HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Linc · Former Staff · Admin
Options are papercuts.
The critical security flaw in PHPMailer was already not present in the 2.4 prerelease. If you are using 2.4a, you may continue doing so. To close the HTTP_HOST flaw if you're not sanitizing HTTP_HOST… (View Post)7
Other fixes that were queued for release that are now in 2.3.1: * Validate redirects during registration to prevent malicious redirection. * Upgrade importer's use of mysql module to mysqli. * Assign… (View Post)5
I'm looking for someone to manage the release of Vanilla 2.5. Its release is not dependent on this being fulfilled, I'm just interested in having the conversation. Getting applicants does not guarant… (View Post)5
tl;dr Linc will be far more likely to get your shit done if you filter it for him. :awesome: (View Post)6
https://github.com/vanilla/vanilla/tree/release/2.4 This means any additional fixes for 2.4 release need to be merged into this branch when the PR is accepted (or a second PR made). (View Post)5