem especially from mobile devices, especially when editing the posts.

  • edited August 2019

    So after changing to wysiwyg editor from rich editor left over drafts (from before the switch) are still tagged with rich editor format, so users were reporting problems with not being able to post new comments if they had a draft saved even AFTER I switched to wysiwyg editor. I was able to fix issue by deleting all draft records in the GDN_Drafts table. Probably could also fix by changing each record from Rich to Wysiwyg format without having to delete all drafts.

  • charrondevcharrondev Developer Lead (PHP, JS) Montreal Vanilla Staff
    edited August 2019

    Are there are any particular errors in your javascript console? We run rich editor in production on hundreds of large sites and haven't run into this issue.

  • edited August 2019

    @charrondev

    Here's screen cap of console log when using rich editor from Mobile site.. used Chrome device mode (Pixel 2) to simulate with mobile device. Hope this helps.. let me know if any other info I could provide to help...

    EDIT: Looks like screen cap may be unreadable.. attaching log as txt file as well.



  • R_JR_J Ex-Fanboy Munich Admin

    The error is a hint that your mobile format is Wysiwyg, but if you want to use the rich editor on mobile it must be set to "Rich"

Sign In or Register to comment.