Users running a non-download version of Vanilla (pulled from github), on branch release/2019.016 or master from the last 2 weeks should upgrade to release/2019.017 or latest master for security reasons. Downloaded official open sources releases are not affected.
Linc · Director of Development · Vanilla Staff
Options are papercuts.
There are a number of addons with important security updates. Please audit your addons against this list: FileUpload 1.9.2 was released today with 4 security patches. This is also its final release. … (View Post)9
Vanilla 2.5 - the stable gold release - can now be downloaded. The upgrade instructions are in the README.md as part of the download. This release brings a completely revised Dashboard, a native REST… (View Post)24
This upgrade includes: * A critical upgrade to the PHPMailer library to prevent remote code execution. * Mitigation of a medium-level exploit of the HTTP_HOST header. * Additional minor fixes I will … (View Post)6
Just past noon (ET) we were contacted for comment about "vulnerabilities in Vanilla Forums that were apparently reported back in December" by a blog. We were linked to two vulnerabilities t… (View Post)6
If you are using master branch from git, please note the HTTP_HOST patch is not included in it yet. This is because we are still working on a nicer fix and/or our own internal systems have not yet be… (View Post)5