Vanilla 2.5 - the stable gold release - can now be downloaded. The upgrade instructions are in the README.md as part of the download. This release brings a completely revised Dashboard, a native REST… ((more))
This upgrade includes:
* A critical upgrade to the PHPMailer library to prevent remote code execution.
* Mitigation of a medium-level exploit of the HTTP_HOST header.
* Additional minor fixes … ((more))
Just past noon (ET) we were contacted for comment about "vulnerabilities in Vanilla Forums that were apparently reported back in December" by a blog. We were linked to two vulnerabilities that were p… ((more))
If you are using master branch from git, please note the HTTP_HOST patch is not included in it yet. This is because we are still working on a nicer fix and/or our own internal systems have not yet be… ((more))
The critical security flaw in PHPMailer was already not present in the 2.4 prerelease. If you are using 2.4a, you may continue doing so. To close the HTTP_HOST flaw if you're not sanitizing HTTP_HOST… ((more))