HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Options are papercuts.
There are a number of addons with important security updates. Please audit your addons against this list: FileUpload 1.9.2 was released today with 4 security patches. This is also its final release. … (View Post)10
Vanilla 2.5 - the stable gold release - can now be downloaded. The upgrade instructions are in the README.md as part of the download. This release brings a completely revised Dashboard, a native REST… (View Post)24
This upgrade includes: * A critical upgrade to the PHPMailer library to prevent remote code execution. * Mitigation of a medium-level exploit of the HTTP_HOST header. * Additional minor fixes I will … (View Post)6
Just past noon (ET) we were contacted for comment about "vulnerabilities in Vanilla Forums that were apparently reported back in December" by a blog. We were linked to two vulnerabilities t… (View Post)7
If you are using master branch from git, please note the HTTP_HOST patch is not included in it yet. This is because we are still working on a nicer fix and/or our own internal systems have not yet be… (View Post)5