Vanilla Forums is an open source forum application and discussion framework. Vanilla Forums was initially released in 2006 and today powers discussion on over 500,000 sites.
Backup and restoration
28 October - 80MBVanillicon
- You'll see a new avatar after this update.
- Rich quotes of Discussions now display the user profile image.
- All rich quotes now use the improved expand/collapse UI from reported posts.
- Multiple images can now be uploaded at the same time.
- Fix a bug where nested lists in Rich Editor would render improperly after being posted. vanilla#9332
- Fix emoji suggestions not displaying.
- Update Vanillicon email hashes.
- Fix notifications not being sent to participating users.
- Fix invalid/expired state token error when signing in.
- Update Twitter addon to use platform's share links.
- Fix dashboard category name rendering.
- Improve URL handling in API v2 /media/scrape endpoint.
- The time formats for some locales have been changed to the 24-hour format in accordance to their locale standards.
- Fix unicode character handling in "leaving" page links.
- Fix photo ID encoding in Getty Images embeds.
- Fix preemptively join conversations.
Read more: https://open.vanillaforums.com/discussion/37683/vanilla-3-3-is-now-available
4 September - 80MBSecurity
- Fix possible request forgery using Facebook Social Connect sharing
- Fix invitation codes not expiring after use
- Fix users being able to dismiss a non-dismissable message
- Fix passing post URL in request when flagging a post
- Fix enumeration via user availability endpoints in private communities
- Fix ability to send invitations when site not configured for invitation registration
- Fix category validation in embedded comment posts
- Fix ability to manually set ID when creating an invitation
- Fix quote folding settings not requiring authenticated postback
- Add React-based embed system (Embedded content gets a major facelift!)
- Update OAuth2 addon to be OIDC compliant (This may be a breaking change if your OAuth 2.0 provider is not also OIDC compliant.)
- Fix category validation when moving a discussion
- Add notifications to users quoted in rich posts
- Add active user sorting in mention list
- Fix toggling verified status on user profile not properly refreshing
- Fix slow pruning of access token tables with a high number of rows
- Fix changing window hash sometimes causing infinite loop
- Fix moderation queue alignment on mobile
- Add re-orienting of images uploaded with media API
- Add new mobile dropdown style
- Fix rendering rich posts with empty bodies
- Fix Emoji support for Windows
- Update padding in Message component flexible
- Add route instance caching to RouteHandler
- Update user content list styles
- Update error reporting to include E_USER_WARNING
Rich Text Editor
- Add newline to bottom of editor on click
- Add alt-text input for images to Rich Editor
- Fix min length validation
- Fix editor paragraph positioning
- Prevent editor crash with mention inside of inline code
Read more: https://open.vanillaforums.com/discussion/37556/vanilla-3-2-is-now-available
3.1(major version) (security release)
11 July - 70MBThis release patches multiple medium severity security issues.
- Fix invitation limits not being enforced
- Remove dynamic RemoteUrl detection code to fix XSS vulnerability (note: This could potentially be breaking change for sites that were improperly configured using a method deprecated 7 years ago)
- Fix potential security vulnerability in serveFile() method
- Fix Right to Left override character scrambling URL on leaving page
- Improper Access Control - API V2 media endpoint
- Fix Path disclosure
- Publish WordPress addon security fixes
- Fix unprivileged setting of QnA status when adding or editing comments
- Add additional rate limiting to some Vanilla sign-in URLs
- Add rate limiting to SSO connect endpoint
- Full Content Rendering for Moderation/Spam Queue
- Update media resource management permission to Garden.Community.Manage
- Fix incorrect editor selection handling
- Fix Rich Editor responding slowly in some browsers
- Fix clicking on Rich Editor mentions being able to crash the editor
- Fix Css bug when creating a spoiler
- Simplify showing and hiding name and password.
- Fix category following for members.
- Fix Rich Post formatting while using search without Advanced Search.
- Fix broken format when reporting a post
- Ensure users can view their own profile information even if they do not have the moderator level permissions to view other users personal information
- Fix category discussion type not respected when creating a question.
- Add boilerplate/keystone theming styles fixes
- Add state token support to Gdn_OAuth2
- Add ability to set standard target after registration by invitation
- Escape the title in Gdn_Theme::logo()
- Remove file path from some upload error messages
Read more: https://open.vanillaforums.com/discussion/37418/vanilla-3-1-is-now-available
24 June - 60MB
- bug fixes
Read more: https://open.vanillaforums.com/discussion/37360/vanilla-3-0-is-now-available-updated-3-0-2
display more versions
17 June - 60MBHighlights
- New Rich Editor features and improvements.
- 100s of bug fixes.
- Many medium-severity security issues reported via our HackerOne campaign are now resolved.
- Improved default cache headers.
- Deprecated some old classes, and removed some already deprecated ones.
- Laid the groundwork for a new drafts & reaction systems.
- Image upload limits.
- Improvements to the Keystone theme.
- Google SignIn.
- Better SEO and performance w/ the DeferredLegacyScripts flag.
Read more: https://open.vanillaforums.com/discussion/37360/vanilla-3-0-is-now-available-updated-3-0-1
Our Web hostings are compatible with
100% SSD Web Hosting
100 GB and +
Advanced management of EV and DV SSL certificates
10 GB of VOD
2 CPU and +
6 Gb (RAM) and +
100% dedicated resources
Infomaniak manages your server
from 29 € / month
Prices in EUR