Hosting Vanilla Forums

3.1
 (major version) (security release)
11 July - 70MBThis release patches multiple medium severity security issues.



Security

Fix invitation limits not being enforced

Remove dynamic RemoteUrl detection code to fix XSS vulnerability (note: This could potentially be breaking change for sites that were improperly configured using a method deprecated 7 years ago)

Fix potential security vulnerability in serveFile() method

Fix Right to Left override character scrambling URL on leaving page

Improper Access Control - API V2 media endpoint

Fix Path disclosure

Publish WordPress addon security fixes

Fix unprivileged setting of QnA status when adding or editing comments

Add additional rate limiting to some Vanilla sign-in URLs

Add rate limiting to SSO connect endpoint



Highlights

Full Content Rendering for Moderation/Spam Queue



Bug Fixes

Update media resource management permission to Garden.Community.Manage

Fix incorrect editor selection handling

Fix Rich Editor responding slowly in some browsers

Fix clicking on Rich Editor mentions being able to crash the editor

Fix Css bug when creating a spoiler

Fix terms of user manager to display properly.

Simplify showing and hiding name and password.

Fix category following for members.

Fix Rich Post formatting while using search without Advanced Search.

Fix broken format when reporting a post

Ensure users can view their own profile information even if they do not have the moderator level permissions to view other users personal information

Fix category discussion type not respected when creating a question.

Add boilerplate/keystone theming styles fixes

Add state token support to Gdn_OAuth2

Add ability to set standard target after registration by invitation

Escape the title in Gdn_Theme::logo()

Remove file path from some upload error messages

Read more: https://open.vanillaforums.com/discussion/37418/vanilla-3-1-is-now-available






3.0.2

24 June - 60MB
bug fixes

Read more: https://open.vanillaforums.com/discussion/37360/vanilla-3-0-is-now-available-updated-3-0-2






3.0.1
 (major version)
17 June - 60MBHighlights

New Rich Editor features and improvements.

100s of bug fixes.

Many medium-severity security issues reported via our HackerOne campaign are now resolved.

Improved default cache headers.

Deprecated some old classes, and removed some already deprecated ones.

Laid the groundwork for a new drafts & reaction systems.

Image upload limits.

Improvements to the Keystone theme.

Google SignIn.

Better SEO and performance w/ the DeferredLegacyScripts flag.

Read more: https://open.vanillaforums.com/discussion/37360/vanilla-3-0-is-now-available-updated-3-0-1